02dd0eaa9649a11e55fa5467fa4b8ef8

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2045-Dec-09 20:35:43

Plugin Output

Info The PE contains common functions which appear in legitimate applications. Can access the registry:
  • RegSetValueExA
  • RegCreateKeyExA
  • RegCloseKey
Suspicious The file contains overlay data. 272 bytes of data starting at offset 0x2600.
Malicious VirusTotal score: 61/67 (Scanned on 2022-06-27 08:40:22) Bkav: W32.Common.2FB4AB05
Lionic: Worm.Win32.Happy.tpyi
tehtris: Generic.Malware
MicroWorld-eScan: Worm.Generic.22417
FireEye: Generic.mg.02dd0eaa9649a11e
CAT-QuickHeal: Happy99.Worm
ALYac: Worm.Generic.22417
Cylance: Unsafe
Sangfor: Trojan.Win32.Agent.ed
CrowdStrike: win/malicious_confidence_100% (W)
BitDefender: Worm.Generic.22417
K7GW: Trojan ( 00010be11 )
K7AntiVirus: Trojan ( 00010be11 )
Arcabit: Worm.Generic.D5791
VirIT: Happy99
Cyren: W32/Ska.10000.worm@m
Elastic: malicious (high confidence)
ESET-NOD32: Win32.Ska
APEX: Malicious
Paloalto: generic.ml
ClamAV: Win.Trojan.Happy99-2
Kaspersky: Email-Worm.Win32.Happy
Alibaba: Worm:Win32/Happy.5360bd08
NANO-Antivirus: Trojan.Win32.Happy.zvsw
ViRobot: I-Worm.Win32.Happy.10002
Rising: Worm.Happy99.d (CLASSIC)
Ad-Aware: Worm.Generic.22417
TACHYON: Worm/W32.Happy.10000
Emsisoft: Worm.Generic.22417 (B)
Comodo: EmailWorm.Win32.Ska.~A@185y9
F-Secure: Worm.WORM/Happy.L
DrWeb: Win95.Spanska.10000
Zillya: Worm.Happy.Win32.3
TrendMicro: WORM_SKA.A
McAfee-GW-Edition: W32/Ska@M
Trapmine: malicious.moderate.ml.score
Sophos: Mal/Generic-R + W32/Ska-Happy99
Ikarus: Email-Worm.Win32.Happy
Jiangmin: I-Worm/Happy
Webroot: W32.Trojan.Worm.Gen.X
Avira: WORM/Happy.L
Kingsoft: Win32.Troj.Generic_a.c.(kcloud)
Microsoft: Worm:Win32/Ska.A@m
ZoneAlarm: Email-Worm.Win32.Happy
GData: Worm.Generic.22417
Cynet: Malicious (score: 100)
AhnLab-V3: I-Worm/Happy99
McAfee: W32/Ska@M
MAX: malware (ai score=100)
VBA32: Worm.Happy
Malwarebytes: Malware.AI.3107159016
Panda: W32/Happy
TrendMicro-HouseCall: WORM_SKA.A
Tencent: Email-Worm.Win32.Happy.za
Yandex: Trojan.GenAsa!n/CWJxLFhm4
MaxSecure: Trojan.Malware.2815.susgen
Fortinet: W32/Ska.A@m
BitDefenderTheta: AI:Packer.C01CB3021B
AVG: Win32:Happy-B [Wrm]
Cybereason: malicious.a9649a
Avast: Win32:Happy-B [Wrm]

Hashes

MD5 02dd0eaa9649a11e55fa5467fa4b8ef8
SHA1 a4a945192cb730634168f79b6e4cd298dbe3d168
SHA256 4ebe3e1af5e147c580ecce052fe7d7d0219d5e5a2f5e6d8a7f7291735923db18
SHA3 30e1497882545df475c283850eba8745230031d5efc91a3ed5fbd8f7feb24302
SSDeep 192:nR81cIkA5Dbaj/CaFx40Z9HnLH8bzTbjt5BNUFO:RycyhqN4u9HnLH8bnbjtpl
Imports Hash 0c4bfaa543570883e2e21a059be0458e

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2045-Dec-09 20:35:43
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0xa00
SizeOfInitializedData 0x1600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00010000 (Section: CODE)
BaseOfCode 0x10000
BaseOfData 0x20000
ImageBase 0x400000
SectionAlignment 0x10000
FileAlignment 0x200
OperatingSystemVersion 1.0
ImageVersion 0.0
SubsystemVersion 3.A
Win32VersionValue 0
SizeOfImage 0x50000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x2000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

CODE

MD5 157be669263d1b048581cfff170bb423
SHA1 07bed22fdb31a2e67fd6e8ec5c6f04bfe2a41d91
SHA256 e07e76680435ef4521ba9aafb3e3b5c0626371a8a2f26e12f4d76fb76b7d8848
SHA3 5004ffa79a38ce169fff5d0c5e0211d1302b25c9fdb03c6523857677cce7b7f4
VirtualSize 0x1000
VirtualAddress 0x10000
SizeOfRawData 0xa00
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.72737

DATA

MD5 84c1e1eb325bf503aa81431c8acb83e7
SHA1 f64854e9997b96a26c0d1f4fea6bd5e96e7de453
SHA256 9722bae62370821b0b72555db8a7e8df080ce784af835c576da1d7b3549fdc38
SHA3 8ecb3aaccb591476ec99d8be50b6724304f7b58e72a0813068fff3e7241623e8
VirtualSize 0x1000
VirtualAddress 0x20000
SizeOfRawData 0x1000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.96045

.idata

MD5 4065861380476795ba7930faebac80bf
SHA1 02294ae2d5a217353edee3eb9165182586eb496b
SHA256 35e445b36b555a314e4ea155b77fbc87213d029c2af25f8fd80436c7f6847a1b
SHA3 a28e6069ce12e4e50882094a4065dde89af227d1dce76d62923366d9b0e336de
VirtualSize 0x1000
VirtualAddress 0x30000
SizeOfRawData 0x400
PointerToRawData 0x2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.97481

.reloc

MD5 d8fd070994c67ef47d676f4c7446496e
SHA1 62650ff86f05d73fdfc4102bc6fa5d743b6f7a4a
SHA256 67d6336d9bba0ac5e2fef36302cd9ea7b37027c200e9eac505f6852330c872a9
SHA3 425cdb8533a58ef45770fb70751954a95b8ceb1ac8e49d398442c07fe8322341
VirtualSize 0x1000
VirtualAddress 0x40000
SizeOfRawData 0x200
PointerToRawData 0x2400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 5.02795

Imports

KERNEL32.dll WriteFile
UnmapViewOfFile
GetWindowsDirectoryA
GetModuleHandleA
CopyFileA
GetProcAddress
ExitProcess
GetFileSize
GetModuleFileNameA
LocalAlloc
CreateFileMappingA
GetVersionExA
GetSystemDirectoryA
CreateFileA
CloseHandle
LocalFree
MapViewOfFile
ReadFile
ADVAPI32.dll RegSetValueExA
RegCreateKeyExA
RegCloseKey
USER32.dll ReleaseDC
RegisterClassA
PostQuitMessage
PeekMessageA
GetDC
DispatchMessageA
DefWindowProcA
CreateWindowExA
ShowWindow
UpdateWindow
TranslateMessage
GDI32.dll SetPixelV

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->