Manalyze report for 8015639d36c270eec2aca09966d404b2a5ea4e579e2546a6d5ac8e966f904575

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2001-Jan-17 14:08:04

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: vpascal.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to DES`
Suspicious	The PE is possibly packed.	`Unusual section name found: CODE32` `Unusual section name found: CONST32`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCloseKey RegCreateKeyExA RegSetValueExA`
Suspicious	VirusTotal score: 2/71 (Scanned on 2023-07-17 06:35:40)	`BitDefenderTheta: Gen:NN.ZexaE.36318.cuW@aK!x5ad` `MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`e549bfbe4ebe6242f95e737c9b7a9054`
SHA1	`b376f7efe72b22cbcfce58e3c844843552d065ee`
SHA256	`8015639d36c270eec2aca09966d404b2a5ea4e579e2546a6d5ac8e966f904575`
SHA3	`188d65464199334a9d013e70bac335cffea6349ed303d9fefbe3ada4d8fead11`
SSDeep	`768:aIfnzh9/SK4Cj05ua1xkx1kWbXBwGEYe2TllUm51gBnKKZu:aIfzhHZY4a1xkxPbXBwGEJEaPBnKKZ`
Imports Hash	`cc0214466d83ef89fa0855b44c1f6211`

DOS Header

e_magic	`MZ`
e_cblp	`0`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0xb`
e_sp	`0x100`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2001-Jan-17 14:08:04
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x5224`
SizeOfInitializedData	`0xbbb4`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001A26 (Section: CODE32)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`1.0`
ImageVersion	`0.0`
SubsystemVersion	`3.A`
Win32VersionValue	`0`
SizeOfImage	`0x15000`
SizeOfHeaders	`0x2b0`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x8000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

CODE32

MD5	`71ae1688a13cbd30ed6818dade0086d0`
SHA1	`291499586a82f8c9fd913bdfb1982b98eb6ecfcd`
SHA256	`6234bb1abd8aa698d9acb65a8ed5bcec0894cd908c4050646c10bae435c02694`
SHA3	`ffbcdd8e1417443d8188362077cdd2f81bdf1e87e4bfc0a7f2bcafe47eced5e3`
VirtualSize	`0x5224`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47714`

CONST32

MD5	`c381202bdfa843a4db8dde5b52267dcd`
SHA1	`cbe0234cfc88c751096c7df41213434686c0c20b`
SHA256	`8ab657bb7b25a1bb8c3382738cf1f4b541eb1474973ab03d0d78b97449f65f91`
SHA3	`b18af34ff86dae79f603c6cb544bbef5e2625c38740180a539c626755b13faa7`
VirtualSize	`0xa508`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x5800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.64457`

.idata

MD5	`5cb44170036ea5e4f362ea13f1e2778e`
SHA1	`e9eb6018e68ba5ef1e6fef0192699735de08ead9`
SHA256	`6820e7b23d46ee92aec8aae5f3f6834735f5b86ba97778a249aa9e7d9c936827`
SHA3	`55be45ceca5eb4bff63e95c911ea2120316ea743e7693d8bc51bf3f71e3776d5`
VirtualSize	`0x424`
VirtualAddress	`0x12000`
SizeOfRawData	`0x600`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.62329`

.reloc

MD5	`ad076231208568445f96c627a05d6d5d`
SHA1	`9972c23ee13d870e4f2f40bc5691b965a416d613`
SHA256	`553d67716c3d07961d6b8520d64e4c5a6f5fb0b6bbb5b568754cad30340bc18b`
SHA3	`5d689b0328b28b4f8f7f530f2eead939345a5a5b884b8bba7900e107679fe2ba`
VirtualSize	`0x6a0`
VirtualAddress	`0x13000`
SizeOfRawData	`0x800`
PointerToRawData	`0x7600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`6.03135`

.rsrc

MD5	`0c74195006e5f6e9a92d4ce4ba1b6283`
SHA1	`e48f122142e89f9ee7512e5417952523b808a857`
SHA256	`e76585470b6bc49452c71ca1a8a6d1a29995f4a622a92aad91b6452c0ba89a52`
SHA3	`cad6419898c5fc108f3964a957defdb777098b9ba63ee68ba01f65852711c790`
VirtualSize	`0xbe8`
VirtualAddress	`0x14000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`3.36816`

Imports

advapi32.dll	`RegCloseKey` `RegCreateKeyExA` `RegSetValueExA`
kernel32.dll	`CreateMutexA` `CreateFileMappingA` `CreateFileA` `CloseHandle` `GetCommandLineA` `GetCurrentProcessId` `GetEnvironmentStrings` `GetFileType` `GetLastError` `GetModuleFileNameA` `GetLocaleInfoA` `GetProcAddress` `GetModuleHandleA` `GetConsoleScreenBufferInfo` `GetThreadLocale` `GetStdHandle` `GetVersionExA` `LoadLibraryA` `MapViewOfFile` `OpenMutexA` `RaiseException` `ReadFile` `ReleaseMutex` `SetFilePointer` `ExitProcess` `TlsGetValue` `TlsSetValue` `TlsAlloc` `VirtualQuery` `WaitForSingleObject` `WriteFile` `VirtualAlloc` `VirtualFree` `SetEndOfFile` `lstrlenA` `RtlUnwind`
MSVCRT.DLL	`_itoa`
user32.dll	`LoadStringA` `OemToCharA` `MessageBoxA` `wvsprintfA`

Delayed Imports

4089

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2f2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21823`
MD5	`bbf4b644f9dd284b35eb31573d0df2f7`
SHA1	`4f9885ae629e83464e313af5254ef86f01accd0b`
SHA256	`2c0d32398e3c95657a577c044cc32fe24fa058d0c32e13099b26fd678de8354f`
SHA3	`ebed2e4a929600c1460761d462143feb092840986b31c9748d3aeb8174d4205e`

4090

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x310`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32188`
MD5	`c5aa72ab43b4589d21eded464eaf19a2`
SHA1	`86a61e25d18ca46188a50503c2246c8593244793`
SHA256	`d2c29a295e66178d2a1f0c1768290848b2689c84ea37dfaef1ba833b80fbb332`
SHA3	`acfbd6d11c81379175a9e42d072316e47f0d1604ead575d719c079c355e4d535`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2ce`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25024`
MD5	`c99b474c52df3049dfb38b5308f2827d`
SHA1	`7375e693629ce6bbd1a0419621d094bcd2c67bb7`
SHA256	`26bda4da3649a575157a6466468a0a86944756643855954120fd715f3c9c7f78`
SHA3	`c6013febd14dd876e3b81111ec17dd2724dbf4147b0ad7be9d03259bcb59fef3`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.86149`
MD5	`aec4e28ea9db1361160cde225d158108`
SHA1	`249013a10cde021c713ba2dc8912f9e05be35735`
SHA256	`d786490af7fe66042fb4a7d52023f5a1442f9b5e65d067b9093d1a128a6af34c`
SHA3	`a067c4d88d719ed8d568951acb776bd798b691a8b153f8d94ba0574ede1fbf4c`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xb4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20731`
MD5	`c76a8843204c0572bca24ada35abe8c7`
SHA1	`066052030d0a32310da8cb5a51d0590960a65f32`
SHA256	`00a0794f0a493c167f64ed8b119d49bdc59f76bb35e5c295dc047095958ee2fd`
SHA3	`07523cf88b3803ea41acfeb3c9c0c4b5b4b9fb6f9a3232802491d8de1b6c9166`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.04592`
MD5	`4bd4f3f6d918ba49d8800ad83d277a86`
SHA1	`1f5e4c73965fea1d1f729efbe7568dcd081a2168`
SHA256	`34973a8a33b90ec734bd328198311f579666d5aeb04c94f469ebb822689de3c3`
SHA3	`2d01c56a5bf0b390addf4fb5b6ae02f9a64bd03ffd300d3763615bbb8ec911fe`

String Table contents

'%s' is not a valid integer value
'%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time
'%s' is not a valid date and time
Invalid argument to time encode
Invalid argument to date encode
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Stack overflow
Control-C hit
Privileged instruction
Operation aborted
Exception %s in module %s at %p.
%s%s%s
Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Invalid variant type conversion
Invalid variant operation
Variant method calls not supported
Read
Write
Format result longer than 4096 characters
Format string too long
Error creating variant array
Variant is not an array
Variant array index out of bounds
External exception %x
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
October
November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.