Manalyze report for ad89432d69880261b31ce2bc8519942df8a8cac4891f8955f0b8d963ad2aab5b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Dec-21 20:59:46

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0` `MASM/TASM - sig1(h)`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can create temporary files: GetTempPathA CreateFileA`
Suspicious	The PE is possibly a dropper.	`Resource DLL is possibly compressed or encrypted.` `Resources amount for 95.282% of the executable.`
Malicious	VirusTotal score: 47/71 (Scanned on 2025-04-08 11:09:35)	`AhnLab-V3: Unwanted/Win32.KeyGen.C3161582` `Antiy-AVL: HackTool/Win32.Patcher.ad` `Arcabit: Application.Heur.FU.EFD12D1` `Baidu: Win32.Trojan.Generic.f` `BitDefender: Gen:Application.Heur.FU.fuW@aibVZbl` `Bkav: W32.AIDetectMalware` `CAT-QuickHeal: Riskware.Dupatcher.A4` `CTX: exe.hacktool.patcher` `ClamAV: Win.Malware.Patcher-9957250-0` `CrowdStrike: win/malicious_confidence_60% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of Win32/HackTool.Patcher.AD potentially unsafe` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Application.Heur.FU.fuW@aibVZbl (B)` `Fortinet: Riskware/GamePatcher` `GData: Win32.Riskware.Patcher.E` `Google: Detected` `Ikarus: possible-Threat.Hacktool.Patcher` `K7AntiVirus: Trojan ( 0040f3a51 )` `K7GW: Trojan ( 0040f3a51 )` `Kingsoft: malware.kb.a.1000` `Lionic: Hacktool.Win32.Agent.tpR4` `Malwarebytes: HackTool.FilePatch` `MaxSecure: Trojan.Malware.10047474.susgen` `McAfee: FilePatcher` `McAfeeD: Real Protect-LS!7CD118D4F75F` `MicroWorld-eScan: Gen:Application.Heur.FU.fuW@aibVZbl` `Microsoft: HackTool:Win32/Keygen` `Paloalto: generic.ml` `Panda: Trj/CI.A` `Rising: HackTool.Patcher!1.B3BB (CLASSIC)` `Sangfor: Suspicious.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.FilePatcher.mc` `Sophos: Generic Patcher (PUA)` `Symantec: ML.Attribute.HighConfidence` `Trapmine: suspicious.low.ml.score` `TrendMicro-HouseCall: Trojan.Win32.VSX.PE04C9V` `VIPRE: Gen:Application.Heur.FU.fuW@aibVZbl` `Varist: W32/Agent.EWQQ-1275` `ViRobot: Trojan.Win32.Agent.754688.B` `Webroot: W32.Hacktool.Gen` `Xcitium: Application.Win32.HackTool.Patcher.T@8rlo7s` `Zillya: Tool.Patcher.Win32.25830` `alibabacloud: HackTool:Win/Patcher.28b2b31b`

Hashes

MD5	`7cd118d4f75f36f13a58a5672cb79986`
SHA1	`b3298c674ea0a16e48df0e63b09a48a49d7326e4`
SHA256	`ad89432d69880261b31ce2bc8519942df8a8cac4891f8955f0b8d963ad2aab5b`
SHA3	`d5abfb600c134a2674be1ad3912b33accbf257f1140362d9a070ce7292fbb07c`
SSDeep	`1536:qy/Grc7z50dQtbElepigxHpxRxq8/HuGx+seoRadoG:qMlP50Q1EgpigxFxqCuot`
Imports Hash	`dc73a9bd8de0fd640549c85ac4089b87`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2012-Dec-21 20:59:46
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x200`
SizeOfInitializedData	`0x15400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000102B (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x1a000`
SizeOfHeaders	`0x400`
Checksum	`0xecdd`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4c584307e5aa70f515ee8c3d942e5f6c`
SHA1	`05668764efd56b4a53d8574ff9dec26b851ca07b`
SHA256	`9c0c821fe1c66ad45a044fec0be845fa08b96ea7b7c24e852b132a92fe08a90c`
SHA3	`a56964eb90adb7bd0f5c92dbd62425658cbd2b396621386f34ca3397e2a0465f`
VirtualSize	`0x1f6`
VirtualAddress	`0x1000`
SizeOfRawData	`0x200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.06408`

.rdata

MD5	`e5aa65265e17d8a1b524adbc10c0a1ad`
SHA1	`0e0eb11d610df253f860f9b46790f28f7477d12a`
SHA256	`b8af2ef3ea5c0fb35d0c846a94425f028f8cdba30eefbb401377749e0266640b`
SHA3	`7c0d77a4d031c3944bb719376c53cf53fc047471e027fa4f69aacd44c986f6a8`
VirtualSize	`0x1d8`
VirtualAddress	`0x2000`
SizeOfRawData	`0x200`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.27064`

.data

MD5	`f8fedf1be1122ff5cd0e5b4716311cc5`
SHA1	`c41831c104ced77633be9d2b09364c22a9392a73`
SHA256	`b23a9af37c2bfeb0bcb17555a8038d0403b12616851e58513e9135a77c84363b`
SHA3	`eed0f7054aa182d7497331ee77969143efb3a63e8fee1ed02e44e82494404132`
VirtualSize	`0x34`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.568988`

.rsrc

MD5	`2953a169925014420dbef48fa3e0c73f`
SHA1	`32d0d705e7457a6c36f80673662a75a3c2ca5945`
SHA256	`deb1074aaf6823430b09ed8c0822afe75bfae2c011bd2a498dfe02e814be7e16`
SHA3	`4c42d10e70580f0d99ea3e1d19cb1f7fe0c7504726bf9c2148d885b6c3c18a8d`
VirtualSize	`0x14c38`
VirtualAddress	`0x4000`
SizeOfRawData	`0x14e00`
PointerToRawData	`0xa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.46589`

.reloc

MD5	`2e6554ffc943448b686d85ad68f9ec9a`
SHA1	`2983937fa0491ffb874e3d5084ddc909f7b417ba`
SHA256	`4bb6e032bb8a0cc87b345564204b1e74d8eb2ed7665c2a1d82dcd3b3096bf885`
SHA3	`1037aac5df319410ca7ed864e945ccb384d66f6e8ac2a1f9c2cfcdc03c63f497`
VirtualSize	`0x52`
VirtualAddress	`0x19000`
SizeOfRawData	`0x200`
PointerToRawData	`0x15800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.736046`

Imports

kernel32.dll	`DeleteFileA` `ExitProcess` `FindResourceA` `FreeLibrary` `GetModuleHandleA` `GetProcAddress` `GetTempPathA` `LoadLibraryA` `LoadResource` `RtlMoveMemory` `SizeofResource` `VirtualAlloc` `lstrcatA` `CloseHandle` `CreateFileA` `FlushFileBuffers` `WriteFile`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.30643`
MD5	`7309bd3a12f28c4385a0c230667908d0`
SHA1	`074243414c84dd5b73ee7e9ac905e526dea30406`
SHA256	`c17bc111e590c7cd8eea1c738e312cf8b858185df2220cc25b929f9269fda742`
SHA3	`a506efee1d8028aebf209a652c5789f821e754ad7fcf90a638a3182f38bf1476`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.16426`
MD5	`e5f17960e2c46454c27c3fe575eae027`
SHA1	`2a28c9005edaf2d98b4708f9b2eece3f244970ec`
SHA256	`0c8f7fe77a3860fd5f1b1bc1c57c6525443cd9d6d9081dff00b5a5605729649b`
SHA3	`5c983ead148b28c9f9b34d74d80ee3fc8c68ee8821ce88286d0bd2e080bc3b58`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.68913`
MD5	`6b619d7eaa9df1e89bb9b098f16276e0`
SHA1	`68b1554381cc3a249f3c7ad8d7a58e45bf1d4092`
SHA256	`f98cc511b5ef75946088980ca5501bc0fad90c1ae7b8935bdaaadc77647db0e2`
SHA3	`f8d1e4514cdc1d1298d469726d52176417ad753d7f906cec7c2c745d3a8fe420`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.05281`
MD5	`dc30d04f0c4643352837a58d032c3edf`
SHA1	`3e88f4bc6fffc0111a500ebc2b5c7071890db543`
SHA256	`bc1d98f962c2ebf3a9547b5edc4020334e967925bc1201e54c6b336cd8bd000c`
SHA3	`bd2d4ca2faf2a70f1fe64604cf48117f426aeba294fee85ccd34bb18894075e8`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.76511`
MD5	`2c8ec269bf9095f23fb11059ffbfc705`
SHA1	`deb8767409c5fa8ee675491c052027d06444fe60`
SHA256	`a527fa4eda9941030f42400b354af1fd4645560f362d828e2868e6cb07e1c868`
SHA3	`8d8e0ca081c18af17a2a2e00593a5a17cb8c6792175808c30213d020d24348eb`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.92826`
MD5	`5852c24b6bc287e0b43332a7a00ec7f3`
SHA1	`bac1c7191124647e2804ec2deccaf1d5af4ca4b5`
SHA256	`a21a84ba32c8983fa9401e61642d4458a47d7f25591bfe6e3b93684907bc3814`
SHA3	`a104db793f21106e626a100ff63593eb46bf57360365c7bfd5f41648c116c7b2`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.98476`
MD5	`5599ff249655c936d7d511c82f72ab8d`
SHA1	`d62a5fc804c752268b4127f3e3961db614cee203`
SHA256	`dd1f34f4bfdbe77d760d67c0d482b851c12f10503d299a237f9e5c9361695c4a`
SHA3	`a62545e48c4975cc9ec7cc750fd1d539b9413b3d342f000319ac8fad916fbf81`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.91618`
MD5	`8988657b81aec2b4e2419b269dd9b167`
SHA1	`1563b9edf86cbe5f6ba26ce8b4bfc7df36fe3537`
SHA256	`360478ab949fbd0f49a6ced8c0dc5fda4df93bab660d18c4e816683e9470bd73`
SHA3	`443bc8be30474521214fc360a2be0a619c3cbd002f2dd7865e68b2bfe5c52ea4`

DLL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xde00`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99728`
MD5	`b0b4fc264ac8f6b0b766ae6b6be86c20`
SHA1	`f199dcb8d704b9267631de7837d44a27b08910be`
SHA256	`5e6c3d73876a6b73259061423fb3369c5fb4999e34ea8a71e45ec653d1d52a1f`
SHA3	`f3b05bea9fceb03dffab476043ad8c04178ca19d4062b2f9983caf5ad194f8e9`

500

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85812`
Detected Filetype	Icon file
MD5	`160a4674d1a4048d80b3617538c5c764`
SHA1	`4915feb5b5cccd9e75f0bd4af5e35211353a207e`
SHA256	`146e554f0d56db9a88224cd6921744fdfe1f8ee4a9e3ac79711f9ab15f9d3c7f`
SHA3	`21c2ca5b60b02fd80163c30c40f4ee04b99cb028575ab8be5a4d6710d3a18321`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x377`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.85948`
MD5	`b12a0d6e862678e9495124d8d1dfccab`
SHA1	`1798e9adaa46a5a3c27ab61fc97995095cda6c61`
SHA256	`29b348b57a8686a8691c42b61d8969a0c2ebd3b699b52793e5ea1fd087af664d`
SHA3	`e70666b26913a066de8cf74710f9e321b99478ab966447b7553845348d7bb03d`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x9103f02d`
Unmarked objects	`0`
18 (8444)	`1`
Imports (VS2010 build 30319)	`3`
Total imports	`17`
ASM objects (VS2010 build 30319)	`1`
Resource objects (VS2010 build 30319)	`1`
Linker (VS2010 build 30319)	`1`

Errors

Leave a comment

No comments yet.