Manalyze report for bef4bf26099a5b413d1efd3d74f54c591bf2b904576b8443ab8a1df43ba157ff

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2008-Dec-03 19:41:07
Detected languages	English - United States Portuguese - Portugal

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX v2.0 -> Markus, Laszlo & Reiser (h)` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	The PE is possibly packed.	`Unusual section name found: EDGE` `Section EDGE is both writable and executable.` `Unusual section name found: EDGE` `Section EDGE is both writable and executable.` `Unusual section name found: dongs` `The PE only has 9 import(s).`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc`
Info	The PE's resources present abnormal characteristics.	`Resource 111 is possibly compressed or encrypted.` `Resource 112 is possibly compressed or encrypted.` `Resource TUNE is possibly compressed or encrypted.`
Malicious	VirusTotal score: 49/72 (Scanned on 2026-02-26 07:47:21)	`ALYac: Trojan.GenericKD.32698712` `APEX: Malicious` `Antiy-AVL: Worm/Win32.Qvod` `Arcabit: Trojan.Generic.D1F2F158` `BitDefender: Trojan.GenericKD.32698712` `Bkav: W32.Common.90D6A33D` `CAT-QuickHeal: Trojan.Ghanarava.1679996814d9ab9d` `CTX: exe.trojan.keygen` `ClamAV: Win.Trojan.6769277-1` `CrowdStrike: win/grayware_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win32/Keygen.PG potentially unsafe application` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.GenericKD.32698712 (B)` `Fortinet: W32/Generic.AC.8CA9A!tr` `GData: Trojan.GenericKD.32698712` `Google: Detected` `Gridinsoft: Trojan.Heur!.032100E1` `Ikarus: Trojan-Proxy.Win32.Agent` `Jiangmin: Trojan.Generic.foyd` `K7AntiVirus: Unwanted-Program ( 005ce4b21 )` `K7GW: Unwanted-Program ( 005ce4b21 )` `Lionic: Trojan.Win32.Keygen.4!c` `Malwarebytes: MachineLearning/Anomalous.100%` `MaxSecure: Trojan.Malware.1284855.susgen` `McAfeeD: ti!BEF4BF26099A` `MicroWorld-eScan: Trojan.GenericKD.32698712` `Microsoft: Trojan:Win32/Tiggre!rfn` `NANO-Antivirus: Trojan.Win32.Offend.cyswbo` `Paloalto: generic.ml` `Rising: Trojan.Tiggre!8.ED98 (CLOUD)` `Sangfor: Trojan.Win32.Tiggre.V82e` `SentinelOne: Static AI - Malicious PE` `Skyhigh: GenericRXFU-AS!50F821CA1677` `Sophos: Keygen (PUA)` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.high.ml.score` `TrellixENS: GenericRXAA-AA!AAB368978D04` `TrendMicro: PUA.Win32.KeyGen.CSAE` `TrendMicro-HouseCall: PUA.Win32.KeyGen.CSAE` `VIPRE: Trojan.GenericKD.32698712` `Varist: W32/Risk.QTHZ-8548` `VirIT: Trojan.Win32.Agent2.CFZU` `Webroot: W32.Malware.Gen` `Xcitium: Packed.Win32.MUPX.Gen@24tbus` `Yandex: Trojan.GenAsa!73WSvPqh/XM` `Zillya: Trojan.Agent.Win32.180064` `alibabacloud: Trojan:Win/Keygen.43107754`

Hashes

MD5	`aab368978d0410e1f409f2e977d9ab9d`
SHA1	`5b11a7581e6fa7f5cb2fd1eb12d12fc07248093c`
SHA256	`bef4bf26099a5b413d1efd3d74f54c591bf2b904576b8443ab8a1df43ba157ff`
SHA3	`cfced1a4220d951fa8b119e8afb6e6ee593be3c6e7e0cf0fb3f4dbae71b99651`
SSDeep	`1536:tVENBCMIy1rWR60nGCgTmoC8ctsHUUH0GVf6FNPtXxaaIW94B7aG5:tVENBZf1rWR60GCgSoC8ctsHUUH0GVC`
Imports Hash	`006c9fb1c39c89ce85d664651c0025f3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2008-Dec-03 19:41:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x16000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0x94000`
AddressOfEntryPoint	`0x000AAC00 (Section: EDGE)`
BaseOfCode	`0x95000`
BaseOfData	`0xab000`
ImageBase	`0x800000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0xac000`
SizeOfHeaders	`0x1000`
Checksum	`0x242a3`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

EDGE

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x94000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

EDGE (#2)

MD5	`6a88be0ae1dbfa9710ae3cdb1ef8948c`
SHA1	`2d7cec3fa43dc1e21fc442d1fda24c679346e0d9`
SHA256	`2449b053fbf5e92106dcd2b98f47e1d8a228b8331ca7de17db634fe53847062b`
SHA3	`d6848f52d78ced64d4798c29dee04387358299988271a1b7811b0db9399dda4c`
VirtualSize	`0x16000`
VirtualAddress	`0x95000`
SizeOfRawData	`0x15e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.88646`

dongs

MD5	`441efab253830ee4c6932ddb3d73ca26`
SHA1	`140f4cbb750f4cf6fbd8ca0b1640b72e0765d250`
SHA256	`f172361f07bdfd6159121cf725a0af836cd5ee56b5a62ed9713709200f82c96e`
SHA3	`f196c12f503b7c297099fc7fc461231db5665a2f6a695a5badc86f449a7b441c`
VirtualSize	`0x1000`
VirtualAddress	`0xab000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x16200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.86037`

Imports

KERNEL32.DLL	`LoadLibraryA` `GetProcAddress` `VirtualProtect` `VirtualAlloc` `VirtualFree` `ExitProcess`
GDI32.dll	`TextOutA`
USER32.dll	`GetDC`
WINMM.dll	`waveOutOpen`

Delayed Imports

110

Type	`RT_BITMAP`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0xc8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.75952`
MD5	`11571b84979c9bacb2c4a935fff683e8`
SHA1	`ca1e274b381cfb330b91fb0bcde35f4d296d3375`
SHA256	`d56dc5dd299f5ffda1b3c25e999eba2e03fd2871097ee7158d1fdda0e7045cb9`
SHA3	`683ca8907d910567a010d8d258e8460e37f684fe70bd43b6cb4ede78b31b1b99`
Preview

111

Type	`RT_BITMAP`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x9ce`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.6163`
MD5	`051a7204d76158533cf50b943fe6862a`
SHA1	`0940a0bd4957a266fe7c9d0c2c686ab9b9192985`
SHA256	`580fd8f8e2f06c4f40b37c692dd4ba74874b2b531641e28e1d0ea31222c073e0`
SHA3	`67d19a2256f847db11fc9c454c995ca2ede4aaed6badb1fefc666011f6b38a1f`
Preview

112

Type	`RT_BITMAP`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x782`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.54865`
MD5	`b7ac48344c612a21240c1b44be38d7d0`
SHA1	`a1cee860e900371a3ced75b3120948f7c6745204`
SHA256	`3e9fc4da9f334c4869d7fc85cc24eaba5325b195dbca448f3d4f284cbf579274`
SHA3	`22a4eb912f25db2fc9577694b4f8f6b46f49105820dd648c73ef1ec42340beca`
Preview

1

Type	`RT_ICON`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.90871`
MD5	`bf191d17933c81e6c6e747a79d781541`
SHA1	`c1575a3ded7704847b69434507bc7fad0d46e64f`
SHA256	`a7cb7cf73d1695a2dd2befc562ac115acc987bd71bc9378c246ba36d3c0158f8`
SHA3	`d699f35f4380ccf115e0cdc6115f92826bbc9b9b9170d40eec37b876d6a6ccfd`

2

Type	`RT_ICON`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.2363`
MD5	`2133b1d2c6c1f26fd763647aaf1615cf`
SHA1	`89649f586d3d0508dca01d3754082927f2ecf709`
SHA256	`87f124ad5e2c366bbec23d4626906850df217cb10d7d75778ccd882e258f61dc`
SHA3	`6b3ca3586bc58e1f643c7f465bf9a2b1f4e8aa7b59179133bace42605832688b`

KEYGEN

Type	`RT_DIALOG`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x1dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.6129`
MD5	`e39296954903783546f768bd363039f8`
SHA1	`ac1ecb492ff643306940de8b037336f416261b47`
SHA256	`8a27c5c66d91a8c46c563604ee51c1af6114e6e10d77815762f1dfeb17db5fdc`
SHA3	`8c86edbbe94a5d136c43f0ac794f11e2554837b4539b66778141def31ac9ffba`

TUNE

Type	`RT_RCDATA`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x4130`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.66774`
MD5	`57c047e0095c0746e8e0de41ec11b018`
SHA1	`be2b00a5c17b1bfeea2586f8fbc583a8cace34fe`
SHA256	`74716c4d0b27ec532e42cac2bdd22709f0456ec3fd9ec820ec4791e2ae785ed6`
SHA3	`f5de3ba14e2aa4b606dc90b5d971a22b6ffc9ec9e4d4cfa8d635c844a8caf192`

105

Type	`RT_GROUP_ICON`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`42cf62b780813706e75fb9f2b2e8c258`
SHA1	`a022d5c1cfdd8aace0089f3e72f2eedd41bda464`
SHA256	`a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf`
SHA3	`0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c`

107

Type	`RT_GROUP_ICON`
Language	Portuguese - Portugal
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.02193`
MD5	`0ed1bbecda1cfdd7b82749f6badf7f1b`
SHA1	`ed801a706755d12dd048ddd169d700fe8b6d1666`
SHA256	`6ee16b724e9e2be51abd9d71225918bf12e42ad08377bf4e0d5696cc9bb89e3d`
SHA3	`36def6c977f9bfb4b3395bdf1af4683ea9c42c5c2a0fe2afae54f251d6623a94`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x841c98`
SEHandlerTable	`0x81ba00`
SEHandlerCount	`3`

RICH Header

XOR Key	`0x6bc2df9c`
Unmarked objects	`0`
C++ objects (30411)	`35`
ASM objects (30411)	`29`
C objects (30411)	`129`
Imports (VS2012 build 50727 / VS2005 build 50727)	`9`
Total imports	`130`
C++ objects (VS2008 build 21022)	`1`
C objects (VS2008 build 21022)	`8`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 build 21022)	`1`

Errors

[*] Warning: Section EDGE has a size of 0!
[*] Warning: Resource 107 is empty!

Leave a comment

No comments yet.