Manalyze report for 02dd0eaa9649a11e55fa5467fa4b8ef8

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2045-Dec-09 20:35:43

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`Can access the registry: RegSetValueExA RegCreateKeyExA RegCloseKey`
Suspicious	The file contains overlay data.	`272 bytes of data starting at offset 0x2600.`
Malicious	VirusTotal score: 63/72 (Scanned on 2022-12-31 20:43:52)	`Bkav: W32.Common.2FB4AB05` `Lionic: Worm.Win32.Happy.tpyi` `tehtris: Generic.Malware` `Cynet: Malicious (score: 100)` `CMC: Generic.Win32.02dd0eaa96!MD` `CAT-QuickHeal: Happy99.Worm` `ALYac: Worm.Generic.22417` `VIPRE: Worm.Generic.22417` `Sangfor: Trojan.Win32.Agent.ed` `K7AntiVirus: Trojan ( 00010be11 )` `Alibaba: Worm:Win32/Happy.5360bd08` `K7GW: Trojan ( 00010be11 )` `Cybereason: malicious.a9649a` `VirIT: Happy99` `Cyren: W32/Ska.10000.worm@m` `Symantec: Happy99.Worm` `Elastic: malicious (high confidence)` `ESET-NOD32: Win32.Ska` `APEX: Malicious` `ClamAV: Win.Trojan.Happy99-2` `Kaspersky: Email-Worm.Win32.Happy` `BitDefender: Worm.Generic.22417` `NANO-Antivirus: Trojan.Win32.Spanska.jtkufh` `ViRobot: I-Worm.Win32.Happy.10002` `MicroWorld-eScan: Worm.Generic.22417` `Avast: Win32:Happy-B [Wrm]` `Rising: Worm.Happy99.d (CLASSIC)` `Ad-Aware: Worm.Generic.22417` `TACHYON: Worm/W32.Happy.10000` `Sophos: ML/PE-A + W32/Ska-Happy99` `Comodo: EmailWorm.Win32.Ska.~A@185y9` `DrWeb: Win95.Spanska.10000` `Zillya: Worm.Happy.Win32.3` `TrendMicro: WORM_SKA.A` `McAfee-GW-Edition: W32/Ska@M` `Trapmine: malicious.moderate.ml.score` `FireEye: Generic.mg.02dd0eaa9649a11e` `Emsisoft: Worm.Generic.22417 (B)` `Ikarus: Email-Worm.Win32.Happy` `Jiangmin: I-Worm/Happy` `Webroot: W32.Trojan.Worm.Gen.X` `Avira: WORM/Happy.L` `Antiy-AVL: Worm[Email]/Win32.Happy` `Kingsoft: win32.worm.happy.a.(kcloud)` `Microsoft: Worm:Win32/Ska.A@m` `Arcabit: Worm.Generic.D5791` `GData: Worm.Generic.22417` `Google: Detected` `AhnLab-V3: I-Worm/Happy99` `McAfee: W32/Ska@M` `MAX: malware (ai score=100)` `VBA32: Worm.Happy` `Cylance: Unsafe` `Zoner: Trojan.Win32.920` `TrendMicro-HouseCall: WORM_SKA.A` `Tencent: Email-Worm.Win32.Happy.za` `Yandex: Trojan.GenAsa!n/CWJxLFhm4` `MaxSecure: Trojan.Malware.2815.susgen` `Fortinet: W32/Ska.A@m` `BitDefenderTheta: AI:Packer.C01CB3021B` `AVG: Win32:Happy-B [Wrm]` `Panda: W32/Happy` `CrowdStrike: win/malicious_confidence_100% (W)`

Hashes

MD5	`02dd0eaa9649a11e55fa5467fa4b8ef8`
SHA1	`a4a945192cb730634168f79b6e4cd298dbe3d168`
SHA256	`4ebe3e1af5e147c580ecce052fe7d7d0219d5e5a2f5e6d8a7f7291735923db18`
SHA3	`30e1497882545df475c283850eba8745230031d5efc91a3ed5fbd8f7feb24302`
SSDeep	`192:nR81cIkA5Dbaj/CaFx40Z9HnLH8bzTbjt5BNUFO:RycyhqN4u9HnLH8bnbjtpl`
Imports Hash	`0c4bfaa543570883e2e21a059be0458e`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2045-Dec-09 20:35:43
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xa00`
SizeOfInitializedData	`0x1600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00010000 (Section: CODE)`
BaseOfCode	`0x10000`
BaseOfData	`0x20000`
ImageBase	`0x400000`
SectionAlignment	`0x10000`
FileAlignment	`0x200`
OperatingSystemVersion	`1.0`
ImageVersion	`0.0`
SubsystemVersion	`3.A`
Win32VersionValue	`0`
SizeOfImage	`0x50000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

CODE

MD5	`157be669263d1b048581cfff170bb423`
SHA1	`07bed22fdb31a2e67fd6e8ec5c6f04bfe2a41d91`
SHA256	`e07e76680435ef4521ba9aafb3e3b5c0626371a8a2f26e12f4d76fb76b7d8848`
SHA3	`5004ffa79a38ce169fff5d0c5e0211d1302b25c9fdb03c6523857677cce7b7f4`
VirtualSize	`0x1000`
VirtualAddress	`0x10000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.72737`

DATA

MD5	`84c1e1eb325bf503aa81431c8acb83e7`
SHA1	`f64854e9997b96a26c0d1f4fea6bd5e96e7de453`
SHA256	`9722bae62370821b0b72555db8a7e8df080ce784af835c576da1d7b3549fdc38`
SHA3	`8ecb3aaccb591476ec99d8be50b6724304f7b58e72a0813068fff3e7241623e8`
VirtualSize	`0x1000`
VirtualAddress	`0x20000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.96045`

.idata

MD5	`4065861380476795ba7930faebac80bf`
SHA1	`02294ae2d5a217353edee3eb9165182586eb496b`
SHA256	`35e445b36b555a314e4ea155b77fbc87213d029c2af25f8fd80436c7f6847a1b`
SHA3	`a28e6069ce12e4e50882094a4065dde89af227d1dce76d62923366d9b0e336de`
VirtualSize	`0x1000`
VirtualAddress	`0x30000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.97481`

.reloc

MD5	`d8fd070994c67ef47d676f4c7446496e`
SHA1	`62650ff86f05d73fdfc4102bc6fa5d743b6f7a4a`
SHA256	`67d6336d9bba0ac5e2fef36302cd9ea7b37027c200e9eac505f6852330c872a9`
SHA3	`425cdb8533a58ef45770fb70751954a95b8ceb1ac8e49d398442c07fe8322341`
VirtualSize	`0x1000`
VirtualAddress	`0x40000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`5.02795`

Imports

KERNEL32.dll	`WriteFile` `UnmapViewOfFile` `GetWindowsDirectoryA` `GetModuleHandleA` `CopyFileA` `GetProcAddress` `ExitProcess` `GetFileSize` `GetModuleFileNameA` `LocalAlloc` `CreateFileMappingA` `GetVersionExA` `GetSystemDirectoryA` `CreateFileA` `CloseHandle` `LocalFree` `MapViewOfFile` `ReadFile`
ADVAPI32.dll	`RegSetValueExA` `RegCreateKeyExA` `RegCloseKey`
USER32.dll	`ReleaseDC` `RegisterClassA` `PostQuitMessage` `PeekMessageA` `GetDC` `DispatchMessageA` `DefWindowProcA` `CreateWindowExA` `ShowWindow` `UpdateWindow` `TranslateMessage`
GDI32.dll	`SetPixelV`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

02dd0eaa9649a11e55fa5467fa4b8ef8

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

CODE

DATA

.idata

.reloc

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors