f775669b0c3abd52a5a9b939fdebc6fc

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1992-Jun-19 22:22:17
Detected languages English - United States

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is possibly packed. Unusual section name found: .dosx
Section .dosx is both writable and executable.
Unusual section name found: .fish
Section .fish is both writable and executable.
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Can access the registry:
  • RegCloseKey
 Possibly launches other programs:
  • ShellExecuteW
Suspicious The PE header may have been manually modified. Resource BATCLEN is possibly compressed or encrypted.
Resource CLEAN is possibly compressed or encrypted.
Resource EXTRATYPE is possibly compressed or encrypted.
Resource HEAD is possibly compressed or encrypted.
Resource IDMREG is possibly compressed or encrypted.
Resource IDMSPD is possibly compressed or encrypted.
Resource MASAIO is possibly compressed or encrypted.
Resource UPDT is possibly compressed or encrypted.
Resource 101 is possibly compressed or encrypted.
The resource timestamps differ from the PE header:
  • 2026-Jan-26 17:57:02
Malicious VirusTotal score: 49/72 (Scanned on 2026-02-18 12:24:42) ALYac: Gen:Variant.Application.Keygen-Crack-Patcher.3
APEX: Malicious
AVG: Win32:UnwantedX-gen [PUP]
AhnLab-V3: Unwanted/Win.Crack.C5610628
Antiy-AVL: HackTool/Win32.Crack
Arcabit: Trojan.Application.Keygen-Crack-Patcher.3
Avast: Win32:UnwantedX-gen [PUP]
Avira: TR/Crypt.ULPM.Gen
BitDefender: Gen:Variant.Application.Keygen-Crack-Patcher.3
Bkav: W32.AIDetectMalware
CAT-QuickHeal: Trojan.Ghanarava.1771401751ebc6fc
CTX: exe.trojan.crack
CrowdStrike: win/grayware_confidence_100% (W)
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
DrWeb: Trojan.DownLoader49.31106
ESET-NOD32: Win32/HackTool.Crack.FO potentially unsafe application
Elastic: malicious (high confidence)
Emsisoft: Gen:Variant.Application.Keygen-Crack-Patcher.3 (B)
F-Secure: Trojan.TR/Crypt.ULPM.Gen
Fortinet: W32/Agent.EXH!tr
GData: Gen:Variant.Application.Keygen-Crack-Patcher.3
Google: Detected
Gridinsoft: Trojan.Heur!.032125E1
Ikarus: PUA.HackTool.Crack
K7AntiVirus: Trojan ( 0051918e1 )
K7GW: Trojan ( 0051918e1 )
Kingsoft: Win32.Troj.Undef.a
Lionic: Trojan.Win32.Generic.4!c
Malwarebytes: Malware.AI.2396696924
MaxSecure: Trojan.Malware.583819647.susgen
McAfeeD: ti!3C64BD0508AB
MicroWorld-eScan: Gen:Variant.Application.Keygen-Crack-Patcher.3
Microsoft: Trojan:Win32/Wacatac.A!ml
Paloalto: generic.ml
Sangfor: Suspicious.Win32.Save.a
SentinelOne: Static AI - Malicious PE
Skyhigh: BehavesLike.Win32.Dropper.kc
Sophos: Generic Reputation PUA (PUA)
Symantec: ML.Attribute.HighConfidence
Trapmine: malicious.moderate.ml.score
TrellixENS: Artemis!F775669B0C3A
VBA32: Trojan.Hide.Heur
VIPRE: Gen:Variant.Application.Keygen-Crack-Patcher.3
Varist: W32/ABApplication.LBJS-3199
Xcitium: Packed.Win32.MUPX.Gen@24tbus
Zillya: Tool.Crack.Win32.6467
alibabacloud: HackTool:Win/Crack.FP

Hashes

MD5 f775669b0c3abd52a5a9b939fdebc6fc
SHA1 528fdf75cb3c9401079d4cdcf36bcf895185cd73
SHA256 3c64bd0508abaffd95c86eebb3a8c66162a69d0a76bf6c579a9ce12267041112
SHA3 7e25699b5495ea3b0a900aff8ed077bdc465769a93bb8e83479ac45384432d0e
SSDeep 1536:QG5Tln5MbsZLPWX7HbB8yJaEDIkT22rFm:b5RnmoZrWX7H7JayIkT22rE
Imports Hash f61e41cf3facdd888749fa56b3f50ede

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 1992-Jun-19 22:22:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0xf000
SizeOfInitializedData 0x2000
SizeOfUninitializedData 0x2f000
AddressOfEntryPoint 0x0003E820 (Section: .fish)
BaseOfCode 0x30000
BaseOfData 0x3f000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x41000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.dosx

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x2f000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fish

MD5 3c6e7aeb0d3c669d73765ef1c335b5d5
SHA1 78f5eb1f91c7a52c0eb358d28d3f5174a4ebe611
SHA256 37df2a134fd8d168004e427a98f07350643fc9b7f6455a4f67d57d113a8980e3
SHA3 8b2b18e93301085a3114f348d1f920640e7c7d986af14e2233768999307e649a
VirtualSize 0xf000
VirtualAddress 0x30000
SizeOfRawData 0xea00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.90685

.rsrc

MD5 d2b063456c0b8dedc380977b6310217c
SHA1 1f667eb04ab1d14ebd2e646a97f2f2edf517217a
SHA256 1e417c09578c2dd95815c43a065639fc9b33f10c2a30f258ccd3fc6bbb90f779
SHA3 e52a9c01a86037d3a1c15662f2beb1a13a98c5714e79cc1bfb5b7f1042b7a84f
VirtualSize 0x2000
VirtualAddress 0x3f000
SizeOfRawData 0x1200
PointerToRawData 0xee00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.48213

Imports

advapi32.dll RegCloseKey
gdi32.dll SetBkColor
IMAGEHLP.DLL ImageRemoveCertificate
KERNEL32.DLL LoadLibraryA
CopyContext
GetProcAddress
VirtualProtect
oleaut32.dll SysFreeString
shell32.dll ShellExecuteW
user32.dll SetFocus
version.dll VerQueryValueW
winmm.dll waveOutOpen

Delayed Imports

BATCLEN

Type BINRES
Language English - United States
Codepage UNKNOWN
Size 0x4f56
TimeDateStamp 2026-Jan-26 17:57:02
Entropy 7.91669
MD5 64cffd4050f4296b7207f8eb4ab55054
SHA1 694ad2b0bdfa1a23ffd88bf84515abe66af63eb3
SHA256 8675e6d2328cb4a4a71fa392381f7ec08c4a9ee7d2ebc57d3cfde891343088fa
SHA3 60ebf1b613fc52a18904bead5913b01e5e7e5411fd0a6e615c2e9bddaa7b4a90

CLEAN

Type BINRES
Language English - United States
Codepage UNKNOWN
Size 0x1754
TimeDateStamp 2026-Jan-26 17:57:02
Entropy 7.84387
MD5 bdbcb85e422b07ab721d3b52fbb91743
SHA1 e1f21d1615a8211bfdd27f24cda9eb1de0e6ecff
SHA256 86303b33b5326483a61960801734bd716dc88934a68a39dc567e1ac612335c05
SHA3 b8ca4080c98d09ee4be87012780d608d9912fe7f33ddb9050cdc88e9ad4a1e4f

EXTRATYPE

Type BINRES
Language English - United States
Codepage UNKNOWN
Size 0x23ab
TimeDateStamp 2026-Jan-26 17:57:02
Entropy 7.79917
MD5 2dcaf90c3d83b34a9a3c30a1f705fda8
SHA1 b95e494c608c3dd131c7eb5ca3b8f74484ea3b3f
SHA256 1053a0d0ceaf2603814e74f2514d3e9c25761c68e7f69287a308b64f95e339c3
SHA3 688a5e62ca73e8e2e040b3740105c3288aaa50ea37a5588bbd93d93f000a04cf

HEAD

Type BINRES
Language UNKNOWN
Codepage UNKNOWN
Size 0x340
TimeDateStamp 2026-Jan-26 17:57:02
Entropy 7.05432
MD5 07457112360331689dbe4f855becbc02
SHA1 7a7c7d8617c7e2a82cf7f732f9b2c9914e700581
SHA256 fd34280d0198c292aa95c0801fcaf3c83ea74634f9a57034d9947de598f39ca6
SHA3 bc905b9c025e71cbef6fa65309e7759a9b8a8cf1e55bd4fc221cfcfa8cb83308

IDMREG

Type BINRES
Language UNKNOWN
Codepage UNKNOWN
Size 0x282
TimeDateStamp 2026-Jan-26 17:57:02
Entropy 7.46747
MD5 fd17634f33ddd044a4c93e3ce8a37fd5
SHA1 9d8e2730453b582f24530e243c93c8ffc81a43ea
SHA256 e1a2b8e1be5800700657552fb4538a1a5a5bcdf54eb6651c8d2f7060262a0fca
SHA3 1b22caa1a1d23080cfc498fc154196fc1d8a06b5d4240a6555b893dbb3743d17

IDMSPD

Type BINRES
Language UNKNOWN
Codepage UNKNOWN
Size 0x424
TimeDateStamp 2026-Jan-26 17:57:02
Entropy 7.38194
MD5 6daad217fa1af956cb5f379857502ec4
SHA1 f141504b5376e2d9a2588303ff1133966f6bd3f5
SHA256 de5dcfd1b51a976a1c62f0791df47ad4691b1f96d1fdcbe43c9f738e55fe7fe7
SHA3 c47f1be181f83dc64bd037384257615e230f8fc657eea1025f1fd4bcd15248db

