Manalyze report for 22b0a433375b9ea2bb5482118df8f8de

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2013-Mar-08 05:29:51
Detected languages	English - United States

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX v2.0 -> Markus, Laszlo & Reiser (h)` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Unusual section name found: UPX1` `The PE only has 0 import(s).`
Malicious	VirusTotal score: 41/72 (Scanned on 2024-02-17 09:28:16)	`ALYac: Gen:Trojan.Heur.bmW@!hobwSbi` `APEX: Malicious` `AVG: Win32:Malware-gen` `Acronis: suspicious` `Antiy-AVL: Trojan/Win32.TSGeneric` `Arcabit: Trojan.Heur.EFEE7B` `Avast: Win32:Malware-gen` `BitDefender: Gen:Trojan.Heur.bmW@!hobwSbi` `BitDefenderTheta: AI:Packer.5D188D9F1C` `Bkav: W32.AIDetectMalware` `CrowdStrike: win/malicious_confidence_100% (D)` `Cybereason: malicious.b0ab4d` `Cylance: unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Elastic: malicious (moderate confidence)` `Emsisoft: Gen:Trojan.Heur.bmW@!hobwSbi (B)` `FireEye: Generic.mg.22b0a433375b9ea2` `Fortinet: W32/ULPM.2C75!tr` `GData: Gen:Trojan.Heur.bmW@!hobwSbi` `Kaspersky: UDS:DangerousObject.Multi.Generic` `Kingsoft: malware.kb.b.934` `Lionic: Trojan.Multi.Generic.4!c` `MAX: malware (ai score=82)` `Malwarebytes: Generic.Malware/Suspicious` `MaxSecure: Trojan.Malware.1728101.susgen` `McAfee: Artemis!22B0A433375B` `MicroWorld-eScan: Gen:Trojan.Heur.bmW@!hobwSbi` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Rising: Trojan.Win32.Generic.184BA0C2 (C64:YzY0Ojz0P6oowZo4)` `Sangfor: Suspicious.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Generic.mz` `Sophos: ML/PE-A` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.moderate.ml.score` `VIPRE: Gen:Trojan.Heur.bmW@!hobwSbi` `Xcitium: Packed.Win32.MUPX.Gen@24tbus` `Yandex: TrojanSpy.Agent!zMnKWClxpTU` `ZoneAlarm: UDS:DangerousObject.Multi.Generic` `tehtris: Generic.Malware`

Hashes

MD5	`22b0a433375b9ea2bb5482118df8f8de`
SHA1	`0a1d8e0b0ab4d4c47d59c6bdb43a5209e324e58f`
SHA256	`4810c6ed3fef2a571dad00f20e8f9262cb866c642da8dc7bf73add7aca4ec4c3`
SHA3	`6081870fa63e6844fbe6a130c4c87c5f07ebd02f9d854f6e1927ea7f84a842c2`
SSDeep	`192:MvFysVKrr0NqJTDe2B3e/t+aK/iwlRpFyWYLmU+j:MvSrr0NyHB3e/E/iw3yWYY`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2013-Mar-08 05:29:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x5000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0xb000`
AddressOfEntryPoint	`0x00010840 (Section: UPX1)`
BaseOfCode	`0xc000`
BaseOfData	`0x11000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x12000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xb000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

UPX1

MD5	`3ecf9ec83cabf15678f5a68d67f8894a`
SHA1	`620ba2a11b1aa532867edb79d9479c32a1cc7e7c`
SHA256	`59a2641720f5f3d01ee58f6a1de6240d1f4e18fb5497548b63d395ed5cf2f97f`
SHA3	`752b89fb25ec715bbdf783811012803c29b5079698ff788852266098e26aa123`
VirtualSize	`0x5000`
VirtualAddress	`0xc000`
SizeOfRawData	`0x4c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`3.30046`

.rsrc

MD5	`b77041c8ad3719fc33550b21c834bc4b`
SHA1	`c8487c44db28a10cefda6275e38fbebb99183faa`
SHA256	`3ef1d30e245e5f09679d5212a18ed27f5233142f6d2548ed30b06c9a1dbe12ca`
SHA3	`3b6273abea362ec858af49369f65bc549a630ed8ca5c287b381fc0c82d63f15b`
VirtualSize	`0x1000`
VirtualAddress	`0x11000`
SizeOfRawData	`0x400`
PointerToRawData	`0x5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.49916`

Imports

KERNEL32.DLL	`(EMPTY)`
ADVAPI32.dll	`(EMPTY)`
ole32.dll	`(EMPTY)`
urlmon.dll	`(EMPTY)`
WININET.dll	`(EMPTY)`
WS2_32.dll	`(EMPTY)`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x40b004`
SEHandlerTable	`0x409960`
SEHandlerCount	`3`

RICH Header

XOR Key	`0x95222f63`
Unmarked objects	`0`
152 (20115)	`1`
C++ objects (VS2010 build 30319)	`17`
ASM objects (VS2010 build 30319)	`16`
C objects (VS2010 build 30319)	`70`
Imports (VS2008 SP1 build 30729)	`13`
Total imports	`107`
175 (VS2010 build 30319)	`3`
Linker (VS2010 build 30319)	`1`

Errors

[!] Error: Could not reach the HINT/NAME table.
[*] Warning: An error occurred while trying to read functions imported by module KERNEL32.DLL.
[*] Warning: Section UPX0 has a size of 0!