Manalyze report for 16dce6d64335077027630f14753a8d5c

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Jun-21 13:22:44
TLS Callbacks	2 callback(s) detected.

Plugin Output

Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCloseKey RegEnumKeyExA RegOpenKeyExA RegQueryValueExA` `Uses Microsoft's cryptographic API: CryptBinaryToStringA CryptStringToBinaryA` `Has Internet access capabilities: WinHttpCloseHandle WinHttpConnect WinHttpOpen WinHttpOpenRequest WinHttpSendRequest`
Malicious	VirusTotal score: 7/75 (Scanned on 2024-07-27 02:11:21)	`APEX: Malicious` `Bkav: W32.AIDetectMalware` `DeepInstinct: MALICIOUS` `Google: Detected` `Ikarus: Trojan.Win32` `Microsoft: Trojan:Win32/Phonzy.B!ml` `VBA32: BScope.Trojan.Downloader`

Hashes

MD5	`16dce6d64335077027630f14753a8d5c`
SHA1	`eadc64ebca451996046cfc3215d7e06b82fd408a`
SHA256	`013e33ae2ec1d04311ee9106614aea1ce8b548b112dc3c1891cfbdd680cad68c`
SHA3	`fd5011cfdd7ba53bde3749207b6218db8bb690b49a6236a598891711ab5f66f5`
SSDeep	`1536:EA092mLykIdLDXYbRUuTEezHYzHYXqVk9HJA63wV:E5LkL+jJr+HoqVk9Hg`
Imports Hash	`d207ef8917db8bc5d309fb462ec1330f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`9`
TimeDateStamp	2024-Jun-21 13:22:44
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xba00`
SizeOfInitializedData	`0x1a600`
SizeOfUninitializedData	`0xc00`
AddressOfEntryPoint	`0x000010DE (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xd000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x21000`
SizeOfHeaders	`0x400`
Checksum	`0x20f2d`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4896f069fe526099f78214833dc97e1f`
SHA1	`59ad4bcf67b9f1d8e7956a02b0b68aab4a5af203`
SHA256	`f95aa00496827d2b66489504759418c0b0cecea51b3a3c64edb053b37de39417`
SHA3	`2ccd0828bd03edb28daad933211d9adf87c17f84bad4b0ac5b96c24fefe389ce`
VirtualSize	`0xb874`
VirtualAddress	`0x1000`
SizeOfRawData	`0xba00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.90478`

.data

MD5	`183bbc8a7efc6715ee88f8bd5b68b328`
SHA1	`bf181cf0d75fa407a8fb3d89da92c67c5d9bfa17`
SHA256	`eb282a21bb98567c1c8ef6f7ec243552d36848b1b7c14948e0a6fd405218d77a`
SHA3	`3d79a2e6ecc1f7f0e85a475459ebbd9e75721c3d31d8328b48b52bde5ff4bbe2`
VirtualSize	`0xa140`
VirtualAddress	`0xd000`
SizeOfRawData	`0xa200`
PointerToRawData	`0xbe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0365107`

.rdata

MD5	`b6cb3f6dded3eb36f660c97660c30938`
SHA1	`d2bd46bff09d353eab7200c0e4b91f8bb57446b3`
SHA256	`32a9891fda4741df2f85289278f64cdf18b3f0217b41de46857ba12ba2b3df5b`
SHA3	`75d9e98cbba4869e2b9339242d0672b66d5ae945a5ccb79cbec24b43ebf81b9d`
VirtualSize	`0x1884`
VirtualAddress	`0x18000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x16000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.51651`

.eh_fram

MD5	`c1d87660d8b04923e457c0f58b6c1302`
SHA1	`7b04b09cbede6fa255cf6c954a3818bc0521fe22`
SHA256	`e5f4b343768b2675548bb0a3e2f8d83700daaa257a572ddbbef6c97fb38df332`
SHA3	`cf5d97f98245bba43e23cd639d9aebaa4cde05ea82016e724d3a27d83738af6e`
VirtualSize	`0x19f0`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x17a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.66301`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xa70`
VirtualAddress	`0x1c000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`e08697d110195e5dd087935e2ceafb67`
SHA1	`804e7ab70889de42b80762d2b0e61378dc8e1a04`
SHA256	`ff76a5c834217e9a964b28f7aed8b76de73e812497659781eed26f88f1a344a6`
SHA3	`df8d8a5cb3403ed34bb0f88e42576ee1d090dbfb1df2d186a5f0e23aeffb84ea`
VirtualSize	`0xbc8`
VirtualAddress	`0x1d000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x19400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.20822`

.CRT

MD5	`fb6edc82276d4d99c37f82c0d92a1c34`
SHA1	`c3e55ab4da6bf5648100971c5d1ddf6802fc5ff5`
SHA256	`dd48f4b105adc777ffa51eb3bb763a7d7aea5b1f23c982c5690a161ef8e99951`
SHA3	`3d45b108e00b6916dd66f121df670932395d57a2280657e5db1c6e1e78ea74b7`
VirtualSize	`0x30`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.220914`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x8`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`38957b2d9a03306cb8c4b6bb73fdf25a`
SHA1	`5461f32620f97b398837ef20eca53075c35dd89f`
SHA256	`1a001667799018f3160d544e50ab69cc69d028c8e49cf6c766ac75056ca08bcf`
SHA3	`8190ac082532ae82fa60412a3738bf2ea4d955571abc07e9536337f58c643546`
VirtualSize	`0x59c`
VirtualAddress	`0x20000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.22242`

Imports

ADVAPI32.dll	`GetUserNameA` `RegCloseKey` `RegEnumKeyExA` `RegOpenKeyExA` `RegQueryValueExA`
CRYPT32.dll	`CryptBinaryToStringA` `CryptStringToBinaryA`
IPHLPAPI.DLL	`GetAdaptersAddresses`
KERNEL32.dll	`CloseHandle` `CreateMutexA` `DeleteCriticalSection` `EnterCriticalSection` `FreeLibrary` `GetComputerNameA` `GetFileAttributesA` `GetLastError` `GetModuleHandleA` `GetModuleHandleW` `GetProcAddress` `GetProcessHeap` `HeapAlloc` `HeapFree` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryA` `SetUnhandledExceptionFilter` `Sleep` `TlsGetValue` `VirtualProtect` `VirtualQuery` `WideCharToMultiByte`
ucrtbase.dll	`__acrt_iob_func` `__daylight` `__p___argc` `__p___argv` `__p___wargv` `__p__commode` `__p__environ` `__p__fmode` `__p__wenviron` `__setusermatherr` `__stdio_common_vfprintf` `__stdio_common_vfwprintf` `__timezone` `__tzname` `_cexit` `_configure_narrow_argv` `_configure_wide_argv` `_crt_at_quick_exit` `_crt_atexit` `_errno` `_exit` `_findclose` `_findfirst32` `_findnext32` `_fullpath` `_initialize_narrow_environment` `_initialize_wide_environment` `_initterm` `_lock_file` `_set_app_type` `_set_invalid_parameter_handler` `_set_new_mode` `_tzset` `_unlock_file` `abort` `calloc` `exit` `fclose` `fopen` `fputc` `fputwc` `fread` `free` `fseek` `ftell` `fwrite` `localeconv` `malloc` `mbrtowc` `mbstowcs` `memcpy` `memset` `perror` `signal` `strcat` `strcpy` `strerror` `strlen` `strncmp` `strncpy` `wcrtomb` `wcscat` `wcslen`
WINHTTP.dll	`WinHttpCloseHandle` `WinHttpConnect` `WinHttpOpen` `WinHttpOpenRequest` `WinHttpSendRequest`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x41f000`
EndAddressOfRawData	`0x41f004`
AddressOfIndex	`0x41c048`
AddressOfCallbacks	`0x41e01c`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00401654` `0x004016EB`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!