Manalyze report for 05a065421caa9215958deca72a5b15f3

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2013-Jan-12 11:14:48

Plugin Output

Info	Matching compiler(s):	`Dev-C++ v5` `Microsoft Visual C++ 8.0`
Suspicious	The PE contains functions most legitimate programs don't use.	`Possibly launches other programs: CreateProcessA` `Leverages the raw socket API to access the Internet: WSACleanup WSASocketA WSAStartup closesocket connect gethostbyname htons`
Malicious	VirusTotal score: 56/71 (Scanned on 2023-10-13 09:12:04)	`Lionic: Trojan.Win32.Tiny.trzP` `Elastic: malicious (high confidence)` `DrWeb: Trojan.Siggen7.54465` `MicroWorld-eScan: Gen:Variant.Doris.9265` `Skyhigh: RDN/Generic Downloader.x` `ALYac: Gen:Variant.Doris.9265` `Malwarebytes: Generic.Malware/Suspicious` `Zillya: Trojan.Small.Win32.28348` `K7AntiVirus: Trojan ( 004c87ed1 )` `Alibaba: Trojan:Win32/Generic.0c240409` `K7GW: Trojan ( 004c87ed1 )` `Cybereason: malicious.7f0e5f` `BitDefenderTheta: Gen:NN.ZexaF.36738.auW@ayinLre` `VirIT: Trojan.Win32.Small.FIL` `Symantec: ML.Attribute.HighConfidence` `ESET-NOD32: a variant of Win32/Small.NIP` `APEX: Malicious` `Kaspersky: Trojan.Win32.Tiny.ep` `BitDefender: Gen:Variant.Doris.9265` `NANO-Antivirus: Trojan.Win32.Crypted.cwvefr` `ViRobot: Trojan.Win32.S.Agent.5632.ML` `Avast: Win32:Malware-gen` `Rising: Trojan.Small!8.A9 (TFE:5:HRSdQCijuaG)` `Emsisoft: Gen:Variant.Doris.9265 (B)` `F-Secure: Heuristic.HEUR/AGEN.1342071` `VIPRE: Gen:Variant.Doris.9265` `TrendMicro: TROJ_GEN.R002C0PEA23` `FireEye: Generic.mg.05a065421caa9215` `Sophos: Mal/Generic-R` `Jiangmin: Trojan.Generic.gaon` `Webroot: W32.Malware.Heur.Dkvt` `Google: Detected` `Avira: HEUR/AGEN.1342071` `Varist: W32/Threat-HLLSI-based!Maximus` `Antiy-AVL: Trojan/Win32.Tgenic` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Xcitium: Malware@#2vfcc5kys82jz` `Arcabit: Trojan.Doris.D2431` `ZoneAlarm: Trojan.Win32.Tiny.ep` `GData: Gen:Variant.Doris.9265` `Cynet: Malicious (score: 100)` `AhnLab-V3: Malware/Win32.RL_Generic.R280623` `McAfee: RDN/Generic Downloader.x` `MAX: malware (ai score=100)` `VBA32: Trojan.Tiny` `Cylance: unsafe` `Panda: Trj/CI.A` `TrendMicro-HouseCall: TROJ_GEN.R002C0PEA23` `Tencent: Malware.Win32.Gencirc.13af25b2` `Yandex: Trojan.GenAsa!dqgAZ6Rv1fc` `Ikarus: Trojan.Win32.Small` `MaxSecure: Trojan.Malware.2588.susgen` `Fortinet: W32/Dloader.X!tr` `AVG: Win32:Malware-gen` `DeepInstinct: MALICIOUS` `CrowdStrike: win/malicious_confidence_100% (W)`

Hashes

MD5	`05a065421caa9215958deca72a5b15f3`
SHA1	`e7be3fd7f0e5f71ec6e55b014cd79c1e93cb2fd8`
SHA256	`13170ec31cf0920ad871b0d0603b6f575f847e523ac977e5177adaf62d569853`
SHA3	`eb36f06cb09bee784b93feebc0a86f4b54f2800262694156d5c9e780befcec83`
SSDeep	`96:S0FKCiwCRG4jynYJfcUdBOEH9LmdhPoJ4IF54:r1SRG4jynKx5yfPoJ4IFi`
Imports Hash	`5f43550b8c4f4f435e714b3597f257b0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2013-Jan-12 11:14:48
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xa00`
SizeOfInitializedData	`0x1200`
SizeOfUninitializedData	`0x200`
AddressOfEntryPoint	`0x00001110 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x6000`
SizeOfHeaders	`0x400`
Checksum	`0x6113`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ae298ca45211fd54cf3b550267c6f4c1`
SHA1	`b7ab6b3d6b220eddd02925c95affe1c3a87ef2e5`
SHA256	`ac833e3b302646528de53e578dfca8de020a4bb079705785002f455376bb1d64`
SHA3	`6b49e21abbbe71866bcb7944890fa4f55f7568b3a8cf93380bb5a435ce3b48bf`
VirtualSize	`0x9e4`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.35009`

.data

MD5	`7a481d0ca4178f679fb9725628c537cf`
SHA1	`f5076e24a7f59e1e178d763f8a6a4ec241e56bc3`
SHA256	`93dadb67267780b46c1075169e7c33ffe10bd92179907bcea6531dd945ea497b`
SHA3	`c439a7ab9a22ef3a02e0c6251f141549bf2021a5476e21acf4c8161fdc7c0b1e`
VirtualSize	`0x60`
VirtualAddress	`0x2000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.691024`

.rdata

MD5	`d486ddef7e0c9e7562e314f2bf3aac19`
SHA1	`2285cb41082c6cd4c22a48d24c1aba955b20cb1b`
SHA256	`c8b8a19df27cf6d2c99196c8f71f1f61be43e10b5d9bf62fce9f8d8a55f9d67e`
SHA3	`fb6c4e4560e6f09d325e0e5a2575b9c425d86d275899f21231729b3812f5fb84`
VirtualSize	`0x98`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.42936`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xe0`
VirtualAddress	`0x4000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`70704fe59c9c69f7ca182f314e7a07b7`
SHA1	`63a96157e826c1433b70df2d80a8fcc9c11b6853`
SHA256	`b32c9662b6ef1f9c77326414d4bdf1de33fdf82658544155a8d4270d50551939`
SHA3	`4c5aa0c561621945f6cdd9490ba858743afb6f6b29e7b05ce9b056c12a17cb7f`
VirtualSize	`0x38c`
VirtualAddress	`0x5000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.36302`

Imports

KERNEL32.dll	`CloseHandle` `CreateProcessA` `ExitProcess` `GetModuleHandleA` `GetProcAddress` `SetUnhandledExceptionFilter` `Sleep` `WaitForSingleObject`
msvcrt.dll	`__getmainargs` `__p__environ` `__p__fmode` `__set_app_type` `_cexit` `_iob` `_onexit` `_setmode` `atexit` `memcpy` `memset` `signal`
WS2_32.DLL	`WSACleanup` `WSASocketA` `WSAStartup` `closesocket` `connect` `gethostbyname` `htons`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!