Manalyze report for 4ebe3e1af5e147c580ecce052fe7d7d0219d5e5a2f5e6d8a7f7291735923db18

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2045-Dec-09 20:35:43

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`Can access the registry: RegSetValueExA RegCreateKeyExA RegCloseKey`
Suspicious	The file contains overlay data.	`272 bytes of data starting at offset 0x2600.`
Malicious	VirusTotal score: 63/72 (Scanned on 2022-12-31 20:43:52)	`Bkav: W32.Common.2FB4AB05` `Lionic: Worm.Win32.Happy.tpyi` `tehtris: Generic.Malware` `Cynet: Malicious (score: 100)` `CMC: Generic.Win32.02dd0eaa96!MD` `CAT-QuickHeal: Happy99.Worm` `ALYac: Worm.Generic.22417` `VIPRE: Worm.Generic.22417` `Sangfor: Trojan.Win32.Agent.ed` `K7AntiVirus: Trojan ( 00010be11 )` `Alibaba: Worm:Win32/Happy.5360bd08` `K7GW: Trojan ( 00010be11 )` `Cybereason: malicious.a9649a` `VirIT: Happy99` `Cyren: W32/Ska.10000.worm@m` `Symantec: Happy99.Worm` `Elastic: malicious (high confidence)` `ESET-NOD32: Win32.Ska` `APEX: Malicious` `ClamAV: Win.Trojan.Happy99-2` `Kaspersky: Email-Worm.Win32.Happy` `BitDefender: Worm.Generic.22417` `NANO-Antivirus: Trojan.Win32.Spanska.jtkufh` `ViRobot: I-Worm.Win32.Happy.10002` `MicroWorld-eScan: Worm.Generic.22417` `Avast: Win32:Happy-B [Wrm]` `Rising: Worm.Happy99.d (CLASSIC)` `Ad-Aware: Worm.Generic.22417` `TACHYON: Worm/W32.Happy.10000` `Sophos: ML/PE-A + W32/Ska-Happy99` `Comodo: EmailWorm.Win32.Ska.~A@185y9` `DrWeb: Win95.Spanska.10000` `Zillya: Worm.Happy.Win32.3` `TrendMicro: WORM_SKA.A` `McAfee-GW-Edition: W32/Ska@M` `Trapmine: malicious.moderate.ml.score` `FireEye: Generic.mg.02dd0eaa9649a11e` `Emsisoft: Worm.Generic.22417 (B)` `Ikarus: Email-Worm.Win32.Happy` `Jiangmin: I-Worm/Happy` `Webroot: W32.Trojan.Worm.Gen.X` `Avira: WORM/Happy.L` `Antiy-AVL: Worm[Email]/Win32.Happy` `Kingsoft: win32.worm.happy.a.(kcloud)` `Microsoft: Worm:Win32/Ska.A@m` `Arcabit: Worm.Generic.D5791` `GData: Worm.Generic.22417` `Google: Detected` `AhnLab-V3: I-Worm/Happy99` `McAfee: W32/Ska@M` `MAX: malware (ai score=100)` `VBA32: Worm.Happy` `Cylance: Unsafe` `Zoner: Trojan.Win32.920` `TrendMicro-HouseCall: WORM_SKA.A` `Tencent: Email-Worm.Win32.Happy.za` `Yandex: Trojan.GenAsa!n/CWJxLFhm4` `MaxSecure: Trojan.Malware.2815.susgen` `Fortinet: W32/Ska.A@m` `BitDefenderTheta: AI:Packer.C01CB3021B` `AVG: Win32:Happy-B [Wrm]` `Panda: W32/Happy` `CrowdStrike: win/malicious_confidence_100% (W)`

Hashes

MD5	`02dd0eaa9649a11e55fa5467fa4b8ef8`
SHA1	`a4a945192cb730634168f79b6e4cd298dbe3d168`
SHA256	`4ebe3e1af5e147c580ecce052fe7d7d0219d5e5a2f5e6d8a7f7291735923db18`
SHA3	`30e1497882545df475c283850eba8745230031d5efc91a3ed5fbd8f7feb24302`
SSDeep	`192:nR81cIkA5Dbaj/CaFx40Z9HnLH8bzTbjt5BNUFO:RycyhqN4u9HnLH8bnbjtpl`
Imports Hash	`0c4bfaa543570883e2e21a059be0458e`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2045-Dec-09 20:35:43
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xa00`
SizeOfInitializedData	`0x1600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00010000 (Section: CODE)`
BaseOfCode	`0x10000`
BaseOfData	`0x20000`
ImageBase	`0x400000`
SectionAlignment	`0x10000`
FileAlignment	`0x200`
OperatingSystemVersion	`1.0`
ImageVersion	`0.0`
SubsystemVersion	`3.A`
Win32VersionValue	`0`
SizeOfImage	`0x50000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

CODE

MD5	`157be669263d1b048581cfff170bb423`
SHA1	`07bed22fdb31a2e67fd6e8ec5c6f04bfe2a41d91`
SHA256	`e07e76680435ef4521ba9aafb3e3b5c0626371a8a2f26e12f4d76fb76b7d8848`
SHA3	`5004ffa79a38ce169fff5d0c5e0211d1302b25c9fdb03c6523857677cce7b7f4`
VirtualSize	`0x1000`
VirtualAddress	`0x10000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.72737`

DATA

MD5	`84c1e1eb325bf503aa81431c8acb83e7`
SHA1	`f64854e9997b96a26c0d1f4fea6bd5e96e7de453`
SHA256	`9722bae62370821b0b72555db8a7e8df080ce784af835c576da1d7b3549fdc38`
SHA3	`8ecb3aaccb591476ec99d8be50b6724304f7b58e72a0813068fff3e7241623e8`
VirtualSize	`0x1000`
VirtualAddress	`0x20000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.96045`

.idata

MD5	`4065861380476795ba7930faebac80bf`
SHA1	`02294ae2d5a217353edee3eb9165182586eb496b`
SHA256	`35e445b36b555a314e4ea155b77fbc87213d029c2af25f8fd80436c7f6847a1b`
SHA3	`a28e6069ce12e4e50882094a4065dde89af227d1dce76d62923366d9b0e336de`
VirtualSize	`0x1000`
VirtualAddress	`0x30000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.97481`

.reloc

MD5	`d8fd070994c67ef47d676f4c7446496e`
SHA1	`62650ff86f05d73fdfc4102bc6fa5d743b6f7a4a`
SHA256	`67d6336d9bba0ac5e2fef36302cd9ea7b37027c200e9eac505f6852330c872a9`
SHA3	`425cdb8533a58ef45770fb70751954a95b8ceb1ac8e49d398442c07fe8322341`
VirtualSize	`0x1000`
VirtualAddress	`0x40000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`5.02795`

Imports

KERNEL32.dll	`WriteFile` `UnmapViewOfFile` `GetWindowsDirectoryA` `GetModuleHandleA` `CopyFileA` `GetProcAddress` `ExitProcess` `GetFileSize` `GetModuleFileNameA` `LocalAlloc` `CreateFileMappingA` `GetVersionExA` `GetSystemDirectoryA` `CreateFileA` `CloseHandle` `LocalFree` `MapViewOfFile` `ReadFile`
ADVAPI32.dll	`RegSetValueExA` `RegCreateKeyExA` `RegCloseKey`
USER32.dll	`ReleaseDC` `RegisterClassA` `PostQuitMessage` `PeekMessageA` `GetDC` `DispatchMessageA` `DefWindowProcA` `CreateWindowExA` `ShowWindow` `UpdateWindow` `TranslateMessage`
GDI32.dll	`SetPixelV`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.