Manalyze report for 17a6ed3a8fc93f0af3b13c4fb1dc2ca44ddb0af9c566f9889a679a2e4d4c4c77

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Nov-30 23:34:26
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Malicious	VirusTotal score: 3/71 (Scanned on 2026-05-01 08:32:20)	`Jiangmin: Trojan.Generic.gyxrm` `MaxSecure: Trojan.Malware.300983.susgen` `Trapmine: suspicious.low.ml.score`

Hashes

MD5	`6b0d806c5357faa1684a4d92f0d23cf3`
SHA1	`084a05bf49ab993d2e6ec71f2fa2aa94a1a4632f`
SHA256	`17a6ed3a8fc93f0af3b13c4fb1dc2ca44ddb0af9c566f9889a679a2e4d4c4c77`
SHA3	`f1dd7a3e6c9e943e65898f89615f1d4005b9747d44a85991851e204155ad60d2`
SSDeep	`384:6mNeZQ3lWBopS4l/cJxIPse8WKTbWMJ8NYJKChhocd8Z2JlN:6OuVBoMW8TWW8NYVhxdrPN`
Imports Hash	`6f0f72e12bdea21b3a946ca4036df56c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2021-Nov-30 23:34:26
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x2000`
SizeOfInitializedData	`0x19600`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x000014A0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xc000`
SizeOfHeaders	`0x400`
Checksum	`0xde61`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1cf5ae5eadc7c1d71f72bb5390488ef0`
SHA1	`654181a02afc83d1a424b57072158a20206a4d93`
SHA256	`c80128821b47614f20a7580d2c16b9a3dd22de7e1ba82685ac1382a793bd4e2d`
SHA3	`c68c3d69612fbcd71a265850c606b478d196d14b1362d4878d8289d2975fe12e`
VirtualSize	`0x1f04`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.99752`

.data

MD5	`8347cb31105176c23bef031c1b15417d`
SHA1	`7b3a71d8e952962207b093f70570093b73d5b5e6`
SHA256	`ddb5b31f2c7d2cc12908009ff1441c59b3f5fadf3f3acb7da7941579998aeb69`
SHA3	`0c04c86575cb2eb48d6986cd0ef4b109572d439e38d73c6044f8146a988f9473`
VirtualSize	`0x78`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.34089`

.rdata

MD5	`cb90300356c29bcc12fb843be53621e7`
SHA1	`63b28d5ddedb594eee724b475840e80dd995df96`
SHA256	`98a25e3ebd824e1d0f479644c391a7087d8ae34050ba0470149d73bcc1812b74`
SHA3	`e0c14b04a0ab549fdabd27772150c4dfeb47bb0d170dc1404eba0ee625306275`
VirtualSize	`0x6d0`
VirtualAddress	`0x4000`
SizeOfRawData	`0x800`
PointerToRawData	`0x2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.75531`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x3f0`
VirtualAddress	`0x5000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`66aa60d1e5abdc08361f728f8011a4e7`
SHA1	`6c613a430c7cfffca286a7dad1eda72239153d35`
SHA256	`5cf088f8148aded34ebb5054c174a724fe18f89f358a9201548ab1fba4f6c513`
SHA3	`b5a5df6ee935b9529c10954d8ca7ca20ef4bf7bf5c16284437904b496e8407a0`
VirtualSize	`0xaa8`
VirtualAddress	`0x6000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.35015`

.CRT

MD5	`f5162ac0c440a3b119bf2874a30b5641`
SHA1	`f41283616afbe92effe33bd7f337736b100d8cd9`
SHA256	`29a1aa0c2fc4e2419548764aa552c93c4ea5bf441ac95399e4a7bbc4c5aa70af`
SHA3	`76af62ad8afe62b7defd85e68cc9252b2c86cfb2c2b7898117e3153d55e310ef`
VirtualSize	`0x34`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.274825`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x8`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`6255b400fc52e53c56013e2e18af7aac`
SHA1	`2a1fe263a80473adc53abc144ec05f83e1b90278`
SHA256	`7eadfab19cca2ec8a50d0534fc505cfa2cede3e4055cca1d0fe77b4d3fa1a943`
SHA3	`28dca1c87d487dc9088f5cc0df0e89b321ac8f80000617e843b0fe65e9461d98`
VirtualSize	`0x2580`
VirtualAddress	`0x9000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x3e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.84165`

Imports

KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetLastError` `GetProcAddress` `GetStartupInfoA` `GetSystemTimeAsFileTime` `GetTickCount` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryA` `QueryPerformanceCounter` `SetDllDirectoryA` `SetUnhandledExceptionFilter` `Sleep` `TerminateProcess` `TlsGetValue` `UnhandledExceptionFilter` `VerSetConditionMask` `VerifyVersionInfoW` `VirtualProtect` `VirtualQuery`
api-ms-win-crt-convert-l1-1-0.dll	`mbstowcs` `wcstombs`
api-ms-win-crt-environment-l1-1-0.dll	`__p__environ` `__p__wenviron`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `calloc` `free` `malloc` `realloc`
api-ms-win-crt-locale-l1-1-0.dll	`setlocale` `__initialize_lconv_for_unsigned_char`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-private-l1-1-0.dll	`memcpy`
api-ms-win-crt-runtime-l1-1-0.dll	`_set_app_type` `__p___argc` `__p___argv` `__p___wargv` `__p__acmdln` `_cexit` `_configure_narrow_argv` `_configure_wide_argv` `_crt_atexit` `_initialize_narrow_environment` `_initialize_wide_environment` `_initterm` `_set_invalid_parameter_handler` `abort` `exit` `signal`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__p__fmode` `__stdio_common_vfprintf` `__stdio_common_vfwprintf` `__stdio_common_vsprintf` `fwrite`
api-ms-win-crt-string-l1-1-0.dll	`strlen` `strncmp` `_strdup`
api-ms-win-crt-time-l1-1-0.dll	`__daylight` `__timezone` `__tzname` `_tzset`
USER32.dll	`MessageBoxA`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x24cc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92122`
Detected Filetype	PNG graphic file
MD5	`ea839891e2d19e5470d1d5a02c345b97`
SHA1	`2580597025bccf289e9b82294f163399fd3519e0`
SHA256	`2e076d16243efd5f839bf932cf49f7c96ebd6cafc6a16fc483f69b41b773549c`
SHA3	`d84be566fb49fb9beac03c18bc091d8bf7af290a7f6b6ec34da4ff1a5a558de9`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.51664`
Detected Filetype	Icon file
MD5	`dab61c07331d2f84514934491fc01111`
SHA1	`893ab5091a958363a3f79666e9078ce691ebbdc9`
SHA256	`abbca562bd3c1a8fae23a143a2c0ebf38db701cdf6029fcc3cc3c2fe602f6144`
SHA3	`d0e004427bf30ad1838cea614e721a14696483133a3e0878544a419f2fbc751f`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x408000`
EndAddressOfRawData	`0x408004`
AddressOfIndex	`0x405390`
AddressOfCallbacks	`0x407020`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x004017B0` `0x00401760`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.