Manalyze report for 4b9177775a426f515ae92369021c0d6b41e4de2fb14785302e7a4084f10f2026

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-May-08 12:25:08
Detected languages	English - United States Russian - Russia

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .10C` `Unusual section name found: .4Hu` `Unusual section name found: .BBB`
Suspicious	The PE contains functions most legitimate programs don't use.	`Can access the registry: RegDeleteKeyA` `Possibly launches other programs: ShellExecuteA` `Leverages the raw socket API to access the Internet: htons` `Manipulates other processes: EnumProcessModules`
Info	The PE is digitally signed.	`Signer: IP Savin Aleksei Aleksandrovich` `Issuer: GlobalSign GCC R45 CodeSigning CA 2020`
Malicious	VirusTotal score: 5/71 (Scanned on 2026-05-20 03:15:26)	`Bkav: W32.Malware.6C8404B0` `CrowdStrike: win/malicious_confidence_70% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `VBA32: Malware-Cryptor.Inject.gen`

Hashes

MD5	`cdebd3ac91655e4bbf27ecdb1c70130c`
SHA1	`6b10c404ba41000b80ca531723164c5f22f7b693`
SHA256	`4b9177775a426f515ae92369021c0d6b41e4de2fb14785302e7a4084f10f2026`
SHA3	`e76bc5898c6d22716a1b5889f5e0ecd614a35ab5570564a8d7b04f68d2d604d0`
SSDeep	`196608:6ekCdhRD/c7oOPoBIOfSwVWBZuIc3U1GviVOy5i6M2e5qCoYYCDafdmF:pkCQkHVKkI4BKV7i6M2iJaQF`
Imports Hash	`b951c9deccbe705a778e14b5f61d9ea8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2026-May-08 12:25:08
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x332000`
SizeOfInitializedData	`0x12b000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00CF4D9C (Section: .BBB)`
BaseOfCode	`0x1000`
BaseOfData	`0x333000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x1448000`
SizeOfHeaders	`0x1000`
Checksum	`0xaa7026`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x331eb3`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xfad16`
VirtualAddress	`0x333000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xd1bc`
VirtualAddress	`0x42e000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.10C

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x573ef5`
VirtualAddress	`0x43c000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.4Hu

MD5	`90d1742985b990cb9f3dff432966d8af`
SHA1	`810dafb1d2fe5b9927d2356a0ae01c73194b5170`
SHA256	`4bccfaa98e1949779103400f0c2b6adbdf53b8e65aaebffcc7221f8edb3629d3`
SHA3	`316662783b61728402d47e89f2675f48c607c93eb676bff4b1618e84806ced79`
VirtualSize	`0x70`
VirtualAddress	`0x9b0000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.124999`

.BBB

MD5	`74520434bbe9c0074105d13f5f81949a`
SHA1	`f4a0280b7b8d04ebe0335d2085a0a1673cf8308a`
SHA256	`c2b16784536846c6835e9b5e437aa907ff4f908b341a376d4b69d55bdcd8c09c`
SHA3	`0c24312fc1ade2e8c3a166cabe2ed7892a213b733f081ead0db2539039bd8c29`
VirtualSize	`0xa7058c`
VirtualAddress	`0x9b1000`
SizeOfRawData	`0xa71000`
PointerToRawData	`0x2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.91685`

.rsrc

MD5	`042b4f0d883c2b4bf1f73670459cc5eb`
SHA1	`99a5327e14b19ba4c119238a22c82e7f1cfde8b0`
SHA256	`bb6b232277128fbf8dfeb18e8b379083e18ad431c63102d39e4626729d077d5c`
SHA3	`7f517e18a185ab26986e984a677cb9739d3a751a91b9af00a059d7adefb4e591`
VirtualSize	`0x25840`
VirtualAddress	`0x1422000`
SizeOfRawData	`0x26000`
PointerToRawData	`0xa73000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.37355`

Imports

WS2_32.dll	`htons`
SHLWAPI.dll	`StrStrW`
WININET.dll	`HttpSendRequestA`
PSAPI.DLL	`EnumProcessModules`
KERNEL32.dll	`GetVersionExA` `GetVersionExW`
USER32.dll	`BeginPaint`
GDI32.dll	`PatBlt`
ADVAPI32.dll	`RegDeleteKeyA`
SHELL32.dll	`ShellExecuteA`
WINMM.dll	`timeBeginPeriod`

Delayed Imports

1

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0xc8ce`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.98703`
Detected Filetype	PNG graphic file
MD5	`d67719fb1425286759cadab1efb97f85`
SHA1	`e6cefb7c7b669428db0fb5da04d34b264dc56416`
SHA256	`32081a31def2963f8c84cd3afca335d270449a5db606a82c532e3dcf41294620`
SHA3	`57d74e51d2ad84b24785ae75b50e7add7f4da29f13a72b80f261a95f8eeedc20`

2

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.85609`
MD5	`34703aa1493d5f758f28ac4310ca88a1`
SHA1	`3ae0d8b8ac3e05b9ff441ec1e12ecf8a846cced3`
SHA256	`78b51ad77e045d862eae7dd9d1d40c0bc45746d94785b98cbc85cd1c1776b4b4`
SHA3	`5da90d05d6a508d724f728597658d914a1460c1410f1f114236a7f2a921b8d24`

3

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.34338`
MD5	`9943603a3ac6cf8632a8f30580b84fd5`
SHA1	`aa3803522cfaab63d794e4c0caf0c9c21316c34e`
SHA256	`b448094c7a42408ec58e213e1c2f99c30e4bee671a4ca4841f5f19eba1698d08`
SHA3	`7c9c79178a15085920fec12ff4248efa85ee5772f503c9756f44bb0d6843d014`

4

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.26206`
MD5	`6f9bafa500297ef003618142bddd325d`
SHA1	`8ae34e5daa018670eb397da25b8fc6c34913c500`
SHA256	`9bcb5fa421c0fd3864ef708d9a8228055a01b017ea94f22b800065b7f3cc9d61`
SHA3	`f28bd8bc42739acd1b76acbaa736e80c65819f3e3c5c44c63994ccd14d3de154`

5

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.80269`
MD5	`d40efedf03d191313b9baddb16dbb113`
SHA1	`95bef55e1de88fde34abc793fc8f8c827145b82a`
SHA256	`5b088cad4479cd832099840db173f206dea04fb1a893bee0b192df44fbba2885`
SHA3	`28f24d943b42aceefc37c9daf8ffd93f256a81568da03a369547684568f6fa47`

6

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.75824`
MD5	`a0c7a875d1926849adf8ef62b267f83d`
SHA1	`da61e5b65fe1e43e51822e90c73c8d8e6d33576d`
SHA256	`47cd00a7013dd8fceac1a67d82cb7f388479e6d8887aef67c67233b48dbd15e9`
SHA3	`acf8a5cb74985e6b7073da3a043d209fca7172f4cefd02863c8b3ba587fc5d5f`

7

Type	`RT_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.79211`
MD5	`365e08f70fa522a6fd941ac730095612`
SHA1	`73637d812aa37c7810d5b974d37aca8744f7592e`
SHA256	`2e4651f9a348147d91b5dc607b372db887ddf29b0be4f2009ed3b50756bcac55`
SHA3	`f2cb1f96677ed3755f1f1c8c232f179d3e3735ac41d68083ce3697621ae455e6`

32512

Type	`RT_GROUP_ICON`
Language	Russian - Russia
Codepage	Latin 1 / Western European
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.89979`
Detected Filetype	Icon file
MD5	`3c97f6dc2b8c507efa1720e9995caf98`
SHA1	`f21a3d4e9096adfabf261cb7dfc2cab687cd133a`
SHA256	`e2f1bee7aebdb159952ab75d979dd6590cdaf615ad535dcfc6ccffe9a9165d06`
SHA3	`2b1988eb127630d8b91cfab14de7cc359b429c6a28e628d6b456d78daab25d6e`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x140`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01416`
MD5	`27dcdb0cd382044f80cee7b63e9cdc19`
SHA1	`6fda80bc5c1caa017a2ab58142130228405d01b2`
SHA256	`9713dc3d688eb8268586c3e2c72834ea0d8b24f8764a623a567aad16e30c407a`
SHA3	`279c950df68bb2dacaac1174b2322b4996c36a75d435eef022e94423fbf64a91`

Version Info

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x8357b0`
SEHandlerTable	`0x181da60`
SEHandlerCount	`3787`

RICH Header

Errors

[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .10C has a size of 0!

Leave a comment

No comments yet.