Manalyze report for 29d90c254764d41d89f25780286dcb89

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Feb-17 10:53:55
Detected languages	English - United States
CompanyName	link
ProductName	Exe2Aut
FileDescription	Tiny AutoIt3 Decompiler
LegalCopyright	Coded in Feb 2012
FileVersion	`6`
ProductVersion	`v6`

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.`
Malicious	The PE contains functions mostly used by malware.	`Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities: CreateRemoteThread OpenProcess VirtualAllocEx WriteProcessMemory` `Possibly launches other programs: CreateProcessA` `Manipulates other processes: OpenProcess WriteProcessMemory` `Can take screenshots: BitBlt CreateCompatibleDC FindWindowA GetDC`
Malicious	The PE is possibly a dropper.	`Resource 4 detected as a PE Executable.` `Resource 5 detected as a PE Executable.` `Resource 6 detected as a PE Executable.`
Malicious	VirusTotal score: 16/69 (Scanned on 2019-11-18 22:19:01)	`McAfee: GenericRXBB-QK!29D90C254764` `Zillya: Trojan.Agent.Win32.612526` `BitDefenderTheta: Gen:NN.ZexaF.32251.cq0@aeWmb6ji` `TrendMicro-HouseCall: TROJ_GEN.R002H06K819` `NANO-Antivirus: Trojan.Win32.Barys.fboayd` `APEX: Malicious` `McAfee-GW-Edition: GenericRXBB-QK!29D90C254764` `Trapmine: malicious.high.ml.score` `FireEye: Generic.mg.29d90c254764d41d` `SentinelOne: DFI - Suspicious PE` `Jiangmin: Variant.Barys.fs` `Antiy-AVL: Trojan/Win32.Fuerboos` `Endgame: malicious (high confidence)` `Acronis: suspicious` `VBA32: TScope.Malware-Cryptor.SB` `Rising: Trojan.Tiggre!8.ED98 (TFE:4:o9CDluiuA9N)`

Hashes

MD5	`29d90c254764d41d89f25780286dcb89`
SHA1	`05af195147cbeb7e434fba36f1bc8c406ea30be9`
SHA256	`0af78f1580d56c92ecf0e9da980c8ecd5dfac59478a4c858c67fc9bf53891c63`
SHA3	`825a3b69d111a01e15103901b55562bb633c15e55f21143482a15b0ae9ffef55`
SSDeep	`768:3P5FPDcV5Hzr5smFesL6W+BJ25fDOMHidfuXWwTEn5mfsIpQ:/HyamFPuWaAdyMHid0WwTEosI`
Imports Hash	`bc1cb52dd47396be34ac3394f621d421`

DOS Header

e_magic	`MZ`
e_cblp	`0x80`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0x10`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x140`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2012-Feb-17 10:53:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`1.0`
SizeOfCode	`0x3200`
SizeOfInitializedData	`0x8000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001000 (Section: .code)`
BaseOfCode	`0x1000`
BaseOfData	`0x5000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`1.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x18000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x1000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x10000`
SizeofHeapCommit	`0`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.code

MD5	`689a99734eb52d90b35c7089b90d7a77`
SHA1	`3de15e62717bdb6786977ab62e7f45959b68e1a4`
SHA256	`2a858a02d07d73981b9550e2ecc58fa4f99b1672a791269fe0ffd4fe5377332f`
SHA3	`bb1e8e6527dac745ded1ac22dcd13e4f9d0e14aabb9d279240228d01e1d8ec86`
VirtualSize	`0x3170`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.35875`

.data

MD5	`73818777c310b8c4c6dc07f0e1f92b3a`
SHA1	`95ed6a7414a2c5a7a9330ed5c579a5f14e2d72a7`
SHA256	`c55e35219c34d6b884cb29ec6581d6ae539ea4ac4d6fd4db915507920d6622d2`
SHA3	`4c50861c37489c6a4494cec58377098de213814b1d4da1042a576a744c6e63a1`
VirtualSize	`0xaa99`
VirtualAddress	`0x5000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.14979`

.idata

MD5	`019ac9c0a420be4f5e8b323f43bfd9fb`
SHA1	`bee3ab09357a338ae87bb67f30881a31382462db`
SHA256	`7655e0e22a8a25b78f96a2791724b59703e1fde1aa881996be2aaf123e49abd2`
SHA3	`4621edf790d2e41e80bcca780eeb7cfb46890caa5e794778342904adcac7d7b7`
VirtualSize	`0xa4c`
VirtualAddress	`0x10000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.4462`

.rsrc

MD5	`939ced8bd632afb48978a1fa409f1f21`
SHA1	`d98f05a1d808f4106dd93eb72f8ac5f0015c1c4e`
SHA256	`45a78bab048e479ed4e51eeb2e25885a9136b45b51072498036a5dfe6d7b627f`
SHA3	`c57e2093ea1b4fca30508f3a4e9a7170e959ecb8f3b579f3344dc03aec647adb`
VirtualSize	`0x695c`
VirtualAddress	`0x11000`
SizeOfRawData	`0x6a00`
PointerToRawData	`0x4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.67822`

Imports

KERNEL32.DLL	`CloseHandle` `CreateMutexA` `CreateProcessA` `CreateRemoteThread` `CreateThread` `DeleteFileA` `ExitProcess` `FindResourceA` `GetBinaryTypeA` `GetCommandLineW` `GetExitCodeProcess` `GetExitCodeThread` `GetFileAttributesA` `GetLastError` `GetModuleHandleA` `GetProcAddress` `GetProcessHeap` `GetTempFileNameA` `GetTempPathA` `HeapAlloc` `HeapFree` `HeapReAlloc` `LoadResource` `LocalAlloc` `LocalFree` `LocalReAlloc` `LocalSize` `LockResource` `OpenProcess` `ReleaseMutex` `ResumeThread` `SetCurrentDirectoryA` `SetEndOfFile` `SizeofResource` `Sleep` `TerminateProcess` `VirtualAllocEx` `VirtualFreeEx` `WaitForSingleObject` `WriteProcessMemory` `_lclose` `_lcreat` `_llseek` `_lopen` `_lread` `_lwrite` `lstrcmpiW` `lstrlenA`
GDI32.DLL	`BitBlt` `CreateCompatibleBitmap` `CreateCompatibleDC` `CreateFontA` `GetStockObject` `SelectObject` `SetBkMode` `SetPixel` `SetTextColor`
MSVCRT.DLL	`atoi` `_itoa` `memmove` `memset` `strcat` `strchr` `strcmp` `strcpy` `_stricmp` `strlen` `strncpy` `strstr` `wcsncmp` `_wtoi`
SHELL32.DLL	`CommandLineToArgvW` `DragFinish` `DragQueryFileA`
USER32.DLL	`AppendMenuA` `BeginPaint` `CheckDlgButton` `CheckMenuItem` `ClientToScreen` `DialogBoxParamA` `DrawTextA` `EndDialog` `EndPaint` `FillRect` `FindWindowA` `GetClientRect` `GetDC` `GetDlgItem` `GetMenuState` `GetSystemMenu` `HideCaret` `InvalidateRect` `IsDlgButtonChecked` `LoadImageA` `MessageBoxA` `MessageBoxIndirectA` `MoveWindow` `PostMessageA` `ReleaseDC` `SendDlgItemMessageA` `SendMessageA` `SetDlgItemTextA` `SetForegroundWindow` `SetTimer` `SetWindowPos`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	2012-Feb-17 10:53:55
Entropy	`3.65934`
MD5	`cde4020ac600bde599b6cb173b7ed392`
SHA1	`cb6c6a19c84244eb3d5a9ac60900c651abc7f003`
SHA256	`780be58147cce37f17243edfdf5a4c307290d3aa30038968205bce59733e282a`
SHA3	`3047d69d5998fe8908b6c273b5ea764abedc9454a34269d81ed1d8a8e64a781e`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	2012-Feb-17 10:53:55
Entropy	`2.81479`
MD5	`29c744419aeca5652193cd7e5c66bb91`
SHA1	`2ca826adaa398804bac1e3c4f73838e1eabe494f`
SHA256	`7b47c70dab9ed3401bc4b69163485408295989bcd26c1224bae9a74c2de71263`
SHA3	`e6fe9520e42fa7af6e61a695746757f2791011b57a48b57c52fbec2a90df6d11`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	2012-Feb-17 10:53:55
Entropy	`2.73227`
MD5	`bb97481a90dfd0bc89716545f82be1f8`
SHA1	`97e89cfc39abc0494ce29ea7584619b00e4d8f51`
SHA256	`c4a01dcc0b62701bc326d7b3423beec4e259fb37771b7d9eb643b8a1aff9e58b`
SHA3	`fae1e2fb4333da2dd2b0581a2105c342c942d288710bb85e2aeff2022f22ed5f`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2400`
TimeDateStamp	2012-Feb-17 10:53:55
Entropy	`7.49118`
Detected Filetype	PE Executable
MD5	`7eeac0a18666935471c8fd7d0e427268`
SHA1	`4f63cf86f7fcdba8cf497b48f4c3d9f7d5b6597d`
SHA256	`9040281f63d07dc1646aefee3edd1c32ac9f9830cdad7baa8ffebd7411c0ad64`
SHA3	`ac52a5c957a3fc688c277d61618048fbe28c7074e8ed59a19bfbfe77510882a0`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2600`
TimeDateStamp	2012-Feb-17 10:53:55
Entropy	`7.13097`
Detected Filetype	PE Executable
MD5	`dfe56a8b8ebcba7379b8b731714eaeba`
SHA1	`79549e7cecc8528adfccf6b573657513c99f788c`
SHA256	`600158b098f82e8608534ee3b6c552ae4ad59440d9ced6402e72aa56b5f1df49`
SHA3	`821b7ee6fb2ed65ad99370d1c31ea41aca67811971c1138ad1229c78a33e4039`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x800`
TimeDateStamp	2012-Feb-17 10:53:55
Entropy	`3.52764`
Detected Filetype	PE Executable
MD5	`955f852203aeafc52325d31604fe3f8e`
SHA1	`c94822c0ed8215954f889a586847172b85f2d7aa`
SHA256	`8940ec5675371e9078400194754c29ec006fcba58ff34e476d51a60f53ca7dae`
SHA3	`af4b20feb09b8ecb2830cde404ff33f84280cbcd3cc35c2ade5062cfd461159e`

100

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x90`
TimeDateStamp	2012-Feb-17 10:53:55
Entropy	`3.13133`
MD5	`4c6d2361bcf8c64412e379d865492f4f`
SHA1	`92210ebaa4cda11d3202d9fd8c0bd6c66c81ff16`
SHA256	`ade489bc83944f3d324bec8b0bbea455b62d4a0f7a9e17fe840c8495ec363f97`
SHA3	`e307273c6bb0336fca03879ad2aee7b325c801ce6c0f0ab84e6040fbad16c95a`

101

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2012-Feb-17 10:53:55
Entropy	`3.15185`
MD5	`79be33f72cacecccb851ffb1924fb6ea`
SHA1	`644cf1cff1d6623c918ad2f4c0aba04139d8a9be`
SHA256	`9677f7c8f26a8d89df13d81533bf7536eed310d1bf003a98ca4872307a31844a`
SHA3	`8f32db75d45dc0c1e08b46e3188a23483ce36aaffa1094ba05b3e449b267536a`

102

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x74`
TimeDateStamp	2012-Feb-17 10:53:55
Entropy	`2.87676`
MD5	`c02a1488411111d0243a216973e69e83`
SHA1	`dac194176e885862cb501afb990535de20ba76c8`
SHA256	`c79faec7f183cd016800b91725d9b6af44ad22b33a06560b2d13ed16998a308d`
SHA3	`58ff6affe5cdfb8cbfc2e0ec1bca46dce6b8002cc7594a8f676375334b9b09bb`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x38`
TimeDateStamp	2012-Feb-17 10:53:55
Entropy	`2.12564`
MD5	`cdef072d44b1a6204457f192b2ca1fb6`
SHA1	`eb87723e7bf50edf66fd24d4cdc9ddc3b5e3cb7b`
SHA256	`16977f4f06f4286c80a20c06b5158052c6169e132e01edb3e0fbd57406b4c2a9`
SHA3	`faf4aff8ec58d2e0db205ed56136730d609ce0b35b562c556e651fb698c81851`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	2012-Feb-17 10:53:55
Entropy	`2.16201`
Detected Filetype	Icon file
MD5	`0d657e7ec5813a3fc867c0072513cea8`
SHA1	`4741f0daf5e6b75d2c6749e5d36a088292294718`
SHA256	`4c2a9337b0b21ccc11aa5b096ad8858007fff051db8d08bde2ade84fe72c9e02`
SHA3	`45fb01164283bda07c04d6e38c27914da5fe86a7d425d4a03baf67e170e9454c`

2 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2012-Feb-17 10:53:55
Entropy	`1.69546`
Detected Filetype	Icon file
MD5	`da4a30f7d1ee9e4b1993e5fb467b907e`
SHA1	`7708b7c9f8c663effc4ad345787f5cfaa45428cc`
SHA256	`5819045a9a1ef430734aae81b352d2df13af389ffade5aab8f32aa01dbd6a30c`
SHA3	`ddc3751fb5a47f26714bc3ad8709dd9b3465bcfec465c21d02256bb765c8e3bf`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x228`
TimeDateStamp	2012-Feb-17 10:53:55
Entropy	`3.41174`
MD5	`347c8a27bb835cc3db9f4dd3f834da79`
SHA1	`660784d9f36b91a27fccaf364273deefd87d492a`
SHA256	`50ec10463a04d1f18adcfe83bbcb7c75d6096e702219e9a335a42fc142941af9`
SHA3	`1998f7c24c71f64858e1241e9523868202eeace1ebf7046684a484ac3569662b`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2b7`
TimeDateStamp	2012-Feb-17 10:53:55
Entropy	`4.8643`
MD5	`74cc3da45f17ab8221fca845c05d21b6`
SHA1	`80b5858729c26ab57cf973eb916762b11738241d`
SHA256	`793e2d56fe1282c6cd64fcda1febb2ee629e4d54afb972f93765c1a4d93bf02f`
SHA3	`e2cb2dd2d0d81668e51739ed9c647c3a003d3101fdf302884f86648ef20cc3f8`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.0.0.0
ProductVersion	706.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	link
ProductName	Exe2Aut
FileDescription	Tiny AutoIt3 Decompiler
LegalCopyright	Coded in Feb 2012
FileVersion (#2)	6
ProductVersion (#2)	v6

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

29d90c254764d41d89f25780286dcb89

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.code

.data

.idata

.rsrc

Imports

Delayed Imports

1

2

3

4

5

6

100

101

102

103

1 (#2)

2 (#2)

1 (#3)

1 (#4)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors