Manalyze report for 372f49f17098045fda4bede777e5945a77c62b1630c99a11d90373577e50aa2f

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Jun-25 15:51:13

Plugin Output

Malicious	The file headers were tampered with.	`The PE only has 0 import(s).` `The RICH header checksum is invalid.`
Malicious	VirusTotal score: 26/67 (Scanned on 2025-05-28 05:56:38)	`ALYac: Generic.Trojan.Loader.Marte.1.5253CBDB` `Alibaba: Trojan:Win32/CobaltStrike.46f2c882` `Arcabit: Generic.Trojan.Loader.Marte.1.5253CBDB` `BitDefender: Generic.Trojan.Loader.Marte.1.5253CBDB` `CTX: dll.trojan.cobaltstrike` `DeepInstinct: MALICIOUS` `DrWeb: BackDoor.Meterpreter.56` `Elastic: Windows.Trojan.Metasploit` `Emsisoft: Generic.Trojan.Loader.Marte.1.5253CBDB (B)` `Fortinet: W32/PossibleThreat` `GData: Generic.Trojan.Loader.Marte.1.5253CBDB` `Google: Detected` `Kaspersky: HEUR:Trojan.Win32.Generic` `Lionic: Trojan.Win32.Loader.4!c` `MicroWorld-eScan: Generic.Trojan.Loader.Marte.1.5253CBDB` `Microsoft: HackTool:Win64/Meterpreter!rfn` `Paloalto: generic.ml` `Rising: Trojan.CobaltStrike!8.EDF2 (CLOUD)` `SentinelOne: Static AI - Suspicious PE` `Sophos: ATK/Swrort-Y` `Symantec: Trojan.Gen.MBT` `VIPRE: Generic.Trojan.Loader.Marte.1.5253CBDB` `Varist: W64/ABTrojan.VGIA-0626` `Zillya: Trojan.CobaltStrike.Win32.9150` `ZoneAlarm: ATK/Swrort-Y` `alibabacloud: Trojan:Win/Wacapew.C9nj`

Hashes

MD5	`81a07f5c5994441aaa5d3408fb889fa8`
SHA1	`be1d324c44d075e10cb8e719b5e86497155ea628`
SHA256	`372f49f17098045fda4bede777e5945a77c62b1630c99a11d90373577e50aa2f`
SHA3	`f2517630ebada0346de05a307959a14b13764b66fc338c769764f22c60b6622e`
SSDeep	`384:EzviZTTlICmprEq/z3kwqtuBeJhx8VYSypnXz0XqEC2mdtNj6Lh2BN:gsTlapr70wqtu0JWM0aV2mdfuLMH`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x5241`
e_cp	`0x4855`
e_crlc	`0xe589`
e_cparhdr	`0x8348`
e_minalloc	`0x20ec`
e_maxalloc	`0x8348`
e_ss	`0xf0e4`
e_sp	`0xe8`
e_csum	`0`
e_ip	`0x5b00`
e_cs	`0x8148`
e_ovno	`0x18`
e_oemid	`0x3`
e_oeminfo	`0x8948`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2018-Jun-25 15:51:13
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`12.0`
SizeOfCode	`0x22000`
SizeOfInitializedData	`0x14c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000161EC (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x3a000`
SizeOfHeaders	`0x400`
Checksum	`0x33593`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x21e55`
VirtualAddress	`0x1000`
SizeOfRawData	`0x22000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xa2b4`
VirtualAddress	`0x23000`
SizeOfRawData	`0xa400`
PointerToRawData	`0x22400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x85e0`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x3800`
PointerToRawData	`0x2c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.pdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1998`
VirtualAddress	`0x37000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x30000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.reloc

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x608`
VirtualAddress	`0x39000`
SizeOfRawData	`0x800`
PointerToRawData	`0x31a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xb085b387`
Unmarked objects	`0`
C++ objects (20806)	`36`
C objects (20806)	`124`
ASM objects (20806)	`10`
135 (VS2008 SP1 build 30729)	`1`
Imports (VS2008 SP1 build 30729)	`17`
Total imports	`203`
C objects (VS2013 build 21005)	`30`
Exports (VS2013 build 21005)	`1`
Linker (VS2013 build 21005)	`1`

Errors

[!] Error: Could not read the IMAGE_IMPORT_DESCRIPTOR.
[!] Error: Could not read the IMAGE_EXPORT_DIRECTORY.
[!] Error: Could not read an IMAGE_BASE_RELOCATION!
[*] Warning: Error while reading the IMAGE_LOAD_CONFIG_DIRECTORY!
[*] Warning: Section .text is larger than the executable!
[*] Warning: Section .text is larger than the executable!
[*] Warning: Section .rdata is larger than the executable!
[*] Warning: Section .rdata is larger than the executable!
[*] Warning: Section .data is larger than the executable!
[*] Warning: Section .data is larger than the executable!
[*] Warning: Section .pdata is larger than the executable!
[*] Warning: Section .pdata is larger than the executable!
[*] Warning: Section .reloc is larger than the executable!
[*] Warning: Section .reloc is larger than the executable!
[*] Warning: Section .text is larger than the executable!
[*] Warning: Section .rdata is larger than the executable!
[*] Warning: Section .data is larger than the executable!
[*] Warning: Section .pdata is larger than the executable!
[*] Warning: Section .reloc is larger than the executable!

Leave a comment

No comments yet.