File information

Malware score

24/344 heuristic rules

98%


malware score

Status: static.suspected.ml.gen

15.5
Suspect Score

0
Legit Score

9
Crypted Score

12
Packed Score

Static Analysis Indicators static.suspected.ml.gen

PE Markers anomalies check

Fields Values

Rich signature

found

Digital signature

not found

Overlay

found

Subsystem

GUI

Compiler

Is .NET Image

Image is Native

Important PE Header Values suspect

Headers Hashes (MD5/SHA256/SSDEEP) Size

IMAGE_DOS_HEADERS

0x40

IMAGE_NT_HEADER

0x108

IMAGE_OPTIONAL_HEADERS

0xe0
ImageFileHeader Field Additional info Value Common

ImageFileHeader.Machine

0x14c

True

ImageFileHeader.TimeDataStamp

0x57017aad

True

ImageFileHeader.Characteristics

0x10f

True

ImageFileHeader.SizeOfOptionalHeader

0xe0

True

ImageOptionalHeader Field Additional info Value Common

ImageOptionalHeader.EntryPoint

0x322b

False

ImageOptionalHeader.ImageBase

0x400000

True

ImageOptionalHeader.Checksum

0x0

False

ImageOptionalHeader.LinkerVersion

6.0

True

Resources anomalies check valid

Risk Structure

0%

VersionInfo not found

0%

Manifest found

0%

Message Table not found

0%

Strings Table not found

0%

RCDATA not found

0%

Icon found

0%

Icon Group not found

0%

Cursor not found

0%

Accelerator not found

Frequency anomalies check suspect

Risk Anomalies Information

0%

File Entropy

6.7407784530596

0%

File Entropy (without zeros)

6.740777

0%

Zero Value Frequency

0.18405863051757

0%

0xFF Bytes Frequency

3.9566019

0%

Chi-Square Distribution

16056.387433238

0%

Monte Carlo Pi Value

3.4440931302098

0%

Monte Carlo Pi Error Rate

9.6288892283467

0%

Packed percent

3

Entropy status:  Not Packed  | Zero Value Frequency:  Not Packed

Manifest check valid

Fields Values

SSDEEP

12:TMHdtP75BgVNMNSNMhyQxvW0WiJhJQ4v4XbysynyiI63kqL7:2dtPVBgsANsDxvW0WiJhuO4XtO3rL7

MD5

141EE0E5465402CF6FEC9A038A99DA38

SHA256

48C4359222CD7E1A03298342D42BAE80E711501FA8920B5F46D9A3C1BD7FC0F0

                                        <?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.0rc1</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>
                    	            

Raw size: 832 bytes

PE Main Icon check suspect

Fields Values

SSDEEP

12:jGiU0XpgUSedTpFXxMSFlhP3hdUjC9o1DY1q1q1A9Xss+ioeFue5:jGiUUgjUTpFySFlhP3dGQM

MD5

FD7E46DB3B3D90605884DB21DC772B84

SHA256

657B28D4DF458B821466A5D32AB2C5C7F59C7B62C87D9E04579F16BE1211886F

Icon ID

0

Icon name

103

Language

Not recognized (sublanguage: Not recognized), codepage: Not recognized

Raw size: 766 bytes | Total icons: 1

PE Sections Info valid

Name VA RVA Characteristics Virtual Size Aligned Raw Size Size Of Raw Data Pointer To Raw Data

.text

0x1000

0x401000

0x60000020 (Executable, Readable)

0x5dc5

0x5e00

0x5e00

0x400

.rdata

0x7000

0x407000

0x40000040 (Readable)

0x1246

0x1400

0x1400

0x6200

.data

0x9000

0x409000

0xc0000040 (Initialized Data, Readable, Writable)

0x1a818

0x400

0x400

0x7600

.ndata

0x24000

0x424000

0xc0000080 (Uninitialized Data, Readable, Writable)

0x8000

0x0

0x0

0x0

.rsrc

0x2c000

0x42c000

0x40000040 (Readable)

0xa50

0xc00

0xc00

0x7a00

Total Number Of Sections (NumberOfSections): 5

PE Sections Statistics valid

PE imported functions suspect

| Function name: CopyFileA | RVA: 4225494 | HINT: 67 |
| Function name: Sleep | RVA: 4225388 | HINT: 854 |
| Function name: GetTickCount | RVA: 4225396 | HINT: 479 |
| Function name: CreateFileA | RVA: 4225412 | HINT: 83 |
| Function name: GetFileSize | RVA: 4225426 | HINT: 355 |
| Function name: GetModuleFileNameA | RVA: 4225440 | HINT: 381 |
| Function name: ReadFile | RVA: 4225462 | HINT: 693 |
| Function name: GetFileAttributesA | RVA: 4225344 | HINT: 350 |
| Function name: SetFileAttributesA | RVA: 4225366 | HINT: 793 |
| Function name: ExitProcess | RVA: 4225506 | HINT: 185 |
| Function name: SetEnvironmentVariableA | RVA: 4225520 | HINT: 787 |
| Function name: GetWindowsDirectoryA | RVA: 4225546 | HINT: 499 |
| Function name: GetTempPathA | RVA: 4225570 | HINT: 469 |
| Function name: GetCommandLineA | RVA: 4225586 | HINT: 272 |
| Function name: lstrlenA | RVA: 4225604 | HINT: 972 |
| Function name: GetVersion | RVA: 4225616 | HINT: 488 |
| Function name: GetCurrentProcess | RVA: 4225474 | HINT: 322 |
| Function name: GetFullPathNameA | RVA: 4225288 | HINT: 361 |
| Function name: GetDiskFreeSpaceA | RVA: 4225658 | HINT: 333 |
| Function name: GlobalUnlock | RVA: 4225678 | HINT: 522 |
| Function name: GlobalLock | RVA: 4225694 | HINT: 515 |
| Function name: CreateThread | RVA: 4225708 | HINT: 111 |
| Function name: GetLastError | RVA: 4225724 | HINT: 369 |
| Function name: CreateDirectoryA | RVA: 4225740 | HINT: 75 |
| Function name: CreateProcessA | RVA: 4225760 | HINT: 102 |
| Function name: RemoveDirectoryA | RVA: 4225778 | HINT: 708 |
| Function name: GetTempFileNameA | RVA: 4225798 | HINT: 467 |
| Function name: WriteFile | RVA: 4225818 | HINT: 932 |
| Function name: lstrcpyA | RVA: 4225830 | HINT: 966 |
| Function name: MoveFileExA | RVA: 4225842 | HINT: 623 |
| Function name: lstrcatA | RVA: 4225856 | HINT: 957 |
| Function name: GetSystemDirectoryA | RVA: 4225868 | HINT: 449 |
| Function name: GetProcAddress | RVA: 4225890 | HINT: 416 |
| Function name: CloseHandle | RVA: 4225208 | HINT: 52 |
| Function name: SetCurrentDirectoryA | RVA: 4225320 | HINT: 778 |
| Function name: MoveFileA | RVA: 4225308 | HINT: 622 |
| Function name: CompareFileTime | RVA: 4225236 | HINT: 57 |
| Function name: GetShortPathNameA | RVA: 4225268 | HINT: 437 |
| Function name: SearchPathA | RVA: 4225254 | HINT: 731 |
| Function name: lstrcmpiA | RVA: 4225196 | HINT: 963 |
| Function name: SetFileTime | RVA: 4225222 | HINT: 799 |
| Function name: lstrcmpA | RVA: 4225184 | HINT: 960 |
| Function name: ExpandEnvironmentStringsA | RVA: 4225156 | HINT: 188 |
| Function name: lstrcpynA | RVA: 4225646 | HINT: 969 |
| Function name: SetErrorMode | RVA: 4225630 | HINT: 789 |
| Function name: GlobalFree | RVA: 4225142 | HINT: 511 |
| Function name: FindFirstFileA | RVA: 4224888 | HINT: 210 |
| Function name: FindNextFileA | RVA: 4224906 | HINT: 220 |
| Function name: DeleteFileA | RVA: 4224874 | HINT: 131 |
| Function name: SetFilePointer | RVA: 4224934 | HINT: 795 |
| Function name: GetPrivateProfileStringA | RVA: 4224952 | HINT: 412 |
| Function name: FindClose | RVA: 4224922 | HINT: 206 |
| Function name: MultiByteToWideChar | RVA: 4225010 | HINT: 629 |
| Function name: FreeLibrary | RVA: 4225032 | HINT: 248 |
| Function name: MulDiv | RVA: 4224864 | HINT: 628 |
| Function name: WritePrivateProfileStringA | RVA: 4224980 | HINT: 937 |
| Function name: LoadLibraryExA | RVA: 4225046 | HINT: 595 |
| Function name: GetModuleHandleA | RVA: 4225064 | HINT: 383 |
| Function name: GetExitCodeProcess | RVA: 4225084 | HINT: 346 |
| Function name: WaitForSingleObject | RVA: 4225106 | HINT: 912 |
| Function name: GlobalAlloc | RVA: 4225128 | HINT: 504 |
| Function name: ScreenToClient | RVA: 4226440 | HINT: 561 |
| Function name: GetSystemMenu | RVA: 4226492 | HINT: 348 |
| Function name: SetClassLongA | RVA: 4226508 | HINT: 583 |
| Function name: IsWindowEnabled | RVA: 4226524 | HINT: 430 |
| Function name: SetWindowPos | RVA: 4226542 | HINT: 643 |
| Function name: GetSysColor | RVA: 4226558 | HINT: 346 |
| Function name: GetWindowLongA | RVA: 4226572 | HINT: 366 |
| Function name: SetCursor | RVA: 4226590 | HINT: 589 |
| Function name: LoadCursorA | RVA: 4226602 | HINT: 442 |
| Function name: CheckDlgButton | RVA: 4226616 | HINT: 56 |
| Function name: GetMessagePos | RVA: 4226634 | HINT: 316 |
| Function name: LoadBitmapA | RVA: 4226650 | HINT: 440 |
| Function name: CallWindowProcA | RVA: 4226664 | HINT: 27 |
| Function name: IsWindowVisible | RVA: 4226682 | HINT: 433 |
| Function name: CloseClipboard | RVA: 4226700 | HINT: 66 |
| Function name: SetClipboardData | RVA: 4226718 | HINT: 586 |
| Function name: EmptyClipboard | RVA: 4226738 | HINT: 193 |
| Function name: PostQuitMessage | RVA: 4226220 | HINT: 516 |
| Function name: GetWindowRect | RVA: 4226458 | HINT: 372 |
| Function name: EnableMenuItem | RVA: 4226474 | HINT: 194 |
| Function name: CreatePopupMenu | RVA: 4226804 | HINT: 94 |
| Function name: GetSystemMetrics | RVA: 4226822 | HINT: 349 |
| Function name: SetDlgItemTextA | RVA: 4226842 | HINT: 595 |
| Function name: GetDlgItemTextA | RVA: 4226860 | HINT: 275 |
| Function name: MessageBoxIndirectA | RVA: 4226878 | HINT: 482 |
| Function name: CharPrevA | RVA: 4226900 | HINT: 45 |
| Function name: DispatchMessageA | RVA: 4226912 | HINT: 161 |
| Function name: PeekMessageA | RVA: 4226932 | HINT: 512 |
| Function name: ReleaseDC | RVA: 4226056 | HINT: 554 |
| Function name: EnableWindow | RVA: 4226040 | HINT: 196 |
| Function name: InvalidateRect | RVA: 4226022 | HINT: 403 |
| Function name: SendMessageA | RVA: 4226006 | HINT: 571 |
| Function name: DefWindowProcA | RVA: 4225988 | HINT: 142 |
| Function name: BeginPaint | RVA: 4225974 | HINT: 13 |
| Function name: GetClientRect | RVA: 4225958 | HINT: 255 |
| Function name: FillRect | RVA: 4225946 | HINT: 226 |
| Function name: DrawTextA | RVA: 4225934 | HINT: 188 |
| Function name: EndDialog | RVA: 4226428 | HINT: 198 |
| Function name: RegisterClassA | RVA: 4226410 | HINT: 534 |
| Function name: SystemParametersInfoA | RVA: 4226386 | HINT: 665 |
| Function name: CreateWindowExA | RVA: 4226368 | HINT: 96 |
| Function name: GetClassInfoA | RVA: 4226352 | HINT: 246 |
| Function name: DialogBoxParamA | RVA: 4226334 | HINT: 158 |
| Function name: CharNextA | RVA: 4226322 | HINT: 42 |
