Manalyze report for 66975a5814ee58e19ad967e2f96a86ac4dcd941a764c52e37db7a8e3cc0803fb

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2023-Mar-17 18:49:32
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0` `MASM/TASM - sig1(h)`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities: OpenProcess VirtualAllocEx CreateRemoteThread WriteProcessMemory` `Possibly launches other programs: CreateProcessA` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Manipulates other processes: OpenProcess WriteProcessMemory`
Malicious	VirusTotal score: 19/71 (Scanned on 2026-03-09 23:56:09)	`APEX: Malicious` `Antiy-AVL: Trojan/Script.Phonzy` `Bkav: W64.AIDetectMalware` `CTX: exe.trojan.generic` `CrowdStrike: win/malicious_confidence_90% (W)` `DeepInstinct: MALICIOUS` `Fortinet: PossibleThreat.PALLAS.H` `Google: Detected` `Gridinsoft: Malware.Win64.Gen.cc` `Ikarus: Trojan.Win64.Meterpreter` `Lionic: Trojan.Win32.Generic.4!c` `Malwarebytes: Malware.AI.2440214986` `MaxSecure: Trojan.Malware.8426628.susgen` `Paloalto: generic.ml` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Suspicious PE` `Symantec: ML.Attribute.HighConfidence` `Trapmine: suspicious.low.ml.score` `TrellixENS: Artemis!9E25530DDE3C`

Hashes

MD5	`9e25530dde3c4d19216983ad1cc9e516`
SHA1	`5b600acbee56cd300e0336e9586cbc60d25df573`
SHA256	`66975a5814ee58e19ad967e2f96a86ac4dcd941a764c52e37db7a8e3cc0803fb`
SHA3	`20240407633858e3a053a6775309ad53a8d5409c7a10225346492296a04fc61b`
SSDeep	`192:KGsy159/j/H3nCCBc21q5efqBF1EV0A5TV1McfJ0PaFFOIV9s3Q5tfBDSJGp:KGsy1597/H3CCBcNmqBF+VVlC3NJ0`
Imports Hash	`275e028f457ba99e00ff98227d9aa9e3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2023-Mar-17 18:49:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1600`
SizeOfInitializedData	`0x2600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001900 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0c2b92a60c838834c95d01b949096339`
SHA1	`256b6cb320f8314b809a59683a1c970c3551edde`
SHA256	`7b2a4f96989d5d18767120c72b68a3f299140da15bbd0a4404dc3f40d729f9ae`
SHA3	`3c80881d4bfd873edc8e0fc02ec9b1fbe1289aee069b5d689f4b57701e0adaa5`
VirtualSize	`0x1459`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.83527`

.rdata

MD5	`718c8c7dfd6dc9502bb8e6fb0ce4de95`
SHA1	`645dbe800979253c3208104c9e9db87f6538bb0c`
SHA256	`07442784f9ca08aa728ee850ee7e3e04e3ffa9383280413a6ba1855d99b069e7`
SHA3	`04e47bd4202bf595d0250050291052d2d01b64fb2adacffd8b26788305556003`
VirtualSize	`0x17ca`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.54318`

.data

MD5	`1c3b8ea3c34144e7a14bd945b131a256`
SHA1	`9c6184ad1e5a05dd0d71ac0061ba4c9171668682`
SHA256	`0b1ce44239213efc024791c78cbc9b904bca20c693718d0ae0b07aa143ffbdee`
SHA3	`2647c605c3cdb46f147dff56d6779cf56cad337864dd0b1f06d4add46eb27517`
VirtualSize	`0x638`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.444405`

.pdata

MD5	`b77488ad3551a2060301164e8ad03b6f`
SHA1	`c8beb4410eca1bc756ff20c9c5d6d787159b8b08`
SHA256	`2747d494fa1de6019473e7b8cdafbe5ab18fc3080b8ce2bc7cc3e341caefede2`
SHA3	`fcfed73c23253c86dad2b76caffc94c4686e7165c43489ab0a70ee09c4aac14d`
VirtualSize	`0x1ec`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.64043`

.rsrc

MD5	`1c8d57ffb5a3b40300557b8a7a3d791a`
SHA1	`56e3b854f437dfc9bb21b72893413eddd0a73d05`
SHA256	`865b5f360d2f2a1647c00ec71d6da528c9c03c1e564011a49364ac445ee22103`
SHA3	`9fd42f3287b2a9f73d15e1382960dc820eddbb1269415133d729f9f61422a87f`
VirtualSize	`0x1e8`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.75615`

.reloc

MD5	`fb7a170210250da98780b17903f5af0a`
SHA1	`02aaab6612afb108afcb6c8039c330eaf2482642`
SHA256	`6f85ba2ad84725d068655094ef07f1f186f667deb18714f79242392cd21f002d`
SHA3	`f0867a3f31cc8496e2d0b9d958f16308f356f509a3ccf910d1c9fc7c2a20b1d4`
VirtualSize	`0x30`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.712298`

Imports

KERNEL32.dll	`OpenProcess` `LoadLibraryA` `CloseHandle` `GetProcAddress` `VirtualAllocEx` `CreateRemoteThread` `GetModuleHandleA` `VirtualFreeEx` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `WaitForSingleObject` `GetCurrentProcess` `CreateProcessA` `WriteProcessMemory` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetModuleHandleW` `RtlCaptureContext`
USER32.dll	`WaitForInputIdle` `GetWindowThreadProcessId` `FindWindowA`
ADVAPI32.dll	`LookupPrivilegeValueA` `OpenProcessToken` `AdjustTokenPrivileges`
SHELL32.dll	`SHGetFolderPathA`
MSVCP140.dll	`?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?uncaught_exception@std@@YA_NXZ` `?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A` `?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__std_terminate` `__C_specific_handler` `memcpy` `__current_exception_context` `__current_exception` `memset`
api-ms-win-crt-runtime-l1-1-0.dll	`_crt_atexit` `terminate` `_c_exit` `_register_onexit_function` `_register_thread_local_exe_atexit_callback` `_initialize_onexit_table` `__p___argv` `_cexit` `_seh_filter_exe` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv` `__p___argc` `_set_app_type`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `_set_fmode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Mar-17 18:49:32
Version	`0.0`
SizeofData	`644`
AddressOfRawData	`0x375c`
PointerToRawData	`0x215c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2023-Mar-17 18:49:32
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140005008`

RICH Header

XOR Key	`0x1c00a732`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
C++ objects (VS 2015-2022 runtime 31823)	`19`
C objects (VS 2015-2022 runtime 31823)	`10`
ASM objects (VS 2015-2022 runtime 31823)	`3`
Imports (VS 2015-2022 runtime 31823)	`6`
Imports (27412)	`9`
Total imports	`85`
C++ objects (LTCG) (VS2022 Update 4 (17.4.3-4) compiler 31937)	`1`
Resource objects (VS2022 Update 4 (17.4.3-4) compiler 31937)	`1`
Linker (VS2022 Update 4 (17.4.3-4) compiler 31937)	`1`

Errors

Leave a comment

No comments yet.