Manalyze report for 37927581e42ead19b24f0340a6f0953cd50431ec7b42b0d23511391a94172f7d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Mar-31 15:55:27
Detected languages	English - United States
Debug artifacts	c:\totalcmd\tcrun64.pdb

Plugin Output

Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Code injection capabilities: WriteProcessMemory VirtualAllocEx CreateRemoteThread` `Possibly launches other programs: CreateProcessW` `Manipulates other processes: WriteProcessMemory`
Malicious	VirusTotal score: 14/72 (Scanned on 2026-04-09 04:34:49)	`CrowdStrike: win/grayware_confidence_100% (W)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win32/HackTool.Crack.OA potentially unsafe application` `Gridinsoft: Trojan.Win64.Downloader.sa` `K7AntiVirus: Unwanted-Program ( 006d59631 )` `K7GW: Unwanted-Program ( 006d59631 )` `Kingsoft: Win32.Riskware.Crack.f` `Malwarebytes: Generic.Malware/Suspicious` `MaxSecure: Trojan.Malware.8328611.susgen` `Sophos: Generic Reputation PUA (PUA)` `Trapmine: malicious.moderate.ml.score` `TrellixENS: Artemis!184854FF2A18` `Zillya: Trojan.Inject.Win32.321098` `alibabacloud: HackTool:Win/Crack.OM`

Hashes

MD5	`184854ff2a1802d5a638bc30a70e5c85`
SHA1	`96a6f273490a2660cfcc0886abc9aa66c5231a00`
SHA256	`37927581e42ead19b24f0340a6f0953cd50431ec7b42b0d23511391a94172f7d`
SHA3	`b5e1bf92ce9d32a42d3d2401dd12198d2973e302b56ce82a66d9ec01755aa11a`
SSDeep	`3072:l5kST1746qA3FqTrPabnCkMHLV1MOCAFuLKoxp:LB7bVqTjabKVl/e`
Imports Hash	`00aa25f1abe8965cb07c0681d1a005eb`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2021-Mar-31 15:55:27
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xda00`
SizeOfInitializedData	`0x14a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000177C (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x26000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`913db13b4562c1fa1aed1be0582b0475`
SHA1	`afdf5bc802a61bb1e062c37a7d1dc6562c01d224`
SHA256	`5787fc7c6cf013fbeb70f5dfc5735f13d4f474d870d0c4bae8ce1aab70e9f36e`
SHA3	`fa9c678aea5d20d492d5a017a848aeae7f66a49775eb1d1773ee01864803c9be`
VirtualSize	`0xd9f0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xda00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.44283`

.rdata

MD5	`4c011cf50f11211de2b7ad23fb953f21`
SHA1	`8e2cd45d94cd3ff4cdb8b7d0b68571945d1ed440`
SHA256	`db9c8a00ac1fd31b8f0c604537804e40e58a3394be9b62e01bb1e9a320b634c1`
SHA3	`e2bb172148131253522de3715d34cd9a97588d97383ca597c46b3a8626c6a8e6`
VirtualSize	`0x93d2`
VirtualAddress	`0xf000`
SizeOfRawData	`0x9400`
PointerToRawData	`0xde00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7458`

.data

MD5	`c8fd10f2f0da5d7b7a6eee3917a03033`
SHA1	`30e5f4bdf1b5ff089172cefc1a32d34d31728af1`
SHA256	`27876a3c5b3a3871696af6295cf5dcc295a9a76eefa8f8c0f42fc60100f6e9ec`
SHA3	`a6056ebccd5448c717c30d1617796419cbb329e44b179a52dd2c23369fe0211d`
VirtualSize	`0x1d20`
VirtualAddress	`0x19000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x17200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.71671`

.pdata

MD5	`88536be7d7d712ea01de4d1ccb77d660`
SHA1	`2f6c65b710e744024c434c2ea8b1d27d39537575`
SHA256	`6a0b009aefed3f6c37b11f7748428653f25ee295fff20f6a5e13d9ab88a5d01c`
SHA3	`cb52c59d11f2bfabaa7298c1ad45ea1417c4b324573b5f27ba5acddbef80776d`
VirtualSize	`0xe94`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x17e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.54797`

_RDATA

MD5	`ef2ea9b35744ab9492a02d4278091216`
SHA1	`c58e71ef6d6c2ec3ebb3f607486e71d8e6cd1d71`
SHA256	`73581fa3b41ddc6e8930ab023664171008d9a2dc26e088275972315d735c51ee`
SHA3	`4128f9fb6151b6b6d4b12955d8eed8998b43ec3875b4778fff71e7b79dcd61ea`
VirtualSize	`0x94`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x18e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.07276`

.rsrc

MD5	`7b1751349dfcc5117aa0347ce7059fdc`
SHA1	`68f61fcbcac1f7f6d40ab0c6cc0796cf3add6d40`
SHA256	`52cba9ece95035ec1daca64d2afa284c41633e00ffb5fdc4366c83065fc1140b`
SHA3	`c3c644eb639a69a96fca44c630c22182ae47e96ae7d9e2ecf5cc7203a2e64610`
VirtualSize	`0x7c58`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x7e00`
PointerToRawData	`0x19000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.03676`

.reloc

MD5	`b37702f9669f91517d7f04591584007d`
SHA1	`76dcd76cb3543c9d0840b233c79f0d323d835ffb`
SHA256	`6e94ee02c09b084ab4730684378909dc72d10cdb1f5353933a0e24dc479e1156`
SHA3	`b41b2cca10bf1644b279811315ac1ac1d885d3ffe3dcce6f7839eff6cb7c83d2`
VirtualSize	`0x640`
VirtualAddress	`0x25000`
SizeOfRawData	`0x800`
PointerToRawData	`0x20e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.80111`

Imports

KERNEL32.dll	`WriteProcessMemory` `GetModuleFileNameW` `GetEnvironmentVariableW` `ResumeThread` `CloseHandle` `GetProcAddress` `VirtualAllocEx` `CreateProcessW` `GetModuleHandleW` `CreateRemoteThread` `WriteConsoleW` `SetEndOfFile` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `RtlUnwindEx` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `RaiseException` `ReadFile` `GetFileAttributesExW` `GetStdHandle` `WriteFile` `ExitProcess` `GetModuleHandleExW` `SetFilePointerEx` `GetConsoleMode` `ReadConsoleW` `GetFileType` `HeapFree` `HeapAlloc` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetStringTypeW` `LCMapStringW` `GetProcessHeap` `FlushFileBuffers` `GetConsoleCP` `CreateFileW` `HeapSize` `HeapReAlloc`
USER32.dll	`MessageBoxW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58179`
MD5	`7ca91b741c8cce5f5c06d9c5d9454b8f`
SHA1	`6910424d558f67032758a9cfd70e0943ed8983b3`
SHA256	`c10af49e85b96d03f00e8d3739caed9733004cafa11857fdc6d2a774cd6cfec4`
SHA3	`5a819e31de226547982aa9b8f6011556f5e7d2de9398bf20e917190109e4c71e`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44692`
MD5	`1b911a43426aa9fe867aac293d1cf314`
SHA1	`df9e766f32773ae076589c7d40cfb8d8f0b5410c`
SHA256	`e460a65a4816481797ab57f2d0cb843d96e747d22874d8805e8c6d90391d222d`
SHA3	`7584b9f3e69b081a3a3cad15b5e7bc5bbc1326c6a5fa7211b7a7760dce188d3e`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89989`
MD5	`194d1841e1707b080cb6e48113bd5879`
SHA1	`e60c3ad4ccfff524b69a7ab7bb1c3139a7dfb63b`
SHA256	`b5ae2ed902a2aef02416b9677e8f445e62bbfa4289e190cabf2d02046315e4fc`
SHA3	`a9b7188e0f5e4ce038c6a8d54d3724258210ce1d39944563e2ddd50edd33fa97`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.54731`
MD5	`56f75461576f3b2e2c48423cb3f98fcc`
SHA1	`7d71a6f131b7f0b719c64d0109611d1ff5b00e2c`
SHA256	`c7473facecdc1d9fdda0fa03c2cedeb53a3f6f3154dc8fc9da39a907dc961ee2`
SHA3	`58c981fc3f1d258369bebad238f389f07976f5bbf6c5326e3474b47c8bd8b7aa`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02022`
MD5	`00bddd84863397557d23cb83c2775006`
SHA1	`aedcf82087ee6a6e36f256ee632089dc70ff6541`
SHA256	`b88576af83e4026b92a1543ab22b5ddac197a2bce10259bbf8af7f1bdcfeb44b`
SHA3	`e647973e8f63e3dcfa3775a8437a88d3b0c34c0fb7b283104a488361b9ab9a8f`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.20731`
MD5	`d53c1d41525977cb9e4cc3dd23c52e47`
SHA1	`ccd5d2a0eb771803bcc1df6bd90fef8caf4cb4f4`
SHA256	`c943ac2a01c9d3a9d1eb0ac491d4fbc25c1a966c461c3fda355d1957e4015078`
SHA3	`d23550cc98b8f256364293add215d761b92a5653e76cc0c6dce09f4e2c4eac61`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.52177`
MD5	`2c63fe8defde9950504ef22ba32e2c1f`
SHA1	`e2b87e8ea4fab978029f68499fe9d6246316b9be`
SHA256	`8d619904e3deb974b146175392023df8dd2f8489e7cdc1743c4163fef591daf3`
SHA3	`1e2398e9a12445ba0e312e47ea02db7ab0f66833f6b31d9e510ed41715f8d569`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.42755`
MD5	`2e4ca299d92a51b5c4d1d0311ff83f32`
SHA1	`d6523a50e34af76bc4a0c3f0d203d22b3fb5e547`
SHA256	`f2fdf0b9baf7261f6c2478961dacc1fcc2d3a874638e0ce03ba399e74e19dd59`
SHA3	`db288bdd6f4aecb145e42bf71123cfc6250640b581a821aa150784bc9cbd72c0`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.40859`
MD5	`9c56cad32ee24609878788411621e473`
SHA1	`cd423904ade74e1e4da2c98422948c7bb9adb964`
SHA256	`20c9f6e7a0b7c24956e611def9bf04049e1377f432a4fe0188b17a3f090b63f4`
SHA3	`bf12ecf1b45ac6d07adb005e2f82cd2cb615d894bcafb350dd7b231e15bb948b`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.33093`
MD5	`dc6c5efde96acba6e08bf983af9d75b5`
SHA1	`c7421c878f712a48487b43f73d2f253c84f9ec95`
SHA256	`5ff8de3a2458e78037ec7d03420944d3eb25221a15f6bb0cbd15be3e2d021389`
SHA3	`a58230fdff0f6207be369659a40b1d50eeb26daa028123f69c3aeb593aa4e24e`

IDI_ICON1

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x92`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99258`
Detected Filetype	Icon file
MD5	`3d0707f3c0dfb1ed09c1c22cef8a6239`
SHA1	`fe76a52a4bfc954f024b34e9a792510c0950373e`
SHA256	`5a66a089792abe1565e4855df2a537bc4e65fe43a0916f30339f19f34887e453`
SHA3	`68be84529400120ebe43f82ddf49e6f1aabb2e1081230985b09d6cb9170bd094`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Mar-31 15:55:27
Version	`0.0`
SizeofData	`48`
AddressOfRawData	`0x16b00`
PointerToRawData	`0x15900`
Referenced File	c:\totalcmd\tcrun64.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-Mar-31 15:55:27
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x16b30`
PointerToRawData	`0x15930`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Mar-31 15:55:27
Version	`0.0`
SizeofData	`696`
AddressOfRawData	`0x16b44`
PointerToRawData	`0x15944`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2021-Mar-31 15:55:27
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140019008`

RICH Header

XOR Key	`0x2fb54470`
Unmarked objects	`0`
C objects (VS2017 v14.15 compiler 26715)	`10`
ASM objects (VS2017 v14.15 compiler 26715)	`5`
C++ objects (VS2017 v14.15 compiler 26715)	`147`
C++ objects (VS 2015/2017/2019 runtime 29118)	`37`
C objects (VS 2015/2017/2019 runtime 29118)	`17`
ASM objects (VS 2015/2017/2019 runtime 29118)	`9`
Imports (VS2017 v14.15 compiler 26715)	`5`
Total imports	`93`
C++ objects (LTCG) (VS2019 Update 8 (16.8.5-6) compiler 29337)	`1`
Resource objects (VS2019 Update 8 (16.8.5-6) compiler 29337)	`1`
151	`1`
Linker (VS2019 Update 8 (16.8.5-6) compiler 29337)	`1`

Errors

Leave a comment

No comments yet.