Manalyze report for 1b404c85d2d317bc257d81b63e702ee3

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2017-May-10 18:30:01
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig2(h)` `MASM/TASM - sig1(h)`
Info	The PE contains common functions which appear in legitimate applications.	`Can access the registry: RegEnumValueA RegEnumKeyExA RegCloseKey RegOpenKeyExA`
Suspicious	VirusTotal score: 2/66 (Scanned on 2018-05-26 20:48:20)	`Cylance: Unsafe` `Ikarus: Trojan.Win32.Equdrug`

Hashes

MD5	`1b404c85d2d317bc257d81b63e702ee3`
SHA1	`9e8031bc7f7d3fad8a9cf4508178a5afd7d5b93a`
SHA256	`604e9fff29d555ecf4bb1fa053b234793203752aadc0bc05f5b89b6f10bfddb4`
SHA3	`62fb3eb963871306b840efa06e2137709031fe1c04d399a204b2f750b3f525ec`
SSDeep	`384:O4VXlnFpgx5EIcSKgIZ6MaovwnWYIlsisYpmmbeHubbbbT7D4k3FQA:O4VhFpDgIUMaLbYpEk1QA`
Imports Hash	`1c5950e12782cfe3b34600273715e977`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2017-May-10 18:30:01
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x6200`
SizeOfInitializedData	`0x4e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000102D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x11000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b2f53c32bfff8a6ee46bfb4793ab3a4f`
SHA1	`c4531cf5d431b21e5a4064f1f8629ce99750966e`
SHA256	`bd18e0b44b91ab45487031aa1310dedfcec2493bdb510df91dfc50052223875f`
SHA3	`2907c2894d7283e0e93ae688fcc576c5fc78adf17c5ff62fb1090557ab0f145c`
VirtualSize	`0x61bb`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.88101`

.rdata

MD5	`0874cba79fd7b0959eb01ac29837c6c0`
SHA1	`2f47ab6e23392f88da5bcbe3456a3fab5a1e3fa3`
SHA256	`2b1c2f1079163fa4c09a21a9657e2173d44d5ea64def912291950ddbad1dcdb6`
SHA3	`39b592880234626e58c7d78a2717dea1987f026a66ed53ed16ac551f976de3df`
VirtualSize	`0x214d`
VirtualAddress	`0x8000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.94228`

.data

MD5	`9a5e88b753349064233708f9e1eaea55`
SHA1	`a4aa7baf8a208ff27881b3b278227c0e5eb018be`
SHA256	`d2879eb5d7504fbb6285f91f9d0f4761f422b32bdaaa6ba168a5af461c4afe6f`
SHA3	`111708ca1cc00bde68b1ec690576d9e5c368343de02ab3144c5571a45caf1445`
VirtualSize	`0xccc`
VirtualAddress	`0xb000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x8800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.6855`

.idata

MD5	`e0418a55eca3c0abca58ce955045ee9c`
SHA1	`55f3295093309137c743e039e262d9a5c086cf2d`
SHA256	`86e72c2549318852887d61ea9f0af2987ac10e71e57e837122bb41a0bba5f06a`
SHA3	`1eceb56707b5360447f76c271aaf3ce56b08698871c78ae169c844df2785ccd2`
VirtualSize	`0xd35`
VirtualAddress	`0xc000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x9200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.57063`

.gfids

MD5	`96069875f941840e876cbffd348cce91`
SHA1	`4af701989984a91f1759292d157dc8703e5f6862`
SHA256	`9ff01324f9f671882e0ec39acff5b79bc791976b6da405153f620c7ef9252982`
SHA3	`5dc2194c26d91d3e8193b1fdf2656cc5a7bb317cfe9e3754b66f06dfa20b6cdd`
VirtualSize	`0x13a`
VirtualAddress	`0xd000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.214733`

.00cfg

MD5	`111c05d4f66c2cfef29dac709c3ccb36`
SHA1	`a6d3dadbb8eccfcee7c82731bc8f432fe1a0f431`
SHA256	`8aa21d4409dbd0b646652e5915823623fbe8137bea2d2c2807e36255b6d18367`
SHA3	`c2e6a38d6ad4809a026bae111784f18774fbd2ea6fda46aaa5ef5e6cd713788e`
VirtualSize	`0x104`
VirtualAddress	`0xe000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0611629`

.rsrc

MD5	`100ffcb09b803016c8ef1f86272aa22b`
SHA1	`242f96b5f8c50a26a7632298b906f1fc107a32e5`
SHA256	`5855936d84fcc4bfbb95cda8c1afc44b65e3e815efe7db7683e4da3667fb26ac`
SHA3	`87b74404717b60bd757e2906bb480538bc6f8ad12715bb5830157fdce0f32d51`
VirtualSize	`0x43c`
VirtualAddress	`0xf000`
SizeOfRawData	`0x600`
PointerToRawData	`0xa400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.13542`

.reloc

MD5	`53e979547d8c2ea86560ac45de08ae25`
SHA1	`53ea2cb716f312714685c92b6be27e419f8c746c`
SHA256	`80422bc3d307b4a25bdafcc84ac7fb01cb55a09810e8b0f37bb12e0edb5c48ca`
SHA3	`98b444d887d755b7913e4a144d8a6ac6d1f2d7f0c3db6ba026997ec5f45d9573`
VirtualSize	`0x58d`
VirtualAddress	`0x10000`
SizeOfRawData	`0x600`
PointerToRawData	`0xaa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

Imports

KERNEL32.DLL	`ReadFileEx` `WriteFile` `CloseHandle` `CreateFileA` `SleepEx` `FreeLibrary` `VirtualQuery` `ReadConsoleA` `FindFirstFileA` `FindClose` `GetLastError` `GetStdHandle` `GetProcessHeap` `HeapFree` `HeapAlloc` `GetModuleHandleW` `GetStartupInfoW` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `WideCharToMultiByte` `MultiByteToWideChar` `RaiseException` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetProcAddress`
ADVAPI32.dll	`RegEnumValueA` `RegEnumKeyExA` `RegCloseKey` `RegOpenKeyExA`
ucrtbased.dll	`__p___argv` `_cexit` `_c_exit` `_register_thread_local_exe_atexit_callback` `_configthreadlocale` `_set_new_mode` `__p__commode` `__stdio_common_vsprintf_s` `_seh_filter_dll` `_initialize_onexit_table` `_register_onexit_function` `_execute_onexit_table` `_crt_atexit` `_crt_at_quick_exit` `_controlfp_s` `__p___argc` `_wmakepath_s` `_wsplitpath_s` `wcscpy_s` `_set_app_type` `_seh_filter_exe` `_CrtDbgReportW` `_CrtDbgReport` `strncmp` `__stdio_common_vfprintf` `__acrt_iob_func` `malloc` `free` `strlen` `strcpy` `strcat` `_set_fmode` `__setusermatherr` `exit` `_initterm_e` `_initterm` `_initialize_narrow_environment` `_get_initial_narrow_environment` `terminate` `_configure_narrow_argv` `_exit`
USER32.dll	`CharUpperA`
VCRUNTIME140D.dll	`memset` `_except_handler4_common` `__vcrt_GetModuleFileNameW` `__vcrt_GetModuleHandleW` `__vcrt_LoadLibraryExW` `__std_type_info_destroy_list`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

TLS Callbacks

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x40b728`
SEHandlerTable	`0x4096d0`
SEHandlerCount	`1`

RICH Header

XOR Key	`0xab816046`
Unmarked objects	`0`
239 (40116)	`2`
Imports (VS2015 UPD3 build 24123)	`2`
C++ objects (VS2015 UPD3 build 24123)	`23`
C objects (VS2015 UPD3 build 24123)	`13`
Imports (65501)	`7`
Total imports	`84`
C objects (VS2015 UPD3.1 build 24215)	`3`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

1b404c85d2d317bc257d81b63e702ee3

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.idata

.gfids

.00cfg

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors