Manalyze report for 2ac1f1db6d3d5ad4d76254b810b870d1

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2022-Jan-18 19:08:39
Detected languages	English - United States
Debug artifacts	D:\leetcode\needle3\x64\Debug\needle3.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	The PE is possibly packed.	`Section .textbss is both writable and executable.` `Unusual section name found: .msvcjmc`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities: CreateRemoteThread OpenProcess VirtualAllocEx WriteProcessMemory` `Manipulates other processes: OpenProcess Process32First Process32Next WriteProcessMemory`
Malicious	VirusTotal score: 37/70 (Scanned on 2023-01-30 13:26:37)	`Lionic: Trojan.Win32.Pincav.4!c` `Elastic: malicious (moderate confidence)` `Cynet: Malicious (score: 100)` `ALYac: Trojan.GenericKD.64436265` `Cylance: Unsafe` `Zillya: Trojan.Pincav.Win32.30632` `Sangfor: Trojan.Win32.Agent.V6s8` `Cyren: W64/ABRisk.KNRZ-7792` `Symantec: ML.Attribute.HighConfidence` `ESET-NOD32: a variant of Generik.CENYOZO` `Kaspersky: UDS:Trojan.Win32.Pincav` `BitDefender: Trojan.GenericKD.64436265` `MicroWorld-eScan: Trojan.GenericKD.64436265` `Avast: Win64:Malware-gen` `Emsisoft: Trojan.GenericKD.64436265 (B)` `VIPRE: Trojan.GenericKD.64436265` `TrendMicro: TROJ_GEN.R002C0WLN22` `McAfee-GW-Edition: BehavesLike.Win64.Injector.tm` `FireEye: Trojan.GenericKD.64436265` `Sophos: Mal/Generic-R` `Jiangmin: Trojan.Pincav.bdp` `Antiy-AVL: Trojan/Win64.SGeneric` `Microsoft: Trojan:Script/Phonzy.A!ml` `Arcabit: Trojan.Generic.D3D73829` `ZoneAlarm: UDS:Trojan.Win32.Pincav` `GData: Trojan.GenericKD.64436265` `Google: Detected` `McAfee: Artemis!2AC1F1DB6D3D` `MAX: malware (ai score=100)` `VBA32: Trojan.Pincav` `Malwarebytes: Malware.AI.4269289797` `TrendMicro-HouseCall: TROJ_GEN.R002C0WLN22` `Ikarus: Trojan.Win64.Meterpreter` `MaxSecure: Trojan.Malware.300983.susgen` `Fortinet: W32/PossibleThreat` `AVG: Win64:Malware-gen` `Panda: Trj/Chgt.AD`

Hashes

MD5	`2ac1f1db6d3d5ad4d76254b810b870d1`
SHA1	`c63a901a83bb170463ce603dd87443d64d5225b6`
SHA256	`59dc4091cb9af8933d7cf1378359ddfab31e8b44c3fa7910d3555bb988b482d9`
SHA3	`24ece24e2407d09879f36c6f68ce2d0665d58c5f1b10db86d901723a63d88086`
SSDeep	`12288:71htoAcnhb0cY9nrxl7Sr7kT1ZSriXhPrwXYewT1ljKt6i:RhtoAchb0c2rP7SrQTjSUrwm+t6i`
Imports Hash	`100844bfed04cba6c5bd2a900d4b400f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`11`
TimeDateStamp	2022-Jan-18 19:08:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xd0000`
SizeOfInitializedData	`0x42a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000064FE0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x17b000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.textbss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x6184e`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.text

MD5	`c64069144e2d51c9580d66055a2faa73`
SHA1	`7a5fb31ca0ed61dccea8eef8761d87ddf457280b`
SHA256	`dceed1c98aa132dc966a201b93ca93a6a15f872f8291eb336b406c1d80f8c1bd`
SHA3	`a52c1ded9a5c5fb05adfb3995b9ddaad4e2928d0d142e157601763f784f5df2e`
VirtualSize	`0xcff47`
VirtualAddress	`0x63000`
SizeOfRawData	`0xd0000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.15242`

.rdata

MD5	`23c5c02d62841c5f081ae9d838748847`
SHA1	`79c5e8c46db7070ba3f608464f4108931c263f0e`
SHA256	`f79c1fff81ca514e99475f072f3e2f4221208cb7699a569113ba775f79552d92`
SHA3	`a8c2958f92eefa71dfc9a82ed324aee16688c08f314deba70be728665dfc3dc5`
VirtualSize	`0x30f06`
VirtualAddress	`0x133000`
SizeOfRawData	`0x31000`
PointerToRawData	`0xd0400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.65923`

.data

MD5	`417c55a39a276ea3f8bec2919e545c8c`
SHA1	`368213b493b10692211919d5c30179ef7969839c`
SHA256	`3690a3421b88ca2a453ab6fd3a9d0c36d5cfbc8fb056350ad141758c85377411`
SHA3	`4c5c9524bffbc52466c494a147e8725f27328132d66b67eb262c694660fe0406`
VirtualSize	`0x3388`
VirtualAddress	`0x164000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x101400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.79092`

.pdata

MD5	`9db3cb2458f8adc9f3c5c2dfbaf695f9`
SHA1	`3a82a3b14c5fbab547af90cc8362acafa50c80bb`
SHA256	`cd9b996647349ccdff34aa6469ae90265ce6074b79d3025b42ac9d2810207b56`
SHA3	`b9989b533c55d36622cf6c92722051a1fa47cbda1674deba0d8ddec28481d6fa`
VirtualSize	`0xa89c`
VirtualAddress	`0x168000`
SizeOfRawData	`0xaa00`
PointerToRawData	`0x102600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.94188`

.idata

MD5	`4934651e94e5b13f52edea3b3ef0b6bf`
SHA1	`783fc06f1a8412d3c2235904c8e80752d8d7034c`
SHA256	`170132cb933314e02d2b87b2576c0ddf4d8908e75c4ae90a086981bb882e3e02`
SHA3	`2f2612c2a792947a9ef094feeaea8e6e715af15cc9e63a7ee6124e2c0940e031`
VirtualSize	`0x1204`
VirtualAddress	`0x173000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x10d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.64109`

.msvcjmc

MD5	`85bb7567c9540c02a36ab2534359c3af`
SHA1	`9236e5b2f892a5d4dd7846f155ca686625f8797c`
SHA256	`1cf523561f6afc024636f4f4e0701cbbd7fc7113e74a18479ae684e8a8156727`
SHA3	`772c898789da6852db2f1cfd7e6dc68fded9425fca3539eead563d1a700d379b`
VirtualSize	`0x11a`
VirtualAddress	`0x175000`
SizeOfRawData	`0x200`
PointerToRawData	`0x10e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.255742`

.00cfg

MD5	`98d7d303469a7fd73a1c3280359b7eb0`
SHA1	`3a7237d3af93c9296cf2a49ab691ee48035e8021`
SHA256	`3491b480885a8a1183e3279cf2fe8ac2c9a0dafe28ab76dd4b100c7c026e0a44`
SHA3	`20dbcfe62094b50d48c05555564cdf4e765a5623661c13a91001625608efee54`
VirtualSize	`0x151`
VirtualAddress	`0x176000`
SizeOfRawData	`0x200`
PointerToRawData	`0x10e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.424498`

_RDATA

MD5	`aa37566dd542e65901f8bef6abfad4f5`
SHA1	`108b0632a80090421e2afbc107fcea326d6f2ef3`
SHA256	`f34929d246ee06ba3f54d7af58e7b0852b1a51c4ee7648df6d9017fa3b5dc3f2`
SHA3	`d37fe699c013d00b96b94bb24a2ba1a5810035775df33c5be2f5bd6fb3f2a002`
VirtualSize	`0x222`
VirtualAddress	`0x177000`
SizeOfRawData	`0x400`
PointerToRawData	`0x10e800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.44078`

.rsrc

MD5	`b6625dc959b82eb307628b1482563381`
SHA1	`ef5349c85e77673a0699b8ed7a566d096b6f404e`
SHA256	`a639c487ba63d658e286635ce315840d9748e14fc65bdfc07eca0b05607826d6`
SHA3	`6b43e5bbe351e0ffebc920f4e39019483ca641b0b48c393864a9a9eb818084ae`
VirtualSize	`0x43c`
VirtualAddress	`0x178000`
SizeOfRawData	`0x600`
PointerToRawData	`0x10ec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.14297`

.reloc

MD5	`c3208eea1a703aa9ac9851f4235d7d3d`
SHA1	`0a67527949b566a59b01cd556e0e22b4aa5c9e2b`
SHA256	`854bad57b5322769c19c06b3fe6c0c9d5db14c4eb779a77683e6a8905458f575`
SHA3	`a1b516df3dcf3040102e0e20e887c4318adaaa5860cd8694a39e0dfaa89d4c29`
VirtualSize	`0x195c`
VirtualAddress	`0x179000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x10f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.54535`

Imports

KERNEL32.dll	`CloseHandle` `ExitProcess` `CreateRemoteThread` `OpenProcess` `VirtualAllocEx` `IsDebuggerPresent` `GetModuleHandleA` `GetProcAddress` `CreateToolhelp32Snapshot` `Process32First` `Process32Next` `CreateFileW` `WriteProcessMemory` `GetFullPathNameA` `GetCurrentThreadId` `RaiseException` `MultiByteToWideChar` `WideCharToMultiByte` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetStartupInfoW` `GetModuleHandleW` `GetLastError` `HeapAlloc` `HeapFree` `GetProcessHeap` `VirtualQuery` `FreeLibrary` `RtlUnwindEx` `InterlockedPushEntrySList` `InterlockedFlushSList` `GetModuleFileNameW` `LoadLibraryExW` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `EncodePointer` `RtlPcToFileHeader` `GetModuleHandleExW` `GetStdHandle` `WriteFile` `GetCommandLineA` `GetCommandLineW` `HeapSize` `HeapValidate` `GetSystemInfo` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetFileType` `GetCurrentThread` `OutputDebugStringW` `WriteConsoleW` `SetConsoleCtrlHandler` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `SetStdHandle` `GetStringTypeW` `HeapReAlloc` `HeapQueryInformation` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `GetFileSizeEx` `SetFilePointerEx` `ReadFile` `ReadConsoleW` `RtlUnwind`
ADVAPI32.dll	`GetUserNameA`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Jan-18 19:08:39
Version	`0.0`
SizeofData	`66`
AddressOfRawData	`0x15be2c`
PointerToRawData	`0xf922c`
Referenced File	D:\leetcode\needle3\x64\Debug\needle3.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-Jan-18 19:08:39
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x15be70`
PointerToRawData	`0xf9270`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140164008`

RICH Header

XOR Key	`0xc9fe68ed`
Unmarked objects	`0`
C objects (27412)	`11`
ASM objects (27412)	`7`
C++ objects (27412)	`145`
C++ objects (30034)	`45`
C objects (30034)	`17`
ASM objects (30034)	`9`
Imports (27412)	`5`
Total imports	`98`
C++ objects (VS2019 Update 10 (16.10.4) compiler 30040)	`1`
Resource objects (VS2019 Update 10 (16.10.4) compiler 30040)	`1`
Linker (VS2019 Update 10 (16.10.4) compiler 30040)	`1`

Errors

[*] Warning: Section .textbss has a size of 0!