Manalyze report for dbd8dbecaa80795c135137d69921fdba

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jan-29 10:42:10

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to AES`
Suspicious	The PE is possibly packed.	`The PE only has 3 import(s).`
Malicious	VirusTotal score: 51/72 (Scanned on 2026-02-18 14:18:03)	`ALYac: Gen:Variant.Application.Ulise.137044` `APEX: Malicious` `AVG: Win64:MalwareX-gen [Misc]` `AhnLab-V3: Dropper/Win.Miner.R758978` `Alibaba: Trojan:Win64/MalwareX.a8db93f2` `Antiy-AVL: Trojan/Win32.GenericML` `Arcabit: Trojan.Application.Ulise.D21754` `Avast: Win64:MalwareX-gen [Misc]` `BitDefender: Gen:Variant.Application.Ulise.137044` `Bkav: W64.AIDetectMalware` `CAT-QuickHeal: Trojan.Agent` `CTX: dll.trojan.generic` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.BtcMine.3952` `ESET-NOD32: Win64/Agent.IGY trojan` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Application.Ulise.137044 (B)` `GData: Gen:Variant.Application.Ulise.137044` `Google: Detected` `Gridinsoft: Trojan.Win64.Packed.sa` `Ikarus: Trojan.Win64.Agent` `K7AntiVirus: Trojan ( 006d9bf01 )` `K7GW: Trojan ( 006d9bf01 )` `Kaspersky: Trojan.Win64.Agentb.lgrh` `Kingsoft: Win32.Troj.Undef.a` `Lionic: Trojan.Win32.Agentb.X!c` `Malwarebytes: Trojan.MalPack` `MaxSecure: Trojan.Malware.273267368.susgen` `McAfeeD: ti!E60AB99DA105` `MicroWorld-eScan: Gen:Variant.Application.Ulise.137044` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Paloalto: generic.ml` `Panda: Trj/GdSda.A` `Rising: Trojan.Kryptik@AI.88 (RDML:WxHbEu0cTSk6ZcPxoHEvQA)` `Sangfor: Trojan.Win64.Ulise.V21m` `Skyhigh: Artemis!Trojan` `Sophos: Mal/Generic-S` `Symantec: Trojan.Gen.MBT` `Tencent: Malware.Win32.Gencirc.11e43c69` `TrellixENS: Artemis!DBD8DBECAA80` `TrendMicro: Trojan.Win64.FRS.VSNW09B26` `TrendMicro-HouseCall: Trojan.Win64.FRS.VSNW09B26` `VBA32: Trojan.Win64.Agentb` `VIPRE: Gen:Variant.Application.Ulise.137044` `Varist: W64/ABApplication.YJCO-3213` `Xcitium: Malware@#zv2gpdsh5ojb` `Zillya: Trojan.Agent.Win64.168174` `alibabacloud: Riskware:Win/Wacatac.B9nj`

Hashes

MD5	`dbd8dbecaa80795c135137d69921fdba`
SHA1	`3e217f3a26bc09a0e0c29afceab4efbf0c1e4dac`
SHA256	`e60ab99da105ee27ee09ea64ed8eb46d8edc92ee37f039dbc3e2bb9f587a33ba`
SHA3	`69ceaae61034d3fbdb21cb3ae667c7a91f37b709c8bcc2bf39142f8d6afe924f`
SSDeep	`196608:RQaXkDnVhAmqK5864qike5DvEW/PhDbw:RNkDHAi5v4ksvEW/PRb`
Imports Hash	`5e63523dd454d86b6c5bd88cd402a129`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`4`
TimeDateStamp	2026-Jan-29 10:42:10
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x3000`
SizeOfInitializedData	`0xc4d000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000002820 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xc53000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`30308b348359325e4c6a0d8fc7900e53`
SHA1	`959bbdb98dc77c5c1aaacbbd8a7227aac688bc1e`
SHA256	`1f08b0eac299d3d996c2693f2f7b0f20dd4645eca229234e0c665426ae54fdc7`
SHA3	`7de75a695769d038e9323cf03569c8c89084b504a60131dbaa507eb64c34e298`
VirtualSize	`0x2f78`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.06745`

.rdata

MD5	`5fa51c4f7f0ba4857bc2fb00ccf3656a`
SHA1	`3e4f245433b37b76b420873111d258731a3f48e7`
SHA256	`26e9095f81ef4892d6b23530951bce7773917e8afa25f8db1bb12c95d685c774`
SHA3	`7d2289c4b58a0e72cccbec982b4afe6703d5f30acee1609042512dc52f442c72`
VirtualSize	`0x646`
VirtualAddress	`0x4000`
SizeOfRawData	`0x800`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.1682`

.data

MD5	`f39e228a2fb7a99bff3e96ceb32ce354`
SHA1	`1f67336dc02724fed868f17e98133e8a107c747b`
SHA256	`dc6f96446c8fa94fd304d0360a4a362f8db9a2d71661e3d91c8fcf05fb1ec807`
SHA3	`d3a86f242f53b7131d0494501d4c8d024072674c909c5c0bdae58c35f921bb1f`
VirtualSize	`0xc4c568`
VirtualAddress	`0x5000`
SizeOfRawData	`0xc4c600`
PointerToRawData	`0x3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.75109`

.pdata

MD5	`ae41c976b453e48393b8629e37613b52`
SHA1	`f06f8f83d7f967664bf0e60fcb7052010967871c`
SHA256	`fc0e56b896829afdad386ab2dd1f952a8e7f4b4df8bb0172943c346acd6c8daf`
SHA3	`f383b36e74b07824ccca59aadb58733a753db289bb370f202dc4b38585603f66`
VirtualSize	`0x120`
VirtualAddress	`0xc52000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc50200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.32745`

Imports

KERNEL32.dll	`GetModuleFileNameW` `GetModuleHandleExW` `DisableThreadLibraryCalls`

Delayed Imports

IdllEntry

Ordinal	`1`
Address	`0x2840`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jan-29 10:42:10
Version	`0.0`
SizeofData	`268`
AddressOfRawData	`0x428c`
PointerToRawData	`0x368c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2026-Jan-29 10:42:10
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x9e9cc60f`
Unmarked objects	`0`
Imports (33145)	`3`
Total imports	`3`
C++ objects (35221)	`3`
ASM objects (35221)	`1`
Exports (35221)	`1`
Linker (35221)	`1`

dbd8dbecaa80795c135137d69921fdba

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

Imports

Delayed Imports

IdllEntry

Version Info

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors