File name: | Verware (1).exe |
Full analysis: | https://app.any.run/tasks/50ccfcc7-42e8-4c7b-aa37-d4cfec865ac8 |
Verdict: | Malicious activity |
Analysis date: | February 22, 2020, 00:20:24 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows |
MD5: | CFF294F74B42B78253B48749DB747827 |
SHA1: | E33ECC2CD0B4CAF67BB8342320810065D3EDADE8 |
SHA256: | EF266467559A9A61C93BE39D9366551A9CA405C16D5577BFB69FF53A342057BF |
SSDEEP: | 1536:+hXlXTRSkKbrMWUdqxhmf8Nrozzz4mhcth2AwVcl:+jXdKbwJdq3m0NMzzz4mhctgAqY |
.exe | | | Generic CIL Executable (.NET, Mono, etc.) (82.9) |
---|---|---|
.dll | | | Win32 Dynamic Link Library (generic) (7.4) |
.exe | | | Win32 Executable (generic) (5.1) |
.exe | | | Generic Win/DOS Executable (2.2) |
.exe | | | DOS Executable Generic (2.2) |
MachineType: | Intel 386 or later, and compatibles |
---|---|
TimeStamp: | 2091:07:12 06:52:28+02:00 |
PEType: | PE32 |
LinkerVersion: | 48 |
CodeSize: | 20480 |
InitializedDataSize: | 274432 |
UninitializedDataSize: | - |
EntryPoint: | 0x6f3e |
OSVersion: | 4 |
ImageVersion: | - |
SubsystemVersion: | 4 |
Subsystem: | Windows command line |
FileVersionNumber: | 7.7.7.7 |
ProductVersionNumber: | 7.7.7.7 |
FileFlagsMask: | 0x003f |
FileFlags: | (none) |
FileOS: | Win32 |
ObjectFileType: | Executable application |
FileSubtype: | - |
LanguageCode: | Neutral |
CharacterSet: | Unicode |
Comments: | A HWID Spoofer for many games. |
CompanyName: | Reco / Verware |
FileDescription: | Verware Spoofer |
FileVersion: | 7.7.7.7 |
InternalName: | Verware.exe |
LegalCopyright: | Copyright © 2020 |
LegalTrademarks: | - |
OriginalFileName: | Verware.exe |
ProductName: | Verware Spoofer v1.5 |
ProductVersion: | 7.7.7.7 |
AssemblyVersion: | 1.5.0.0 |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_CUI |
Compilation Date: | 05-Jun-1955 22:24:12 |
Comments: | A HWID Spoofer for many games. |
CompanyName: | Reco / Verware |
FileDescription: | Verware Spoofer |
FileVersion: | 7.7.7.7 |
InternalName: | Verware.exe |
LegalCopyright: | Copyright © 2020 |
LegalTrademarks: | - |
OriginalFilename: | Verware.exe |
ProductName: | Verware Spoofer v1.5 |
ProductVersion: | 7.7.7.7 |
Assembly Version: | 1.5.0.0 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000080 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 3 |
Time date stamp: | 05-Jun-1955 22:24:12 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00002000 | 0x00004F44 | 0x00005000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.7251 |
.rsrc | 0x00008000 | 0x00042D60 | 0x00042E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 2.3409 |
.reloc | 0x0004C000 | 0x0000000C | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.0815394 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.00772 | 3168 | UNKNOWN | UNKNOWN | RT_MANIFEST |
32512 | 2.01924 | 20 | UNKNOWN | UNKNOWN | RT_GROUP_ICON |
mscoree.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3052 | "C:\Users\admin\AppData\Local\Temp\Verware (1).exe" | C:\Users\admin\AppData\Local\Temp\Verware (1).exe | — | explorer.exe |
User: admin Company: Reco / Verware Integrity Level: MEDIUM Description: Verware Spoofer Exit code: 3221226540 Version: 7.7.7.7 | ||||
4080 | "C:\Users\admin\AppData\Local\Temp\Verware (1).exe" | C:\Users\admin\AppData\Local\Temp\Verware (1).exe | explorer.exe | |
User: admin Company: Reco / Verware Integrity Level: HIGH Description: Verware Spoofer Exit code: 3762504530 Version: 7.7.7.7 | ||||
4008 | "C:\Windows\IME\bioss.exe" | C:\Windows\IME\bioss.exe | — | Verware (1).exe |
User: admin Company: versine Integrity Level: HIGH Description: versine Exit code: 0 Version: 0.0.3.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
4080 | Verware (1).exe | C:\Windows\IME\driver.sys | executable | |
MD5:33605E9084AF0F6308142A1B2AC7B817 | SHA256:AE1DAA957DE042A5A0CBBAAD0D4945321E1584F3571BFFA1A5CE7EA2AC125F15 | |||
4080 | Verware (1).exe | C:\Windows\IME\bioss.exe | executable | |
MD5:93F6D822CF60EF27FFB8297BF57E6FAD | SHA256:AF1E7D2D95C81F3EC8ADC13C60C7F0D375DF7A6A3E556CA65A0B94EDA055F096 | |||
4080 | Verware (1).exe | C:\Windows\IME\mapper.exe | executable | |
MD5:B7B1949AB22C64C1D42D31B3E9812927 | SHA256:B2805704DA2BFD1CE80713B6427E0864E441F53188164E2508CDF6A6496D212D |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4080 | Verware (1).exe | 162.159.133.233:443 | cdn.discordapp.com | Cloudflare Inc | — | shared |
Domain | IP | Reputation |
---|---|---|
cdn.discordapp.com |
| shared |