MASAIO

Type BINRES
Language English - United States
Codepage UNKNOWN
Size 0x346
TimeDateStamp 2026-Jan-26 17:57:02
Entropy 7.34689
MD5 85a4732c636f5bdda6180b460b3ba24d
SHA1 541a0a330503f02e461aeed8eebead28efa18ad9
SHA256 6b70a53762d2f899b44d6630cff8762acbf44daa625f995569bea7f96a5d8ad1
SHA3 6d2bedcca85105c192c42cab597b6319928721327182c460e2a7942ebd7ac734

SELFDEL

Type BINRES
Language UNKNOWN
Codepage UNKNOWN
Size 0x39
TimeDateStamp 2026-Jan-26 17:57:02
Entropy 5.55219
MD5 e84828da6761540b138da2778561b1fb
SHA1 ca8f77f93b0bc84ec6d3c6be35aeb989bc994236
SHA256 f44eca0f41b30c1cc1dc843903fc7c3f998edca5fa978c8c402fee937101fc31
SHA3 1022a4cef573779c0c1126fc61587588efc8d162c4452d315d03558c6b07999a

UPDT

Type BINRES
Language UNKNOWN
Codepage UNKNOWN
Size 0xae6
TimeDateStamp 2026-Jan-26 17:57:02
Entropy 7.73396
MD5 d624af23acb56260abe7bc9f2cc09b94
SHA1 5945c4bc9bf9f9ecd214edda1df5907ec45c7b50
SHA256 ad6f7ac095571a6f5ab0001826ed82b9bfaadb4967c1b9b76ec9ebda7acc4889
SHA3 334be5b2721f3fa7308e3419b4a9038ac368d588f935bad393d2a9360081d9bb

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 2026-Jan-26 17:57:02
Entropy 1.96237
MD5 40fdaec38f1a963cc6cc516d07d0fc75
SHA1 3125f7180443836a3dc965bbf21d76217b88f9a0
SHA256 c7895ea64e2cae0a1abc529deb762a477a41461a38d20c85362b59c0208eadcf
SHA3 34be37c0b64f1945d2f0380110504e6df36b0f7fdba1619f234b72726f006f76

101

Type RT_DIALOG
Language UNKNOWN
Codepage UNKNOWN
Size 0x1b2
TimeDateStamp 2026-Jan-26 17:57:02
Entropy 7.40222
MD5 14f5b90e7032737c40c440c49bc64828
SHA1 b75ce855e6826f3847e8d19324b36c75936642c3
SHA256 4abcb5b32d513f536d073459eebe9466a554e2f6782891a84976559de422856e
SHA3 9293c6801ee49d28ba63982a628c760f412bf7deed61cd914e8d20209dda5326

DVCLAL

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x10
TimeDateStamp 2026-Jan-26 17:57:02
Entropy 4
MD5 81c73423dacafe2fd5d2ee0e4061577a
SHA1 dae14facd628a54c437528136a3627186a83d9a7
SHA256 8a1e0d28987139601d7f1e9ef793e6ae276bc5bdb3c38d0ef704fe04cb74676f
SHA3 76fa37ce1d2620a0e882846a9a055f6a2c3c4afe87173b81356e2a325aa0adeb

PACKAGEINFO

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0xc8
TimeDateStamp 2026-Jan-26 17:57:02
Entropy 6.78724
MD5 6e960cc9e0287172a73f7f8a158a5b42
SHA1 14329ee1bd815bce646cc518d3fac7c50dd0cb05
SHA256 1e8a71217301fb21da89f804d543b155586ad7ca334006160f8358e1015a98b5
SHA3 84dd1f4fb67c4d176859da37bfd41cf88fc59f837aade80daf695ef05af2c041

MAINICON

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x14
TimeDateStamp 2026-Jan-26 17:57:02
Entropy 2.16096
Detected Filetype Icon file
MD5 42cf62b780813706e75fb9f2b2e8c258
SHA1 a022d5c1cfdd8aace0089f3e72f2eedd41bda464
SHA256 a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf
SHA3 0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x691
TimeDateStamp 2026-Jan-26 17:57:02
Entropy 5.03338
MD5 2ebe1c914cf3138e976c055b0c43c6ed
SHA1 22da9fee8d777d847960dd950ec359914d73350b
SHA256 d7010fc52189c7b15cd40a415859e0c54ddb9e1c135e6ca6ec09412f263ed0b1
SHA3 d97ee33a79ee49d17e03871645d2215acb219dd52a6ff6e448d6199b8837f271

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not reach the TLS callback table. [*] Warning: Section .dosx has a size of 0!