Manalyze report for c461c0bf9b6c34e06aae59173ca27ea4f66d3694258c93a1abc9e70c863b0ebd

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-Jul-30 08:52:45

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig2(h)`
Suspicious	PEiD Signature:	`ASPack v2.12`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1`
Suspicious	The PE is possibly packed.	`Unusual section name found: @M]\x05\xa3u\x83` `Section @M]\x05\xa3u\x83 is both writable and executable.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress LoadLibraryW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW`
Info	The PE's resources present abnormal characteristics.	`Resource 4C8B75F7B1F3D0E84D74B3B6C64C7342 is possibly compressed or encrypted.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`173f80ff9e7d8b46119e4e793b66cbad`
SHA1	`bead08594bb2d59398ceb37f5ca02d8264e38fc2`
SHA256	`c461c0bf9b6c34e06aae59173ca27ea4f66d3694258c93a1abc9e70c863b0ebd`
SHA3	`b2d60779737e4be599628db990c133d1296ecb38cbef76724a6dc2dc631df7ec`
SSDeep	`3072:c7DhdC6kzWypvaQ0FxyNTBfdnXg8IylxO6ArXcGtTGCH:cBlkZvaF4NTBlQfAQvrXxtK`
Imports Hash	`2c5f2513605e48f2d8ea5440a870cb9e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2019-Jul-30 08:52:45
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x15600`
SizeOfInitializedData	`0x47200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0005C000 (Section: @M]\x05\xa3u\x83)`
BaseOfCode	`0x1000`
BaseOfData	`0x13000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x61000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.code

MD5	`46da2c5018752470fd3127bf22d63b95`
SHA1	`79689d07d23e494c8a40e425f6b58b6fcfcee935`
SHA256	`dde5c88b25500cafc481c699e30ea58342b107228ef6f3a08d3361a60203430b`
SHA3	`dae8493b3d4a31fe01cf730bafbd7390586ff0f116fa5ded8284d0382b858c3e`
VirtualSize	`0x387e`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.52922`

.text

MD5	`e1a026e66953c410d7f60b1f1e3c560f`
SHA1	`838d55d26dd9efd6b0506c9c55f064f69bff3a1d`
SHA256	`97f61efc9684f623eae30fcce8a8b3035003d341200579275f19f5468d496a75`
SHA3	`cf24a88fe26c2aa2d32468714671eaf669efc73ed42178d15681551c2967b390`
VirtualSize	`0xd962`
VirtualAddress	`0x5000`
SizeOfRawData	`0xda00`
PointerToRawData	`0x3e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.56249`

.rdata

MD5	`a16842a34a5da6feda9533bb3e83c3c1`
SHA1	`597bcd6908d7d29b813201e8506c5ae636de4377`
SHA256	`e7aa3b9a2637a54058211b802f96742faf19c341e604e483c54b9da022bf7a4d`
SHA3	`054e5f2439e80e489d6f8f42717ee344b2492bc8230b9d42ef3816c922b51cc1`
VirtualSize	`0x33a5`
VirtualAddress	`0x13000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x11800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.11184`

.data

MD5	`9745a42ebabb63298eb95a88968b76e4`
SHA1	`5623f3898756f14bd29bbf189c4c33d035c016f6`
SHA256	`32784aa66afc8da825311cfcb5ef716e1dcc0bfd1e17aa787e75ecbef00272e2`
SHA3	`d6d5386123bdc8bf2b5a8b827a5216d43a1910c63d4502ca2351c8ffec2293d6`
VirtualSize	`0x178c`
VirtualAddress	`0x17000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x14c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.101`

.rsrc

MD5	`eb53693a1db9cde9ced474afbf4f85c6`
SHA1	`716d684763ba9888f55e048cda405e3809909b6c`
SHA256	`3512dd7de710ef599218e43726ffe839aa7d72bbe2d95fa8846c63bb3e8f48d0`
SHA3	`cde93f2806c93a9f5f6da229c9bd30412aa30d67173f1945fb5ff5312fc86661`
VirtualSize	`0x42a84`
VirtualAddress	`0x19000`
SizeOfRawData	`0x42c00`
PointerToRawData	`0x15e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.53573`

@M]\x05\xa3u\x83

MD5	`2c9a3b0d7280dce6428e27da382d6c32`
SHA1	`f1d1857da471cb62db6ee7af6abaa24ad30633a8`
SHA256	`ab3429f9b725bcc0e58152523e5d0a984e1f2554207ef359dcd0c48f5135be99`
SHA3	`053ea56f9e46ccf0a95b0fe7012ed1c4b220e912320f6a415ac80e4f54291a5d`
VirtualSize	`0x5000`
VirtualAddress	`0x5c000`
SizeOfRawData	`0x4200`
PointerToRawData	`0x58a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.93461`

Imports

MSVCRT.dll	`memset` `wcsncmp` `memmove` `wcsncpy` `wcsstr` `_wcsnicmp` `_wcsdup` `free` `_wcsicmp` `wcslen` `wcscpy` `wcscmp` `wcscat` `memcpy` `tolower` `malloc`
KERNEL32.dll	`GetModuleHandleW` `HeapCreate` `GetStdHandle` `SetConsoleCtrlHandler` `HeapDestroy` `ExitProcess` `WriteFile` `GetTempFileNameW` `LoadLibraryExW` `EnumResourceTypesW` `FreeLibrary` `RemoveDirectoryW` `EnumResourceNamesW` `GetCommandLineW` `LoadResource` `SizeofResource` `FreeResource` `FindResourceW` `GetNativeSystemInfo` `GetShortPathNameW` `GetWindowsDirectoryW` `GetSystemDirectoryW` `EnterCriticalSection` `CloseHandle` `LeaveCriticalSection` `InitializeCriticalSection` `WaitForSingleObject` `TerminateThread` `CreateThread` `GetProcAddress` `GetVersionExW` `Sleep` `WideCharToMultiByte` `HeapAlloc` `HeapFree` `LoadLibraryW` `GetCurrentProcessId` `GetCurrentThreadId` `GetModuleFileNameW` `PeekNamedPipe` `TerminateProcess` `GetEnvironmentVariableW` `SetEnvironmentVariableW` `GetCurrentProcess` `DuplicateHandle` `CreatePipe` `CreateProcessW` `GetExitCodeProcess` `SetUnhandledExceptionFilter` `HeapSize` `MultiByteToWideChar` `CreateDirectoryW` `SetFileAttributesW` `GetTempPathW` `DeleteFileW` `GetCurrentDirectoryW` `SetCurrentDirectoryW` `CreateFileW` `SetFilePointer` `TlsFree` `TlsGetValue` `TlsSetValue` `TlsAlloc` `HeapReAlloc` `DeleteCriticalSection` `InterlockedCompareExchange` `InterlockedExchange` `GetLastError` `SetLastError` `UnregisterWait` `GetCurrentThread` `RegisterWaitForSingleObject`
USER32.DLL	`CharUpperW` `CharLowerW` `MessageBoxW` `DefWindowProcW` `DestroyWindow` `GetWindowLongW` `GetWindowTextLengthW` `GetWindowTextW` `UnregisterClassW` `LoadIconW` `LoadCursorW` `RegisterClassExW` `IsWindowEnabled` `EnableWindow` `GetSystemMetrics` `CreateWindowExW` `SetWindowLongW` `SendMessageW` `SetFocus` `CreateAcceleratorTableW` `SetForegroundWindow` `BringWindowToTop` `GetMessageW` `TranslateAcceleratorW` `TranslateMessage` `DispatchMessageW` `DestroyAcceleratorTable` `PostMessageW` `GetForegroundWindow` `GetWindowThreadProcessId` `IsWindowVisible` `EnumWindows` `SetWindowPos`
GDI32.DLL	`GetStockObject`
COMCTL32.DLL	`InitCommonControlsEx`
SHELL32.DLL	`ShellExecuteExW` `SHGetFolderLocation` `SHGetPathFromIDListW`
WINMM.DLL	`timeBeginPeriod`
OLE32.DLL	`CoInitialize` `CoTaskMemFree`
SHLWAPI.DLL	`PathAddBackslashW` `PathRenameExtensionW` `PathQuoteSpacesW` `PathRemoveArgsW` `PathRemoveBackslashW`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.48001`
MD5	`760e120bf4567b3065798563328561c0`
SHA1	`3afe721efcd510f289487f9b5147b616a07cb295`
SHA256	`7f0c59420a841e22136b7860ac3a2431f008531755f37fbf30e5779bde786b3b`
SHA3	`f2ecf8ec133d6984889400af12fa8d8d1c36eafe3bf6d8131e0794e883035294`

34388A2E5E3B1B15949ECFE07BF83C7B

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x92`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.61603`
MD5	`9606c668c77f51763c93f908e172ae2b`
SHA1	`bedb14cbff523fafba35cd161b8344bf88fcfef6`
SHA256	`855c9b8e456737455fdb7cd0ec98a6ac1151273965ec5abd36e7084ca1292640`
SHA3	`4349f3d1e53821124f0384cab9da183944378ef30ab4c557b64477d8f31d2670`

3CD5A0120E

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`55a54008ad1ba589aa210d2629c1df41`
SHA1	`bf8b4530d8d246dd74ac53a13471bba17941dff7`
SHA256	`4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a`
SHA3	`2767f15c8af2f2c7225d5273fdd683edc714110a987d1054697c348aed4e6cc7`

4C8B75F7B1F3D0E84D74B3B6C64C7342

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x486`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.83673`
MD5	`23a95e2707e63764cc2dcdb7fb8cfa68`
SHA1	`8452eb4008fed3262aca395ff7bba970802cb670`
SHA256	`a7e67b0bac3e2c89876fee36c1a5fa65a6055d5e4dcea2dd162b2624697e9c1c`
SHA3	`04ed0a46f512b15df0254070598e91931532c175e5afac885af9a4694b820b65`

AFF8A4BFF6E0C897C72EADA1AF63A9242EB4CCFF

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x15`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.20184`
MD5	`b34e5087896e15e10497b1f0510ffb68`
SHA1	`bff61783a49edf1de1b7bc09353219730c66b455`
SHA256	`76979b1322c0ac49ee64740c6786edcfe5f7e0047ed937258930b3469b57a325`
SHA3	`05ca62b99240348466268e7e680b03c4395c7c50fd0bbd7a6bbcf15a3b0e856f`

1 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.67095`
Detected Filetype	Icon file
MD5	`464cb94db3a2622922a9562865009ae8`
SHA1	`dbe17c767d942f219df59f9eae77b213c15eab70`
SHA256	`8affd1fa69a6c5a5b54e504d72d4e9a0eba9b7d702a445ea1399a5978794719a`
SHA3	`3e0e32110c6c0f3323eeeb5e4a6cbb7a8db52ab14e0f065384fb4eedac4fbcda`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x263`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.92322`
MD5	`841795bb3b61ebd511249778aa26af77`
SHA1	`59f426938522ef9906b0740821e8cc270d1ca897`
SHA256	`be809cba9d14bfb52a969d766992832b10e99e133babcdd99dc6d1bba5597cf7`
SHA3	`5fa5c36711cc5c3661248b1180ce35543201ff1dc77d158129b844f03a2144c9`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.