Manalyze report for 2051267833c8e6c28c48cf4986d0c4af

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Mar-30 12:28:33
Debug artifacts	C:\cubik hevuxitece55-lovel\hufabisavoximu66_witibip38\piduket.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA LoadLibraryW` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Enumerates local disk drives: GetLogicalDriveStringsW GetDriveTypeA GetVolumeInformationA`
Malicious	VirusTotal score: 38/72 (Scanned on 2022-11-26 09:06:20)	`Bkav: W32.AIDetect.malware1` `Lionic: Trojan.Win32.Zenpak.4!c` `Cynet: Malicious (score: 100)` `Sangfor: Trojan.Win32.Save.a` `K7AntiVirus: Trojan ( 0059b9cf1 )` `K7GW: Trojan ( 0059b9cf1 )` `Cybereason: malicious.0d42e2` `Cyren: W32/Kryptik.ICN.gen!Eldorado` `Symantec: ML.Attribute.HighConfidence` `Elastic: malicious (high confidence)` `ESET-NOD32: a variant of Win32/Kryptik.HRSG` `APEX: Malicious` `Kaspersky: HEUR:Trojan.Win32.Zenpak.gen` `BitDefender: Trojan.GenericKD.63870904` `MicroWorld-eScan: Trojan.GenericKD.63870904` `Avast: Win32:CrypterX-gen [Trj]` `Ad-Aware: Trojan.GenericKD.63870904` `DrWeb: Trojan.Pitou.17` `TrendMicro: Trojan.Win32.PRIVATELOADER.YXCKZZ` `McAfee-GW-Edition: BehavesLike.Win32.Lockbit.cc` `Trapmine: malicious.moderate.ml.score` `FireEye: Generic.mg.2051267833c8e6c2` `Sophos: Mal/Generic-S + Troj/Krypt-QV` `Ikarus: Trojan-Spy.Agent` `Kingsoft: Win32.Troj.Generic_a.a.(kcloud)` `Microsoft: Trojan:Win32/SmokeLoader.JCK!MTB` `GData: Win32.Backdoor.Tofsee.3JTMHI` `Google: Detected` `Acronis: suspicious` `McAfee: Artemis!2051267833C8` `MAX: malware (ai score=82)` `TrendMicro-HouseCall: Trojan.Win32.PRIVATELOADER.YXCKZZ` `Rising: Malware.Obscure!1.A3BB (CLASSIC)` `SentinelOne: Static AI - Suspicious PE` `Fortinet: W32/Kryptik.HRSE!tr` `AVG: Win32:CrypterX-gen [Trj]` `Panda: Trj/Genetic.gen` `CrowdStrike: win/malicious_confidence_100% (W)`

Hashes

MD5	`2051267833c8e6c28c48cf4986d0c4af`
SHA1	`a0fcdd70d42e2e5f1d772c80f2d311bfef9bb042`
SHA256	`37ee9770a531ac0f38133ca9447e8549cf4d96c6215c542946784fa5f6d11ae3`
SHA3	`c6d71612b5eed4ec9b7c7ee93480726dfd0371436953fc17b616ee1f22fee41f`
SSDeep	`3072:kL/qlYhh/MyMWdqw5hOdOoe9w3rEmoGPQlZPWz+BJyOD:XUhMyMWdPHq3omoGPQlZOzu`
Imports Hash	`5e68478b6a88e435e2a2d481d073e066`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2022-Mar-30 12:28:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x14a00`
SizeOfInitializedData	`0x2f7600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00003A07 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x16000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x30b000`
SizeOfHeaders	`0x400`
Checksum	`0x39415`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b3488e882c49a2692d88f822c7436669`
SHA1	`1aaa10d01df412648626b34421680448de685df4`
SHA256	`9fdfe50718f4c1a5f6c7ccd8f3378f2e70b2e479e52bea75aafbc3c63c8a24ce`
SHA3	`c5686fca28f46595f9dad527ad03c971dfc5cc7be5300b60cd49871b8c11ae63`
VirtualSize	`0x149c6`
VirtualAddress	`0x1000`
SizeOfRawData	`0x14a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.30997`

.data

MD5	`85e597fcbee5bea15fac0c51b8bd4ab6`
SHA1	`90ade5a429eb69233377d70c743debc5a54cc1a6`
SHA256	`6d371f7ee69116f08cc89172528083b0ef6812344c94a1c60f182713495fe808`
SHA3	`47cfc8defa1ef6cbb4a3b6a05bed2a1087b57f9e48f50c505fccc981b15b3b6a`
VirtualSize	`0x2f0fa0`
VirtualAddress	`0x16000`
SizeOfRawData	`0x11e00`
PointerToRawData	`0x14e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.6444`

.rsrc

MD5	`cfc09216484fa4688f5ec024a10fb95f`
SHA1	`7d584816283d48ad9c7b2333290f2cac84ccf623`
SHA256	`e7401412d9599c2587acceb5a6e47a01c9e5014434e639acc54b97bc0c46d440`
SHA3	`855a22566c814ddaabfe6ad05a7a2e9b68d8bbed370fd12169960bcb58f32582`
VirtualSize	`0x33e0`
VirtualAddress	`0x307000`
SizeOfRawData	`0x3400`
PointerToRawData	`0x26c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.95518`

Imports

KERNEL32.dll	`OpenMutexA` `GetConsoleAliasExesLengthW` `CopyFileExW` `ReadConsoleOutputCharacterA` `GetEnvironmentStrings` `MapUserPhysicalPages` `QueryDosDeviceA` `EnumCalendarInfoExA` `SetProcessPriorityBoost` `LocalSize` `AddConsoleAliasW` `CreateFileA` `GetMailslotInfo` `GetWindowsDirectoryA` `GetModuleHandleW` `VirtualFree` `CreateDirectoryExA` `GetLogicalDriveStringsW` `ReadConsoleInputA` `FindNextVolumeMountPointW` `OpenWaitableTimerA` `GetVersionExA` `SearchPathA` `RequestWakeupLatency` `CallNamedPipeA` `GetCurrentDirectoryW` `GetDriveTypeA` `CreateMailslotW` `BuildCommDCBAndTimeoutsA` `GetProcAddress` `LoadLibraryA` `LocalAlloc` `MoveFileWithProgressW` `TerminateThread` `SearchPathW` `EnumDateFormatsA` `FindFirstChangeNotificationA` `VerifyVersionInfoA` `DeleteTimerQueue` `FindFirstVolumeW` `GlobalFlags` `WritePrivateProfileStringW` `InterlockedDecrement` `GetTickCount` `GetACP` `GlobalWire` `GetTapeParameters` `HeapLock` `GetConsoleTitleW` `InterlockedExchangeAdd` `EnumCalendarInfoA` `InterlockedExchange` `GetNamedPipeHandleStateA` `GetModuleHandleA` `TerminateProcess` `MoveFileA` `AddAtomW` `FreeEnvironmentStringsW` `SetConsoleTitleW` `SetVolumeMountPointA` `VirtualProtect` `SetConsoleActiveScreenBuffer` `GetCPInfo` `GetProcessIoCounters` `GlobalFindAtomA` `CloseHandle` `EnumSystemCodePagesA` `LoadLibraryW` `GetVolumeInformationA` `GetCommandLineW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetLastError` `DeleteFileA` `GetCommandLineA` `GetStartupInfoA` `TlsGetValue` `TlsAlloc` `TlsSetValue` `TlsFree` `InterlockedIncrement` `SetLastError` `GetCurrentThreadId` `Sleep` `ExitProcess` `WriteFile` `GetStdHandle` `GetModuleFileNameA` `EnterCriticalSection` `LeaveCriticalSection` `SetHandleCount` `GetFileType` `DeleteCriticalSection` `GetCurrentProcess` `IsDebuggerPresent` `FreeEnvironmentStringsA` `WideCharToMultiByte` `GetEnvironmentStringsW` `HeapCreate` `HeapFree` `QueryPerformanceCounter` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `GetOEMCP` `IsValidCodePage` `RtlUnwind` `InitializeCriticalSectionAndSpinCount` `SetFilePointer` `GetConsoleCP` `GetConsoleMode` `MultiByteToWideChar` `HeapAlloc` `VirtualAlloc` `HeapReAlloc` `LCMapStringA` `LCMapStringW` `GetStringTypeA` `GetStringTypeW` `GetLocaleInfoA` `RaiseException` `HeapSize` `FlushFileBuffers` `SetStdHandle` `WriteConsoleA` `GetConsoleOutputCP` `WriteConsoleW` `ReadFile`
USER32.dll	`GetComboBoxInfo` `CharUpperBuffA` `GetListBoxInfo`
GDI32.dll	`GetCharABCWidthsA`
ADVAPI32.dll	`AbortSystemShutdownW`

Delayed Imports

912

Type	`KADI`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4a3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.62698`
MD5	`7f5ad4aaad1e56efc9d1aab3e584ec5c`
SHA1	`226cc11bcc4ff08f61bcf3aa088b605d3dd576a8`
SHA256	`5d996afff241c0740c7a7ba47c83dc4cc56cc294f485af8afb0c18fca2350143`
SHA3	`20b06ac43aaca3725dba5c695b64abc6624e18fff16ab90b569aea69cec3430e`

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.55411`
MD5	`097b8688c7031393be9faaf840674974`
SHA1	`9843d6d618fe0058b884866a93caa7bcb0bf3c2f`
SHA256	`8224cbebac1312b7487082412dd81e643ae6a032a1bf5fe29b8881057a786c5d`
SHA3	`14e487bba5f66879a8d7b7bf2dc5f0d1378452408f9ca35ed52ad81a33e00965`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.76842`
MD5	`cc8402641c3cfe159b124fadc607ead8`
SHA1	`153bd21ea895c21c4de3222fd0cd10ea88d6dd2d`
SHA256	`b105881fee42aeff058d94f97e70ab8411530a1b7a58f5f1d5613c27328d4d61`
SHA3	`2791f36ab27e7ff46c86b78b81d48cf5ce06c6c5390efb953840d5f626806b04`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.52165`
MD5	`115b1a6e7c7e857794b4c049db3d6717`
SHA1	`dc399ddc5fb9f08b9046e826ac724ccb4a8a29b4`
SHA256	`52510e1ae9dd1e681dae27a268620f16f1e6b9dfaadb057644548a92deb96da6`
SHA3	`7637c0ab78aad9b39107050a9a41d0757d21216b8f9ccc1a16b680196aa0215b`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.60621`
MD5	`607d702cd9a03bafedad2cbab7b5b2f1`
SHA1	`6bb52bdd6b2d19f381633de1ec1f10324fbf7792`
SHA256	`189387716f7bd937974f83c441067ab2d8f8bfdaeeb0fbc29038f9727207ffc4`
SHA3	`8b8b73e137416b00cfa5fb3fb683397cb989915deffb70817bf00f4363651751`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.01576`
MD5	`dd28aae9c457128d01292b0e6a2d051c`
SHA1	`d8a491a0123469926e611bb803e27b090ae1470e`
SHA256	`9846bc1b170b6f98d87e4e16af869fcb6a18abc803d29ecbc4f30b6f3a3cb2ef`
SHA3	`e5ee9435c901cf1f45a3cdb91065c055c7017e1fdbfa85685538098280e98c5b`

191

Type	`RT_ACCELERATOR`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x88`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25609`
MD5	`e10ccd9cf157db132b1af5c6dee7ef1b`
SHA1	`948cafdd991c412c7f3c391aa65629d4e5f6f84a`
SHA256	`f603bd9a3a7bbf13c6323b78dffb41c0d1cfd193404df98bdfdbdd5d13ee62ce`
SHA3	`249295ff45a3dc21330df40a8aac97b471f227de3fc50dd03075d9f47c51c4bf`

129

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.72482`
Detected Filetype	Icon file
MD5	`a4a3b7432079f1ec20776e94770931e6`
SHA1	`970a29a03cccdf6dbe258dbdaae8720b346235a8`
SHA256	`f6e6eed4e8818dcef4cb59fe12f64475a2cf360bbb18069646a845c803cb97ba`
SHA3	`48375e52618caddc369c2535c5741c985ccca36cc425fa1d7c635a239320816e`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x148`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14673`
MD5	`f3d7d47b650bddab63684ef76bf6b8da`
SHA1	`49df7ef57bfff833fac7c13f11dcc7adef1dea58`
SHA256	`4fc6fef0e9ceb6d06de39aa85e22932361764a28579d77062e0b648991a04be6`
SHA3	`c5efb3efec5b1888fb3bf39b25080866b387f9a05a44eb4f34cd3c17b5b828f3`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Oct-27 13:20:34
Version	`0.0`
SizeofData	`91`
AddressOfRawData	`0x28d0`
PointerToRawData	`0x1cd0`
Referenced File	C:\cubik hevuxitece55-lovel\hufabisavoximu66_witibip38\piduket.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

XOR Key	`0xe59a27f1`
Unmarked objects	`0`
150 (20413)	`1`
ASM objects (VS2008 build 21022)	`24`
C objects (VS2008 build 21022)	`121`
Imports (VS2012 build 50727 / VS2005 build 50727)	`9`
Total imports	`147`
C++ objects (VS2008 build 21022)	`36`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 build 21022)	`1`

Errors

[!] Error: StringFileInfo expected, read File instead.
[!] Error: StringFileInfo expected, read File instead.
[*] Warning: Could not parse a VERSION_INFO resource!