Manalyze report for 55ad36f735411b321491168d9a029c0e1f876db13e495e431da1cb8a4acbe56b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2004-Feb-07 11:00:01
Detected languages	English - United States Process Default Language

Plugin Output

Suspicious	PEiD Signature:	`UPX -> www.upx.sourceforge.net`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `The PE only has 9 import(s).`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Possibly launches other programs: ShellExecuteA`
Info	The PE's resources present abnormal characteristics.	`Resource 308 is possibly compressed or encrypted.` `Resource 13 is possibly compressed or encrypted.` `Resource 14 is possibly compressed or encrypted.` `Resource 16 is possibly compressed or encrypted.` `Resource 17 is possibly compressed or encrypted.`
Suspicious	The file contains overlay data.	`1661127 bytes of data starting at offset 0x4400.` `The overlay data has an entropy of 7.99796 and is possibly compressed or encrypted.` `Overlay data amounts for 98.9629% of the executable.`
Suspicious	VirusTotal score: 1/72 (Scanned on 2026-02-20 01:13:02)	`Symantec: ML.Attribute.HighConfidence`

Hashes

MD5	`a3af9d6b0442aae598372d19c23e28ab`
SHA1	`bd2a802d89622243a4be16cf1a991bb6309bf20c`
SHA256	`55ad36f735411b321491168d9a029c0e1f876db13e495e431da1cb8a4acbe56b`
SHA3	`99616f4e8be29fb45cd55fdb3b0fe143812eb8fb567cc937cdfaa5c8562cd63a`
SSDeep	`24576:6KNwNaQoqZuDfwyRO1uDAe27aSToLMLYyNqJTlR5+cCOqDJ:XC4DfwyU1us/eS8LUXNul+cCrJ`
Imports Hash	`74e601509126088c48b47d1b43a6e894`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2004-Feb-07 11:00:01
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x3000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0xa000`
AddressOfEntryPoint	`0x0000DE40 (Section: UPX1)`
BaseOfCode	`0xb000`
BaseOfData	`0xe000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xf000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xa000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`2bb6313a88558e464bed109410c639ae`
SHA1	`f4a75a3763f515c2ead647764cce1e9b04b9fa86`
SHA256	`eeeae7801a231c0414d6f04908b37896385b9f1a9f518e426c3b2afd49da77ed`
SHA3	`7b94e46182e10826c8390e8f9106378d58419fd7e3d0e445a229719b3d8955df`
VirtualSize	`0x3000`
VirtualAddress	`0xb000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.84895`

.rsrc

MD5	`f74c7f62dd04939b722125e265e3c137`
SHA1	`6f36e06a1cab30825be925496b85272f0cde119a`
SHA256	`def6656b49d59dbe09c2d1a13ae6dd785fd3a01d5a1a530a10978c16f7647da0`
SHA3	`5fc7d440ba19ea2a469ca394491cda98606302c430c3fa5f0797dbcbfb79a394`
VirtualSize	`0x1000`
VirtualAddress	`0xe000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.45028`

Imports

KERNEL32.DLL	`LoadLibraryA` `GetProcAddress` `ExitProcess`
GDI32.dll	`GetStockObject`
IMAGEHLP.dll	`MakeSureDirectoryPathExists`
MSVCRT.dll	`free`
SHELL32.dll	`ShellExecuteA`
SHLWAPI.dll	`PathAppendA`
USER32.dll	`LoadIconA`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.82349`
MD5	`a40c95dffc6383cffeb20690ca2f616b`
SHA1	`9b433d27fd69ce1c600de1485504bd8afe0359b6`
SHA256	`9b6430eaafad004a49cfdc973757f307e0200ebd2190ca249edf40f5bcbb6ad5`
SHA3	`5f3a09ac4b98beeae4676fd722b3592cd55b1bbdb2807871f732c92c260a3c52`

