Manalyze report for 79dcc56d00a0e2701474cc526278a0be

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Feb-07 15:01:33
Debug artifacts	none

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: 1.amazonaws.com amazonaws.com east-1.amazonaws.com https://tinicmf2026.s3.us-east-1.amazonaws.com https://tinicmf2026.s3.us-east-1.amazonaws.com/enc_release-2.txt s3.us-east-1.amazonaws.com tinicmf2026.s3.us-east-1.amazonaws.com us-east-1.amazonaws.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryExW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtect` `Has Internet access capabilities: WinHttpOpen WinHttpReceiveResponse WinHttpSendRequest WinHttpOpenRequest WinHttpQueryDataAvailable WinHttpReadData WinHttpConnect WinHttpCloseHandle WinHttpCrackUrl`
Malicious	VirusTotal score: 9/72 (Scanned on 2026-02-13 07:54:54)	`APEX: Malicious` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `Kaspersky: HEUR:Backdoor.Win64.Generic` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Suspicious PE` `Symantec: ML.Attribute.HighConfidence` `VBA32: suspected of Trojan.Downloader.gen`

Hashes

MD5	`79dcc56d00a0e2701474cc526278a0be`
SHA1	`d6ac0d9b4d3ec42cbe8247e0d30d57ffeaadf667`
SHA256	`77407d9cdb631bf512d0eb3b063ce2d935348c2d58005f65c51b6b7fb4f0c6ea`
SHA3	`c10a40776478bd990d7b1a71d3712dfc085a5f23e47d2cdca99040adbfa732ba`
SSDeep	`24576:OVO7rwiUpiOIypWudMHLEaqLdka9PLPC2a5sM:OE7rwiUpiOIypWuKHLEaqLdkalLPOT`
Imports Hash	`9b470307f6f1fc3637dc71552f79555c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2026-Feb-07 15:01:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xdd000`
SizeOfInitializedData	`0x24a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000011E5 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xde000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x105000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3d76e55c2322bedfe0785cef357d3db2`
SHA1	`94e415dbd7210e7998cb26f4e5bd1dd28a5a807b`
SHA256	`c34544d8de6cba4034c1b5d96c1168d9fb41dd15372b06b1ad54a420eed5d8dd`
SHA3	`686249e642d00f7ab00c888b757c1a0f9d730da6bcf590aaca117fbd4f121a30`
VirtualSize	`0xdcfac`
VirtualAddress	`0x1000`
SizeOfRawData	`0xdd000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.84388`

.rdata

MD5	`624a9a2980f05dbcc949599f0e8ce3c1`
SHA1	`8e72f42170675590bacd3af1c6070c83bcced966`
SHA256	`c366e31e70ebd2a0387bfa1ba710b38a81f03b2c6a5010a4795aef6ca284d717`
SHA3	`696aa111159a75642a74bf68776925adead267429d11b4a80c42e5a35067756b`
VirtualSize	`0x196bc`
VirtualAddress	`0xde000`
SizeOfRawData	`0x19800`
PointerToRawData	`0xdd400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.95557`

.data

MD5	`734134d2c67d2492776074e86d34b0c3`
SHA1	`1809c9d0663c7cba79683a8bdef6aeb12d987827`
SHA256	`0b9f05819e5836010071f58d3c471b1b6b7fb3c9d09e998d7375c1279f048fad`
SHA3	`4ce6ee71dc168b2997d055ed221362a026da214ba3da09635f1d591d264e3fda`
VirtualSize	`0x40f8`
VirtualAddress	`0xf8000`
SizeOfRawData	`0x2400`
PointerToRawData	`0xf6c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.26005`

.idata

MD5	`07a871920eea1aed9b592e8c01d6b3dd`
SHA1	`81551729c5f8f2544cdb45938713284ecc1b87b6`
SHA256	`8fa88ff26e4abb56644bf85015866fedc04bc4e02727164b7636d0e2c4440bbc`
SHA3	`949c64170089315148d635d352fde81e9310597c2e7c3fd4dbe0c5200fc31ce8`
VirtualSize	`0xe5f`
VirtualAddress	`0xfd000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xf9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.46425`

.00cfg

MD5	`402328de7b862a6db29a6c9416c19d9a`
SHA1	`b2e2aead10fa1cbcf3fad7a336bc5400ca8f7e99`
SHA256	`7b2c3464462d9d30b0df754f848e3d9048a915b2cf7d25542a50fe06b8768da9`
SHA3	`1c3b6329e74b4a4deb178a9ea01b1599cd0422b1dc43be8323cd470c9b753aad`
VirtualSize	`0x10e`
VirtualAddress	`0xfe000`
SizeOfRawData	`0x200`
PointerToRawData	`0xfa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.110557`

.reloc

MD5	`4e7898d9279443b99cf069ff801f9dfc`
SHA1	`7669dc1a2fa2911af6c2598d737581f440787ff8`
SHA256	`9b31a0080514ebf7ae7ab20594d99e17680c470964eaf6ca22467f778beaed12`
SHA3	`7689114a82720a063b6c8452672db8987930b44cf6a72c6013c1fb3966a68fd8`
VirtualSize	`0x5da8`
VirtualAddress	`0xff000`
SizeOfRawData	`0x5e00`
PointerToRawData	`0xfa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.18479`

Imports

WINHTTP.dll	`WinHttpOpen` `WinHttpReceiveResponse` `WinHttpSendRequest` `WinHttpOpenRequest` `WinHttpQueryDataAvailable` `WinHttpReadData` `WinHttpConnect` `WinHttpCloseHandle` `WinHttpCrackUrl`
KERNEL32.dll	`SetLastError` `CreateFileW` `HeapSize` `GetProcessHeap` `SetStdHandle` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetOEMCP` `GetACP` `DeleteFileW` `SetFileAttributesW` `CloseHandle` `GetLastError` `WaitForSingleObject` `CreateProcessW` `VirtualAlloc` `VirtualProtect` `GetProcAddress` `LoadLibraryA` `FormatMessageA` `WideCharToMultiByte` `MultiByteToWideChar` `GetStringTypeW` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `LocalFree` `GetLocaleInfoEx` `EncodePointer` `DecodePointer` `LCMapStringEx` `CompareStringEx` `GetCPInfo` `IsProcessorFeaturePresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `IsValidCodePage` `RaiseException` `RtlUnwind` `InterlockedPushEntrySList` `InterlockedFlushSList` `WriteConsoleW` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `GetCommandLineA` `GetCommandLineW` `GetCurrentThread` `HeapAlloc` `HeapFree` `GetTempPathW` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetFileType` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `ReadFile` `GetFileSizeEx` `SetFilePointerEx` `ReadConsoleW` `HeapReAlloc` `SetConsoleCtrlHandler` `GetTimeZoneInformation` `OutputDebugStringW` `FindClose` `FindFirstFileExW` `FindNextFileW`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2026-Feb-07 15:01:33
Version	`0.0`
SizeofData	`29`
AddressOfRawData	`0xf1810`
PointerToRawData	`0xf0c10`
Referenced File	none

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2026-Feb-07 15:01:33
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xf1830`
PointerToRawData	`0xf0c30`

TLS Callbacks

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4f8080`
SEHandlerTable	`0x4f11b8`
SEHandlerCount	`285`

RICH Header

XOR Key	`0xe778a304`
Unmarked objects	`0`
ASM objects (30795)	`12`
C++ objects (30795)	`172`
C objects (30795)	`21`
Imports (30795)	`5`
Total imports	`104`
ASM objects (34321)	`21`
C objects (34321)	`18`
C++ objects (34321)	`79`
C++ objects (34810)	`2`
C objects (34810)	`1`
Linker (34810)	`1`

79dcc56d00a0e2701474cc526278a0be

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.idata

.00cfg

.reloc

Imports

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

TLS Callbacks

Load Configuration

RICH Header

Errors