Manalyze report for fa6e050321f433af0e486acf88eefe32

Summary

Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `Unusual section name found: UPX2` `The PE only has 6 import(s).`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress`
Malicious	VirusTotal score: 3/69 (Scanned on 2023-09-03 13:22:11)	`Bkav: W32.AIDetectMalware.64` `Cynet: Malicious (score: 100)` `Trapmine: malicious.moderate.ml.score`

MD5	`fa6e050321f433af0e486acf88eefe32`
SHA1	`1b805bf9f61469d9d08ebcc0c679c730e754c780`
SHA256	`ae35c6ab9d100f3752024b045d14dbf75c0f657d70826de6de46ad76763f7139`
SHA3	`febaed198378af1392bdecdd85714fd3860b776dee361a82a8ba93e24926bf1b`
SSDeep	`192:g7Lw4xp+QbIQLTi3Q8hHVl1AghJ6lbLF3/l/PBhS84Tu+WkF9AoWk6:WLwo0QDi3lhHj1Ag/6lnF3/l3BhSpTu`
Imports Hash	`9920fcd0ec44676da676bc77c3814cdf`

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`3`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x2000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0xb000`
AddressOfEntryPoint	`0x000000000000DC00 (Section: UPX1)`
BaseOfCode	`0xc000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xf000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xb000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

MD5	`e68086f33f7373f4c9ddce3320451f72`
SHA1	`99ab0985d1f0931959c5e2e25539c8589a5a1e97`
SHA256	`02e846dbe3616add2171ef3437dbb8281c153b4e45b8778b8f6928f21f0eb66c`
SHA3	`df7b11711f6f376311362de86296dcdbab6e66afd9eec5ea490f85d7b572c142`
VirtualSize	`0x2000`
VirtualAddress	`0xc000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.62936`

MD5	`2e894a28400dbe3d06db5055ba17046b`
SHA1	`93bc63b07f63a17f446afe4f92f4bf7b10289e22`
SHA256	`56996d643ad7307fbb438d8df2a86bcaadb81dc3cb30634bda63e2d27cafe651`
SHA3	`1ddc80133c12b05517b7b849e53426e03520050d1b8e675a442df556562fa529`
VirtualSize	`0x1000`
VirtualAddress	`0xe000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.42355`

ADVAPI32.dll	`SetServiceStatus`
KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`
msvcrt.dll	`exit`

[*] Warning: Section UPX0 has a size of 0!