Manalyze report for 2ba7d1d3d52975d76823b24c3f50a671

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Nov-24 05:41:39
TLS Callbacks	1 callback(s) detected.
Comments
CompanyName
FileDescription	YoutubeAuto
FileVersion	`1.0.1.8`
InternalName	YoutubeAuto.exe
LegalCopyright	Copyright © 2020
LegalTrademarks
OriginalFilename	YoutubeAuto.exe
ProductName	YoutubeAuto
ProductVersion	`1.0.1.8`
Assembly Version	1.0.1.8

Plugin Output

Info	Matching compiler(s):	`.NET executable -> Microsoft`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: regsvr32.exe`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA256`
Suspicious	The PE is packed with Enigma Protector	`Unusual section name found: .enigma1` `Section .enigma1 is both writable and executable.` `Unusual section name found: .enigma2` `Section .enigma2 is both writable and executable.`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryW LoadLibraryA LdrLoadDll` `Code injection capabilities: VirtualAlloc WriteProcessMemory VirtualAllocEx CreateRemoteThread` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegCloseKey RegOpenKeyA` `Can create temporary files: GetTempPathW GetTempPathA CreateFileW CreateFileA` `Memory manipulation functions often used by packers: VirtualAlloc VirtualProtectEx VirtualProtect VirtualAllocEx` `Enumerates local disk drives: GetLogicalDriveStringsW` `Manipulates other processes: WriteProcessMemory ReadProcessMemory`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`2ba7d1d3d52975d76823b24c3f50a671`
SHA1	`825affac85847d104eac054466d4d363900ae561`
SHA256	`1d01626517adaa0cda58a55e645c1661038e24c11ebf80c319ce1b0b27242665`
SHA3	`5a01dcf9ba7994b5bc98ae15edc17d389a1a7e7643aa126f1cda378c0c3a4e7a`
SSDeep	`98304:fiK6G875Un4uQ0pjhrxP+tJw9xOr8smdThZiFF+5R5F91:qnj75U4k5JQw9xFsmlSFFkDz`
Imports Hash	`7354cbf722a071639ee8ba97deef46ca`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2020-Nov-24 05:41:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x6c000`
SizeOfInitializedData	`0x96a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0006DFFA (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x6e000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xe2000`
SizeOfHeaders	`0x2000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x200000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`460d9d7ccd7e58f13d18fabd84c9aa3a`
SHA1	`474bf028b3310a6a7549f7f67527a57455a44f76`
SHA256	`0fec950172e856e7bf9251ff6a245d7992ef301f3d45a53b15a51e291e1236d7`
SHA3	`31c84c158edcc37b61e25c52bd51f932eada64a1f9f7ec554cfdd21ffe7289f9`
VirtualSize	`0x6c000`
VirtualAddress	`0x2000`
SizeOfRawData	`0x6c000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.43146`

.reloc

MD5	`7486eb53b43bed0ccce3e01c81b06d36`
SHA1	`f5359452298dd4f685592e7b0ef17c2a5b447444`
SHA256	`c30447f19f5943bb1386c6f7379e583eceaf0f2dfebecc7df058a9c4f1666605`
SHA3	`a7eb9f5c4927722b6c9c2a84b045fb291e3408d6019857292a0103cf95e1ab3f`
VirtualSize	`0xc`
VirtualAddress	`0x6e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6c400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

.rsrc

MD5	`1d37a1c1991dbf61a246845e94d61f83`
SHA1	`044b149f3ded4fc9873f1482ed2ef1fb285b3206`
SHA256	`922628fec967e97cbdae94e67be3e20ed9d1ff817ea6b0d8927f21e4156d40a0`
SHA3	`2c704b45506ef0c05b4f044e1d64de2ac53b98e92199fe8b1f9935d6d81026f2`
VirtualSize	`0x2a938`
VirtualAddress	`0x70000`
SizeOfRawData	`0x2aa00`
PointerToRawData	`0x6c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.54335`

.enigma1

MD5	`7882ee0305abc9c82a6436c8d597de52`
SHA1	`17d35037be14e04c07bfe1ebfacac221232baadc`
SHA256	`9d32d5f22063bee5ffffb9921c46a39ab6001c13ff30c5369ef47021eec1343e`
SHA3	`58f37d49759451deb499657da4b76833a4ed829a93da93299ffdc1eb98ff78f1`
VirtualSize	`0x2000`
VirtualAddress	`0x9c000`
SizeOfRawData	`0x3e8000`
PointerToRawData	`0x97000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.92147`

.enigma2

MD5	`799712759d20461909f5b59c31eeeeed`
SHA1	`e5232ae6d071ada231baa1837c6da6486e42579f`
SHA256	`aa4af790de2659089332d6005f2d59042ff800d2aab247ef8f0e92747eac300c`
SHA3	`477359cc4def4ff46c6287afd1e598a69667d80a339c3fe318916697e889bb50`
VirtualSize	`0x44000`
VirtualAddress	`0x9e000`
SizeOfRawData	`0x44000`
PointerToRawData	`0x47f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.92052`

Imports

kernel32.dll	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `ExitThread` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
user32.dll	`GetKeyboardType` `LoadStringA` `MessageBoxA` `CharNextA`
advapi32.dll	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
oleaut32.dll	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
kernel32.dll (#2)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `ExitThread` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
advapi32.dll (#2)	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
kernel32.dll (#3)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `ExitThread` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
user32.dll (#2)	`GetKeyboardType` `LoadStringA` `MessageBoxA` `CharNextA`
kernel32.dll (#4)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `ExitThread` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
kernel32.dll (#5)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetTickCount` `QueryPerformanceCounter` `GetVersion` `GetCurrentThreadId` `InterlockedDecrement` `InterlockedIncrement` `VirtualQuery` `WideCharToMultiByte` `MultiByteToWideChar` `lstrlenA` `lstrcpynA` `LoadLibraryExA` `GetThreadLocale` `GetStartupInfoA` `GetProcAddress` `GetModuleHandleA` `GetModuleFileNameA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `FindFirstFileA` `FindClose` `ExitProcess` `ExitThread` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
ole32.dll	`CreateStreamOnHGlobal` `CoUninitialize` `CoInitialize`
oleaut32.dll (#2)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
oleaut32.dll (#3)	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
ntdll.dll	`RtlInitUnicodeString` `RtlFreeUnicodeString` `RtlFormatCurrentUserKeyPath` `RtlDosPathNameToNtPathName_U`
SHFolder.dll	`SHGetFolderPathW` `SHGetFolderPathA`
ntdll.dll (#2)	`RtlInitUnicodeString` `RtlFreeUnicodeString` `RtlFormatCurrentUserKeyPath` `RtlDosPathNameToNtPathName_U`
shlwapi.dll	`PathMatchSpecW`
ntdll.dll (#3)	`RtlInitUnicodeString` `RtlFreeUnicodeString` `RtlFormatCurrentUserKeyPath` `RtlDosPathNameToNtPathName_U`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2b60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.88787`
Detected Filetype	PNG graphic file
MD5	`80043b2e62477d95fcaa87bba19a6441`
SHA1	`a1bc4a0106af216aee72573916349708e431d527`
SHA256	`8464e7cd693ec34cac1056057639ff08cf4e19a04f33c153b4c9048b1ad19a29`
SHA3	`683a9017b4e6bc89715a3484ff6971bb177a1d4597d434ae364fd3c04f9c6145`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.90871`
MD5	`4bf56e67b65d553423d8f38a69995ec9`
SHA1	`fb19e5c75800eee146ab23e91162f9de2753e0c2`
SHA256	`03245291c95de2b2d2762f79b2763f30276347cf52243386203dc439818af371`
SHA3	`0c9c6cefcfecfa46a964ab90b128e30e8ca3968d9d3a6b43fe01e198602cb05d`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.1386`
MD5	`388af8e41f6755146be97c79bfe33e44`
SHA1	`77c63f093e770aa594bd4eee209db0cc8db52a8f`
SHA256	`1cda2a154b2e2d76b484e4f47c738e13286f408294a7f294487e068b991b7e52`
SHA3	`be2b2303f8a4b89e7673238194ab1eb89c1080a5f6e0044072875e6a83f45e78`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.16402`
MD5	`e95efe2a2728df6d60c0d4e884118035`
SHA1	`1171a8aa4d71bed0f372fc8c3963c81d4e7881bd`
SHA256	`51897407564aa11f5d46caefcd208cf0da6dbc4887a2a1e4f6ad7d93d6b9eea7`
SHA3	`4a67f62f3ad8be09380384b8872c04a86dcfc4710751f00674162a13aca8fd53`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.07841`
MD5	`f06cb893b075dbb875c3e810a5c968b9`
SHA1	`caf810d117016af0d3b92662bce836da1426a48a`
SHA256	`613f7d2d8700e1be3688fe85902035708deaf04fa259f633406efd3e286a1e31`
SHA3	`f94cb6e6993fc5d979c3e7be40782d77ed6714d6dbd8f4f5ce536a0f26f96686`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.28884`
MD5	`fc4d0b1bac6a79ea0e7683843726a517`
SHA1	`9df74500e667b8dcd5aaa140d0a24f3a6f36eb6a`
SHA256	`36e6d48bc714d7872db8304257cc1522ffd2b5cbf8263f5cd563dd12901f77eb`
SHA3	`bf5507af17d9d2c3b0da6a169bd6dad3fd50356c41bc65c2831f629ef495b6b6`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.3368`
MD5	`c490e101a517e3e70e38d7f3f28c7bb9`
SHA1	`9bb72d80fec1281c6c40e4fb5c3722e48044fed0`
SHA256	`52942a66d8c738d0d4e1a242c63c07dd14e11e76f32c38912fe7309f76e11a2e`
SHA3	`93c6947f582c8a8c8d78a2df91887ca5b23fc3f217e548b97026cb3131a8ab60`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.51025`
MD5	`6ff878617edae88a53882b459e4c142d`
SHA1	`3102f8bd5e04a587bcbbb3267814c664d6c5bf8d`
SHA256	`31b91c336ab74076db63fd044e5b10c5184e2b2e437850c4486758a4394952c8`
SHA3	`752690142e43f76313f89b583b7f20f726ad24af3bf11fe8f288d264e9dedc58`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.67798`
MD5	`31d4962464d1523db485b0e843d260b8`
SHA1	`05383be2f872d3a4aaef6e24b55eb0a87b7bed92`
SHA256	`71bb97eee03eb649e5640c6fe750e8ffe5c4dd27b5ffc84e6eaeeb025cbed524`
SHA3	`284d3132c2161ca298002192d2fb97c278c58dbf6a4f7f12f8d07a643160b7cb`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.01379`
Detected Filetype	Icon file
MD5	`9a3af07be23078465903568ef2f8a2aa`
SHA1	`7d93f98fb455a648da356948d25e4913983ffaad`
SHA256	`60be9c65453aaca9fca9bea445328e115caa980539da6fa9de04af01a023548c`
SHA3	`756d3ddce95774b358ff9876725f7541c974947628dec1a418bd46fff05330f6`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x32c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32959`
MD5	`57cc499da7a6dd953c65cd876d776840`
SHA1	`5bdf56fd464306d9091da03e1392b96143835bf7`
SHA256	`cfd09d4fb85a9d4bc5bd9a35ef7186ff3e4233af5c2261a7cddcb26558931793`
SHA3	`59a986c4857e4ab78a45e6c604c45900f3b7a90e330bb75d39495c53e6c06d80`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.1.8
ProductVersion	1.0.1.8
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	YoutubeAuto
FileVersion (#2)	1.0.1.8
InternalName	YoutubeAuto.exe
LegalCopyright	Copyright © 2020
LegalTrademarks
OriginalFilename	YoutubeAuto.exe
ProductName	YoutubeAuto
ProductVersion (#2)	1.0.1.8
Assembly Version	1.0.1.8

Resource LangID	UNKNOWN

TLS Callbacks

StartAddressOfRawData	`0x49c018`
EndAddressOfRawData	`0x49c040`
AddressOfIndex	`0x49c040`
AddressOfCallbacks	`0x49c044`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x004D1CA0`

Load Configuration

RICH Header

Errors

[!] Error: Could not read PDB file information of invalid magic number.