Manalyze report for 95801af084f016c65fe03ca79eb1b996

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Aug-16 00:11:11
Detected languages	English - United States
CompanyName	PoC-BootCamp
ProductName	PoC-BootCamp
FileVersion	`1`
ProductVersion	`1`
InternalName	PoC-BootCamp
OriginalFilename	PoC-BootCamp

Plugin Output

Suspicious	PEiD Signature:	`ASPack v2.12`
Malicious	The PE is packed with Aspack or Armadillo	`Section .text is both writable and executable.` `Unusual section name found: .000000` `Section .000000 is both writable and executable.` `Unusual section name found: .adata` `Section .adata is both writable and executable.` `The PE only has 4 import(s).` `The RICH header checksum is invalid.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Malicious	VirusTotal score: 59/72 (Scanned on 2024-04-26 16:24:15)	`ALYac: GenPack:Generic.Malware.S!dld!.ADE90F55` `APEX: Malicious` `AVG: Win32:Trojan-gen` `AhnLab-V3: Downloader/Win.FBWZ.C5126213` `Alibaba: TrojanDownloader:Win32/VBObfuse.0cd6af65` `Antiy-AVL: Trojan/Win32.VBObfuse` `Arcabit: GenPack:Generic.Malware.S!dld!.ADE90F55` `Avast: Win32:Trojan-gen` `Avira: TR/VB.Downloader.Gen` `BitDefender: GenPack:Generic.Malware.S!dld!.ADE90F55` `BitDefenderTheta: AI:Packer.0BA2CB991F` `Bkav: W32.AIDetectMalware` `ClamAV: Win.Malware.Aizczvpi-7667171-0` `Cylance: unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.DownLoader30.17344` `ESET-NOD32: a variant of Win32/TrojanDownloader.VB.RLW` `Elastic: malicious (high confidence)` `Emsisoft: GenPack:Generic.Malware.S!dld!.ADE90F55 (B)` `F-Secure: Trojan.TR/VB.Downloader.Gen` `FireEye: Generic.mg.95801af084f016c6` `Fortinet: W32/Kryptik.HMTB!tr` `GData: GenPack:Generic.Malware.S!dld!.ADE90F55` `Google: Detected` `Gridinsoft: Trojan.Heur!.032120A1` `Ikarus: Trojan-Downloader.Win32.VB` `Jiangmin: TrojanDownloader.Generic.bdxz` `K7AntiVirus: Trojan-Downloader ( 005a4f4d1 )` `K7GW: Trojan-Downloader ( 005a4f4d1 )` `Kaspersky: Trojan.Win32.Agent.xabduu` `Kingsoft: Win32.Trojan.Agent.xabduu` `Lionic: Trojan.Win32.VBObfuse.4!c` `MAX: malware (ai score=84)` `Malwarebytes: Malware.AI.1775311915` `MaxSecure: Trojan.Malware.74538096.susgen` `McAfee: Artemis!95801AF084F0` `MicroWorld-eScan: GenPack:Generic.Malware.S!dld!.ADE90F55` `Microsoft: Trojan:Win32/VBObfuse.BIV!MTB` `NANO-Antivirus: Trojan.Win32.VB.fxwldb` `Paloalto: generic.ml` `Panda: Trj/GdSda.A` `Rising: Trojan.Provis!8.A8E (TFE:5:sVdGyD6VWBB)` `Sangfor: Downloader.Win32.Vbobfuse.Vfij` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Generic.lh` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.10bb4783` `TrendMicro: TROJ_GEN.R002C0DCE24` `TrendMicro-HouseCall: TROJ_GEN.R002C0DCE24` `VBA32: Backdoor.Xtreme` `VIPRE: GenPack:Generic.Malware.S!dld!.ADE90F55` `Varist: W32/VBTrojan.Downloader.1D!Maxi` `Yandex: Trojan.GenAsa!NTuymdcu7Uo` `Zillya: Trojan.Agent.Win32.2793244` `ZoneAlarm: Trojan.Win32.Agent.xabduu` `alibabacloud: Trojan[downloader]:Win/VBObfuse.BIV!MTB` `tehtris: Generic.Malware`

Hashes

MD5	`95801af084f016c65fe03ca79eb1b996`
SHA1	`c96b671849012d1ed878e4ffee083d38cc575fa1`
SHA256	`603488e403f45e7eecc5b738057c255533ae704450b00f94ccb03f6c714042bf`
SHA3	`81c8877d17158874515905f8955813dabdd53b4e4969ea95d139ede8f3657683`
SSDeep	`192:vS3PW6LBS3As+45WDG8AxHwCMrpY7Y8LqPZo5LdCfffnMO3UlzuEnrtDINynT+v:vS3TBS3bWDG8AxHr6+Y9PffPzouqlt`
Imports Hash	`7d60fc197c3449d234b9673d96263f4b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xb0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2019-Aug-16 00:11:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.1`
SizeOfCode	`0x2000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00005001 (Section: .000000)`
BaseOfCode	`0x1000`
BaseOfData	`0x3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`3.1`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x8000`
SizeOfHeaders	`0x400`
Checksum	`0xca6a`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`17ff065d9849536791fb1931ca398106`
SHA1	`5182af20914a6ea19cf929961cd5e0972503d26d`
SHA256	`fdcc404af642796140f373e066b0f6f44bc3e7780006cabc5a2362cabed9d8ca`
SHA3	`62cc539bc515b06bbedd1a320f4e2f0b40520177ae999f49ae361c07c38c7a37`
VirtualSize	`0x2000`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.53059`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x36c`
VirtualAddress	`0x3000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`9e051ecd4e2b122ba66e3d79bb9b7881`
SHA1	`340cc1ac066fff3607a52f4acd1a632e2e8a36de`
SHA256	`0be0565966db0092ba15e6b0623597c34c7c713435c2cd70ed5a38c37bd689ef`
SHA3	`3d83c61c4d35e1b8289fa2f581a3ad7a0debb9fb41844cc537dcf10028d3fabd`
VirtualSize	`0x1000`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.91126`

.000000

MD5	`4dc3d6f6ad90ef8a1b576e654f65979a`
SHA1	`43b5e1859970c1ede09d94186eeac5b869b9a59e`
SHA256	`2afbbf0fd6ac7682f89ec38bb37deefb9fe250286a8900598fd330a60d189772`
SHA3	`c8bd075cba42e8a35a2a1fee895dcf026aff3e5f32434059b6cb50747249c143`
VirtualSize	`0x2000`
VirtualAddress	`0x5000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.82914`

.adata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1000`
VirtualAddress	`0x7000`
SizeOfRawData	`0`
PointerToRawData	`0x2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

Imports

kernel32.dll	`GetProcAddress` `GetModuleHandleA` `LoadLibraryA`
msvbvm60.dll	`#667`

Delayed Imports

1

Type	`SETTINGS`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.56324`
MD5	`32e43015342751e214df21287c169c4c`
SHA1	`1c7f51c5c3c994f997d9e9a809a161c137c5fc4c`
SHA256	`09130759680b609a6915b0b832cce72606fd7251c2ddb48ef7256179fe6c0d16`
SHA3	`d637acbc531cc1ab95038a30908b83f62f255b407bcc3d56ee327a94e506e17a`

1 (#2)

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.64812`
MD5	`83941242f00197040cea8fe264e6d42c`
SHA1	`251730f9ddebfc0b9b0673c912269151fc892f04`
SHA256	`2fe9c73741d521e9f1bbaed4f874b5b1f33f256de17932257c39ac6ead31fb35`
SHA3	`93dbb41b1fb81c310b8bbe4c0e402598360da931d20353419b3c0d82c79c6298`

1 (#3)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`48b7daa094a69053983c7c0a1a9d1892`
SHA1	`f2ee97c66ac167b7bb8ddb35c50464102dc716fd`
SHA256	`8aecd886e67d8cbe30bc719e7c0df4cd4f4a7e000d14f296e8a1af2c6fb04a11`
SHA3	`455e955dfde4b66ee569c5f5454265d5d73c14249e0c13f943d5ea56dc93fcdf`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x220`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.15472`
MD5	`7b53c42b148b8e96584ecb316b240731`
SHA1	`74ef8b0e489c2e2630fc730536a25754279c3406`
SHA256	`731e0fa0cac7544b69336daf31f688caa1763b8e6d81f8f28218aace89e3ec04`
SHA3	`8d8e9742e8b1aa0de4bc816dfd782d219f1ae3b7a7f4401301ff8c69bee11173`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.1.0.0
ProductVersion	3.1.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	PoC-BootCamp
ProductName	PoC-BootCamp
FileVersion (#2)	1
ProductVersion (#2)	1
InternalName	PoC-BootCamp
OriginalFilename	PoC-BootCamp

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x8869808d`
Unmarked objects	`0`
13 (VS98 SP6 build 8804)	`1`

Errors

[*] Warning: Section .data has a size of 0!
[*] Warning: Section .adata has a size of 0!