308

Type	`RT_DIALOG`
Language	Process Default Language
Codepage	UNKNOWN
Size	`0x3e4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.80635`
MD5	`20c30a768fa1635b25bb13b3af69f30b`
SHA1	`dd4b55f968d4d4c65ca353e97a6ae628d8883d24`
SHA256	`0e1d8a40d81d6f679aa13ac2bc564f88ec037376ffacfd8f85c181077e8c4740`
SHA3	`645ab3b03b8729c326d6a63375ac2aff0029a3b5bdb1e6245530edd087ca8a81`

8

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.02747`
MD5	`3a1f5b8c1cee8cc6742bec99c0e759ae`
SHA1	`ae3516cf21ef227bc47573b8e0129ddcf1db1cac`
SHA256	`89df91983fd0bab92a35ad2295315f0cc4fcb1c04dc6df323a3755882573226b`
SHA3	`fbec5dd259075f8d55696bda7015202d388c33793ef68d2b8c8a0994191595a1`

13

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.73462`
MD5	`f32d7c2779dafa93c52d7f0d32668f8f`
SHA1	`055eea32de1ae74cf5f41864a8b2304c20d35fb4`
SHA256	`4c50791fd4ca508b68100b013e20730ea7c9693afe83183b1f229945e1195325`
SHA3	`71156768f44a775cca4051b1ddfe1a6f3533a5630ad5979bc7030e1064fb9eed`

14

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x36a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.59034`
MD5	`f65c37ec333dfe0a2c3f8eb00f2678ec`
SHA1	`2293f7473f1d39c576fdd037732453406dacb5d1`
SHA256	`53dd05297fd0e9874aa405fd1a7e87b5d6d88b7ab5489402638c12d7375e4b55`
SHA3	`cb0b611b90e1c2990786eb954de7b25054daace41836b8354b6d61935b686ae7`

16

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x224`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.44142`
MD5	`7bc63b229e33fa29d1d587a15bbda4d1`
SHA1	`73cd9c11baebb160af81f2efee84ae011de1367d`
SHA256	`47a1809396a03498220f75c006a5f4b851553d0cab93c4435a0184cd44f387a6`
SHA3	`1302402b7fd07e674897a8cc458840e030cc516d18755a0fc3452db36750cddd`

17

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x230`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.50209`
MD5	`82db5d9771479c0567ba13160c7002c0`
SHA1	`60db6e0b3eb672f30a97423546392a5d6917c553`
SHA256	`e6536b81c2db11b8bfb03cca2b73fd6b65de2d72e642edfeb2c308746282c922`
SHA3	`4baa0c1838dda606dc51c20580383953899eac1bd16f9fb44d768daa6aaf51b5`

310

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.81924`
Detected Filetype	Icon file
MD5	`cbee427fa121aba9b9b265ff05de5383`
SHA1	`24fcae33001c8e0f5ec795c6edf076a69d59589f`
SHA256	`494e4fd717fa1ee0c5c7bb3b4e28fdab4b7f6e95b4f9865f5ab86f03f62ae62c`
SHA3	`a3fa35d56632275ba55716a4964f02031270f61f06a903fc460ac2dd6bebde85`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2a5`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.94272`
MD5	`66bfe011c1ef760ba796c5f86b76eea7`
SHA1	`89631251dcc813c7c0b0f3e809bc0a2e12408961`
SHA256	`2f10c043297aad1438fb3f6f1980d2fef18da11bd2c0158623d1afc543938e4c`
SHA3	`72433f6e3d7d20f33501e10e10ad07c2bedb1e7eb82a581276315b2f56451216`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x7ea75d71`
Unmarked objects	`0`
C objects (8047)	`11`
14 (7299)	`1`
Linker (8047)	`2`
Unmarked objects (#2)	`4`
19 (8034)	`11`
Total imports	`91`
49 (9044)	`5`
48 (9044)	`5`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!

Leave a comment

No comments yet.