| Function name: ExitWindowsEx | RVA: 4226306 | HINT: 225 |
| Function name: GetDC | RVA: 4226068 | HINT: 268 |
| Function name: CreateDialogParamA | RVA: 4226268 | HINT: 85 |
| Function name: SetTimer | RVA: 4226256 | HINT: 634 |
| Function name: GetDlgItem | RVA: 4226108 | HINT: 273 |
| Function name: SetWindowLongA | RVA: 4226090 | HINT: 640 |
| Function name: SetForegroundWindow | RVA: 4226198 | HINT: 599 |
| Function name: LoadImageA | RVA: 4226076 | HINT: 448 |
| Function name: IsWindow | RVA: 4226122 | HINT: 429 |
| Function name: SendMessageTimeoutA | RVA: 4226150 | HINT: 574 |
| Function name: FindWindowExA | RVA: 4226134 | HINT: 228 |
| Function name: OpenClipboard | RVA: 4226756 | HINT: 502 |
| Function name: TrackPopupMenu | RVA: 4226772 | HINT: 676 |
| Function name: AppendMenuA | RVA: 4226790 | HINT: 8 |
| Function name: EndPaint | RVA: 4225922 | HINT: 200 |
| Function name: DestroyWindow | RVA: 4226290 | HINT: 153 |
| Function name: wsprintfA | RVA: 4226172 | HINT: 727 |
| Function name: ShowWindow | RVA: 4226184 | HINT: 658 |
| Function name: SetWindowTextA | RVA: 4226238 | HINT: 646 |
| Function name: SelectObject | RVA: 4226960 | HINT: 526 |
| Function name: SetBkMode | RVA: 4226992 | HINT: 534 |
| Function name: CreateFontIndirectA | RVA: 4227004 | HINT: 58 |
| Function name: SetTextColor | RVA: 4226976 | HINT: 572 |
| Function name: DeleteObject | RVA: 4227048 | HINT: 143 |
| Function name: GetDeviceCaps | RVA: 4227064 | HINT: 363 |
| Function name: CreateBrushIndirect | RVA: 4227026 | HINT: 41 |
| Function name: SetBkColor | RVA: 4227080 | HINT: 533 |
| Function name: SHGetSpecialFolderLocation | RVA: 4227204 | HINT: 195 |
| Function name: SHGetPathFromIDListA | RVA: 4227180 | HINT: 188 |
| Function name: SHBrowseForFolderA | RVA: 4227158 | HINT: 121 |
| Function name: SHGetFileInfoA | RVA: 4227140 | HINT: 172 |
| Function name: ShellExecuteA | RVA: 4227124 | HINT: 263 |
| Function name: SHFileOperationA | RVA: 4227104 | HINT: 154 |
| Function name: RegDeleteKeyA | RVA: 4227364 | HINT: 468 |
| Function name: SetFileSecurityA | RVA: 4227464 | HINT: 558 |
| Function name: OpenProcessToken | RVA: 4227444 | HINT: 428 |
| Function name: LookupPrivilegeValueA | RVA: 4227420 | HINT: 335 |
| Function name: AdjustTokenPrivileges | RVA: 4227396 | HINT: 28 |
| Function name: RegOpenKeyExA | RVA: 4227380 | HINT: 492 |
| Function name: RegEnumValueA | RVA: 4227246 | HINT: 481 |
| Function name: RegDeleteValueA | RVA: 4227346 | HINT: 472 |
| Function name: RegCloseKey | RVA: 4227332 | HINT: 459 |
| Function name: RegCreateKeyExA | RVA: 4227314 | HINT: 465 |
| Function name: RegSetValueExA | RVA: 4227296 | HINT: 516 |
| Function name: RegQueryValueExA | RVA: 4227276 | HINT: 503 |
| Function name: RegEnumKeyA | RVA: 4227262 | HINT: 477 |
| Function name: ImageList_Create | RVA: 4227540 | HINT: 55 |
| Function name: ImageList_AddMasked | RVA: 4227518 | HINT: 52 |
| Function name: ImageList_Destroy | RVA: 4227498 | HINT: 56 |
| Function name: #17 | RVA: --- | HINT: --- |
| Function name: OleUninitialize | RVA: 4227594 | HINT: 261 |
| Function name: OleInitialize | RVA: 4227612 | HINT: 238 |
| Function name: CoTaskMemFree | RVA: 4227628 | HINT: 101 |
| Function name: CoCreateInstance | RVA: 4227574 | HINT: 16 |

Total Number of Imported Functions:  159  | Total Number of Libraries:  7  | Total Number of Blacklisted Functions:  24

PE Resources valid

ID Type Language Size \ Offset Entropy Hashes

1

RT_ICON

1033 (0)

0x2e8 \ 0x7b90

3.7499079333367

105

RT_DIALOG

1033 (0)

0x100 \ 0x7e78

4.0337869395253

106

RT_DIALOG

1033 (0)

0x11c \ 0x7f78

3.0195360330529

111

RT_DIALOG

1033 (0)

0x60 \ 0x8098

2.9464911452023

103

RT_GROUP_ICON

1033 (0)

0x14 \ 0x80f8

2.1709505944547

1

RT_MANIFEST

1033 (0)

0x340 \ 0x8110

3.6802796583405

Total Number of Resources: 6 | Total Size of Rsrc Section: 3072 | Total Entropy of Rsrc Section: 4.1898601031183 | Total Ratio of Rsrc Section: 0.073575549%

PE Opcodes Frequency & Anomalies Analyzer suspect

# Opcode Quantity of instruction Frequency of instruction Byte

2

AND

12

0.968523%

-)

3

CALL

191

15.415658%

-)

4

CMP

82

6.6182404%

-)

5

DEC

5

0.40355125%

-)

6

IMUL

1

0.080710247%

-)

7

INC

11

0.88781273%

-)

8

JA

1

0.080710247%

-)

9

JAE

2

0.16142049%

-)

10

JB

2

0.16142049%

-)

11

JBE

1

0.080710247%

-)

12

JGE

1

0.080710247%

-)

13

JL

1

0.080710247%

-)

14

JLE

2

0.16142049%

-)

15

JMP

29

2.3405972%

-)

16

JNZ

56

4.519774%

-)

17

JZ

60

4.8426151%

-)

18

LEA

13

1.0492332%

-)

19

LEAVE

1

0.080710247%

-)

20

MOV

177

14.285714%

-)

21

MOVSX

14

1.1299435%

-)

22

MOVZX

5

0.40355125%

-)

23

NEG

2

0.16142049%

-)

24

NOT

1

0.080710247%

-)

25

OR

17

1.3720742%

-)

26

POP

26

2.0984664%

-)

27

PUSH

406

32.76836%

-)

28

RET

15

1.2106538%

-)

29

SBB

1

0.080710247%

-)

30

SETZ

2

0.16142049%

-)

31

SHL

11

0.88781273%

-)

32

SHR

1

0.080710247%

-)

33

SUB

8

0.645682%

-)

34

TEST

44

3.5512509%

-)

35

XOR

17

1.3720742%

-)

Load more

Total Number Of Opcodes: 1239

Opcodes Frequency Chart

PE Dumped Strings suspect

# String Common

2

.text local path or dir

No

3

`.rdata local path or dir

No

4

@.data local path or dir

No

5

.ndata local path or dir

No

6

.rsrc local path or dir

No

13

s495L7B

Yes

24

PShr

Yes

25

jHjZW

Yes

30

PSWV

Yes

31

SQSSSPW

Yes

32

VQSPW

Yes

33

QVPW

Yes

34

SQVPW

Yes

45

PjdQ

Yes

48

Instu_

Yes

49

softuV

Yes

58

SVW3

Yes

61

u6Vh

Yes

62

tvSU

Yes

64

t-SW

Yes

74

SPSj0

Yes

83

SUVW

Yes

91

UUUUW

Yes

94

u49-

Yes

111

PWh5

Yes

114

u Pj

Yes

115

t0Pj

Yes

123

PShC

Yes

124

WPhQ

Yes

128

us9E

Yes

130

SShG

Yes

131

SPhP

Yes

132

j _W

Yes

133

WSh

Yes

134

SQhN

Yes

137

uYh

Yes

138

uDSSh

Yes

142

PPh6

Yes

147

SQPh

Yes

150

tc<.u local path or dir

No

151

tYVS

Yes

152

tK9u

Yes

156

QSVW

Yes

157

Wjd_

Yes

158

SUVW

Yes

160

PPPU

Yes

162

SVW3

Yes

172

Vu-3

Yes

175

UXTHEME

Yes

176

USERENV

Yes

Load more

Total Number of Strings: 507 |  Common strings: 474 | Danger strings: 33

Bytes Frequency Chart