Manalyze report for 33b6d21bf9068aec686b1006485eec32

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Apr-27 07:38:57
Detected languages	Chinese - PRC English - United States
Debug artifacts	C:\Users\Test\Documents\Visual Studio 2008\Projects\oosososo\x64\Debug\oosososo.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Has Internet access capabilities: WinHttpOpen WinHttpCloseHandle WinHttpSendRequest WinHttpOpenRequest WinHttpConnect WinHttpReadData WinHttpQueryDataAvailable WinHttpReceiveResponse`
Malicious	VirusTotal score: 38/71 (Scanned on 2024-05-04 02:58:30)	`ALYac: Trojan.Generic.35791427` `AVG: Win64:DropperX-gen [Drp]` `Antiy-AVL: Trojan/Win64.ShellCode` `Arcabit: Trojan.Generic.D2222243` `Avast: Win64:DropperX-gen [Drp]` `Avira: TR/Redcap.isogt` `BitDefender: Trojan.Generic.35791427` `Bkav: W64.AIDetectMalware` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.Generic.35791427 (B)` `F-Secure: Trojan.TR/Redcap.isogt` `FireEye: Trojan.Generic.35791427` `Fortinet: W32/PossibleThreat` `GData: Win64.Trojan.Agent.PJHLI6` `Google: Detected` `K7AntiVirus: Riskware ( 00584baa1 )` `K7GW: Riskware ( 00584baa1 )` `Kaspersky: Trojan.Win64.Shellcode.jr` `Kingsoft: Win32.Troj.Unknown.a` `Lionic: Trojan.Win32.Shellcode.4!c` `MAX: malware (ai score=88)` `Malwarebytes: Generic.Malware/Suspicious` `MaxSecure: Trojan.Malware.243303889.susgen` `McAfee: Artemis!33B6D21BF906` `MicroWorld-eScan: Trojan.Generic.35791427` `Microsoft: Trojan:Win32/Wacatac.A!ml` `Paloalto: generic.ml` `Rising: Trojan.Shellcode!8.2FDD (CLOUD)` `Sangfor: Trojan.Win32.Silverfox.ulgyzg` `Skyhigh: Artemis` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `TrendMicro-HouseCall: TROJ_GEN.R002H07E124` `VIPRE: Trojan.Generic.35791427` `Varist: W64/ABRisk.WRQQ-3055` `ZoneAlarm: Trojan.Win64.Shellcode.jr`

Hashes

MD5	`33b6d21bf9068aec686b1006485eec32`
SHA1	`d6009e8d0b2eb1b0ab1da873a9ef08bcec30ad75`
SHA256	`32cccbf06369a5afbb2a2b19386d0ba1c739a834f7f4af23267d7d2c15994c48`
SHA3	`e506c726bcff039f94a07a591e448715a9d47eb18dbd157f21ccab9036d9c39f`
SSDeep	`3072:wJnyhD/iADXKPjfMMukdRej6aDJR4XgC5UZ4x5:wJnCiMXSjMMu6aDL4QCV`
Imports Hash	`5dd2bc3389a1802bb0bb0142b8349186`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2024-Apr-27 07:38:57
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`9.0`
SizeOfCode	`0x22e00`
SizeOfInitializedData	`0xf400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000002A28 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x36000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`58f23311308c92c7672ad7a64470cb5d`
SHA1	`b5118a0598357476ca5658a13a5c86da2b5e9b88`
SHA256	`54fe15f1cb3434d31899be0e5e0f2ebfb409474f365aa75f33031c963bab7fa1`
SHA3	`f43c6c9c2809f99d5b9c8fe877869a700d4d916168cd65021e83e5d9d9f78452`
VirtualSize	`0x22c08`
VirtualAddress	`0x1000`
SizeOfRawData	`0x22e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.34219`

.rdata

MD5	`e2d781c89197b66db7d8e9a23a5a0c42`
SHA1	`4ab2e59c780c80e7cab283e4acccead36ba7621e`
SHA256	`9dd766559087e451fd37d9f7e14cc60c78907b74484805a5e65e98457f112948`
SHA3	`2a8f3cc27fda5627260c00443feabfbb7108a2668b1a530dd2b126ee3c2a0ba1`
VirtualSize	`0x7bce`
VirtualAddress	`0x24000`
SizeOfRawData	`0x7c00`
PointerToRawData	`0x23200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.01131`

.data

MD5	`6d3d275bde3015cb28c903f7154242f8`
SHA1	`62a86dc4c5c638793bc9dc8f7598b2eb2ca4d67a`
SHA256	`f57499221ed7dd4074333591d31e0fad8d0031ca7f1c1771f0ae536da8faacd4`
SHA3	`1470f04c03ddf37e1943ab265db393b4dd16233f7942bbdd29ae4526e412f429`
VirtualSize	`0x2b08`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x2ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.05685`

.pdata

MD5	`1d44f5d14d7e3b2430286d19faac1201`
SHA1	`ae8328bdc7d31bf1bee7a8350fdc5e84c34f9253`
SHA256	`e73ffaee852c0fc3c1ada6e4f0c51f6742a831631ca60c8a666367b99cb70545`
SHA3	`6fceb9e6a395319101227455c14f722118c04341445ef6a3f72c7455b885d3fa`
VirtualSize	`0x186c`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x2c400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.54582`

.idata

MD5	`2e98fec18fdfbe913d62966ed09b5a03`
SHA1	`67f17986106b21fafc54cbac0fb87fdf1340a0a6`
SHA256	`83b9e3441efce569e6f8385b35b97fcbc330a9dd542e1448ea45d463861cce64`
SHA3	`60dfc75f59e127836f4e31ade2ea94bfa6ac8740960b018e4b3a9eedc4ff28a4`
VirtualSize	`0x14c6`
VirtualAddress	`0x31000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x2de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.68722`

.rsrc

MD5	`e5818e4527ab03acdbee86005eb4ce3d`
SHA1	`48ee0ea00c73bd7e008353dddacd20407dd8acb3`
SHA256	`55250fce6a50c1a3398bba37d2fb4eaad693cafe9c62c32858acafadf6fd05c2`
SHA3	`3516ae5480220bae85907fa6a0ad6f346cd18b273efc8608dbd3d0893e8f99e2`
VirtualSize	`0x1573`
VirtualAddress	`0x33000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x2f400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.18415`

.reloc

MD5	`69827d855c35eaef20889b25cb365a02`
SHA1	`eed841ab368fd1a0b6168a50a294720ec4c2a1ed`
SHA256	`367ea134f9425f5e13d24d03a557c3f58917bbe0e727ad15683fc0a0130db948`
SHA3	`0115b057bfe1ea5e72f63cab5e666f16e8f0874cc7621c6f75f27d5508dbe4df`
VirtualSize	`0x5ef`
VirtualAddress	`0x35000`
SizeOfRawData	`0x600`
PointerToRawData	`0x30a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.63267`

Imports

KERNEL32.dll	`LocalReAlloc` `LocalSize` `LocalAlloc` `VirtualProtect` `GetTimeZoneInformation` `CompareStringW` `CompareStringA` `HeapReAlloc` `LCMapStringW` `LCMapStringA` `GetStringTypeW` `GetStringTypeA` `IsValidLocale` `EnumSystemLocalesA` `GetUserDefaultLCID` `GetTimeFormatA` `GetDateFormatA` `GetLocaleInfoA` `GetLocaleInfoW` `HeapSize` `IsValidCodePage` `GetOEMCP` `GetACP` `GetCPInfo` `VirtualQuery` `GetProcessHeap` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `GetTickCount` `QueryPerformanceCounter` `HeapDestroy` `HeapCreate` `HeapSetInformation` `GetStartupInfoA` `GetFileType` `GetModuleHandleW` `Sleep` `GetProcAddress` `ExitProcess` `GetStartupInfoW` `RaiseException` `IsDebuggerPresent` `DebugBreak` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `LoadLibraryA` `EncodePointer` `DecodePointer` `TlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `SetLastError` `GetCurrentThreadId` `GetLastError` `GetCurrentThread` `FlsAlloc` `WriteFile` `GetStdHandle` `GetModuleFileNameA` `DeleteCriticalSection` `LeaveCriticalSection` `FatalAppExitA` `EnterCriticalSection` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `RtlUnwindEx` `SetConsoleCtrlHandler` `FreeLibrary` `InitializeCriticalSectionAndSpinCount` `HeapAlloc` `RtlPcToFileHeader` `HeapFree` `GetModuleFileNameW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `SetHandleCount` `SetEnvironmentVariableA`
USER32.dll	`DispatchMessageW` `TranslateMessage` `TranslateAcceleratorW` `GetMessageW` `LoadAcceleratorsW` `LoadStringW` `MessageBoxA` `RegisterClassExW` `EndDialog` `DialogBoxParamW` `DestroyWindow` `DefWindowProcW` `BeginPaint` `EndPaint` `PostQuitMessage` `CreateWindowExW` `ShowWindow` `UpdateWindow` `LoadIconW` `LoadCursorW`
WINHTTP.dll	`WinHttpOpen` `WinHttpCloseHandle` `WinHttpSendRequest` `WinHttpOpenRequest` `WinHttpConnect` `WinHttpReadData` `WinHttpQueryDataAvailable` `WinHttpReceiveResponse`

Delayed Imports

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90866`
MD5	`26332975a1fd86235c5e0bcbb8c26869`
SHA1	`9f0f977feff4cbf445f5dd7d0c41f3a65c1dee31`
SHA256	`a836fb64732f1e0463aaedcb119cf001a4e18f581ad8e024053c3ff8696b53db`
SHA3	`3ea170f0946ae43e690a610bf200dea6f1887f92302cf1dcac67acf0e1e5d51a`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03088`
MD5	`c3fdba7e17ee50bb06cf74e3aaddcbf3`
SHA1	`c58a02d5e0945b567f98e3d431211ab3c2fbee1f`
SHA256	`bb9ee9a2acd324f1677b61382df2fd799e630827c9b984734765af0c4cbce16a`
SHA3	`73e62a763b9c4b2723998342390c77c8af85a8c5267d5d112124a9e9546845a0`

109

Type	`RT_MENU`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.24529`
MD5	`3768d661f1606dafe0bbd6dbcbb1aa50`
SHA1	`250a2f56a3becde33eceeb3ef69a502fc3bdfcca`
SHA256	`8f0d417b64215ec2f33379d29e91fbdcd15cd710652ef28e0478c7f4be0a030c`
SHA3	`e3cf07897350f1c39ad0376f00125782ae1786e1592554044d93e4f679f73935`

103

Type	`RT_DIALOG`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18005`
MD5	`69e03587db8538f7cdfbad80110da876`
SHA1	`3824f298bfa3ec2dc91144596184df63669cf033`
SHA256	`29dd2131359cd4ae6698ca8f2400809d8185c8306f71c1cfd613636c76964e3f`
SHA3	`2dc477f29aa3df76c219572afa7fea4bc27cf19f549d04a0774e640a9a79417e`

7

Type	`RT_STRING`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x40`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.4873`
MD5	`123253f6b8c2c5267fbf7fb363934f7f`
SHA1	`cd609c9e3178c979e7c403ea0e307ba56f221cac`
SHA256	`b97127969a286bd1ab0ee7cc668968a7161bc883722abf3f45a2b1281a1774e8`
SHA3	`cdf44a35df6ac16a53d3df8699e09cfd213da91a6e410c0336d72f90edf5d734`

109 (#2)

Type	`RT_ACCELERATOR`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.79879`
MD5	`3d2b1af3424dbcd504f73918619c7d99`
SHA1	`10d6ed54ea742211a14a05414883f6c00c03080a`
SHA256	`c2f0c188d6c493d7827bf83fb89c704815796445a0178bb2ae79658d96703a3c`
SHA3	`b8c5f28d2c132e5bc304e4dc1b314a3f32a2e48675c06828a2a8a014ea05e7fb`

129

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`c1c122f0803bda39a0a478b7f6f75954`
SHA1	`69dc2bcb5214afae0d924867d59ece9c0c0f1f64`
SHA256	`62b460dcfdda934b386205e7f4a16da00a73c2ca7f4ea9a396fb25537fb33b76`
SHA3	`ffeff2838ef20f5e9b000b10f6538617dbf201bb6d23fa2831e24c8652fc93c5`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x196`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.93317`
MD5	`7cb71b006fcdcf8ade80e31fd5ab8060`
SHA1	`655380fb2cca01b0ca707f748fc7dcf006732518`
SHA256	`be8918559280a2e74748bf8f6238b568ed7cbf75183b2180a6a8a979a1ebf243`
SHA3	`1a03e76e664cba5cc9c5b4570c991d3f72475aebcf3d870270d080dcf1246092`

String Table contents

oosososo
OOSOSOSO

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2024-Apr-27 07:38:56
Version	`0.0`
SizeofData	`108`
AddressOfRawData	`0x28e28`
PointerToRawData	`0x28028`
Referenced File	C:\Users\Test\Documents\Visual Studio 2008\Projects\oosososo\x64\Debug\oosososo.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x43c1531e`
Unmarked objects	`0`
C objects (VS2008 build 21022)	`74`
ASM objects (VS2008 build 21022)	`9`
Imports (VS2012 build 50727 / VS2005 build 50727)	`7`
Total imports	`113`
C++ objects (VS2008 build 21022)	`39`
Linker (VS2008 build 21022)	`1`
151	`1`
Resource objects (VS2008 build 21022)	`1`

33b6d21bf9068aec686b1006485eec32

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.idata

.rsrc

.reloc

Imports

Delayed Imports

1

2

109

103

7

109 (#2)

129

1 (#2)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors