Manalyze report for 309d2e9b729e028a159d7fc1688e2811

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1992-Jun-19 22:22:17
Detected languages	English - United States
FileVersion	`4.2`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegCloseKey`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 2019-Oct-10 09:55:28`
Malicious	VirusTotal score: 27/71 (Scanned on 2019-12-20 02:35:14)	`MicroWorld-eScan: Gen:Variant.Application.Bundler.FusionCore.3` `FireEye: Generic.mg.309d2e9b729e028a` `Cylance: Unsafe` `Sangfor: Malware` `K7GW: Riskware ( 0040eff71 )` `K7AntiVirus: Riskware ( 0040eff71 )` `Arcabit: Trojan.Application.Bundler.FusionCore.3` `BitDefender: Gen:Variant.Application.Bundler.FusionCore.3` `Paloalto: generic.ml` `AegisLab: Riskware.Win32.FusionCore.1!c` `Emsisoft: Gen:Variant.Application.Bundler.FusionCore.3 (B)` `Comodo: ApplicUnwnt@#wyrm3y52ywyt` `VIPRE: Adware.Generic` `TrendMicro: PUA.Win32.FusionCore.SMBD` `McAfee-GW-Edition: BehavesLike.Win32.Generic.dc` `Cyren: W32/Application.BZHT-1006` `Webroot: W32.Malware.Gen` `Fortinet: Riskware/FusionCore` `Antiy-AVL: GrayWare/Win32.Unwaders` `Microsoft: PUA:Win32/FusionCore` `Malwarebytes: Adware.FusionCore` `ESET-NOD32: a variant of Win32/FusionCore.AW potentially unwanted` `TrendMicro-HouseCall: PUA.Win32.FusionCore.SMBD` `Rising: Trojan.Generic@ML.96 (RDMK:cs0c/WxzH7WuuyqtaN2VTw)` `Yandex: Riskware.Agent!` `GData: Gen:Variant.Application.Bundler.FusionCore.3` `Panda: PUP/Adware`

Hashes

MD5	`309d2e9b729e028a159d7fc1688e2811`
SHA1	`7865818405d252e7f77b63c5bd8df29417e6086b`
SHA256	`9682d735a6158c1438e56f7db7da3fb918b17573d77464958cd7749b0888529e`
SHA3	`0ecaa19e5e783fe027fc10f9142db150557ec39e78f5b3ed4412fc2627f4f1fb`
SSDeep	`24576:L6rQ6ErnE5tGDEL50r1V6YW6wfdnGOajZGsiwM9Y2oQMwHpmZ+oR3V59:WrQNrnE5tGDrb6iwpGOajZGpCJ6HoZT`
Imports Hash	`54e25ac28b1f3b0b306bece47038a065`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xf6c00`
SizeOfInitializedData	`0x1c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000F7A50 (Section: CODE)`
BaseOfCode	`0x1000`
BaseOfData	`0xf8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xfe000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_LIBRARY_PROCESS_INIT`
SizeofStackReserve	`0`
SizeofStackCommit	`0`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

CODE

MD5	`45cefafda1a59eecc6627b9da2ec3eef`
SHA1	`b54d78a5dcde2f6364dbbcb573201946db4b5aa0`
SHA256	`95093129335aa2e198de40927d841639d54fe9f9930749c2f9adb71adf91682c`
SHA3	`c506a9cf195a34d5832cf34687fff01141cdc49a840312a505530cf2a15a89b2`
VirtualSize	`0xf6a68`
VirtualAddress	`0x1000`
SizeOfRawData	`0xf6c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.89083`

DATA

MD5	`cea09243ddfabba844812b5a311b6bab`
SHA1	`e91144a2ca30fad51a07b3b086e0e6edd4ff5cce`
SHA256	`0d42f528e43a52e126e24f2c5ba0b54116ae680883a8b4ff7f0cfc0b56b300ae`
SHA3	`09922c8e06d3765dc45619565a86ef2cfc17f30d066b11bddd39664acf82dd62`
VirtualSize	`0x234`
VirtualAddress	`0xf8000`
SizeOfRawData	`0x400`
PointerToRawData	`0xf7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.63873`

BSS

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xb25`
VirtualAddress	`0xf9000`
SizeOfRawData	`0`
PointerToRawData	`0xf7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`cd0b0483097666b23873ff6cf190d615`
SHA1	`bda0b590dccbdbfa1a4a5aa0fffe69da41296186`
SHA256	`af283f72c2c33be0e0816c8ae47ccaf56795b478d84fc9a1007cb271671fcff9`
SHA3	`ebf149e0d89ba5121443aefd9a17cef3f6a787a1d3c619ce1dbe0cbc35606120`
VirtualSize	`0x642`
VirtualAddress	`0xfa000`
SizeOfRawData	`0x800`
PointerToRawData	`0xf7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.08207`

.edata

MD5	`6ac4bcfb3db22414d8359f4bd52dd2c0`
SHA1	`6a19343addd76c94976fcb802680164ba87eafba`
SHA256	`dd8e096dea6862cad6ec7a6306e128472452ad107f4117eb13efff8818650cc0`
SHA3	`f10a7574dbc7344a452fe660b252b0b1794a7463b8b14b08cea3ec025eae4bfd`
VirtualSize	`0x2b8`
VirtualAddress	`0xfb000`
SizeOfRawData	`0x400`
PointerToRawData	`0xf7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`4.02964`

