Manalyze report for be11d5551412487117465ca46654aa45ee8ed3e1b273a8978843b87b6bb3f221

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .symtab`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryW GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Info	The PE is digitally signed.	`Signer: capri-blue.com` `Issuer: E7`
Malicious	VirusTotal score: 37/68 (Scanned on 2026-06-06 02:33:42)	`APEX: Malicious` `Alibaba: Backdoor:Application/Kryptik.eb891f41` `Antiy-AVL: Trojan[Backdoor]/Win64.Gsb` `Avira: BDS/W64.MalwareX` `Bkav: W32.Malware.C56443C4` `CTX: exe.trojan.generic` `CrowdStrike: win/malicious_confidence_90% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `ESET-NOD32: WinGo/Kryptik.SR trojan` `Elastic: malicious (high confidence)` `F-Secure: Backdoor.BDS/W64.MalwareX` `Fortinet: W32/Kryptik.SR!tr` `GData: Win64.Trojan.Agent.AAE9IQ` `Google: Detected` `Gridinsoft: Trojan.Win64.Wacatac.cl` `Kaspersky: UDS:Backdoor.Win64.Gsb.gen` `Kingsoft: Win64.Backdoor.Gsb.gen` `Lionic: Trojan.Win64.SBEscape.tsZ8` `Malwarebytes: Backdoor.RemusStealer` `McAfeeD: Trojan:Win/Stealer.DSF` `Microsoft: Trojan:Win32/Vidar` `Paloalto: generic.ml` `Rising: Backdoor.Gsb!8.1DB49 (CLOUD)` `Sangfor: Backdoor.Win64.Gsb.Ven1` `Skyhigh: Artemis!Trojan` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Win32.Trojan.FalseSign.Rsmw` `Trapmine: suspicious.low.ml.score` `TrellixENS: Artemis!0A66C4B8CCD2` `TrendMicro: Trojan.Win32.ZYX.USBLF526` `TrendMicro-HouseCall: Trojan.Win32.ZYX.USBLF526` `Varist: W64/ABApplication.EHKS-1102` `alibabacloud: Backdoor:Multi/Wacatac.B9nj` `huorong: Trojan/Loader.sh`

Hashes

MD5	`0a66c4b8ccd2c84a115de3f3e7150ae2`
SHA1	`e723f18044c5d9eb64e85ee1e2bdead448cd752f`
SHA256	`be11d5551412487117465ca46654aa45ee8ed3e1b273a8978843b87b6bb3f221`
SHA3	`94ae36fb5d8d159e9975b4e0c75e1037afa0d2bf56abb82213cdee3c40f8fe03`
SSDeep	`49152:bEf3Hrb/TEvO90dL3BmAFd4A64nsfJhPHvNeABgLDYVZkZD18T:Q3aYfvT`
Imports Hash	`9cbefe68f395e67356e2a5d8d1b285c0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0x4`
e_cparhdr	`0`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x1b0000`
NumberOfSymbols	`2500`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0xbca00`
SizeOfInitializedData	`0x19000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000005B160 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x226000`
SizeOfHeaders	`0x600`
Checksum	`0x1cbcff`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`40a03c4235296a6dd7fa7be3e4e2d1b0`
SHA1	`d929115ebddc05df9ba90a2860cf863f2a59a203`
SHA256	`512406e36f19bba74f5add1452a959b6e6545ca670e144b22db442efed1219ad`
SHA3	`601f57c681337f657671e7c7a37dfdc4c10b592d2617d0c2e4ef847dcdf509fc`
VirtualSize	`0xbc9c1`
VirtualAddress	`0x1000`
SizeOfRawData	`0xbca00`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.26034`

.rdata

MD5	`0e8a90699a9f1776fe7c4ae18a7246c9`
SHA1	`d4df8f638c32ea40dce12b8fe79bf300a1792d72`
SHA256	`d722dc566e2745779c445b7e9f44f7315b102e75db8ac981e02492366c144747`
SHA3	`4afd613a719dae92a08ebc96176977edfa32b5f6826fbc9f65ecefb77933188d`
VirtualSize	`0xd6f78`
VirtualAddress	`0xbe000`
SizeOfRawData	`0xd7000`
PointerToRawData	`0xbd000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.18244`

.data

MD5	`a11bbf84b6ecb872471c152acbaa9f9f`
SHA1	`d45d20132d0d0ba4e8451b6f92dc8c12e1c9d237`
SHA256	`eadb84be205c64d19b41e22b8acf7fafe182573067d6e8856477e6545b7591da`
SHA3	`d5e48f0b1b293b60553472de77c5f94f9e02cc913b9a2bb837ba2318ae3babfb`
VirtualSize	`0x732c8`
VirtualAddress	`0x195000`
SizeOfRawData	`0x19000`
PointerToRawData	`0x194000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.85326`

.idata

MD5	`9e0882a62a770d474e498cf86f7267e4`
SHA1	`8639c47f84b2d72c1d4ea60186201634d0fe40a1`
SHA256	`a20989a87e972c00e8ff0785c383a92171ad469f75d4285fb44db5efe7fcd4cf`
SHA3	`876ab089b0fefff4fc0089d4902f088bb90f283a00b135058bcaa554fac3c65d`
VirtualSize	`0x47c`
VirtualAddress	`0x209000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1ad000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.56738`

.reloc

MD5	`95e8b1f39e1254ec1411a61be87262c2`
SHA1	`c8b7e3072d5dbae29857b998ae358373d748d0d7`
SHA256	`981256479fda70a43504caf1a29cd97e5eba8c62ce2ef9b99402fceef5e1fe08`
SHA3	`df966fc348552d20ab40067b9d633533daadb8bcb5b4d2244e4419a7d46de35d`
VirtualSize	`0x292e`
VirtualAddress	`0x20a000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x1ad600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.40137`

.symtab

MD5	`39a551d314c1f739cc3dd96cc643f7f2`
SHA1	`63bcd34ce68f4a43bdab3221ac22bf1c241ccb5e`
SHA256	`a51b7ed6563da3e7f5e4ad9abd139f7657ed7ca0fb3c56bea9fffdf6a4d736b9`
SHA3	`baf8304194623d029484ca49cbcd810c9362abe151536dd2124146721dde9282`
VirtualSize	`0x18b36`
VirtualAddress	`0x20d000`
SizeOfRawData	`0x18c00`
PointerToRawData	`0x1b0000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.16786`

Imports

kernel32.dll	`WriteFile` `WriteConsoleW` `WaitForMultipleObjects` `WaitForSingleObject` `VirtualQuery` `VirtualFree` `VirtualAlloc` `SwitchToThread` `SuspendThread` `SetWaitableTimer` `SetUnhandledExceptionFilter` `SetProcessPriorityBoost` `SetEvent` `SetErrorMode` `SetConsoleCtrlHandler` `ResumeThread` `PostQueuedCompletionStatus` `LoadLibraryA` `LoadLibraryW` `SetThreadContext` `GetThreadContext` `GetSystemInfo` `GetSystemDirectoryA` `GetStdHandle` `GetQueuedCompletionStatusEx` `GetProcessAffinityMask` `GetProcAddress` `GetEnvironmentStringsW` `GetConsoleMode` `FreeEnvironmentStringsW` `ExitProcess` `DuplicateHandle` `CreateWaitableTimerExW` `CreateThread` `CreateIoCompletionPort` `CreateFileA` `CreateEventA` `CloseHandle` `AddVectoredExceptionHandler`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.