Manalyze report for 2914300a6e0cdf7ed242505958ac0bb5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_NATIVE`
Compilation Date	2095-Mar-03 19:39:38

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to AES`
Suspicious	The PE contains functions most legitimate programs don't use.	`Uses Windows's Native API: NtProtectVirtualMemory NtSetEvent NtQueryPerformanceCounter NtQuerySystemTime NtClose`
Malicious	VirusTotal score: 37/74 (Scanned on 2024-07-25 09:09:45)	`ALYac: Application.Hacktool.BBJ` `Alibaba: HackTool:Win64/KMSAuto.786af275` `Arcabit: Application.Hacktool.BBJ` `BitDefender: Application.Hacktool.BBJ` `CAT-QuickHeal: HackTool.Win64CiR` `CrowdStrike: win/grayware_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Emsisoft: Application.Hacktool.BBJ (B)` `FireEye: Application.Hacktool.BBJ` `GData: Application.Hacktool.BBJ` `Google: Detected` `Ikarus: HackTool.KMS` `Jiangmin: HackTool.KMSAuto.agi` `K7AntiVirus: Riskware ( 00584baa1 )` `K7GW: Riskware ( 00584baa1 )` `Kaspersky: HackTool.Win64.KMSAuto.ac` `Lionic: Hacktool.Win32.KMSAuto.3!c` `MaxSecure: Trojan.Malware.219472906.susgen` `McAfee: Generic pup.cpe` `McAfeeD: ti!29AE6F149E58` `MicroWorld-eScan: Application.Hacktool.BBJ` `Microsoft: HackTool:Win64/AutoKMS!MSR` `Panda: HackingTool/AutoKMS` `Rising: HackTool.KMSActivator!1.FCD5 (CLASSIC)` `Sangfor: Hacktool.Win64.KMSAuto.Vaza` `Skyhigh: Generic pup.cpe` `Sophos: KMS Activator (PUA)` `TrendMicro: HackTool.Win64.AutoKMS.GAR.component` `TrendMicro-HouseCall: HackTool.Win64.AutoKMS.GAR.component` `VIPRE: Application.Hacktool.BBJ` `Varist: W64/ABApplication.PPWM-2423` `Webroot: W32.Hacktool.Kms` `Zillya: Tool.KMSAuto.Win64.203` `ZoneAlarm: HackTool.Win64.KMSAuto.ac` `alibabacloud: HackTool:Win/AutoKMS.Gen`

Hashes

MD5	`2914300a6e0cdf7ed242505958ac0bb5`
SHA1	`684103f5c312ae956e66a02b965d9aad59710745`
SHA256	`29ae6f149e581f8dbdc01eed2d5d20b82b597c4b4c7e102cab6d012b168df4d8`
SHA3	`5dacc7e1ffe0358110f747953b13e88be512193c69bdfa268569ddc1787c08b3`
SSDeep	`384:OzFnnqVKIfVKzDa4eTb60UnugPzjRYFJKX79xz1ORLg2:ucoa4eP5UnTfRYfKX79xIR`
Imports Hash	`09aa7a1a68855623e3ac071d6080ef31`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`4`
TimeDateStamp	2095-Mar-03 19:39:38
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x3e00`
SizeOfInitializedData	`0xc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001D54 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x8000`
SizeOfHeaders	`0x400`
Checksum	`0x76dc`
Subsystem	`IMAGE_SUBSYSTEM_NATIVE`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`607d3450a1a01eef7ca6e78dbabec877`
SHA1	`b95aa0111f7452d8c2fa362385d4a85dc6f82212`
SHA256	`fbb4bdd1d6d0ab14fa948ef8c854541b9e87eccfbbec19461a2c22b3423d16d0`
SHA3	`85cce1e913a38c17306c5a60e655c19268ea0de53a6419b6cded2f10b5489769`
VirtualSize	`0x3c20`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.5028`

.data

MD5	`eaa2684f15a37f2794b48adf55395414`
SHA1	`2bb356f6fccbdfdf030f620f63500da30079bc1b`
SHA256	`95e9a31cb1174d7e521ea5f787f8d6a01f23e321864f6204b9d1cf1d2a9b0bfe`
SHA3	`d4bf98d8cc1c6147b2e0b7e82be6cf067b131516d59a4d574d3df9f00dab8bc0`
VirtualSize	`0x5f0`
VirtualAddress	`0x5000`
SizeOfRawData	`0x600`
PointerToRawData	`0x4200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.81754`

.idata

MD5	`096a2ad754dd8ad9c0467505420d3b75`
SHA1	`48be5b3b2b05cf83dbbc72e5bb02d7ef39241d9b`
SHA256	`43bcf7826433143312be500acdaa2d44444edc2210e96db27e1078ab882fd2f6`
SHA3	`b72f6c6555aed5547db4ba38d4f95b668c6b20ce9b948906d92d15fcbc4f5215`
VirtualSize	`0x3b6`
VirtualAddress	`0x6000`
SizeOfRawData	`0x400`
PointerToRawData	`0x4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.79647`

.reloc

MD5	`6601198d9ac9e5814a4fe76f9958453e`
SHA1	`f1d202517c78c131c1c2e10e97993aade3254bcf`
SHA256	`b6f33b895e3f0454e8fdcc7691509f63650ead12b357ac24d16d2edee5a765aa`
SHA3	`4df73b1557323c8c0c6e083f8eb1e50a2424a7604ebaae5ac4544cd4c1ebd8f5`
VirtualSize	`0x94`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.96286`

Imports

ntdll.dll	`LdrDisableThreadCalloutsForDll` `NtProtectVirtualMemory` `RtlInitUnicodeString` `LdrGetDllHandle` `LdrLoadDll` `RtlInitAnsiString` `LdrGetProcedureAddress` `RtlTimeToTimeFields` `NtSetEvent` `RtlRandomEx` `NtQueryPerformanceCounter` `NtQuerySystemTime` `RtlTimeFieldsToTime` `RtlAllocateHeap` `LdrOpenImageFileOptionsKey` `LdrQueryImageFileKeyOption` `NtClose` `swprintf_s` `strcmp` `_wcsnicmp` `memmove` `memcpy` `memset` `wcslen` `_wcsicmp` `memcmp`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2095-Mar-03 19:39:38
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2095-Mar-03 19:39:38
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x1d30`
PointerToRawData	`0x1130`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x9bd210f0`
Unmarked objects	`0`
Imports (27412)	`3`
Total imports	`27`
C++ objects (LTCG) (VS2019 Update 8 (16.8.3) compiler 29335)	`8`
Linker (VS2019 Update 8 (16.8.3) compiler 29335)	`1`

2914300a6e0cdf7ed242505958ac0bb5

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.idata

.reloc

Imports

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_ILTCG

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors