Manalyze report for 206d49a83e404eef5f2f128cb4c563cc

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2021-Mar-01 17:09:30
Detected languages	English - United States

Plugin Output

Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Unusual section name found: UPX1`
Malicious	VirusTotal score: 13/70 (Scanned on 2021-03-05 12:01:02)	`Elastic: malicious (high confidence)` `McAfee: Artemis!206D49A83E40` `K7AntiVirus: Trojan ( 004bcce41 )` `K7GW: Trojan ( 004bcce41 )` `APEX: Malicious` `McAfee-GW-Edition: Artemis` `Jiangmin: Trojan.Generic.gffbv` `Microsoft: Program:Win32/Wacapew.C!ml` `Cynet: Malicious (score: 100)` `Acronis: suspicious` `VBA32: BScope.Trojan.Wacatac` `Malwarebytes: Malware.Heuristic.1008` `Qihoo-360: HEUR/QVM20.1.B365.Malware.Gen`

Hashes

MD5	`206d49a83e404eef5f2f128cb4c563cc`
SHA1	`b9990bfc8a2b5841cead1fac9fb9894b8f3e83a5`
SHA256	`3133556facb30dc80297662f8ef57f5cf479a77109ddbbb53e2ab51471774ef5`
SHA3	`6a69f365d9f6e55673cb8a3d0b44956e4236e6f3056a0d88b29af9df6de817c5`
SSDeep	`192:b730qdaZQv8jLkigAXjOXOb9k5jmLc9bkNwsORSh/2tJs:bTJQZQwLVgSjnb9OjmLcSL/K+`
Imports Hash	`0d9fc29fd04cb810e43573fcc38782c1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2021-Mar-01 17:09:30
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x1400`
SizeOfInitializedData	`0x1600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000182C (Section: UPX0)`
BaseOfCode	`0x1000`
BaseOfData	`0x3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x6000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`24c3f976be8d923ae299acd3db85f5a8`
SHA1	`5483fa5b85dbb05ef07640ca1741ee1382949266`
SHA256	`43340510763f4c576b2dd5718a5a207de60f307264a5107840a55f67e16ec4f0`
SHA3	`4a8239aa1ffc50a1388a8d2236ad56f8bba2fab71ea920a5cc249789d59c9747`
VirtualSize	`0x129d`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.16669`

UPX1

MD5	`6df78126c7bb7b1d5bae590264884341`
SHA1	`95a54515b36140a005f3812af78d3ddeba9e5e65`
SHA256	`ea49e2bb3d49e56527915ec4854e58b20470733bd577a1f99edf1fd81370b56f`
SHA3	`2f030e86abc2c700854cfc06a816274d5ca449b7f579d8b90b76d7354219e264`
VirtualSize	`0xf84`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.89148`

.data

MD5	`550b6d19eefd3a6f89a89a9be78fdbaf`
SHA1	`8ecc1f32ace62555c4813cde841b42d4d2b96f5a`
SHA256	`001cc148d185d7d29246eff5375f33b25cb070b959413a1f8dcf1ec3a4475bbd`
SHA3	`cf54e2e6646dab051d22e2fb2f63c5526b6cd7107b05660aa03783d21ec08748`
VirtualSize	`0x390`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.280401`

.rsrc

MD5	`4dde323af9808a00b376d6895922dc1f`
SHA1	`bcafff5b6284bc83d01296b1ba160d28faee6ef9`
SHA256	`79e650fc0d108f0b5cb909904d5cb598b02b04f7c06be6c8622dd073aac8f762`
SHA3	`d353d855c24ba1ddc170eaeed3be531d0764013724d92ea267b1d5be7264f0d2`
VirtualSize	`0x1e0`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.69612`

Imports

KERNEL32.DLL	`GetSystemTimeAsFileTime` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `GetModuleHandleW` `IsDebuggerPresent` `InitializeSListHead` `UnhandledExceptionFilter` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-runtime-l1-1-0.dll	`_c_exit` `_exit` `_initialize_onexit_table` `_cexit` `_crt_atexit` `_seh_filter_exe` `terminate` `__p___argv` `_set_app_type` `_register_thread_local_exe_atexit_callback` `__p___argc` `_register_onexit_function` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv` `_controlfp_s`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__stdio_common_vfscanf` `__stdio_common_vfprintf` `__acrt_iob_func` `__p__commode`
VCRUNTIME140.dll	`__current_exception_context` `__current_exception` `memset` `_except_handler4_common`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

TLS Callbacks

Load Configuration

Size	`0xbc`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x404004`
SEHandlerTable	`0x4036c0`
SEHandlerCount	`1`

RICH Header

XOR Key	`0xc170e649`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
Imports (VS 2015/2017/2019 runtime 29118)	`3`
C++ objects (VS 2015/2017/2019 runtime 29118)	`19`
C objects (VS 2015/2017/2019 runtime 29118)	`12`
ASM objects (VS 2015/2017/2019 runtime 29118)	`2`
Imports (26715)	`2`
Total imports	`48`
265 (VS2019 Update 8 (16.8.5-6) compiler 29337)	`1`
Resource objects (VS2019 Update 8 (16.8.5-6) compiler 29337)	`1`
Linker (VS2019 Update 8 (16.8.5-6) compiler 29337)	`1`

206d49a83e404eef5f2f128cb4c563cc

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

UPX0

UPX1

.data

.rsrc

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors