Manalyze report for 1f72054db015765232f83e9c2e14ece9

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2016-Sep-09 20:05:36

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 DLL (Debug)` `Microsoft Visual C++ 6.0 DLL`
Suspicious	The PE is possibly packed.	`Unusual section name found: .cdata`
Malicious	VirusTotal score: 45/68 (Scanned on 2019-10-20 10:38:49)	`MicroWorld-eScan: Trojan.GenericKD.41892134` `FireEye: Generic.mg.1f72054db0157652` `CAT-QuickHeal: Trojan.Tiggre` `McAfee: RDN/Generic.dx` `Cylance: Unsafe` `K7AntiVirus: Trojan ( 005597681 )` `Alibaba: Trojan:Win32/Kryptik.e1dfdeb4` `CrowdStrike: win/malicious_confidence_80% (D)` `Arcabit: Trojan.Generic.D27F3926` `Cyren: W32/Trojan.ZOFX-3612` `Symantec: Trojan.Gen.MBT` `ESET-NOD32: a variant of Win32/Kryptik.GXFT` `APEX: Malicious` `Kaspersky: Backdoor.Win32.Agent.mytqur` `BitDefender: Trojan.GenericKD.41892134` `NANO-Antivirus: Trojan.Win32.Kryptik.gdrlyo` `Paloalto: generic.ml` `AegisLab: Trojan.Win32.Generic.4!c` `Ad-Aware: Trojan.GenericKD.41892134` `Emsisoft: Trojan.GenericKD.41892134 (B)` `F-Secure: Trojan.TR/AD.MalwareCrypter.arl` `DrWeb: Trojan.DownLoader30.20316` `TrendMicro: TROJ_GEN.R002C0PJE19` `McAfee-GW-Edition: RDN/Generic.dx` `Fortinet: W32/Kryptik.GXFT!tr` `Sophos: Mal/Generic-S` `SentinelOne: DFI - Suspicious PE` `Webroot: W32.Trojan.Gen` `Avira: TR/AD.MalwareCrypter.arl` `MAX: malware (ai score=88)` `Antiy-AVL: GrayWare/Win32.Unwaders` `Endgame: malicious (high confidence)` `Microsoft: Trojan:Win32/Casdet!rfn` `ZoneAlarm: Backdoor.Win32.Agent.mytqur` `AhnLab-V3: Trojan/Win32.Reflect.R295123` `Acronis: suspicious` `ALYac: Trojan.Agent.Carpcdl` `VBA32: BScope.Backdoor.Agent` `TrendMicro-HouseCall: TROJ_GEN.R002C0PJE19` `Rising: Trojan.Kryptik!1.BDB8 (CLASSIC)` `Ikarus: Trojan.Win32.Crypt` `GData: Trojan.GenericKD.41892134` `AVG: FileRepMalware` `Panda: Trj/GdSda.A` `Qihoo-360: HEUR/QVM40.1.7FEB.Malware.Gen`

Hashes

MD5	`1f72054db015765232f83e9c2e14ece9`
SHA1	`ae519a0d94d438879c226de569918eb034599217`
SHA256	`84f7c3fcf3a53f37ecbb21d0b9368d332901fe8c3f06b3d1a92123479c567c95`
SHA3	`f8790400e18dfd63221a196da234a3a290ff52729470195e559c16a595c0cb90`
SSDeep	`6144:w019JRWc5TaSdzyNJpeAOG7bwci1VnlF:w+J3CJpeAO7dh`
Imports Hash	`06411bfa6dcd5a24bee214f95c25d0f9`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2016-Sep-09 20:05:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`7.0`
SizeOfCode	`0x3000`
SizeOfInitializedData	`0x44000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001E90 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x4000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x48000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`59586a05e2007c26bb389a602e5b3929`
SHA1	`f8791f17162d4fbcfb1b40675566d080bd5f06b8`
SHA256	`8b47b66e1132b9794aa25816e176f1fc4de6fd1463f295c967fe65d9b7dc0296`
SHA3	`4c40e1b7d9b9da394a12d319d1611098aab91a1d47489d179ffec82cf8270da3`
VirtualSize	`0x1604`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.88242`

.cdata

MD5	`c886f655f222708fb2e3c325e5ae1bb5`
SHA1	`c383d75ee6f9a922ec168ac4432582d74b3e418e`
SHA256	`a4f1b589be200780df5e8eed8eb9776c23019b13d0cd463748e1e4f38ffd68d7`
SHA3	`a4945bec0b6edfc74968ccee6b34ae7f3153cff5505c0a6af416b48f1e6dec7f`
VirtualSize	`0xb31`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.70101`

.rdata

MD5	`9b72bbcb4517b67e199c5f4f5ebef45b`
SHA1	`c647c599f03d6212e0860dda5c742df33465c5db`
SHA256	`5e10d86051407f76c1401bd53b102f21c1a5a0c2590d46ed25ebcda203653a89`
SHA3	`4af345749a5ec26e7554ce9577372bcd052ccc11cd04c3a91ef5e3e0b435d73a`
VirtualSize	`0x4a6`
VirtualAddress	`0x4000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.79143`

.data

MD5	`58cc21f80c5ef92d49cb42d85bb3d229`
SHA1	`e512caef8e3060a05e4bad9fd11fe08faff1d049`
SHA256	`569d2b4ef2c1cfb89b590abfa8b697fe0cd5f3167e511b572b414ea4e485efe9`
SHA3	`2826c9a362d385087d839c7b48257dc6fb0e6d5b798bdfa3987b929ced5c5fa6`
VirtualSize	`0x40b50`
VirtualAddress	`0x5000`
SizeOfRawData	`0x3e000`
PointerToRawData	`0x5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.47066`

.tls

MD5	`34d859473a864703bcda763bf5209189`
SHA1	`ef9fd7224de276b4dbd358c75ed34b053dde230b`
SHA256	`dfd5eb86f1956603a12c0636f4631f66f10d0bb8d4eea3d25b82e0e59202b4ed`
SHA3	`78325f930839d913636b6b303f15b6417d5dbdc07150ac626fcf2b48cdf49003`
VirtualSize	`0x24`
VirtualAddress	`0x46000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x43000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.00328186`

.reloc

MD5	`86e6b6cf4b577813f7905f35ed308ce3`
SHA1	`fcc5a4ee27f51c2daddd4bbc26e4b7d8fecd6fac`
SHA256	`2e19991793d1d94f411032ca7fa48d4ab48071b0a2a3a1f46195c8c05cf3696a`
SHA3	`152966dfb97daeec44d72230673c6434438748c8c674ed438d5c5665b7315c76`
VirtualSize	`0x366`
VirtualAddress	`0x47000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x44000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.475639`

Imports

USER32.dll	`ReleaseDC` `DefWindowProcW` `DestroyWindow` `PostMessageW` `SetCapture` `CreateWindowExW` `SetWindowLongW` `RegisterClassW` `DestroyIcon` `DestroyMenu` `LoadIconA` `CreateWindowExA` `UnregisterClassA` `LoadStringW` `OffsetRect` `SendMessageW` `SetWindowTextW`
ole32.dll	`CoWaitForMultipleHandles` `CoInitialize`
msi.dll	`#50`
KERNEL32.dll	`CloseHandle` `GetModuleHandleA` `ExitProcess` `SetEvent` `CreateMutexW` `GetCommandLineW` `VirtualAlloc` `lstrlenA` `LCMapStringA` `GetVersionExW`
MSVCRT.dll	`free` `_onexit` `memcpy` `malloc` `_adjust_fdiv` `__dllonexit` `_initterm`

Delayed Imports

SetBack

Ordinal	`1`
Address	`0x2050`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.