Manalyzer :: 268fe404496426795e79748c755e481d33161906e1404a3c9bd3a5233688c1c3

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1998-Oct-01 14:55:15

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++`
Info	Interesting strings found in the binary:	`Contains domain names: http://www.zone.com http://www.zone.com/asp/aeepredir.asp http://www.zone.com/asp/aoferedir.asp www.zone.com`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCreateKeyExA RegSetValueExA`
Malicious	VirusTotal score: 15/66 (Scanned on 2026-05-08 20:35:15)	`CAT-QuickHeal: Trojan.ICGENERIC` `CTX: exe.trojan.seveneleven` `DeepInstinct: MALICIOUS` `DrWeb: BackDoor.SevenEleven.74` `Fortinet: PossibleThreat` `Google: Detected` `Ikarus: Gen:Malware` `Jiangmin: Trojan/Generic.tbul` `Lionic: Trojan.Win32.SevenEleven.4!c` `McAfeeD: ti!268FE4044964` `NANO-Antivirus: Trojan.Win32.Legmir.bbszom` `Paloalto: generic.ml` `VBA32: Backdoor.SevenEleven` `Yandex: Backdoor.SevenEleven!o7XldCSaC68` `alibabacloud: Suspicious`

Hashes

MD5	`5138c8becf9e02d4eeb59f3765ded178`
SHA1	`dc724770ece8907fbb7e211b933b649af73056e7`
SHA256	`268fe404496426795e79748c755e481d33161906e1404a3c9bd3a5233688c1c3`
SHA3	`135ce7121fa46ea642e627fa85c20c263d9854c02a9f6a602c9a732678677ded`
SSDeep	`384:67GRxdGLbl1fwzeV9TtHv5Z8kXILp+hZobru/agrtix:y2uoertHvHtXIYSrAZti`
Imports Hash	`d77d5c2f7dd7bf1a703047b7ccefb656`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	1998-Oct-01 14:55:15
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`5.0`
SizeOfCode	`0x3e00`
SizeOfInitializedData	`0x4c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000017C0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x5000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xc000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4fc254d13ce2e760642add8bde723ba0`
SHA1	`d858375adba00add72b4f959ed5da41caf7569ac`
SHA256	`28652347b13a3785b1fbe6f630590e7af934784d18d59fbaac7898873905d53d`
SHA3	`b7066996be4158cd4695340eab1b408d918e58d2b15d5a6518e100c52f9e40cb`
VirtualSize	`0x3c46`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.32792`

.rdata

MD5	`7cdb7a618222cefe89a3178893a3bcc3`
SHA1	`749f7543b17592a4b8625157a78f4687edf00323`
SHA256	`69d635deaa1de7f0888c5236492647dbbdfa410d5ae39a97a8ff4958484f57df`
SHA3	`4ab1bcee6a881a3dff5360b0906344d05127c8f73fa6a2cb9c8c5552c0c8ee85`
VirtualSize	`0x3af`
VirtualAddress	`0x5000`
SizeOfRawData	`0x400`
PointerToRawData	`0x4200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.91295`

.data

MD5	`68c763fa92aff261db002e7371063118`
SHA1	`fa52846293d58c385d858ee76a67b832369be25a`
SHA256	`d425d711792de1a70365eb0707c0a67a0f0aa9749fd1ef22a038a1914b05c789`
SHA3	`32136f858bf82701671f01c80b413b1b78a7efd5d5fb7b45e93b92675d35f86f`
VirtualSize	`0x4088`
VirtualAddress	`0x6000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.21721`

.idata

MD5	`5432028fbdfd7bd96bec15c7d8cbb3a1`
SHA1	`06dbdf12a2be0dc1f9a78d39f6803aaeae4a9d8d`
SHA256	`0fd186d42b904d9ee3baf13164c3b50a09d813d957716cba307d80d14607f3c0`
SHA3	`cf5bcad792f54039ea9d3a3bedc0a0c793bc0acd8b7f55b9b69689a5ed5fc825`
VirtualSize	`0x476`
VirtualAddress	`0xb000`
SizeOfRawData	`0x600`
PointerToRawData	`0x7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.0337`

Imports

KERNEL32.dll	`GetCurrentDirectoryA` `ExitProcess` `CloseHandle` `WideCharToMultiByte` `SetHandleCount` `GetOEMCP` `SetStdHandle` `GetCommandLineA` `GetVersion` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `GetModuleFileNameA` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `GetEnvironmentStringsW` `Sleep` `GetCPInfo` `GetACP` `SetFilePointer` `WriteFile` `GetStdHandle` `GetFileType` `GetStartupInfoA` `HeapDestroy` `HeapCreate` `VirtualFree` `RtlUnwind` `HeapAlloc` `HeapFree` `VirtualAlloc` `GetProcAddress` `LoadLibraryA` `GetLastError` `FlushFileBuffers`
USER32.dll	`wsprintfA` `MessageBoxA`
ADVAPI32.dll	`RegCreateKeyExA` `RegSetValueExA`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.