.reloc

MD5	`7dab4247b5afb374786c7becaa2c3459`
SHA1	`5f5f50383f7d7a9ebd0c8c8a033f3456bfc09884`
SHA256	`2673e277d2a07691d9e8998c25136de7b705562f14c50110ce2ceaeb56162a86`
SHA3	`39648961248d3bdcc5561898163b4e6fb26e70968aa1ff825bebe21c67370470`
VirtualSize	`0x6f0`
VirtualAddress	`0xfc000`
SizeOfRawData	`0x800`
PointerToRawData	`0xf8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`6.09241`

.rsrc

MD5	`65cbac422e3ba266a200d3ca5a6badc7`
SHA1	`5d3e8eb7d2baab99336783b45e356f18339afc3a`
SHA256	`2b25ea139c87999888fd48d6f3ee9307671f30209283a433040de1b791cd3e10`
SHA3	`38609c391109de3418daaa398c8d027ad5d43f00eba70595111731a46e175adc`
VirtualSize	`0x400`
VirtualAddress	`0xfd000`
SizeOfRawData	`0x400`
PointerToRawData	`0xf8800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`2.31962`

Imports

kernel32.dll	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetCurrentThreadId` `GetStartupInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
user32.dll	`GetKeyboardType` `MessageBoxA`
advapi32.dll	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
oleaut32.dll	`SysFreeString` `SysReAllocStringLen` `SysAllocStringLen`
kernel32.dll (#2)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetCurrentThreadId` `GetStartupInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
kernel32.dll (#3)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetCurrentThreadId` `GetStartupInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
user32.dll (#2)	`GetKeyboardType` `MessageBoxA`

Delayed Imports

Sutosare

Ordinal	`1`
Address	`0xee844`

Lohocucisokep

Ordinal	`2`
Address	`0xee7b8`

Rotukora

Ordinal	`3`
Address	`0xee740`

Lurek

Ordinal	`4`
Address	`0xee6b0`

Fotonatako

Ordinal	`5`
Address	`0xee5a4`

Balosatubigit

Ordinal	`6`
Address	`0xee504`

Rebahemo

Ordinal	`7`
Address	`0xee438`

Godupegokata

Ordinal	`8`
Address	`0xee3c0`

Fetolem

Ordinal	`9`
Address	`0xee360`

Demunahek

Ordinal	`10`
Address	`0xee2d0`

Belopiraduku

Ordinal	`11`
Address	`0xee244`

Dakaca

Ordinal	`12`
Address	`0xee180`

Tamupot

Ordinal	`13`
Address	`0xee128`

Penalaloranam

Ordinal	`14`
Address	`0xee0b8`

Femeki

Ordinal	`15`
Address	`0xedfe8`

Pikadafe

Ordinal	`16`
Address	`0xedf48`

Kekekadomer

Ordinal	`17`
Address	`0xedef4`

Petog

Ordinal	`18`
Address	`0xedc7c`

Gudenocagilu

Ordinal	`19`
Address	`0xedbe4`

Polocurigata

Ordinal	`20`
Address	`0xee62c`

Lulir

Ordinal	`21`
Address	`0xede50`

Besedure

Ordinal	`22`
Address	`0xedddc`

Matipi

Ordinal	`23`
Address	`0xedd60`

Ninudisopopi

Ordinal	`24`
Address	`0xee918`

Hohahak

Ordinal	`25`
Address	`0xeea18`

Bepaganecop

Ordinal	`26`
Address	`0xef168`

Mohalem

Ordinal	`27`
Address	`0xf0f2c`

Sihicele

Ordinal	`28`
Address	`0xf1800`

Ranehodagitoh

Ordinal	`29`
Address	`0xf2588`

Fagofunaha

Ordinal	`30`
Address	`0xf47bc`

Limitobehaci

Ordinal	`31`
Address	`0xf5e80`

Lobakof

Ordinal	`32`
Address	`0xf6314`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2019-Oct-10 09:55:28
Entropy	`4`
MD5	`d8090aba7197fbf9c7e2631c750965a8`
SHA1	`04f73efb0801b18f6984b14cd057fb56519cd31b`
SHA256	`88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610`
SHA3	`a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x50`
TimeDateStamp	2019-Oct-10 09:55:28
Entropy	`4.39499`
MD5	`e5443dbc0d03cfdcad77e7b5e076a6a6`
SHA1	`d2046a8c6a56eee483631513630da0a98a6fce17`
SHA256	`aa38381d7e98cecd41e22b835948e732d99478219f4bfdaf4004c085332a4f14`
SHA3	`76d9be8270e1cd818cd03e179676af36ea3a7e7ecdcb0ef84d4e55dd6f41f34c`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x104`
TimeDateStamp	2019-Oct-10 09:55:28
Entropy	`2.80415`
MD5	`bacfe2839759b63a2bbe141a4be4dde8`
SHA1	`201aff2d59beb51760a6b408d0e7a306533747f4`
SHA256	`e100aa33b9fa42d5fc18017e056b2dbc601c389bb80a47c41a4d8afb9e0c4f15`
SHA3	`2ea8e77e6741cf67bf62b06f90f938154aaca6defb9c59221a41c5a29a2bee8e`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.4.2
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileVersion (#2)	4.2

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0!