Manalyze report for 1dd464cbb3fbd6881eef3f05b8b1fbd5

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Aug-03 18:10:59

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to AES`
Malicious	VirusTotal score: 59/68 (Scanned on 2021-11-16 12:12:38)	`Bkav: W32.AIDetect.malware1` `Lionic: Trojan.Win32.Encoder.j!c` `Elastic: malicious (high confidence)` `Cynet: Malicious (score: 100)` `CAT-QuickHeal: Trojan.Agent` `ALYac: Trojan.Ransom.Filecoder` `Cylance: Unsafe` `Zillya: Trojan.Encoder.Win32.2630` `Sangfor: Ransom.Win32.Encoder.nlh` `K7AntiVirus: Trojan ( 00580ce41 )` `Alibaba: Ransom:Win32/BlackMatter.32ccedbf` `K7GW: Trojan ( 00580ce41 )` `CrowdStrike: win/malicious_confidence_100% (W)` `Cyren: W32/Filecoder.CB.gen!Eldorado` `Symantec: Trojan.Gen.MBT` `ESET-NOD32: Win32/Filecoder.BlackMatter.C` `APEX: Malicious` `Paloalto: generic.ml` `Kaspersky: Trojan-Ransom.Win32.Encoder.nlh` `BitDefender: Gen:Heur.Mint.Zard.25` `NANO-Antivirus: Virus.Win32.Gen.ccmw` `MicroWorld-eScan: Gen:Heur.Mint.Zard.25` `Avast: Win32:BlackMatter-B [Ransom]` `Tencent: Malware.Win32.Gencirc.11c8d6c1` `Ad-Aware: Gen:Heur.Mint.Zard.25` `Emsisoft: Gen:Heur.Mint.Zard.25 (B)` `Comodo: Malware@#3mzekhy580jjd` `DrWeb: Trojan.Encoder.34227` `VIPRE: Trojan.Win32.Generic!BT` `TrendMicro: Ransom.Win32.BLACKMATTER.YXBHJ-T` `McAfee-GW-Edition: BehavesLike.Win32.VTFlooder.lh` `FireEye: Generic.mg.1dd464cbb3fbd688` `Sophos: Mal/Generic-R + Troj/BlackMat-B` `Ikarus: Trojan-Ransom.DarkSide` `GData: Win32.Trojan.Agent.WU41H5` `Jiangmin: Trojan.Encoder.ajg` `Webroot: W32.Ransom.Blackmatter` `Avira: TR/Crypt.EPACK.Gen2` `Antiy-AVL: Trojan/Generic.ASMalwS.34857D0` `Kingsoft: Win32.Troj.Undef.(kcloud)` `Gridinsoft: Ransom.Win32.Ransom.sa` `Arcabit: Trojan.Mint.Zard.25` `Microsoft: Ransom:Win32/BlackMatter.MAK!MTB` `AhnLab-V3: Ransomware/Win.BlackMatter.C4575089` `McAfee: Ransom-BlakMatr!1DD464CBB3FB` `MAX: malware (ai score=80)` `VBA32: TScope.Malware-Cryptor.SB` `Malwarebytes: Ransom.BlackMatter` `TrendMicro-HouseCall: Ransom.Win32.BLACKMATTER.YXBHJ-T` `Rising: Trojan.Generic@ML.94 (RDMK:uCpm5OnN2qlL5bLzHKelaQ)` `Yandex: Trojan.Filecoder!5MDkeF1GepM` `SentinelOne: Static AI - Suspicious PE` `eGambit: Unsafe.AI_Score_72%` `Fortinet: W32/BlackMatter.A!tr.ransom` `BitDefenderTheta: AI:Packer.341FE0F91E` `AVG: Win32:BlackMatter-B [Ransom]` `Cybereason: malicious.bb3fbd` `Panda: Trj/WLT.G` `MaxSecure: Trojan.Malware.73926358.susgen`

Hashes

MD5	`1dd464cbb3fbd6881eef3f05b8b1fbd5`
SHA1	`cafd8d20f2abaebbbfc367b4b4512107362f3758`
SHA256	`b824bbc645f15e213b4cb2628f7d383e9e37282059b03f6fe60f7c84ea1fed1f`
SHA3	`681aaeedd78a89d481b7268b5776e105efc66eac729cb0b55b858767461740cc`
SSDeep	`1536:yICS4AgxwhjEO3r825exqkHYnKeGsXqsMt:R2SN3mxYnKr`
Imports Hash	`96c0c982709316e2c58b11a3c2b057ce`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2021-Aug-03 18:10:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xee00`
SizeOfInitializedData	`0x2600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000FB28 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x10000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x15000`
SizeOfHeaders	`0x400`
Checksum	`0x1c516`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e988be9a9dd30baa17322d053e56d715`
SHA1	`71ecdf76a4d986eb4f2e6c05ff5b3ed256b4666b`
SHA256	`48409496cc2ffbdfa96eff8b46015e9ea027e4a9e73d62d89629424be128ba23`
SHA3	`655c26f5cdeff92d1f5524bf966ae02e8b7e105905348ec459508f1a7f26bd30`
VirtualSize	`0xec18`
VirtualAddress	`0x1000`
SizeOfRawData	`0xee00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.81951`

.rdata

MD5	`f2a26bd3b12e44e8d923f4a39c1ceaef`
SHA1	`462a7c5f4ffe271d5d2088c33f2499cdd56ba4a6`
SHA256	`69ea06f3e8d2b5d2cf68914a0d0ca38216711305f7392eecd2820bf829665378`
SHA3	`53490f2565d8318fa8bf9b37c5a2af0a1dcd1e2bcbb48caa337b79fbad8d0a21`
VirtualSize	`0x2fc`
VirtualAddress	`0x10000`
SizeOfRawData	`0x400`
PointerToRawData	`0xf200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.64172`

.data

MD5	`9f98db26561f99bb2546e0441c0e4afc`
SHA1	`bf0c523440bdd87efd84e6a5fe3af37e1a6bc652`
SHA256	`478b07b863f9f03e1b7ab07163009c34a39e5d4a61aa0d0dc962d1fe038d9ed3`
SHA3	`2fd90838758933c92e9362e37e46b9dd4dad2e6d2e973910081860011208d688`
VirtualSize	`0x15fc`
VirtualAddress	`0x11000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xf600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.604`

.rsrc

MD5	`5c966d83d568ee04207c92f10b126d87`
SHA1	`f6054435e4fbc97ac80883aa6ea8e59fc0067ee8`
SHA256	`502676bca2147934656f3082bd386997d0930ccaf72901b79bc1d342d467728a`
SHA3	`02128a087ad0c21493ef94418cb5799e28ce4bfbf6505a6db715be82cc95cc70`
VirtualSize	`0xe79`
VirtualAddress	`0x13000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x10600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.62493`

.reloc

MD5	`44f10a00ea378f52dfab1157edf3ff3e`
SHA1	`1e004c9766701d4a09afb59227dfb25f8ee28bec`
SHA256	`6c422b9792991898760e0cb9ccb908ddccc2fc8ecc4a95efe5f26d3232863caf`
SHA3	`373c842b094a79c41ba37c7056497162f0b3efad9ecf71a4a98bf111c86deefb`
VirtualSize	`0x91c`
VirtualAddress	`0x14000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x11600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45978`

Imports

gdi32.dll	`TextOutW` `SetDCBrushColor` `GetTextMetricsW` `GetDeviceCaps`
USER32.dll	`CreateMenu` `DialogBoxParamW` `GetDlgItem` `GetDlgItemTextW` `GetWindowTextW` `LoadImageW` `LoadMenuW`
KERNEL32.dll	`SetLastError` `GetProcAddress` `GetLastError` `GetCommandLineW`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Aug-03 18:10:59
Version	`0.0`
SizeofData	`228`
AddressOfRawData	`0x1006c`
PointerToRawData	`0xf26c`

TLS Callbacks

Load Configuration

RICH Header

1dd464cbb3fbd6881eef3f05b8b1fbd5

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors