Manalyze report for 327d8070a583bdecc349275b1f018dce

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2009-Feb-20 18:25:11
Detected languages	English - United States
CompanyName	Bitvise Limited
FileDescription	Bitvise SSH Server Sfs Dll
FileVersion	`8.35.0.0`
InternalName	SfsDll
LegalCopyright	Copyright (C) 2000-2019 by Bitvise Limited.
OriginalFilename	SfsDll32.dll
ProductName	Bitvise SSH Server
ProductVersion	`8.35`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExW`
Malicious	VirusTotal score: 29/62 (Scanned on 2020-05-29 01:08:18)	`MicroWorld-eScan: Trojan.GenericKD.33913836` `FireEye: Trojan.GenericKD.33913836` `ALYac: Trojan.GenericKD.33913836` `VIPRE: Trojan.Win32.Generic!BT` `Alibaba: Trojan:Win32/Fsysna.b86b52de` `K7GW: Trojan ( 005678001 )` `K7AntiVirus: Trojan ( 005678001 )` `Arcabit: Trojan.Generic.D2057BEC` `TrendMicro: TROJ_FRS.VSNTES20` `BitDefenderTheta: Gen:NN.ZedlaF.34122.lu8@aGEGUhmi` `Symantec: Trojan.Gen.2` `ESET-NOD32: a variant of Win32/Agent.ABZC` `APEX: Malicious` `Paloalto: generic.ml` `Kaspersky: Trojan.Win32.Fsysna.gleo` `BitDefender: Trojan.GenericKD.33913836` `AegisLab: Trojan.Win32.Fsysna.4!c` `Ad-Aware: Trojan.GenericKD.33913836` `Emsisoft: Trojan.GenericKD.33913836 (B)` `Sophos: Mal/Generic-S` `Ikarus: Trojan.Win32.Agent` `GData: Trojan.GenericKD.33913836` `Avira: TR/Agent.qhvpq` `ZoneAlarm: Trojan.Win32.Fsysna.gleo` `MAX: malware (ai score=100)` `TrendMicro-HouseCall: TROJ_FRS.VSNTES20` `Rising: Trojan.Agent!8.B1E (CLOUD)` `Fortinet: W32/Fsysna.ABZC!tr` `Panda: Trj/GdSda.A`

Hashes

MD5	`327d8070a583bdecc349275b1f018dce`
SHA1	`df51b04b69db55597878c781397fa25cbb69b9a9`
SHA256	`65433fd59c87acb8d55ea4f90a47e07fea86222795d015fe03fba18717700849`
SHA3	`cd4ffa8a7396698018ae33b260c80414e2a76bef83b385a31d053fe7af33c82b`
SSDeep	`3072:PcfkItxVUjuCgpTt7ajoj3i3ar4iDojDcYSG/kvCjDioRng2w86:PAtWuC2TojUWiDMzM0DiagM6`
Imports Hash	`e4a2f2cc98c309bc31fa68ca9c1895b6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2009-Feb-20 18:25:11
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xf800`
SizeOfInitializedData	`0x1d200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000024FE (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x11000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x31000`
SizeOfHeaders	`0x400`
Checksum	`0x30fec`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9d69334eba703934f0ac7c9f09fc4420`
SHA1	`61aad140d89a92c5199024ca80b3cf76da429b71`
SHA256	`0e86ace17c5c3945f79f9a87bde3dfb604c52a58e3241e7edce4fe8c4efd7033`
SHA3	`9511fc7563fff3c9d7065552ba1d44809587f4b9e66911c62c4083683122b15a`
VirtualSize	`0xf716`
VirtualAddress	`0x1000`
SizeOfRawData	`0xf800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.6739`

.rdata

MD5	`8a571af69077815d9cd13eed5b1bb0d9`
SHA1	`c8799505db6621e15522a56cf6abedea0a732f33`
SHA256	`1c1d7c3ee5ee446701254c819a7d3cb407e7ad09db8e61e1dd732dc546c963f9`
SHA3	`adbe40f8072b4e7b5a8f58fb55206a172d65dbc502a18351e4e5ebd48b49df2b`
VirtualSize	`0x62e2`
VirtualAddress	`0x11000`
SizeOfRawData	`0x6400`
PointerToRawData	`0xfc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.96595`

.data

MD5	`db3ad665816fea2e5cb06fabc2100071`
SHA1	`c69ba51ef01153ea7cc85dbf7038117dc48e8f34`
SHA256	`bfb0b394d761e320e7764681d0afa9711a5e17821eb08d3f35aa854ce149cce1`
SHA3	`6810e630fc6e9f54ce8275e93a1caeab40170d0873388c0df6673b687b54af8d`
VirtualSize	`0x154fc`
VirtualAddress	`0x18000`
SizeOfRawData	`0x14c00`
PointerToRawData	`0x16000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.63328`

.rsrc

MD5	`dd66bb8cc0d988e7a22a0f2f87b9a259`
SHA1	`87bcc56be1199ec17240a319e2615e601d1d73cd`
SHA256	`af9d8eb8686e7137858b055226e74b9c480e0ce33d5a77b43a3974408aa1016b`
SHA3	`1b19c2b4756d0becf2c8fc1c4d86c1d62558641d68176d7b52ace214c0a366cc`
VirtualSize	`0x5b8`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x600`
PointerToRawData	`0x2ac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.97548`

.reloc

MD5	`5cfd28a25d4fc37e1c098286098eb905`
SHA1	`9f840f02406ca43b1e6710e36caa7afbd482db3e`
SHA256	`219129104666176207e63f484a926939314da01df0d0568b95876d493cdbbf1c`
SHA3	`1b1363ea72ed90e895e4dae02373f5b5289943014890851f6962fae245ba0374`
VirtualSize	`0x104c`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x2b200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.24809`

Imports

KERNEL32.dll	`Sleep` `LoadLibraryA` `GetProcAddress` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetCurrentProcess` `TerminateProcess` `RtlUnwind` `RaiseException` `InterlockedFlushSList` `GetLastError` `SetLastError` `EncodePointer` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `ExitProcess` `GetModuleHandleExW` `GetModuleFileNameA` `MultiByteToWideChar` `WideCharToMultiByte` `HeapFree` `CloseHandle` `WriteFile` `GetConsoleCP` `GetConsoleMode` `HeapAlloc` `LCMapStringW` `FindClose` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetProcessHeap` `GetStdHandle` `GetFileType` `GetStringTypeW` `CreateFileW` `SetStdHandle` `FlushFileBuffers` `SetFilePointerEx` `WriteConsoleW` `HeapSize` `HeapReAlloc` `SetEndOfFile` `ReadFile` `ReadConsoleW` `DecodePointer`

Delayed Imports

BuildCommDCBAndTimeoutsA02

Ordinal	`1`
Address	`0x52a9`

CancelSynchronousIo0D

Ordinal	`2`
Address	`0x2558`

CreateDirectoryExA05

Ordinal	`3`
Address	`0x5a22`

CreateDirectoryExW1B

Ordinal	`4`
Address	`0x1dde`

CreateFileMappingNumaA0B

Ordinal	`5`
Address	`0x5695`

DefMDIChildProcW07

Ordinal	`6`
Address	`0x62fa`

DrawIconEx12

Ordinal	`7`
Address	`0x3c0f`

GetConsoleOriginalTitleW00

Ordinal	`8`
Address	`0x3670`

GetCurrencyFormatA09

Ordinal	`9`
Address	`0x2586`

GetMenuBarInfo0C

Ordinal	`10`
Address	`0x3a58`

GetNumaNodeNumberFromHandle10

Ordinal	`11`
Address	`0x2533`

GetSystemDefaultLCID0A

Ordinal	`12`
Address	`0x4942`

GetUserDefaultLCID04

Ordinal	`13`
Address	`0x5601`

IsZoomed19

Ordinal	`14`
Address	`0x2785`

OpenPrivateNamespaceW06

Ordinal	`15`
Address	`0x1714`

PowerSetRequest08

Ordinal	`16`
Address	`0x966b`

QueryInformationJobObject15

Ordinal	`17`
Address	`0x52a3`

SHRegSetPathW17

Ordinal	`18`
Address	`0x90fe`

SetDlgItemInt03

Ordinal	`19`
Address	`0x4db3`

SetDlgItemTextW16

Ordinal	`20`
Address	`0x5386`

SetMenuContextHelpId11

Ordinal	`21`
Address	`0x8e67`

SetUserGeoID1C

Ordinal	`22`
Address	`0x1da1`

SfsDllFree

Ordinal	`23`
Address	`0x2539`

SfsDllInitialize

Ordinal	`24`
Address	`0x3f06`

SfsDllIssue

Ordinal	`25`
Address	`0x5ca9`

SfsDllVersion

Ordinal	`26`
Address	`0x500d`

StrDupW1A

Ordinal	`27`
Address	`0xa06a`

StrFormatByteSize64A0E

Ordinal	`28`
Address	`0x53f5`

StrFormatKBSizeA01

Ordinal	`29`
Address	`0x3834`

UpdateLayeredWindowIndirect14

Ordinal	`30`
Address	`0x471c`

UrlApplySchemeW13

Ordinal	`31`
Address	`0x906f`

UrlCombineW0F

Ordinal	`32`
Address	`0x102d`

wsprintfW18

Ordinal	`33`
Address	`0x9961`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x398`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38298`
MD5	`c9aaee6c77f478f88197ef920f5ea24b`
SHA1	`3ced6bbf315d53be13d8dd27a170a8e4ba74af2d`
SHA256	`84baebbf3868f990af5442f7108a4bd6511c354c13268f9ebb529048e7092a96`
SHA3	`3bb775cae323f32ff884a7c17c2cc11e1f900f052b1bc877f6badd1906e6cb13`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	8.35.0.0
ProductVersion	8.35.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Bitvise Limited
FileDescription	Bitvise SSH Server Sfs Dll
FileVersion (#2)	8.35.0.0
InternalName	SfsDll
LegalCopyright	Copyright (C) 2000-2019 by Bitvise Limited.
OriginalFilename	SfsDll32.dll
ProductName	Bitvise SSH Server
ProductVersion (#2)	8.35

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2009-Feb-20 18:25:11
Version	`0.0`
SizeofData	`664`
AddressOfRawData	`0x15f7c`
PointerToRawData	`0x14b7c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2020-May-25 01:31:19
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x10018014`
SEHandlerTable	`0x10015f60`
SEHandlerCount	`7`

RICH Header

XOR Key	`0x8c0deecf`
Unmarked objects	`0`
241 (40116)	`10`
243 (40116)	`129`
242 (40116)	`24`
C objects (VS 2015/2017 runtime 26706)	`15`
ASM objects (VS 2015/2017 runtime 26706)	`19`
C++ objects (VS 2015/2017 runtime 26706)	`32`
Imports (65501)	`3`
Total imports	`89`
265 (VS2017 v15.9.16-18 compiler 27034)	`1`
Exports (VS2017 v15.9.16-18 compiler 27034)	`1`
Resource objects (VS2017 v15.9.16-18 compiler 27034)	`1`
151	`1`
Linker (VS2017 v15.9.16-18 compiler 27034)	`1`

327d8070a583bdecc349275b1f018dce

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

BuildCommDCBAndTimeoutsA02

CancelSynchronousIo0D

CreateDirectoryExA05

CreateDirectoryExW1B

CreateFileMappingNumaA0B

DefMDIChildProcW07

DrawIconEx12

GetConsoleOriginalTitleW00

GetCurrencyFormatA09

GetMenuBarInfo0C

GetNumaNodeNumberFromHandle10

GetSystemDefaultLCID0A

GetUserDefaultLCID04

IsZoomed19

OpenPrivateNamespaceW06

PowerSetRequest08

QueryInformationJobObject15

SHRegSetPathW17

SetDlgItemInt03

SetDlgItemTextW16

SetMenuContextHelpId11

SetUserGeoID1C

SfsDllFree

SfsDllInitialize

SfsDllIssue

SfsDllVersion

StrDupW1A

StrFormatByteSize64A0E

StrFormatKBSizeA01

UpdateLayeredWindowIndirect14

UrlApplySchemeW13

UrlCombineW0F

wsprintfW18

1

2

Version Info

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors