Manalyze report for 3fd0a7521493d08e5ce6d6cdf4119388e2aa4914a99b50c3fa1e3db38ace6eca

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2072-Mar-12 14:44:29
Debug artifacts	C:\project\wowpaper-app\WOWpaper\obj\x64\Release\Wowpaper.pdb
Comments
CompanyName	ROSTPAY LTD
FileDescription	Wowpaper
FileVersion	`1.1.6.0`
InternalName	Wowpaper.exe
LegalCopyright	Â© ROSTPAY LTD. All rights reserved.
LegalTrademarks
OriginalFilename	Wowpaper.exe
ProductName	Wowpaper
ProductVersion	`1.1.6.0`
Assembly Version	1.1.6.0

Plugin Output

Info	Interesting strings found in the binary:	Contains domain names: Language.de Language.es Language.fr Language.ru Wowpaper.Language.de Wowpaper.Language.es Wowpaper.Language.fr Wowpaper.Language.ru analytics.com api.wowpaper.net google-analytics.com http://schemas.microsoft.com http://schemas.microsoft.com/expression/blend/2008 http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation http://schemas.microsoft.com/winfx/2006/xaml/presentation' http://schemas.openxmlformats.org http://schemas.openxmlformats.org/markup-compatibility/2006 https://api.wowpaper.net https://api.wowpaper.net/settings?locale https://api.wowpaper.net/wallpapers/categories?locale https://api.wowpaper.net/wallpapers/images/ https://api.wowpaper.net/wallpapers/images?locale https://www.google-analytics.com https://www.google-analytics.com/mp/collect?api_secret https://www.wowpaper.net microsoft.com openxmlformats.org schemas.microsoft.com schemas.openxmlformats.org wowpaper.net www.google-analytics.com www.wowpaper.net
Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Info	The PE is digitally signed.	`Signer: ROSTPAY LLC` `Issuer: GlobalSign GCC R45 EV CodeSigning CA 2020`
Malicious	VirusTotal score: 9/72 (Scanned on 2025-11-05 11:28:49)	`DeepInstinct: MALICIOUS` `DrWeb: Program.Unwanted.5651` `Gridinsoft: PUP.Win64.Rostpay.vl!c` `Kaspersky: not-a-virus:HEUR:Downloader.MSIL.RostDown.gen` `Malwarebytes: PUP.Optional.Rostpay` `MaxSecure: Trojan.Malware.449800559.susgen` `Microsoft: PUABundler:Win32/Rostpay` `Rising: PUA.Rostpay@XH.07B3 (CERT:4lOl8YRgZobIVvCrGXnXbA)` `alibabacloud: Trojan[downloader]:MSIL/Rostpay.Gen`

Hashes

MD5	`82d066bcb620057effbf4ebb760d05cd`
SHA1	`cb6793af95f875eaf3445352891065e88d4bd24e`
SHA256	`3fd0a7521493d08e5ce6d6cdf4119388e2aa4914a99b50c3fa1e3db38ace6eca`
SHA3	`85a67027939943503c804aeffd244411b23d0103570ef9a2effdd9c0f50f542b`
SSDeep	`24576:P+Q+mkRUtM+ZabM5bjdUZabM5bjdTDZabM5bjdV:RyUtM+ZabkbWZabkb1Zabkbj`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`2`
TimeDateStamp	2072-Mar-12 14:44:29
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`48.0`
SizeOfCode	`0xc1c00`
SizeOfInitializedData	`0x2ea00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000000000 (Section: ?)`
BaseOfCode	`0x2000`
ImageBase	`0x140000000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xf4000`
SizeOfHeaders	`0x200`
Checksum	`0xf6b89`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f03e8be1f6241eac97dd7a5eca9b3b64`
SHA1	`ee85afc65cf0f795328a3237d7213f155d838d29`
SHA256	`3f797ab5f5f84999497bb88e8ecb37fb2df821bfa9d4ad263f335a5eacb454a6`
SHA3	`fa70b5132996c3dfea15374e547bb73655b7c7351e3f6d9a93e7369c4ca0ed61`
VirtualSize	`0xc1a8e`
VirtualAddress	`0x2000`
SizeOfRawData	`0xc1c00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.20374`

.rsrc

MD5	`20242920acee3d63f36f42a499b943d8`
SHA1	`2a5097eb548e1c91f256b95615306a5e1f6221c6`
SHA256	`01154735bc8c5dd27785acee2e8b4d2cca08bc54daef7416e05d734e16d3e0eb`
SHA3	`00962eda969d9cba3eb5ba5974fbb28a85056878a14f081187a88ed5c19356b3`
VirtualSize	`0x2e910`
VirtualAddress	`0xc4000`
SizeOfRawData	`0x2ea00`
PointerToRawData	`0xc1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.30253`

Imports

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e288`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.30277`
MD5	`af91320eda552bf31daad5de5907a1c0`
SHA1	`037a93db5b6330e5bfa9b1530d85994f80dce0b3`
SHA256	`f89db5c0d645273d7a8874ead210e6ffb1a9a9836a4dbaa2331361eee7a628aa`
SHA3	`7338228ecfddd51a5fdbe6ed1ad3bdcc33baf9e1fe603cdc3b1cb67655e97b75`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.01924`
Detected Filetype	Icon file
MD5	`9f3225235c709976b9235afed501ffe8`
SHA1	`51c5f446e27a8f03a8cac082b92431a656b3f414`
SHA256	`f8a11423c02486f65dd3635f1c26605313472ebf97f2a5758d600fe20d9d390b`
SHA3	`7dd29039e130f8b933982220efc8dd2741c4e6296c8ab1e2cabae9b18d1554f1`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x354`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.36648`
MD5	`8019993f994e84bce5be362840f3cf0e`
SHA1	`a0861b1aca7537189dc08624d4090126d71da4dd`
SHA256	`2c0ca5c67765193db91c41b388586fa2aefe38dcc931470a769254e10dc92241`
SHA3	`af76753c356843ebed8d812f8f93e4a5744999596aa82b60d4122c68da0d0c4b`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1.6.0
ProductVersion	1.1.6.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	ROSTPAY LTD
FileDescription	Wowpaper
FileVersion (#2)	1.1.6.0
InternalName	Wowpaper.exe
LegalCopyright	Â© ROSTPAY LTD. All rights reserved.
LegalTrademarks
OriginalFilename	Wowpaper.exe
ProductName	Wowpaper
ProductVersion (#2)	1.1.6.0
Assembly Version	1.1.6.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2053-Jun-15 07:18:08
Version	`0.0`
SizeofData	`86`
AddressOfRawData	`0xc3a38`
PointerToRawData	`0xc1c38`
Referenced File	C:\project\wowpaper-app\WOWpaper\obj\x64\Release\Wowpaper.pdb

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.