Manalyze report for a0a32eda1095f887cd0bfb971b0d6ab1254c5c9564a676e8e9701725fa3ab9e6

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2015-Mar-13 10:07:12
Detected languages	French - France

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ v6.0 DLL` `Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES` `Microsoft's Cryptography API`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Uses Microsoft's cryptographic API: CryptAcquireContextA CryptReleaseContext CryptGenRandom` `Functions related to the privilege level: AdjustTokenPrivileges` `Manipulates other processes: ReadProcessMemory OpenProcess WriteProcessMemory Process32Next Process32First` `Can take screenshots: CreateCompatibleDC BitBlt GetDC`
Info	The PE's resources present abnormal characteristics.	`Resource 108 is possibly compressed or encrypted.`
Malicious	VirusTotal score: 49/66 (Scanned on 2026-04-28 23:27:27)	`ALYac: Trojan.GenericKD.79913173` `APEX: Malicious` `AhnLab-V3: Unwanted/Win32.KeyGen.R268523` `Alibaba: Trojan:Win32/Occamy.108` `Antiy-AVL: Trojan/Win32.Agent` `Arcabit: Trojan.Generic.D4C360D5` `BitDefender: Trojan.GenericKD.79913173` `Bkav: W32.Common.50F22AE5` `CAT-QuickHeal: Trojan.IGENERIC` `CTX: exe.trojan.keygen` `ClamAV: Win.Malware.Generic-9856094-0` `CrowdStrike: win/grayware_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win32/Keygen.OJ potentially unsafe application` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.GenericKD.79913173 (B)` `Fortinet: Riskware/KeyGen` `GData: Trojan.GenericKD.79913173` `Google: Detected` `Gridinsoft: Hack.Win32.Patcher.vb` `Ikarus: PUA.HackTool` `Jiangmin: Trojan/Generic.bhvlz` `K7AntiVirus: Unwanted-Program ( 005dcb711 )` `K7GW: Unwanted-Program ( 005dcb711 )` `Kingsoft: Win32.Riskware.Keygen.f` `Lionic: Trojan.Win32.Keygen.4!c` `Malwarebytes: CrackTool.AutoDesk.Keygen` `McAfeeD: PUP:Win/HTool.KG` `MicroWorld-eScan: Trojan.GenericKD.79913173` `Microsoft: HackTool:Win32/Keygen` `Paloalto: generic.ml` `Panda: PUP/Keygen` `Rising: Trojan.Keygen!8.10243 (RDMK:cmRtazrdHTrlXVmm9WXzWm+lp9eV)` `SUPERAntiSpyware: Hack.Tool/Gen-Crack` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: HTool-Keygen` `Sophos: Generic Reputation PUA (PUA)` `Tencent: Win32.Trojan.Malware.Otcz` `TrendMicro: HKTL_KEYGEN` `TrendMicro-HouseCall: HKTL_KEYGEN` `VIPRE: Trojan.GenericKD.79913173` `Varist: W32/Keygen.AAKY-4139` `ViRobot: Keygen.880128` `VirIT: PUP.Win32.GenusC.JBC` `Webroot: W32.Malware.gen` `Xcitium: Malware@#rd8lw20mllgq` `Yandex: Trojan.Igent.bUeKyb.21` `Zoner: Trojan.Win32.48381`

Hashes

MD5	`a72b8c5fd6dc99009d29bfde135742f3`
SHA1	`0d53e979e791a97cad72f50db296f16414c01094`
SHA256	`a0a32eda1095f887cd0bfb971b0d6ab1254c5c9564a676e8e9701725fa3ab9e6`
SHA3	`8a51a20e99c52e4907b4a59a2f67893a4370baf862ed3f56e80345118255d97a`
SSDeep	`24576:nL2btzr8XTsAUtrKckHHApc5Iv+eXOOEd69:nL2ZzrrE09`
Imports Hash	`75a5bbc50e4c0ebb6cbde1b0d84ebab7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2015-Mar-13 10:07:12
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0xa1c00`
SizeOfInitializedData	`0x80200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0007FFFB (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xa3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x124000`
SizeOfHeaders	`0x1000`
Checksum	`0xe1fbe`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2d2db05dd34b93d0d00277b09affd69b`
SHA1	`c15b1b6d421619118895315b7cc43b4011b99665`
SHA256	`05fd10aef091e9627cd56e104f5c59501a3d1ba2a12587eaec3ee8cdf81599a0`
SHA3	`4b5964ed90e4f02eb881ff498d690c8eb1e921b6feb1e00dd8b97b6766b230a7`
VirtualSize	`0xa1b5c`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa1c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.57917`

.data

MD5	`e8b799164c36b7d34b191b88460912bc`
SHA1	`023d3851fc4cf3959b6abcedfeee3373b41c173d`
SHA256	`354ef74f2848f5f64615e9dbb0e86adce5b1bea01514d0515be68aa6ea96af16`
SHA3	`7754dc6cab2b745c8ade1add2df26b83f59761c241e443da110e1c1ae553b048`
VirtualSize	`0x51a30`
VirtualAddress	`0xa3000`
SizeOfRawData	`0x6800`
PointerToRawData	`0xa2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.46413`

.idata

MD5	`0b7f288256d2c25292ed1c41a53d6c69`
SHA1	`77568658a05971780f469d342288ffb35e220661`
SHA256	`113ae049d97281a2dae6b679b63de3d1fca80fe31ac04d7d0b73da352fe9fecc`
SHA3	`1f4c8adbd70df19a5198720973456c8a381e8ec8a8b6a69835ba67976cfb2372`
VirtualSize	`0xda8`
VirtualAddress	`0xf5000`
SizeOfRawData	`0xe00`
PointerToRawData	`0xa8800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.3578`

.rsrc

MD5	`e18ed27752b8f6dc98203b6ba93a6917`
SHA1	`a4568026d9ca6087ddeebc0c6bb3b8fb7769d105`
SHA256	`c5df463577a68ac55b76966dcb8fdcf2c5d1237d525a5fa954dec721f3b7e360`
SHA3	`b3715d4336361f666dedc34e3a93d5c1690c987caf5e5071d83f639a87cee3a7`
VirtualSize	`0x2d7a0`
VirtualAddress	`0xf6000`
SizeOfRawData	`0x2d800`
PointerToRawData	`0xa9600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.28138`

Imports

KERNEL32.DLL	`ReadProcessMemory` `CreateFileW` `WriteConsoleW` `GetConsoleCP` `FlushFileBuffers` `GetStringTypeW` `SetStdHandle` `OutputDebugStringW` `LoadLibraryExW` `OpenProcess` `WriteProcessMemory` `LCMapStringW` `SetFilePointerEx` `GetCPInfo` `GetOEMCP` `GetACP` `CreateToolhelp32Snapshot` `GetModuleHandleA` `CreateThread` `ExitProcess` `Sleep` `lstrlenA` `Module32Next` `Module32First` `Process32Next` `Process32First` `FlushInstructionCache` `GetCurrentThread` `GetLastError` `CloseHandle` `IsValidCodePage` `GetModuleHandleW` `TlsFree` `TlsSetValue` `TlsGetValue` `TlsAlloc` `TerminateProcess` `GetCurrentProcess` `QueryPerformanceCounter` `EncodePointer` `DecodePointer` `RaiseException` `RtlUnwind` `HeapFree` `HeapAlloc` `GetCommandLineA` `IsDebuggerPresent` `IsProcessorFeaturePresent` `GetSystemTimeAsFileTime` `EnterCriticalSection` `LeaveCriticalSection` `GetModuleHandleExW` `GetProcAddress` `MultiByteToWideChar` `WideCharToMultiByte` `HeapSize` `SetLastError` `GetCurrentThreadId` `GetProcessHeap` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `HeapReAlloc` `GetConsoleMode` `GetFileType` `DeleteCriticalSection` `GetStartupInfoW` `GetModuleFileNameA` `GetCurrentProcessId` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `InitializeCriticalSectionAndSpinCount`
ADVAPI32.dll	`ImpersonateSelf` `AdjustTokenPrivileges` `OpenThreadToken` `LookupPrivilegeValueA` `CryptAcquireContextA` `CryptReleaseContext` `CryptGenRandom`
GDI32.dll	`SetTextColor` `SetBkMode` `SetBkColor` `SelectObject` `DeleteObject` `DeleteDC` `CreateSolidBrush` `CreateRectRgn` `CreateFontA` `CreateCompatibleDC` `BitBlt` `GetObjectA`
USER32.dll	`TranslateMessage` `PostMessageA` `GetMessageA` `MessageBoxA` `SendMessageA` `DispatchMessageA` `LoadBitmapA` `SetWindowLongA` `GetWindowLongA` `GetWindowRect` `SetWindowTextA` `SetWindowRgn` `GetDC` `GetSystemMetrics` `GetDlgItemTextA` `SetDlgItemTextA` `GetDlgItem` `EndDialog` `CreateDialogParamA` `SetWindowPos` `MoveWindow` `SetLayeredWindowAttributes` `ShowWindow` `CreateWindowExA` `CallWindowProcA` `PostQuitMessage` `DefWindowProcA`
WINMM.dll	`waveOutOpen` `waveOutUnprepareHeader` `waveOutReset` `waveOutWrite` `waveOutClose` `waveOutPrepareHeader`

Delayed Imports

102

Type	`RT_BITMAP`
Language	French - France
Codepage	UNKNOWN
Size	`0x2521a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.9708`
MD5	`88f1f2d97ab0b70b928f9ab39473b877`
SHA1	`f0eb6c7da636b6f6f50b4b720b40bfecb7a1467e`
SHA256	`124697c69c0d4196f214ba2fb25f69a46129c875bb25efdfe6e22ac46667ae2a`
SHA3	`545715632ffd4395dc6a8a43f29e3dc951fea321e9a336657dfb2b63566228e4`
Preview

105

Type	`RT_BITMAP`
Language	French - France
Codepage	UNKNOWN
Size	`0xf08`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.35939`
MD5	`6bfc20267dfadc7dc221347fec03a8ce`
SHA1	`a22900d38ddde3aa573702f9958302e8fc7fd0f0`
SHA256	`1ebd28b835fb6c85fca3678608f6f092c38cc325a5d54873398e120b40b464bf`
SHA3	`5d800a2e11b510a762a8b5cc1eee14a12a497347893fa7baf674586e041d17f2`
Preview

106

Type	`RT_BITMAP`
Language	French - France
Codepage	UNKNOWN
Size	`0xf06`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.99817`
MD5	`3bcc4e26126256e5aabe0c8add9c4880`
SHA1	`8abde5a804101f2bf30f7ec8ea52505846c8d889`
SHA256	`51954304b7549bb26ccd1f57ac76b0667318c87bb533058a8e45f4b58b55f087`
SHA3	`3b6919e416071b5f88eac1fa67c672c3a22b403adf17b5991e092bc2bf9993b0`
Preview

107

Type	`RT_BITMAP`
Language	French - France
Codepage	UNKNOWN
Size	`0xf08`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.50168`
MD5	`ee713ea9a261fcf667129ccb9534d3b5`
SHA1	`dd0542e096876dde34e5a7b6c38256b5cd9fb1b9`
SHA256	`6742985e80d9f484b573dace249a75c0091670fc09a73e60bd4b6a9783314c87`
SHA3	`39f262dd3681890165065227153eafedb6b0ddada13a3328d1297f0ef09eb1e1`
Preview

108

Type	`RT_BITMAP`
Language	French - France
Codepage	UNKNOWN
Size	`0xf06`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.04437`
MD5	`de13e19e466e5f1938b4cfd9bb61aea5`
SHA1	`a690eb7eb111cbbe5a89b3d9161f9a725099a549`
SHA256	`1473557a67c37884d871a70524873e380e4f976bde12b1364cd8827b44cd1543`
SHA3	`78468d623b27fafd70ddee18a682d60155fb3de57acffe0d4e19e6e86c9b92c9`
Preview

111

Type	`RT_BITMAP`
Language	French - France
Codepage	UNKNOWN
Size	`0x2ee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.28472`
MD5	`31b527e903586c5c5f6ffeefb75fb30c`
SHA1	`f8aadbf2f182ad527b5364e0380337b3d7491d09`
SHA256	`43c88dc9aaf37a0a2f630624ab3cee81dabb646c3f2cc11689df54cb9dcc548a`
SHA3	`208ed2d669924ffa47cbc795fcf3e08d14df95245c589c718c728a8895035b82`
Preview

112

Type	`RT_BITMAP`
Language	French - France
Codepage	UNKNOWN
Size	`0x356`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.38195`
MD5	`6fe75d7b23f04db5e5ab905fd364d985`
SHA1	`0f34b4dccd4af8495e659d2e01b9aa20c35ab14a`
SHA256	`8522d42d7abe68c7a1a85f0cb962579ec5d7ac38e2780735a038e6d451965c8e`
SHA3	`0bef0a2989cbb1d8da94e9d1a216e1feb91752c74a8581c885498935fca4835e`
Preview

113

Type	`RT_BITMAP`
Language	French - France
Codepage	UNKNOWN
Size	`0xf08`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.56131`
MD5	`13309e32d8a866b5d640022979106d7d`
SHA1	`ad32d9f71baac586b266b10a9912e40f6085409c`
SHA256	`ff1e93f590415c66ef8835cc995c7a29c89620a9dbfc578c21df705c441e7412`
SHA3	`ad9e72808b69efa1c5c676028d49d340238f64e55958c81ad7c8cd3029dbb898`
Preview

115

Type	`RT_BITMAP`
Language	French - France
Codepage	UNKNOWN
Size	`0xf08`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.97521`
MD5	`340beba32c5f40b011cf1441794facbf`
SHA1	`470a218146035f740095845630aebd4bd8b00420`
SHA256	`221ac2e5a20e39790178b6dd9b64328a5fd2d3334e2458cb5942085cfda5fd5a`
SHA3	`9a5fada949a18f397d00d746a000fa936e42d2ec096ae8ea0c510c52ae25a416`
Preview

1

Type	`RT_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x2134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.58355`
MD5	`29979b3a24a2b05ce107227d9e590e0a`
SHA1	`8de4352de832022b715a389a16f0123fac68cfe7`
SHA256	`3f64f684a2b567b870b30699388640186a34537f5299f758e42091f5ceb557f7`
SHA3	`f84c09e39fbda2e8837ce845a78e31ff79f376bdef45ebd6dd7a3ec6c01514e7`

101

Type	`RT_DIALOG`
Language	French - France
Codepage	UNKNOWN
Size	`0x114`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92639`
MD5	`38ed45b27a22edcedc3c14b753b11a94`
SHA1	`86e68be61eccc7611666738a4c3094612ed76f14`
SHA256	`60bfda4d6673fd05705e3dd440e5813b675303953e16076e78084ce2812ded27`
SHA3	`0eec855d2a0b93252c1098f4d9b8a5c3c84aa23b14523080737d0498cdb5f358`

103

Type	`RT_GROUP_ICON`
Language	French - France
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`e5e5a43c3fe2d6ce9e1c48462c08de9b`
SHA1	`102da52437d828765fe09d1fafca1cb2acb2824a`
SHA256	`ebdbbf828eaca2f5930352386aa667a45402d6afd4c724b611da2a06a05579f2`
SHA3	`3ebbf0e7a0a9ee8a285b5f627c5a49fb3677ca649575b7a0a81149bba1fd3e70`

Version Info

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4a39e0`
SEHandlerTable	`0x41bcb0`
SEHandlerCount	`303`

RICH Header

XOR Key	`0x3e6e0738`
Unmarked objects	`0`
C++ objects (VS2013 build 21005)	`72`
ASM objects (VS2013 build 21005)	`38`
C objects (VS2013 build 21005)	`207`
19 (8034)	`2`
229 (VS2013 UPD4 build 31101)	`58`
Imports (65501)	`11`
Total imports	`150`
C++ objects (VS2013 UPD4 build 31101)	`5`
Resource objects (VS2013 build 21005)	`1`
Linker (VS2013 UPD4 build 31101)	`1`

Errors

Leave a comment

No comments yet.