Manalyze report for 11f6614a6e34926e3daf1bb9baab4027

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2008-Jan-06 14:51:31

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: CurrentVersion\Run`
Suspicious	The PE is possibly packed.	`The PE only has 1 import(s).`
Malicious	VirusTotal score: 61/66 (Scanned on 2018-05-24 08:02:37)	`Bkav: W32.OnlineGameXIUB.Trojan` `MicroWorld-eScan: Generic.PoisonIvy.2008F8C6` `nProtect: Backdoor/W32.PoisonIvy.9728` `CMC: Backdoor.Win32.Poison!O` `CAT-QuickHeal: TrojanAPT.Poisonivy.D3` `McAfee: BackDoor-DKI.gen` `Cylance: Unsafe` `VIPRE: Backdoor.Win32.Poison.Pg (v)` `SUPERAntiSpyware: Trojan.Agent/Gen-Poison` `TheHacker: W32/Ivy.gen` `K7GW: Backdoor ( 00199f611 )` `K7AntiVirus: Backdoor ( 00199f611 )` `Invincea: heuristic` `Baidu: Win32.Backdoor.Poison.a` `F-Prot: W32/Agent.G.gen!Eldorado` `Symantec: Trojan!gm` `TotalDefense: Win32/SillyDl.DQU` `TrendMicro-HouseCall: BKDR_POISON.DS` `Avast: Win32:Agent-AAGI [Trj]` `ClamAV: Win.Downloader.24568-1` `Kaspersky: Backdoor.Win32.Poison.aec` `BitDefender: Generic.PoisonIvy.2008F8C6` `NANO-Antivirus: Trojan.Win32.Poison.dmikon` `ViRobot: Backdoor.Win32.Poison.6144.B` `Tencent: Backdoor.Win32.Poison.b` `Ad-Aware: Generic.PoisonIvy.2008F8C6` `Emsisoft: Generic.PoisonIvy.2008F8C6 (B)` `Comodo: Backdoor.Win32.Poison.NAE` `F-Secure: Backdoor:W32/PoisonIvy.GI` `DrWeb: BackDoor.Poison.686` `Zillya: Backdoor.Poison.Win32.42544` `TrendMicro: BKDR_POISON.DS` `McAfee-GW-Edition: BackDoor-DSS.gen.a` `Sophos: Troj/Keylog-JV` `SentinelOne: static engine - malicious` `Cyren: W32/Agent.G.gen!Eldorado` `Jiangmin: Backdoor/PoisonIvy.jh` `Webroot: W32.Backdoor.Poisonivy` `Avira: TR/Dropper.Gen` `Fortinet: W32/Pincav.DS!tr` `Antiy-AVL: Trojan[Backdoor]/Win32.Poison` `Kingsoft: Win32.Hack.Poison.pg.5844` `Endgame: malicious (high confidence)` `Microsoft: Backdoor:Win32/Poison.CD` `AegisLab: Backdoor.W32.Poison.aec!c` `ZoneAlarm: Backdoor.Win32.Poison.aec` `AhnLab-V3: Trojan/Win32.Poison.R2018` `ALYac: Generic.PoisonIvy.2008F8C6` `AVware: Backdoor.Win32.Poison.Pg (v)` `MAX: malware (ai score=100)` `VBA32: Backdoor.Win32.Hupigon.dguz` `Malwarebytes: Backdoor.Poison` `Zoner: Trojan.Poison.NAE` `ESET-NOD32: Win32/Poison.NAE` `Rising: Hack.Win32.Agent.fb (CLASSIC)` `Yandex: Trojan.DL.CKSPost.Gen` `Ikarus: Backdoor.Poisonivy` `GData: Generic.PoisonIvy.2008F8C6` `AVG: Win32:Agent-AAGI [Trj]` `Panda: Bck/Poison.E` `Qihoo-360: Backdoor.Win32.PIvy.A`

Hashes

MD5	`11f6614a6e34926e3daf1bb9baab4027`
SHA1	`83c257f6ee26a2c58dae730bbf64f58cdfdd372d`
SHA256	`31f0a725cb462164fa07be5665dea8a705158592e85c68e7ed910bb2022a7c1d`
SHA3	`9084d554eff269145563e9f6471e2a78e453abccdbbdb02ea785c704a294b71a`
SSDeep	`192:8JGc1Zl2+VAfNxl1THs6xgzgVGjPlRuooL76InQAlKhFo22Xs:8JGcMJxDTHfRm6Xc`
Imports Hash	`f9ade0aa18f660a34a4fa23392e21838`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xb0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`2`
TimeDateStamp	2008-Jan-06 14:51:31
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`5.0`
SizeOfCode	`0x200`
SizeOfInitializedData	`0x2200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000208 (Section: .text)`
BaseOfCode	`0x200`
BaseOfData	`0x400`
ImageBase	`0x400000`
SectionAlignment	`0x200`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`4.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x2600`
SizeOfHeaders	`0x200`
Checksum	`0x116f4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9e5912d9f35aa91102fcdd5f4740ef0a`
SHA1	`6f3f04bde3817992a3fcb1fa9e22f1a472c0005b`
SHA256	`6b85472307dee17ba961a68d9791a529fee61b33ba2d727475c1d349c98e3641`
SHA3	`eef0ee0210f799da846520773e03b2a2b8a17caf31c984a06f961b94c97aeec3`
VirtualSize	`0x68`
VirtualAddress	`0x200`
SizeOfRawData	`0x200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.823535`

.data

MD5	`3bcca56be07e2b7948e08cf9ee23044e`
SHA1	`2dd780c2445a5917bcf3a3c817318c120e29cf0c`
SHA256	`2c7d6f75c2a669e25748b2c236ce11c60a521e1fb8713d7ea5e4e8ca796c4f40`
SHA3	`ab84701ad00f565e1aa7df253a8b5de5635d80752813af0500682faac9ae2b06`
VirtualSize	`0x2070`
VirtualAddress	`0x400`
SizeOfRawData	`0x2200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.23381`

Imports

kernel32.dll	`ExitProcess`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x89a56ef9`
Unmarked objects	`0`
19 (8078)	`4`
18 (8444)	`1`

11f6614a6e34926e3daf1bb9baab4027

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors