Manalyze report for 28b607668642f9ab57bff4ce47ea247504c78f9a7ab8b2beeccca90168137d22

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00
Detected languages	English - United States

Plugin Output

Suspicious	PEiD Signature:	`MEW 11 SE v1.1`
Suspicious	The PE is possibly packed.	`Unusual section name found: PCL\x00F\x12\xd2\xc3` `Unusual section name found: \x02\xd2u\xdb\x8a\x16\xeb\xd4` `The PE only has 0 import(s).`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 2015-Apr-01 07:07:54`
Malicious	VirusTotal score: 33/71 (Scanned on 2025-02-27 00:13:54)	`APEX: Malicious` `AhnLab-V3: Trojan/Win32.Xema.C4795` `Alibaba: Trojan:Win32/EncPk.e8afd359` `Antiy-AVL: GrayWare/Win32.Kryptik.pe` `Bkav: W32.AIDetectMalware` `CAT-QuickHeal: Trojan.Ghanarava.1632953034977daa` `ClamAV: Win.Trojan.Agent-783134` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `FireEye: Generic.mg.13668a84a2f0cfce` `Fortinet: W32/Cryp_MEW.11` `Google: Detected` `Gridinsoft: Trojan.Heur!.022123E1` `Ikarus: Trojan-Proxy.Win32.Small.DT` `K7AntiVirus: Trojan ( 003c84cb1 )` `K7GW: Trojan ( 003c84cb1 )` `Lionic: Trojan.Multi.Generic.4!c` `MaxSecure: Trojan.Malware.300983.susgen` `McAfee: Generic.bpe` `McAfeeD: Real Protect-LS!13668A84A2F0` `Microsoft: Trojan:Win32/DSSDetection` `NANO-Antivirus: Trojan.Win32.Agent.duolj` `Panda: Generic Malware` `Sangfor: Suspicious.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Sophos: Mal/EncPk-BA` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.high.ml.score` `Xcitium: Packed.Win32.Packer.~GEN@1oh172` `Zillya: Trojan.Convagent.Win32.15541`

Hashes

MD5	`13668a84a2f0cfce58b50998b5977daa`
SHA1	`014e505e46080265ebd11da075ec98d37d91b2cf`
SHA256	`28b607668642f9ab57bff4ce47ea247504c78f9a7ab8b2beeccca90168137d22`
SHA3	`bf6a23e37560ce87d090aa6392b22282bf59665f9c915b0b76b57a6d55901a4d`
SSDeep	`384:Y+b1KF0ttN0c/vrKJVR7RGMNbD4LUOZnoipe:Y+4oNUVR7JbDSe`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0`
e_cp	`0`
e_crlc	`0`
e_cparhdr	`0`
e_minalloc	`0`
e_maxalloc	`0x4550`
e_ss	`0`
e_sp	`0x14c`
e_csum	`0x2`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0x10b`
e_oeminfo	`0`
e_lfanew	`0xc`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`2`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`0.0`
SizeOfCode	`0x200`
SizeOfInitializedData	`0`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000D3DB (Section: \x02\xd2u\xdb\x8a\x16\xeb\xd4)`
BaseOfCode	`0x1000`
BaseOfData	`0xc`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xe000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x1000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x10000`
SizeofHeapCommit	`0`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

PCL\x00F\x12\xd2\xc3

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x9000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

\x02\xd2u\xdb\x8a\x16\xeb\xd4

MD5	`43a51973d516153903f2463afb7bc6cc`
SHA1	`80feaf772a6cd46e1bd5c4295500c085c9884172`
SHA256	`7cb9091368b4201fcc5f7cf1b3a494a48824d05898b4d7a1a1085738971858f7`
SHA3	`cb12a0cb15d02fac9d5bf6fc8f29f06c0f5fcfbf9cbba3a7c1b51ca8455fc8d1`
VirtualSize	`0x4000`
VirtualAddress	`0xa000`
SizeOfRawData	`0x33f4`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.68121`

Imports

kernel32.dll	`(EMPTY)`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	2015-Apr-01 07:07:54
Entropy	`4.41087`
MD5	`da87dfecb88dd3d935c97556a34d8bdf`
SHA1	`f2d457e32481099eba418286e1e2cb212aaad893`
SHA256	`e97ae03fce3a25e5f8ec7db1a169309b74d42b91921304d6d6d618afffce0fee`
SHA3	`f229bc5a146bd299a3d489ad877f0c4d6e3063fac2071b35896c03e39e427b26`

1 (#2)

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe0`
TimeDateStamp	2015-Apr-01 07:07:54
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

1 (#3)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2015-Apr-01 07:07:54
Entropy	`1.5789`
Detected Filetype	Icon file
MD5	`22386ae691acfb4e25c370e7b0f52f95`
SHA1	`da26477efddb513b110c3726caaa47f61918db06`
SHA256	`81f5e03d6611d97c168d8b3687b435b1c7be713660eed801fc7946d3d62ef491`
SHA3	`22eda588cdab75be62c785887fbb7812bfc81d7370350303d8f6e21b9f94bdf5`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read the IMAGE_IMPORT_DESCRIPTOR.
[*] Warning: Ignored an invalid IMAGE_RESOURCE_DATA_ENTRY
[*] Warning: Section PCL\x00F\x12\xd2\xc3 has a size of 0!
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[*] Warning: Resource  is empty!
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.

Leave a comment

No comments yet.