AimFury™ exe Backdoor Gen File Malware Analysis: 1a3d9c72a38acc8beefca80f67ab0908

AimFury™.exe Backdoor Gen Analysis

Updated 10 months ago

Checked by Malware Check

AimFury™.exe

Hash Type	Value	Action
MD5	1a3d9c72a38acc8beefca80f67ab0908
SHA1	ee86f2337970bf519d0b84af7fa7a78aabe29371
SHA256	5774a907f209476fa79a3709791c9421875c16ebac1c4cede99bbcbc60fec685
SHA512	1059ce673495c271484442aa32b57c494a37f7942e6472dcd21029d8a75ebacccddbb992ca3f593121c7888bf363703796bc0161e7a7913f8748c51c081d6812
ImpHash	ac3c6fd357d51c8e5c1264fe730abdac

Hash Type

Value

Action

MD5

1a3d9c72a38acc8beefca80f67ab0908

SHA1

ee86f2337970bf519d0b84af7fa7a78aabe29371

SHA256

5774a907f209476fa79a3709791c9421875c16ebac1c4cede99bbcbc60fec685

SHA512

1059ce673495c271484442aa32b57c494a37f7942e6472dcd21029d8a75ebacccddbb992ca3f593121c7888bf363703796bc0161e7a7913f8748c51c081d6812

ImpHash

ac3c6fd357d51c8e5c1264fe730abdac

PE Analysis

Basic Information

▼

Icon	Hash: b05afd04882d2fd936fe53232c4872a7 Fuzzy: f63c14224a043a153e02fa4221849f6d dHash: 30f0f0b2b296f030
Image Base	`0x00400000`
Entry Point	`0x00666ce0`
Compilation Time	2023-01-09 03:53:03
Checksum	0x00000000 (Actual: 0x056cb469)
OS Version	6.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows`
Digital Signature	The PE file does not contain a certificate table.
Imports	13 libraries
Exports	3 functions
Resources	84 Resources
Sections	11 Sections

Version Information

▼

CompanyName	Unknown
FileDescription	Installation
FileVersion	1.0.0.0
LegalCopyright	(c)
ProductName	Setup
ProductVersion	1.0.0.0
ProgramID	com.embarcadero.Setup
Translation	0x0409 0x04e4

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	2,503,104 bytes	2,503,168 bytes	6.48 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`BEEAA2BE3E1E8FDC3798EABB483D7657`
`.itext`	`0x00265000`	7,504 bytes	7,680 bytes	6.31 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`57C41D5453C6AE40E5DFA6B4479B046E`
`.data`	`0x00267000`	42,372 bytes	42,496 bytes	6.20 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`EBBB56D61F6D82E37C8ACC034ABD9FDA`
`.bss`	`0x00272000`	28,300 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.idata`	`0x00279000`	14,654 bytes	14,848 bytes	5.26 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`01605F3352920CF933E5B2EF96626907`
`.didata`	`0x0027d000`	3,260 bytes	3,584 bytes	4.14 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`21A59B6E69B0CA4FDCC69514C00FB45F`
`.edata`	`0x0027e000`	151 bytes	512 bytes	1.85 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`075ECC59CBDD0BA98D3D73103ED83CAE`
`.tls`	`0x0027f000`	84 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.rdata`	`0x00280000`	93 bytes	512 bytes	1.38 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`EAA6E6BAD2590D62D8ED589E13796B9E`
`.reloc`	`0x00281000`	215,648 bytes	216,064 bytes	6.72 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`66FF852918622F50261C07492BEDD57E`
`.rsrc`	`0x002b6000`	169,856 bytes	169,984 bytes	7.08 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`5AC258C245AA4E3AE6339B70EBFEC6D6`

Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 84 (164,682 bytes)

Resource Type	Count	Total Size	Percentage
RT_CURSOR	7	2,156 bytes	1.3%
RT_BITMAP	11	2,304 bytes	1.4%
RT_ICON	1	19,855 bytes	12.1%
RT_STRING	26	20,388 bytes	12.4%
RT_RCDATA	29	117,553 bytes	71.4%
RT_GROUP_CURSOR	7	140 bytes	0.1%
RT_GROUP_ICON	1	20 bytes	0%
RT_VERSION	1	596 bytes	0.4%
RT_MANIFEST	1	1,670 bytes	1%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

File Name	AimFury™.exe
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version	1.0.183.174
Database Version	2024-08-05 21:00:33 UTC

AimFury™.exe Backdoor Gen Analysis

Technical Analysis

Backdoor.Win32.Gen.ns

Scan Another File

File Identification