Manalyze report for 78b0d600e8903a7c4fa0274f7121e3eb

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Mar-21 13:40:50

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to AES`
Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Malicious	VirusTotal score: 36/71 (Scanned on 2024-04-27 20:37:51)	`ALYac: Generic.Trojan.Havokiz.Marte.D.22103BD3` `APEX: Malicious` `AVG: Win64:Evo-gen [Trj]` `Antiy-AVL: Trojan/Win64.Havoc.e` `Arcabit: Generic.Trojan.Havokiz.Marte.D.22103BD3` `Avast: Win64:Evo-gen [Trj]` `Avira: HEUR/AGEN.1368308` `BitDefender: Generic.Trojan.Havokiz.Marte.D.22103BD3` `Bkav: W64.AIDetectMalware` `ClamAV: Win.Malware.Havoc-10019364-0` `Cynet: Malicious (score: 100)` `DrWeb: Trojan.Siggen27.35201` `ESET-NOD32: a variant of Win64/Havoc.L` `Elastic: Windows.Trojan.Generic` `Emsisoft: Generic.Trojan.Havokiz.Marte.D.22103BD3 (B)` `F-Secure: Heuristic.HEUR/AGEN.1368308` `FireEye: Generic.Trojan.Havokiz.Marte.D.22103BD3` `Fortinet: W64/Havoc.L!tr` `GData: Generic.Trojan.Havokiz.Marte.D.22103BD3` `Google: Detected` `Ikarus: Trojan.Win64.Havoc` `Jiangmin: Backdoor.C2.d` `Kaspersky: HEUR:Backdoor.Win64.Havoc.pef` `MAX: malware (ai score=85)` `Malwarebytes: Malware.AI.3682758166` `McAfee: Agent-FYC!78B0D600E890` `MicroWorld-eScan: Generic.Trojan.Havokiz.Marte.D.22103BD3` `Microsoft: Trojan:Win64/Havokiz.DX!MTB` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win64.Backdoor.cm` `Sophos: ATK/Havoc-G` `Symantec: ML.Attribute.HighConfidence` `VIPRE: Generic.Trojan.Havokiz.Marte.D.22103BD3` `Varist: W64/Havoc.A.gen!Eldorado` `VirIT: Trojan.Win64.Agent.BUS` `ZoneAlarm: HEUR:Backdoor.Win64.Havoc.pef`

Hashes

MD5	`78b0d600e8903a7c4fa0274f7121e3eb`
SHA1	`870aba657326ee7968ffe8ef08a0510eb9d893f7`
SHA256	`3cba38fdf84cf7ea3334040c8b4539403e73adc185d612085628042a695e8da3`
SHA3	`ff44cf29387000fcffc56506f301b356b221c0e55508ee6ca643dff4d3a76e17`
SSDeep	`1536:TkJIalOYktfCM83vypq9UVE/kGE5+Kb+LwoMSJZNx5FOx9b+:6lITtfCMT2UVE/kOXMSJZDPOx9b`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2024-Mar-21 13:40:50
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x17800`
SizeOfInitializedData	`0x1400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000017BE0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x1e000`
SizeOfHeaders	`0x400`
Checksum	`0x22073`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c7bd9c29bbbddb377821a39dc2d238c2`
SHA1	`bb2dca9883efd01daf189cddd38bcd57882c4bac`
SHA256	`ba56f70395960ff9f289cf81a4fb4cbcd0f61b7b5b32009e463db4bd43490630`
SHA3	`d90a55c9a58f3be54805c3b515b63fbe4bb1b8ddb7d0932b85ce72d4a20247d6`
VirtualSize	`0x176b0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x17800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.95772`

.data

MD5	`67425506c490ceb3c33e18e2a1705983`
SHA1	`8d294e7265d764cb48f7c17b515a33b43875a73d`
SHA256	`e26254d368a2925d75eb712e9f9ce26a5f7ffac4dc234c93e50ec6cd47f3cf19`
SHA3	`9250071ed6edb833cc30d34935d7e51998fd435f220e59016294f140fc8cb647`
VirtualSize	`0x940`
VirtualAddress	`0x19000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x17c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.76864`

.rdata

MD5	`fd95c80dce9d4c70213f7386b413ff1b`
SHA1	`605f31bf2cc212378b67db9e627cdcf57535d5be`
SHA256	`c7f9a54c5aab3ea4fa75497375d9ca545205c5ca179d3fb6bb16adc818a9bb31`
SHA3	`1ae007c17dcd5acaedc5fa95f664d0cb0dc097523a16970dde009431ba5799db`
VirtualSize	`0x2e0`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x400`
PointerToRawData	`0x18600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.77205`

.edata

MD5	`75e7d529f2627b88e18d1c5790f7c657`
SHA1	`09cc3c12ad9f45d47082e7319f6026ac7638bdf7`
SHA256	`758170254c5aaa65192e8e528840b7b43527a8604993326d5753b9e36c50bdb8`
SHA3	`dce21dccdd440bc3f5a0b005df2e07e4adb1e04b29fafa797093ea0ef30fbdbc`
VirtualSize	`0x36`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x18a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.531988`

.idata

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x14`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x18c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`f8de71fa3c1cc2ad4eff7e6cb2bd3e6d`
SHA1	`313c18becd10d4a0396a26b366d4b1e8c1194819`
SHA256	`db6f3ff00308b0ae164eb9d4fe98e27e55cf6e8b12b13704e2a39052c61b9242`
SHA3	`89c825855a8fc55249f0190c8283fbb92eaa11544c330dd42c1d33b2536a94ef`
VirtualSize	`0xec`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x18e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.98143`

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

78b0d600e8903a7c4fa0274f7121e3eb

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.rdata

.edata

.idata

.reloc

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors