Manalyze report for 2f5c7248dbe051bec8ddedcf4c80a76f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1997-Dec-29 05:26:56
TLS Callbacks	2 callback(s) detected.

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA1`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW` `Uses Windows's Native API: ntohl ntohs` `Leverages the raw socket API to access the Internet: htonl ntohl ntohs` `Enumerates local disk drives: GetVolumeInformationW`
Suspicious	VirusTotal score: 1/66 (Scanned on 2021-10-10 11:13:08)	`APEX: Malicious`

Hashes

MD5	`2f5c7248dbe051bec8ddedcf4c80a76f`
SHA1	`18ae54853b306628c64c316da38d770792e1c98e`
SHA256	`b1248744139082c4fe73af7bb02ea22e8a797169b004ed0c45e56883ef04238e`
SHA3	`f8e64a6a97ac8ef28a298450eb5343367ccb8fa32dbc887c68eaae68b3a35b80`
SSDeep	`6144:8aELa/5/+wtDQXRwidDPbKguAL1TBj4h6Ut:8aELaxWwJOiidzbKXABTx4h`
Imports Hash	`d71438229248861de949038612c7557f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`9`
TimeDateStamp	1997-Dec-29 05:26:56
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x39200`
SizeOfInitializedData	`0x4d800`
SizeOfUninitializedData	`0x1600`
AddressOfEntryPoint	`0x000014F0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3b000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x55000`
SizeOfHeaders	`0x400`
Checksum	`0x516fd`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`70332690db3a9df721c64f8e3369b52a`
SHA1	`e8eba690063ec404204b40caa5401b2eab3be6c0`
SHA256	`5f86a578b93d425ea311ebdd8958c854489d29325b37ab2d1828fcc1fd6e333c`
SHA3	`62b3d086b4815ea9044ad14899c861c96816d6fe56c0487d827109dfd01952c9`
VirtualSize	`0x3914c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x39200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.25517`

.data

MD5	`970d999c8696dac89c9f378c945255d1`
SHA1	`a6941d5bb0c2e4774ad8f6fb33973d9aab43c27b`
SHA256	`80e4386b80a3db97476c6a72cfe92cdf84fad975d0325067af95ae20d52f1127`
SHA3	`80a250af33d50b0f526df2fe230a3dd4a10960ca994ec4f335440553f47dedea`
VirtualSize	`0x4d20`
VirtualAddress	`0x3b000`
SizeOfRawData	`0x4e00`
PointerToRawData	`0x39600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.224907`

.rdata

MD5	`7fb92018f477a401129578d5392cf71f`
SHA1	`146b7ae3eea52ae382366683601e9379b8fb1592`
SHA256	`b76eeba46f372b6cd3087b0299d9d2bd6d046b0880f262275d8f2ac1fc1ffce5`
SHA3	`8c13a1c8adabcd552d05c3173354f023be8719e93c2a2d0cdaa1c7b4da20b22c`
VirtualSize	`0xb828`
VirtualAddress	`0x40000`
SizeOfRawData	`0xba00`
PointerToRawData	`0x3e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.29518`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1428`
VirtualAddress	`0x4c000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.edata

MD5	`1be7b47269193a5aae87023b76cc989d`
SHA1	`b86f033186f81993756af1b17bdd0ed0aa0b369b`
SHA256	`883b0149c4b4bfd1a15fd8b1e838589a285962d0321e1e93519681a0e73f80ed`
SHA3	`38c68ced6d20b2fcd9b62b73f2cbc99fdc0e569e22fb5787ea7bbf398f964a2e`
VirtualSize	`0x35`
VirtualAddress	`0x4e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x49e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.530528`

.idata

MD5	`17c2590885e8cb569d29f60a4a61fcd7`
SHA1	`832046e56d4b71117fc0ac5b6fa0606afcbe23fe`
SHA256	`bdafacfc10cb612ea72ed4d009102b752a700918576869ca6c6b5d241d62ba1f`
SHA3	`07df49eb68f5353f77bb345e4ffc87f6e5a0526dd1a65dd86715cc949942a5f6`
VirtualSize	`0xff0`
VirtualAddress	`0x4f000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x4a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.33376`

.CRT

MD5	`627318bec623f96602cd8f10fe52552d`
SHA1	`8243f505fa70c3c1f5cfd55163f84663a4ec1fa0`
SHA256	`4b6951bb8c117281a920862df6521066e9ff4e929fb5b2635f2cf8f36bf5f64c`
SHA3	`5183c6b7c3f70c000445fe8a8db13347429a331e3ab06be5893baefbf1852b68`
VirtualSize	`0x34`
VirtualAddress	`0x50000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.280401`

.tls

MD5	`b4a32cab37402127ceae2be5f93bd1a0`
SHA1	`1f6d3f7403e820cfdbdd57f663f1ef36fde5ba68`
SHA256	`fdc4ec65179c2120944c2ebfb71294dcd6c9ef77aafbfe312e0d89d05cd67d5c`
SHA3	`a4abd395b66e285f8742cfb5653357ff40b11792a80af3fc9592a6bf74c95d2d`
VirtualSize	`0x20`
VirtualAddress	`0x51000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.210826`

.reloc

MD5	`9127124465f383d7945847908dca4092`
SHA1	`d4d3d09e856dbcd98eccb4d714e0234453f13980`
SHA256	`b3bdb586630cab441b551d7193f287b3fda289d3640d6ebb464c1d5e2d509eaa`
SHA3	`3146102202bc7bcd8d035d65be67dee4f01b7607985624a245c902aa0e6667e5`
VirtualSize	`0x2704`
VirtualAddress	`0x52000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x4b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.59863`

Imports

AdbWinApi.dll	`AdbCloseHandle` `AdbCreateInterfaceByName` `AdbEnumInterfaces` `AdbGetInterfaceName` `AdbGetSerialNumber` `AdbGetUsbDeviceDescriptor` `AdbGetUsbInterfaceDescriptor` `AdbNextInterface` `AdbOpenDefaultBulkReadEndpoint` `AdbOpenDefaultBulkWriteEndpoint` `AdbReadEndpointSync` `AdbWriteEndpointSync`
KERNEL32.dll	`CloseHandle` `CreateFileMappingA` `CreateSemaphoreA` `DeleteCriticalSection` `EnterCriticalSection` `FindFirstVolumeW` `FindNextVolumeW` `FindVolumeClose` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetDiskFreeSpaceExW` `GetFileInformationByHandle` `GetFileSizeEx` `GetFileType` `GetLastError` `GetModuleFileNameA` `GetModuleHandleA` `GetProcAddress` `GetStartupInfoA` `GetSystemInfo` `GetSystemTimeAsFileTime` `GetTempFileNameA` `GetTempPathA` `GetTickCount` `GetTimeZoneInformation` `GetVolumeInformationW` `InitializeCriticalSection` `IsDBCSLeadByteEx` `LeaveCriticalSection` `LoadLibraryW` `MapViewOfFile` `MultiByteToWideChar` `QueryPerformanceCounter` `ReleaseSemaphore` `SetEndOfFile` `SetFilePointer` `SetLastError` `SetUnhandledExceptionFilter` `Sleep` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnhandledExceptionFilter` `UnmapViewOfFile` `VirtualProtect` `VirtualQuery` `WaitForSingleObject` `WideCharToMultiByte`
msvcrt.dll	`__argv` `__dllonexit` `__getmainargs` `__initenv` `__lconv_init` `__mb_cur_max` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_cexit` `_errno` `_fmode` `_fstati64` `_get_osfhandle` `_initterm` `_iob` `_lock` `_lseeki64` `_onexit` `_setjmp3` `time` `localtime` `_telli64` `_unlock` `calloc` `exit` `fopen` `fprintf` `fputc` `fputs` `free` `fwrite` `getenv` `islower` `isspace` `isupper` `localeconv` `malloc` `memchr` `memcmp` `memcpy` `memmove` `memset` `realloc` `setlocale` `setvbuf` `signal` `sprintf` `strcat` `strchr` `strcmp` `strcpy` `strerror` `strftime` `strlen` `strncmp` `strncpy` `strrchr` `strtoul` `_vsnprintf` `_wopen` `abort` `atoi` `vfprintf` `wcslen` `wcstombs` `longjmp` `_write` `_unlink` `_strdup` `_read` `_open` `_getpid` `_fileno` `_close` `_access`
WS2_32.dll	`htonl` `ntohl` `ntohs`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x451018`
EndAddressOfRawData	`0x45101c`
AddressOfIndex	`0x44c5ac`
AddressOfCallbacks	`0x450020`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x004291A0` `0x00429150`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!