Manalyze report for 2f9fdad776d8626f2ce8625211831e91

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2007-May-25 14:27:07
Detected languages	English - United Kingdom
FileVersion	`3, 2, 4, 9`
CompiledScript	AutoIt v3 Script : 3, 2, 4, 9

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX v2.0 -> Markus, Laszlo & Reiser (h)` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses known Mersenne Twister constants`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegCloseKey` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc`
Info	The PE's resources present abnormal characteristics.	`Resource 1000 is possibly compressed or encrypted.` `Resource 7 is possibly compressed or encrypted.` `Resource 8 is possibly compressed or encrypted.` `Resource 9 is possibly compressed or encrypted.` `Resource 10 is possibly compressed or encrypted.` `Resource 11 is possibly compressed or encrypted.` `Resource 12 is possibly compressed or encrypted.`
Suspicious	The file contains overlay data.	`3113 bytes of data starting at offset 0x31a00.` `The overlay data has an entropy of 7.94183 and is possibly compressed or encrypted.`
Malicious	VirusTotal score: 15/71 (Scanned on 2024-10-03 21:04:29)	`AhnLab-V3: Malware/Win.Generic.C5677730` `Bkav: W32.AIDetectMalware` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Fortinet: W32/PossibleThreat` `Gridinsoft: Ransom.Win32.Gen.oa!s2` `Ikarus: Win32.Outbreak` `Jiangmin: Worm.AutoIt.ad` `MaxSecure: Virus.W32.AutoIt.A` `McAfee: Artemis!2F9FDAD776D8` `McAfeeD: ti!9B66A8EA0F1C` `Microsoft: Trojan:Win32/Malgent` `Paloalto: generic.ml` `Webroot: W32.Malware.gen` `alibabacloud: Trojan`

Hashes

MD5	`2f9fdad776d8626f2ce8625211831e91`
SHA1	`21d8413eb0d60b36fc249f8025c277b557fefde3`
SHA256	`9b66a8ea0f1c64965b06e7a45afbe56f2d4e6d5ef65f32446defccbebe730813`
SHA3	`a1ad34a71ba90fbf5f75d19484008579182521a623f0f4fba132c9083cc06d45`
SSDeep	`6144:96LkVO8A1X2og0tEHH45Y0KTIVaTycTVDNe4oI:TMJ1X2og0MHGKT3RRwG`
Imports Hash	`fd50eeaa7137498c4740b429b41a482e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2007-May-25 14:27:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`7.0`
SizeOfCode	`0x31000`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0x57000`
AddressOfEntryPoint	`0x00088080 (Section: UPX1)`
BaseOfCode	`0x58000`
BaseOfData	`0x89000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x8b000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x57000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`3820b49f074de0d36c50a7babb2200ed`
SHA1	`04c4423fc4a75c8db6fc26812a14f8ea8fefaea6`
SHA256	`17b1f1562dea1f5da4c3ee144de434f5a904d9c9b585012af98770b75de5aada`
SHA3	`b03f51331b44afdf6c7a85d43e1ded49a61e0a2df452b357983ce6259c7f7d9d`
VirtualSize	`0x31000`
VirtualAddress	`0x58000`
SizeOfRawData	`0x30400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.92366`

.rsrc

MD5	`d8312ec9afba4f967d7c2e34b8b3e76f`
SHA1	`fd2f42054c8aa4be6e11ea73e4484e9c0643f7cf`
SHA256	`75052274a93512dd31f76c53152fb3d14870701553ed8fb3fac8bc7e17c198d8`
SHA3	`e5b278f6ea37c87705d685a7bc4297e15f78069d94d8f7d6e0ca3f1a7e1ef696`
VirtualSize	`0x2000`
VirtualAddress	`0x89000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x30800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.43728`

Imports

KERNEL32.DLL	`LoadLibraryA` `GetProcAddress` `VirtualProtect` `VirtualAlloc` `VirtualFree` `ExitProcess`
ADVAPI32.dll	`RegCloseKey`
COMCTL32.dll	`ImageList_Remove`
comdlg32.dll	`GetSaveFileNameW`
GDI32.dll	`LineTo`
MPR.dll	`WNetUseConnectionW`
ole32.dll	`CoInitialize`
OLEAUT32.dll	`GetActiveObject`
SHELL32.dll	`DragFinish`
USER32.dll	`GetDC`
VERSION.dll	`VerQueryValueW`
WINMM.dll	`timeGetTime`
WSOCK32.dll	`listen`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.18785`
MD5	`b7ad1e1508a7e61baa9e0d15f8a7538a`
SHA1	`101b81b9cd6ad036c500e7d4bac292df9161ccc9`
SHA256	`7e63b5d1d58fd7a3702a3194754d471bbdf840f971980288c7cdd4e2492423e5`
SHA3	`316697d7e9ba6106b11fe4072d9312af1cbfe66966acb058ee17de51461a084d`

4

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.66371`
MD5	`d6f27bf763eb666af934477958acf362`
SHA1	`f724ee386cda31b32b5c88e08b9abf562c016a57`
SHA256	`62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5`
SHA3	`6f4a250c7a91ddfcc872e14b8ed1e4aa33a5ebb3280f7d021b47aa46edfb9586`

5

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.25499`
MD5	`ad424f5f5d5ff4460343686c61e4f75e`
SHA1	`29a1f0faadc42f1b9f9767d8c724fdc58dd165c8`
SHA256	`245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9`
SHA3	`4f3a627ee7d533397f7f5c70bb2dafa8857150e674cb31edd96949c7905de509`

166

Type	`RT_MENU`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x50`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.87806`
MD5	`162bcbe3325075c6fbc8a146a1f6cd3d`
SHA1	`ecde77ed47d064d78648a54785cdda3480d45ece`
SHA256	`4789d3adafc726024f5ab9cf66c3072a06207a3d3d79cf41b8f15b02219f3181`
SHA3	`9328d2bbc40b3303cc11c700403a112d303d7b8b1fc98b89c9d2ad54f76697b3`

1000

Type	`RT_DIALOG`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0xfc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.14469`
MD5	`454553a17a90657d2a970b6929425d3a`
SHA1	`b00a41ebe41b94b943ccfc5357741a6c796fb938`
SHA256	`c8f4e0efdc1dc92e0a66cec59ec02e26466b16cb2936f0159224ed3572fd811f`
SHA3	`caa0879f27034bd188084eefb688ecb850ec9cf7ec6a9e62d5f0d8e1ecd7d8b4`

7

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x598`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.79833`
MD5	`bc1a2e0c697c4cb7c9959c5d5881f13f`
SHA1	`015458499bfcba23d9c6c25c83a24f78cce173eb`
SHA256	`431a24f1693cb8c68c0e0ac887d2d7fbd7e7dce122896791da841ba6bb504ea2`
SHA3	`d3d789a4d23d22d1d4aec2cf12494193f4ebc181324d011e976daa7e1a047906`

8

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x690`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.70191`
MD5	`723853a75e6144a41c9189e048e15c25`
SHA1	`4b8c4178545f401cde6e2dce18d52c3bb1478ec5`
SHA256	`31b7278e86a7d7be34e82c71df075e02d3b53c874f0b10fb77bb7fbee04da1eb`
SHA3	`0cf42c432707be60f063ed41d35d908301e4b1cdda970bc219cba0ca3b64a1b1`

9

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x4ce`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.45622`
MD5	`9548ab0a8f5effd7a166573f57658740`
SHA1	`8df9192d5046cc55f3c565316a8f5744cf6fd29c`
SHA256	`cc7a5cc24e318754c1547edf35b79206cab4eed1e065ff6374a13b452e3e6215`
SHA3	`da15628daab65e81f00ee1633e8300e4e979be8e2ea0777fb34b9bd10b35c427`

10

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x5fa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.7221`
MD5	`eb8dc4134ea6b8c92251b366f3c1327e`
SHA1	`86550f9d9c7ffeea1fbd7132deb647a45c154938`
SHA256	`96a6eaa615d743a300803ecddc944bb469ab46dcc35e44060809f5d2bb73f1e1`
SHA3	`fa48b2574b963770ecebcee206e4c92a577def50556284a3e0ea99b40ee6d6ba`

11

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x572`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.61961`
MD5	`d9692481629a155f6cf96b173a7931d7`
SHA1	`855517ead4b5fef5ffbb36d90be3c4fa61eba776`
SHA256	`28b1b86e4fed7f10bfd17df44c02cd81ae47241629121ba8d24456768b739fcf`
SHA3	`626ca5091971d7641d56ac27a6bed1108cf8de4a89394e555c87545d539a4d54`

12

Type	`RT_STRING`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x428`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.51379`
MD5	`cb896ef777551720dfbc943dfeb6fe77`
SHA1	`c30fc1f5a5cb6b9a76707a53048cba935101118b`
SHA256	`935cae69f98f24b9522fb931f18d4d9754467cf5bb8d63611fec63312423d911`
SHA3	`cd1c0201579cacdfffb42c53380c505be38c3b4709f76244fdeeb08b64532de1`

161

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83321`
Detected Filetype	Icon file
MD5	`716963c2a0dbd2423c1233c862ea0626`
SHA1	`314496dc16a379bae3275e26fe58239c3bc039fa`
SHA256	`ce779380320caaadd02d060188aaa21489ebdef69fef812c0d0f7300b8b4eccb`
SHA3	`ee2a107392fc59f84b6095f6ca1811665b1adbaecbae74ff14b085746ae4f058`

164

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.92322`
Detected Filetype	Icon file
MD5	`e7c220fc6c844dbd7186f0f2016d8b7a`
SHA1	`04953c5c50b45158fcdbb41609f6da71df8ddeb2`
SHA256	`4849d8d44d61f01412f5dfab2c378386a26a8bc7b15f874a86e16009942d3632`
SHA3	`fdb5db1348e7ee7715dff507fb387de80adddc71f132cec5952f5b8f3d4b7ee6`

169

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`2865db3d5cf79c998f982136e08bd1f4`
SHA1	`c052d513f959bfe63995e368f2d193ea2b1f4aab`
SHA256	`e7774eff56db093534b9cdb042d04bde0e85bb19b5bb356725314a933f0d2933`
SHA3	`9799117c0ff99283ea0fbc303f71ab43871b95f73b0598dc1f33102d7cdae699`

1 (#2)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x19c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30619`
MD5	`fe8ac3a228073a488afd39ab4e730460`
SHA1	`8b9f3063498d1205ab1e2c02e6292e3a8724bee0`
SHA256	`80f6b2e4438986dcebefbfe9bc20a484d0d3afb24a0d099f12edd00c5957d5bc`
SHA3	`fcef650a7e96ea01bfeeef30358166a6a225fc08fe32cff6e9194582acf0202b`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x3a3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.11386`
MD5	`2d92515b6b78dced80114f0eaeae4710`
SHA1	`ddf0b6ebf7b6f3f354d31830731487a72b67173f`
SHA256	`3213571d23645217d89b0b6a8475c4113d7b013d4d11c0cd7180e977dc0d1c58`
SHA3	`c2ca10fb42ded6d9527d4688c2575351ebc3954f72a807b66fc23c4beae162d8`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.2.4.9
ProductVersion	3.2.4.9
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_UNKNOWN`
Language	English - United Kingdom
FileVersion (#2)	3, 2, 4, 9
CompiledScript	AutoIt v3 Script : 3, 2, 4, 9

Resource LangID	English - United Kingdom

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x9d4529d2`
Unmarked objects	`0`
105 (2067)	`2`
C++ objects (VS2003 (.NET) SP1 build 6030)	`5`
ASM objects (VS2003 (.NET) SP1 build 6030)	`31`
C objects (VS2003 (.NET) SP1 build 6030)	`174`
C objects (2179)	`8`
C objects (9178)	`1`
Imports (2067)	`2`
C objects (VS2012 build 50727 / VS2005 build 50727)	`9`
Imports (9210)	`4`
Imports (2179)	`21`
Total imports	`468`
100 (VS2003 (.NET) SP1 build 6030)	`53`
94 (VS2003 (.NET) build 3052)	`1`
Linker (VS2003 (.NET) SP1 build 6030)	`1`

Errors

[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!