Manalyze report for 1d719361bc2a069c28e029f773a81028

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Mar-02 21:03:16
Detected languages	Chinese - PRC English - United States
Debug artifacts	C:\fusutusud41\mejitevekohisogi24 fo.pdb
FileVersion	`1.4.23.4`
InternalNamez	dvezejzaz.im
LegalCopyright	Copyright (C) 2020, nun

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	The PE is possibly packed.	`Unusual section name found: .tis`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW` `Enumerates local disk drives: GetDriveTypeA`
Malicious	VirusTotal score: 23/71 (Scanned on 2020-05-26 03:29:07)	`Bkav: HW32.Packed.` `CAT-QuickHeal: Ransom.Stop.MP4` `Qihoo-360: Generic/HEUR/QVM10.2.7922.Malware.Gen` `Sangfor: Malware` `CrowdStrike: win/malicious_confidence_80% (W)` `Invincea: heuristic` `F-Prot: W32/FakeAlert.5!Maximus` `Symantec: Packed.Generic.528` `APEX: Malicious` `Paloalto: generic.ml` `Kaspersky: UDS:DangerousObject.Multi.Generic` `Rising: Malware.Heuristic!ET#95% (RDMK:cmRtazoy3wspU0UNi35oUqUkEJY+)` `McAfee-GW-Edition: BehavesLike.Win32.Generic.wc` `FireEye: Generic.mg.1d719361bc2a069c` `SentinelOne: DFI - Suspicious PE` `Cyren: W32/FakeAlert.5!Maximus` `Webroot: W32.Trojan.Gen` `Microsoft: Trojan:Win32/Wacatac.C!ml` `Endgame: malicious (high confidence)` `Acronis: suspicious` `VBA32: BScope.Trojan.AET.281105` `Cylance: Unsafe` `eGambit: Unsafe.AI_Score_99%`

Hashes

MD5	`1d719361bc2a069c28e029f773a81028`
SHA1	`65cdf57a917c28147d1a9996e508a86bbdec4e50`
SHA256	`7ade60bd4e14b4a94397a8138815b87f4fb68ff14875612db7bb1921bd60fb7f`
SHA3	`fb492081048d45692bb9ae673b4cc608de8a4331769186769bada206d5cfc016`
SSDeep	`98304:cjbYHpCo3B0peN1BV3VF/p5ukkPs8HAJ/:cMpx3BDN1ZdJ/`
Imports Hash	`7d5cef60501525086ebf7dfce66731ad`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2019-Mar-02 21:03:16
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x8a00`
SizeOfInitializedData	`0x7e8c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002B99 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xa000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x7f1000`
SizeOfHeaders	`0x400`
Checksum	`0x3c4cc7`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`97c596153664ac14963c60a2b49edfc9`
SHA1	`4274c629003bad4f1116c4ccacfa854e47223a13`
SHA256	`d1cb49a3793973246903121c58f493347efcf1e006399cec3304ca43bf97ea9a`
SHA3	`372a2b8be658f484acf6f1f8dd10622cd248a7b32714b5f62f3f7f2873f4b918`
VirtualSize	`0x8928`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.44066`

.data

MD5	`b250d474fd2e2ee91df6aa9651da295e`
SHA1	`d20b4cefd2db734bccf2a97149b6417058fcd574`
SHA256	`c58728fc39a84f40cdcabb409de2081bfbcb92534350cd74467f9ddeb8f07ba0`
SHA3	`d96b462fd79cdacf6eff02e5cfedfef608670f3445c9997ab19826f8f4460ba6`
VirtualSize	`0x7dcc80`
VirtualAddress	`0xa000`
SizeOfRawData	`0x3a8600`
PointerToRawData	`0x8e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99907`

.tis

MD5	`53e979547d8c2ea86560ac45de08ae25`
SHA1	`53ea2cb716f312714685c92b6be27e419f8c746c`
SHA256	`80422bc3d307b4a25bdafcc84ac7fb01cb55a09810e8b0f37bb12e0edb5c48ca`
SHA3	`98b444d887d755b7913e4a144d8a6ac6d1f2d7f0c3db6ba026997ec5f45d9573`
VirtualSize	`0x1400`
VirtualAddress	`0x7e7000`
SizeOfRawData	`0x600`
PointerToRawData	`0x3b1400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`c66d6045991571a33a5bc27e78d16ba6`
SHA1	`9c70358480e752a68c10ef447dd60e908e645f92`
SHA256	`c4beb7462e4a69d35fe57c0b679cbabbc4a8bba7a009bd282fa1fa92eb40c1e0`
SHA3	`7ee81605a7d0b62d446991780d0e94ab7c0498f65b12f1113f2efa032584dbea`
VirtualSize	`0x79a8`
VirtualAddress	`0x7e9000`
SizeOfRawData	`0x7a00`
PointerToRawData	`0x3b1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.74375`

Imports

KERNEL32.dll	`WriteFile` `GetSystemTimes` `GetDriveTypeA` `Sleep` `GetProcAddress` `GetPrivateProfileSectionA` `VirtualProtect` `GetConsoleCursorInfo` `GetCurrentProcessId` `GetTickCount` `GetModuleHandleW` `GetLocaleInfoA` `lstrlenA` `GetLastError` `GetCommandLineA` `HeapSetInformation` `GetStartupInfoW` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `ExitProcess` `DecodePointer` `GetStdHandle` `GetModuleFileNameW` `GetModuleFileNameA` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStringsW` `SetHandleCount` `InitializeCriticalSectionAndSpinCount` `GetFileType` `DeleteCriticalSection` `EncodePointer` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `InterlockedIncrement` `SetLastError` `GetCurrentThreadId` `InterlockedDecrement` `HeapCreate` `QueryPerformanceCounter` `GetSystemTimeAsFileTime` `GetCPInfo` `GetACP` `GetOEMCP` `IsValidCodePage` `LeaveCriticalSection` `EnterCriticalSection` `LoadLibraryW` `HeapFree` `RtlUnwind` `LCMapStringW` `MultiByteToWideChar` `GetStringTypeW` `HeapSize` `HeapAlloc` `HeapReAlloc` `IsProcessorFeaturePresent`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.82829`
MD5	`3e46310ce8e41643247809e6e0fbf9ae`
SHA1	`2424570ebd77d973b512eff6b7e9601982f1207d`
SHA256	`8d94a42883a8e365156fafacac40e9daa58fa368087dc55637552a46c5761b45`
SHA3	`e7cee0d9eeafa480ead4bef98f9cd7577576478c1ea194a07c37ac47b716867a`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.01447`
MD5	`0e393c026693fb91f148be86aec51d52`
SHA1	`397cca80e711adaf2a371a29d0f0928e02163769`
SHA256	`46085001e14cda160cf942045b61842425511ccfe218c77d4ebb73875fe154d4`
SHA3	`8f06729dee6a63a69df5fc91d916a243b4123619c770dda96817ceeaba88aadc`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.87192`
MD5	`c401854626542aeb51ec487c6846b2cb`
SHA1	`848c99c69336eaf40e3b1f6a6f33ee63b7df7184`
SHA256	`5400784c1466bda15833c8aed68ed79ab2b9beb7ff4a996c5d7bfbf69ccc2c57`
SHA3	`51b5d63163f12ab490a4d01536ccce76759db77c5206f95c64e9c66a7e46363e`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.86777`
MD5	`38c8a787708957ded4b4f7ca875912d8`
SHA1	`ace23dc7037302403b8da3376f500f45e0d54740`
SHA256	`a3e2cd298e20453e768e3b5fbb9827b475805537044d73cf9e2f18c097c2b0e5`
SHA3	`a763a5c15a270058c71111998517dd686e190d35ff0f44beff73c67a530f4e8d`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.04779`
MD5	`5060090c64704f05f84ef12862b3e3d6`
SHA1	`e120bd7cbf3ad9620e0c3066f3418e30cf69b660`
SHA256	`80d9cef036abc12d1bb330c5990b68dc3707d724de98c90bf9a24ba0e991857e`
SHA3	`570526bfc28fb75a693b483f3d21600ef519cb3175266b01e2cddd46ec3e204b`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33328`
MD5	`92377494ff98ffd9547a5d5c970fc8da`
SHA1	`65ae7f5037460e35a89dc1457e6b1ab47a2a8a91`
SHA256	`1122b1e58f351ff5d97000bb4b2ca4add2e89a50261b9ab692aa0b2baad47038`
SHA3	`45cf4373f07c03627e3e8a7f6efaf8877f5d09b20544e3cce34c32258b23da11`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.28044`
MD5	`f737a20eb534d2946ee865c4a4d68deb`
SHA1	`1776c1e43e3fec4eaa5ba5067f30765de4b2c2b3`
SHA256	`e8defd0219734ea8499734afc373188e94802aa820f5929800661ef8f316d4da`
SHA3	`6d2a90098120a689895e685c94024472a2fb5428a0a0b1e8f96b9863d02014a8`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13548`
MD5	`30f3ee90f8eedf9bbc836cc67f457793`
SHA1	`7bac2978ff71d4cdc5318125d005f7a983a59063`
SHA256	`64dbad0ebc63d645535376ec3c114f6d761cd132b3da5b089f4d633f411882ff`
SHA3	`19e49368806e5cb33db18e155a8d6cf7266d0f0ac6888ae1a2dbaa4aa300ae0a`

5669

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x64`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.87603`
MD5	`4efc2d0af9a8169e8d358c11555ae202`
SHA1	`1625f9b1adfed06036c3e47299c10929cab35e8c`
SHA256	`3dbcf8d36aca5d54625273f5f0b62f2d1294e27f0da472dec075ed8cef76b180`
SHA3	`86a13e5e7383da0157a9d60ca107248e7aaf84adba6465686cb142349163b71a`

5680

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x64`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90358`
MD5	`08d88eaa92e08598198d237087e62d97`
SHA1	`2a5568b9a93f0d366d5e6b91439509ed43d8817d`
SHA256	`1a080242b7c19f655e8a9f4eacbcab152af9826ab0ba2e2550cdd262a287ba48`
SHA3	`6e88c1ebc24125adee0eec298b8172e83b7b17a88d16edded9c392f3a6533299`

10

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4fe`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28003`
MD5	`f324b42852ef1d941099463b92ce1f40`
SHA1	`775ce313c26bdc7d8b9286adb5a0de7efed72958`
SHA256	`e88e13a1d388c7970e45257b57d6812a3c6ed2ceb4d23e2c38a2545615cb7b20`
SHA3	`750da52a6fcc5e4850f956d3c5480b58a38e6020d00401ef2a1134b21fb6f095`

13

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x12a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06703`
MD5	`44a6099a784061a00fd09fffb1eec52d`
SHA1	`4f9bc1a706c37edf2d65b1679450b9e9b8f133c1`
SHA256	`d296b8a2b403548da21dad236c69fb2ade34fe55fec8a551b9f45e56e83d6f79`
SHA3	`1eb69694b8410276dc8715d1927df3ab714e726b61b75f8be75b43f20fa0140b`

20

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x450`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.24657`
MD5	`ee0f9999bf0b33388abb59f629434627`
SHA1	`b3fcd99274bdcb1d69f0267d8ec34eba80e22c74`
SHA256	`2b32fb8937e9b9c74d3ae6a4a6c41689047f6c003da69685a257c5e975790882`
SHA3	`56fc6db37487eb741d53f0ffa2a675b4a669dca3f9ede3f5bebbbcc93165d4b3`

656

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29859`
MD5	`2b7c3ff4ad09d5b53153034866d45235`
SHA1	`474277395972c9680fa9a805cbb299654bd16f53`
SHA256	`75a19aa86d2fd3673a0d9a0074b5dfff4d3e956a99dac44cfd15703613c8f903`
SHA3	`7c31903bea95e486787969f0dfe5c0754a0e0b2ac04c1b865ec90ca5daa76340`

118

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85812`
Detected Filetype	Icon file
MD5	`160a4674d1a4048d80b3617538c5c764`
SHA1	`4915feb5b5cccd9e75f0bd4af5e35211353a207e`
SHA256	`146e554f0d56db9a88224cd6921744fdfe1f8ee4a9e3ac79711f9ab15f9d3c7f`
SHA3	`21c2ca5b60b02fd80163c30c40f4ee04b99cb028575ab8be5a4d6710d3a18321`

VS_VERSION_INFO

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1a4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42163`
MD5	`e936d1deb369143fb1f1d8d5fba0f340`
SHA1	`765089e139134ddcb98daf67ef5a61305e46aa79`
SHA256	`852dabc31a887e31237fd63ab1cf8d753079b345fae3bb23306d5085b7cd4583`
SHA3	`8b8c93957f76d1eb08625411986288bab190478edc367abb83b731111c68ad8e`

String Table contents

Ciyuramiti jutacezo sura xomayedusah jafuyu zipijoxivawe luwolosoyo sika
Vodayuzevom wopima xacotusu tuvogavecaloho vuyecegino gil jusohifuzu cosoganatevom luz
Rocetocifil jakil mon yajezibeli jayobiwit jivin zeduwib konunupe xaxugaxisete jozilimefefic
Depinatakucine guwex hufot yesapi tofoyewa sefem gubukikeva wiyobinesu
Valaluj fewibuwajan dediyoraduruxo lazetaf hedizi
Xefamivatim
Nuduru
Pigagosalizoj solurim zadarehayo bazewud depolu kudecafogo viheno xunowoduyod basesek pagiwatowimez
Tosemuviwalax xohoxunidab biyitovexidamu makopiy bakunub kehonutehix tuvemiy bayeduhipahube
Rejejogocir xulohivadehegis lanaj
Kizoyofof pewa
Paripezofunilu webuf mogarubin
Ket laxabazek niyobofokazix bedefewomigavel cewacezel tinucefe
Walegavubigama zuregipociy hafakux
Mivivix
Soyajajoyigoxiy yeyuxabanezogiz mibokot jokul gig jaf yilayarabinefe hikamekag laxedoju haboguvab
Fivowawavamikuy wavumacokasugew biwi
Vavokivewe gicojem xuhapux raxebufevizihis cugeviziwix hebofuwupazani mosajivokolos
Jesa goragenawihetoh kewa kozigucobud devico
Zerukibejubi wugitu yus funodewe
Rufepokomuy yududog lavu vicavosuda memip xez felogu
Birupaz wadidovujezuj guhuyunufidepu bof vetamodaveyitux
Soc jupotetiforujo sacucak puke fufeyepibopey wesa rusavuwipoyew tiruwone nujiputihofuj
Vukihiyiyoda tinehu sezelabuwazimud wuduxe fiwonu

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.2.5.1
ProductVersion	1.9.0.1
FileFlags	`VS_FF_PRIVATEBUILD`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_STATIC_LIB`
Language	Chinese - PRC
FileVersion (#2)	1.4.23.4
InternalNamez	dvezejzaz.im
LegalCopyright	Copyright (C) 2020, nun

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Nov-28 01:18:06
Version	`0.0`
SizeofData	`117`
AddressOfRawData	`0x2950`
PointerToRawData	`0x1d50`
Referenced File	C:\fusutusud41\mejitevekohisogi24 fo.pdb

TLS Callbacks

Load Configuration

RICH Header

1d719361bc2a069c28e029f773a81028

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.tis

.rsrc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

5669

5680

10

13

20

656

118

VS_VERSION_INFO

String Table contents

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors