Amtemu 2024 painter exe Trojan Agent File Malware Analysis: 8abdc20f619641e29aa9ad2b999a0dcc

Amtemu 2024 painter.exe Trojan Agent Analysis

Updated 9 months ago

Checked by Malware Check

amtemu 2024 painter.exe

Hash Type	Value	Action
MD5	8abdc20f619641e29aa9ad2b999a0dcc
SHA1	caad125358d2ae6d217e74cfcd175ac81c43c729
SHA256	cdc95d0113a2af05c2e70fab23f6c218ae583ebcb47077dd5b705a476f9d6b96
SHA512	90999eb0bcb76a3d21e63565e332f1ac8a6fbc1e3dfe147c4ba2b5f8c542e21da3a43df9f5074eb7f7107e0e66d48e21cedda568fa1960502645f1b358d1550e
ImpHash	0dd4c5c4026614be286972a515638ec5

Hash Type

Value

Action

MD5

8abdc20f619641e29aa9ad2b999a0dcc

SHA1

caad125358d2ae6d217e74cfcd175ac81c43c729

SHA256

cdc95d0113a2af05c2e70fab23f6c218ae583ebcb47077dd5b705a476f9d6b96

SHA512

90999eb0bcb76a3d21e63565e332f1ac8a6fbc1e3dfe147c4ba2b5f8c542e21da3a43df9f5074eb7f7107e0e66d48e21cedda568fa1960502645f1b358d1550e

ImpHash

0dd4c5c4026614be286972a515638ec5

PE Analysis

Basic Information

▼

Icon	Hash: dafe9b6c23769c276b2fece1114407e8 Fuzzy: d8dabda36ce14f6227e44170c19f7685 dHash: 8eb2d8d8e4e0b28e
Image Base	`0x00400000`
Entry Point	`0x0064723f`
Compilation Time	1992-06-19 22:22:17
Checksum	0x00000000 (Actual: 0x00264a6f)
OS Version	5.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows`
Digital Signature	The PE file does not contain a certificate table.
Imports	10 libraries kernel32, user32, advapi32, oleaut32, version, gdi32, ole32, comctl32, shell32, comdlg32
Exports	0 functions
Resources	7 Resources
Sections	10 Sections

Version Information

▼

CompanyName	PainteR
FileDescription	ProxyEmu
FileVersion	0.9.2.0
InternalName	ProxyEmu
OriginalFilename	emuext.exe
LegalCopyright	painter
ProductName	ProxyEmu
ProductVersion	0.9.2.0
Translation	0x0419 0x04b0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`CODE`	`0x00001000`	1,128,704 bytes	1,128,960 bytes	6.53 (Compressed)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`29DE39DDC84D3E785EBFDCCBD6FAF7E6`
`DATA`	`0x00115000`	88,972 bytes	89,088 bytes	7.15 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`9A741C4D302EDF27A7516DCF6AEB8970`
`BSS`	`0x0012b000`	4,541 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.idata`	`0x0012d000`	10,676 bytes	10,752 bytes	5.09 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`BF49AEC44E8BDD743D3A48BACBD04B99`
`.tls`	`0x00130000`	16 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.rdata`	`0x00131000`	24 bytes	512 bytes	0.16 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_SHARED\|IMAGE_SCN_MEM_READ`	`DD5B4ECD178E5866934D5E7368CA8415`
`.pr0`	`0x00132000`	1,128,246 bytes	1,128,448 bytes	7.91 (Packed/Encrypted)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`CF4188CE38E74A5EE61B1FE69FA88776`
`.pr1`	`0x00246000`	60,761 bytes	60,928 bytes	7.21 (Compressed)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`CC12FADD0FF200D66B02CAA78AA0D5B3`
`.reloc`	`0x00255000`	62,464 bytes	62,464 bytes	6.68 (Compressed)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_SHARED\|IMAGE_SCN_MEM_READ`	`8F2716D046661B928F420FB6B2561CB3`
`.rsrc`	`0x00265000`	24,210 bytes	24,576 bytes	6.02 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_SHARED\|IMAGE_SCN_MEM_READ`	`D6AB8B4B7DBE61A34789C0816B6D3378`

Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

4 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 7 (23,740 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	4	21,612 bytes	91%
RT_GROUP_ICON	1	62 bytes	0.3%
RT_VERSION	1	648 bytes	2.7%
RT_MANIFEST	1	1,418 bytes	6%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

File Name	amtemu 2024 painter.exe
File Type	PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version	1.0.190.174
Database Version	2024-09-21 01:00:20 UTC

Amtemu 2024 painter.exe Trojan Agent Analysis

Technical Analysis

Trojan.Win32.Agent.dg

Scan Another File

File Identification