Manalyze report for 9e23dcf384985c95904233147d146c9bcc13e2fd5bc44d87da348b699cc7f0e8

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Dec-19 17:22:10
Detected languages	English - United States
FileVersion	`1.0.0.0`
ProductVersion	`1.0.0.0`
FileDescription	Application Way
LegalCopyright	Usual Join Application Way 2011-2025
ProductName	Application Resolution
CompanyName	Usual Join Application Way

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: example.com https://curl.se`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to AES` `Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExW` `Possibly launches other programs: CreateProcessW` `Uses Microsoft's cryptographic API: CryptEncrypt CryptDestroyHash CryptDestroyKey CryptReleaseContext CryptHashData CryptGetHashParam CryptImportKey CryptAcquireContextW CryptCreateHash` `Can create temporary files: GetTempPathW CreateFileW` `Enumerates local disk drives: GetDriveTypeW`
Info	The PE is digitally signed.	`Signer: Cyber Holding Partners LLC` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Malicious	VirusTotal score: 33/71 (Scanned on 2026-05-15 15:02:15)	`AVG: Win32:DangerousSig [Trj]` `AhnLab-V3: Downloader/Win.Fakesfx.R772945` `Alibaba: AdWare:Win32/AdLoad.6f5b1ffc` `Antiy-AVL: Trojan[Downloader]/Win32.AdLoad` `Avast: Win32:DangerousSig [Trj]` `Avira: TR/W32.DangerousSig` `CTX: exe.trojan.adload` `CrowdStrike: win/grayware_confidence_60% (D)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `F-Secure: Trojan.TR/W32.DangerousSig` `GData: Win32.Trojan.Agent.8JSAXQ` `Google: Detected` `Gridinsoft: Trojan.Win32.Wacatac.cl` `Kaspersky: HEUR:Trojan-Downloader.Win32.Adload.gen` `Kingsoft: Win32.Trojan-Downloader.Adload.gen` `Lionic: Trojan.Win32.AdLoad.a!c` `Malwarebytes: Adware.SpecialSearchOffer` `MaxSecure: Trojan.Malware.6991189.susgen` `Microsoft: PUA:Win32/Presenoker` `Paloalto: generic.ml` `Rising: Adware.OpenSUpdater@XH.18C3 (CERT:cOsM6f5ETqONWhwLbFCz1g)` `Skyhigh: Artemis` `Sophos: Mal/Generic-S` `Symantec: Trojan.Gen.MBT` `TrellixENS: Artemis!5960B24AAC0B` `TrendMicro: Trojan.Win32.ZYX.USBLED26` `TrendMicro-HouseCall: Trojan.Win32.ZYX.USBLED26` `VBA32: TrojanDownloader.Adload` `Varist: W32/ABTrojan.FXKG-7106` `Webroot: Win.Trojan.Gen` `Xcitium: ApplicUnwnt@#luysboe0dy5` `alibabacloud: Trojan[downloader]:Win/Presenoker.Gen`

Hashes

MD5	`5960b24aac0b09e65c0c3e33e361ed60`
SHA1	`0512c6860a89efd9ebba01b3c9ca161d8e837fa0`
SHA256	`9e23dcf384985c95904233147d146c9bcc13e2fd5bc44d87da348b699cc7f0e8`
SHA3	`82b7ff72d585122b4a6efe9f36c7729f1cb3a37d09ea9ea1da45b0045fccbf6d`
SSDeep	`393216:1HrYQfHMS7ViIfhMXZZy+MwMzoZG9toN2tgylAYLAbzzePj:z7Vnuk+ooZG9tzt3l8r+j`
Imports Hash	`19e9359b6b04eb122d38612b171d83c7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x128`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2025-Dec-19 17:22:10
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x37ae00`
SizeOfInitializedData	`0x40a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00304D10 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x37c000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x3bf000`
SizeOfHeaders	`0x400`
Checksum	`0x113049b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1d880c5540503e95b38db16309ff1883`
SHA1	`a4b9719ba4e60185c472dff7dcb5f12ab2b2d27c`
SHA256	`feb255a8c1776c182a714a3ae19fe6867893d3d0a733335c3645945ccfd832fd`
SHA3	`afbc0aee4f31bf49d78e6d539adb9efd29996eb9a7becc7d24908e87c4121bfa`
VirtualSize	`0x37ade0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x37ae00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.67504`

.rdata

MD5	`9491a12173625235a13bf5bf67a3789c`
SHA1	`23636e4550740c689d6964e56be7358f11c5ca1d`
SHA256	`2a4bce40bb5f40bfa85168a5a8207ca35e9ad19e688f4f9c9ccd42b53e4bdd0e`
SHA3	`da39af8c1f04ce9ea6ba596da4a57c9f62ef84d0600383aea6be15d88bf01db1`
VirtualSize	`0x2c6c4`
VirtualAddress	`0x37c000`
SizeOfRawData	`0x2c800`
PointerToRawData	`0x37b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.62421`

.data

MD5	`36c6e0f4067ab532f8bb3cbb0ed46930`
SHA1	`136a344c6d72e578de36c3d42dbb4bf6ba6e5f3b`
SHA256	`870c038c0099e4efa67b93d78902b3d74a0864ad7b10f820bc6ac6bd29358bb3`
SHA3	`8d37e9c9b3ce45534d514dc12bb595edc3ec5a3967b4e6b47e9c983890831c62`
VirtualSize	`0x6108`
VirtualAddress	`0x3a9000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x3a7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.26344`

.rsrc

MD5	`f1ad501aa7f0d1710f2c3cb101d29cb5`
SHA1	`b5f4a8c69113b0c97a19138b05f1374539c5920e`
SHA256	`937c1ae524684c04ee1bfa3a1701727f8b3f03752e96ebafe4c6d781798ecc5b`
SHA3	`75621337333f4e6d8af82afe70b3e4a68fc40871cda52b854db257f591f3b323`
VirtualSize	`0xc28`
VirtualAddress	`0x3b0000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x3a9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.68286`

.reloc

MD5	`8b15a96278ae3d47fdfcc9c4448a807e`
SHA1	`4f68a6c6e5c60b06de7e925186c726432edf2bb0`
SHA256	`0b0fa7a7d65c054f45534f63f8402d240566f4c2b0ea93b7a88084b28300694a`
SHA3	`8f5dd64ca843bcf4304a65dad63e73970c9075866691d2de0896060bc1d946fa`
VirtualSize	`0xd15c`
VirtualAddress	`0x3b1000`
SizeOfRawData	`0xd200`
PointerToRawData	`0x3aa600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.57128`

Imports

KERNEL32.dll	`CreateProcessW` `HeapFree` `GetSystemInfo` `GetProcessHeap` `GetDriveTypeW` `DeleteFileW` `LCMapStringEx` `TlsFree` `WriteConsoleW` `WakeConditionVariable` `GetCurrentProcess` `IsValidCodePage` `CompareStringW` `ReleaseSRWLockExclusive` `GetTimeZoneInformation` `GetFileType` `GetTimeFormatW` `ReadConsoleW` `GetLastError` `SetEnvironmentVariableA` `SetLastError` `GetVersion` `TlsGetValue` `FindNextFileA` `RemoveDirectoryW` `WaitForMultipleObjects` `WaitForSingleObject` `GetProcAddress` `FlushFileBuffers` `GetConsoleCP` `SetFileTime` `GetTickCount` `GetCommandLineA` `ReleaseSemaphore` `GetEnvironmentVariableA` `GetEnvironmentStringsW` `IsProcessorFeaturePresent` `HeapAlloc` `GetFileInformationByHandle` `GetLocaleInfoW` `InitializeCriticalSectionEx` `LocalFree` `LoadLibraryW` `SystemTimeToTzSpecificLocalTime` `VirtualAlloc` `SetUnhandledExceptionFilter` `GetOEMCP` `GetStringTypeW` `SetFilePointerEx` `TlsAlloc` `MultiByteToWideChar` `Sleep` `GetCPInfo` `SetFileAttributesW` `TryAcquireSRWLockExclusive` `QueryPerformanceFrequency` `FreeEnvironmentStringsW` `LoadLibraryExW` `ExitProcess` `SetEndOfFile` `TlsSetValue` `GetFileSize` `GetSystemDirectoryW` `GetModuleHandleExW` `GetStartupInfoW` `EnumSystemLocalesW` `GetConsoleMode` `GlobalMemoryStatus` `AcquireSRWLockExclusive` `GetFileSizeEx` `GetVersionExW` `TerminateProcess` `EnterCriticalSection` `VirtualFree` `ResetEvent` `MoveFileExW` `WideCharToMultiByte` `GetDateFormatW` `CreateDirectoryW` `GetModuleFileNameW` `DeleteCriticalSection` `InitializeSListHead` `FreeLibrary` `ExitThread` `PeekNamedPipe` `GetCurrentThreadId` `SetCurrentDirectoryW` `SleepEx` `CreateEventW` `RtlUnwind` `GetFileAttributesExW` `IsDebuggerPresent` `WakeAllConditionVariable` `FindClose` `GetCommandLineW` `SetStdHandle` `SetFilePointer` `QueryPerformanceCounter` `GetTempFileNameW` `CreateSemaphoreW` `HeapReAlloc` `UnhandledExceptionFilter` `GetModuleFileNameA` `WriteFile` `EncodePointer` `InitializeCriticalSection` `FreeLibraryAndExitThread` `InitializeCriticalSectionAndSpinCount` `GetTempPathW` `WaitForSingleObjectEx` `LCMapStringW` `ReadFile` `CreateThread` `GetUserDefaultLCID` `GetACP` `RaiseException` `CloseHandle` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `SetEvent` `GetProcessAffinityMask` `GetFileAttributesW` `GetExitCodeThread` `GetModuleHandleW` `FormatMessageW` `VerifyVersionInfoW` `GetModuleHandleA` `FindFirstFileExA` `HeapSize` `GetStdHandle` `GetFullPathNameW` `FindFirstFileW` `FindNextFileW` `IsValidLocale` `DecodePointer` `SleepConditionVariableSRW` `FileTimeToSystemTime` `VerSetConditionMask` `GetCurrentDirectoryW` `CreateFileW` `LeaveCriticalSection`
USER32.dll	`DialogBoxParamW` `DestroyWindow` `LoadStringW` `CharUpperW` `KillTimer` `SetTimer` `GetDlgItem` `PostMessageW` `LoadIconW` `GetWindowLongW` `MessageBoxW` `SetWindowLongW` `SendMessageW` `SetWindowTextW` `ShowWindow` `EndDialog`
SHELL32.dll	`ShellExecuteExW`
OLEAUT32.dll	`SysStringLen` `VariantClear` `SysAllocStringLen`
bcrypt.dll	`BCryptGenRandom`
ADVAPI32.dll	`CryptEncrypt` `CryptDestroyHash` `CryptDestroyKey` `CryptReleaseContext` `CryptHashData` `CryptGetHashParam` `CryptImportKey` `CryptAcquireContextW` `CryptCreateHash`

Delayed Imports

UpdChecksum

Ordinal	`1`
Address	`0x3045bb`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.75404`
MD5	`45dfb274318b08cbcf6c20733ca0ecb0`
SHA1	`92b48f895f6f1296bfd00b57801890ec4e3779ec`
SHA256	`12433a0afda687b794b86c11b19d92c96d437765fe7513056c249136ff4e2c41`
SHA3	`bff76d485f8f0f9097d9c287512c59a006bc878edcc35272760b9280d8abfce0`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18403`
MD5	`a792cef939f02d76cd876d1da1ffd1b7`
SHA1	`63e2d98ac53e5763e269277d05a1d1737dc04974`
SHA256	`fe174802e7a3a9d4ef79ae6e9baf2f3dedb02b8c0f5f5342ad04a37e3b9d6eeb`
SHA3	`39848cd80ec893f2971c96b27a6bdce65825c9f9dfb824e4b3f86ab87df3e3e7`

97

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x90`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.93146`
MD5	`e1bee661b2e03cd5cc90cf44ee35d482`
SHA1	`adf060252f018daba3a5cc607e806fbeb703a176`
SHA256	`285f2173eb38d3f6828dbab2b059b8107ddb0985f4d1c6d19c2ad57169e98b6b`
SHA3	`a292a055e4778c4307cbeead729875063c3ff37c4206c5b89538d0e804725bd4`

1 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.38262`
MD5	`6e4db8988b0449f6512d49ce3a9517a7`
SHA1	`1eab5aa4c5fdda84410577afb775aa3d9b09d6c3`
SHA256	`4a208f52d1765405454937584c93131b2acee7c9baf7a7a288ad6244ff47a2b4`
SHA3	`95f7fdefb0b4787b0c30006573b2d7dd1789a56ad66d87acc9eb9899a607a2c6`

188

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x54`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.17822`
MD5	`a70f26327fbf4252448d9ccccd842faf`
SHA1	`3a015c9d0f7e490a25be55e204d844c7de9f9d2e`
SHA256	`b5e7c4be8f403ccb671414c2a534c72cdaf1a8461edf59caba03ac7216780749`
SHA3	`70eb8333298da9ef6c413c220399886dc44d013e16ec266aa66b044066dda1c7`

207

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x34`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.43775`
MD5	`716f3259b70c376b8757003128391219`
SHA1	`a1b172c455640670db67ade9d9c7b62d9d2d3396`
SHA256	`5b51218d289f8381b271c6d4d224c67e99c9cdbf9d3f529bb8da29687f7180ec`
SHA3	`d9f9ec98368534575af8442776bcb377303669e86ec003f9af3b5508c1d21d26`

1 (#3)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2a0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32769`
MD5	`842ffc6545cba852db075833a560fb87`
SHA1	`424228b80c84681160092b606e8dcce759027292`
SHA256	`36d50fe9ac535e0fa009c8a45f6801fcc12c9136dfce3d8b40fe6e91c01a0e32`
SHA3	`df471e6b8a2eb216805a1f13332b3044b7efbe2eb080a1ddc957ea92ba644bad`

1 (#5)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

String Table contents

Extraction Failed
File is corrupt
Cannot create folder '{0}'
Extracting

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileVersion (#2)	1.0.0.0
ProductVersion (#2)	1.0.0.0
FileDescription	Application Way
LegalCopyright	Usual Join Application Way 2011-2025
ProductName	Application Resolution
CompanyName	Usual Join Application Way

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Dec-19 17:22:10
Version	`0.0`
SizeofData	`868`
AddressOfRawData	`0x3a30b4`
PointerToRawData	`0x3a22b4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Dec-19 17:22:10
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x7a9000`
SEHandlerTable	`0x7a2cc0`
SEHandlerCount	`183`

RICH Header

XOR Key	`0xfc5f365d`
Unmarked objects	`0`
241 (40116)	`10`
243 (40116)	`131`
242 (40116)	`25`
ASM objects (VS 2015/2017 runtime 26706)	`9`
C++ objects (VS 2015/2017 runtime 26706)	`52`
C objects (VS 2015/2017 runtime 26706)	`30`
Imports (VS2008 SP1 build 30729)	`3`
Total imports	`171`
C++ objects (LTCG) (VS2017 v15.9.7-10 compiler 27027)	`5`
Resource objects (VS2017 v15.9.7-10 compiler 27027)	`1`
Linker (VS2017 v15.9.7-10 compiler 27027)	`1`

Errors

Leave a comment

No comments yet.