Manalyze report for 37cb37cd91e88fe1edfaac233fd39df6

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2024-Jul-16 21:33:57
Detected languages	English - United States
FileDescription	T-RanSom
FileVersion	`0.1.0.0`
InternalName	T-RanSom.exe
CompanyName
LegalCopyright
LegalTrademarks
OriginalFilename	T-RanSom.exe
ProductName	T-RanSom
ProductVersion	`0.1`
Comments

Plugin Output

Suspicious	VirusTotal score: 1/74 (Scanned on 2024-08-15 11:41:45)	`Bkav: W64.AIDetectMalware`

Hashes

MD5	`37cb37cd91e88fe1edfaac233fd39df6`
SHA1	`235845380881478d7c47940f1d58714cff5ab444`
SHA256	`1fb483effb7f62290c64d2b38477baad70a6e59f6fc45a3bd3baecc8281feaf7`
SHA3	`4b05e60aeef13b9aa7ca6e8530706447f5b2d18e2d3d4d7bfacf06df0d46254c`
SSDeep	`384:7u3uSZPibDwRQs1uNdHvnLXkKmN+gTcs740:72K4RH0SNkE40`
Imports Hash	`a9e79d0c6a02038952d8849ecea7bcac`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2024-Jul-16 21:33:57
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1e00`
SizeOfInitializedData	`0x2c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000002268 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d1a314a18927d4308c3a8b494127a11c`
SHA1	`74548721493915cecf9da60bee20d0c97e236c24`
SHA256	`294f36aa518adecef78194455f053103c8a6b50a17609b10c1064f341231472a`
SHA3	`c8993388280a85238e8359fc42a3047d74ebb07acb3c3a678c2765dfad7575e3`
VirtualSize	`0x1d7c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.93395`

.rdata

MD5	`2e39f9dc392cc4c2f30b711e6b638f15`
SHA1	`7489c11230ac4452e183fb3f8d0e5aa182207d29`
SHA256	`79912b54b95c7a4f0870497a794e55d563755c69243c0d4f8d3819e3ccf1fc62`
SHA3	`db7aefa5365af43063c83dab43569eab4bb8723f855fbdb27b6547d43640a96b`
VirtualSize	`0x19a4`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.54151`

.data

MD5	`85c2aebd011c5c1b37c1009def59c2b6`
SHA1	`e6f88330c0bc7698e3f5d77202242a6e10f6e321`
SHA256	`ab4f194dcbbaf38d8dca700fa10eee22d80c5463d8256b36eb72ed5f7126ba69`
SHA3	`a5818bd143f172ebe95ef85b8e270e51e0d1ae2330fd892938463b36527155ea`
VirtualSize	`0x680`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.53249`

.pdata

MD5	`8b0e4d9ffa750ab8747602dd88effcbe`
SHA1	`00f598bb0b315bd1f63fa81fda458a1b66cd6773`
SHA256	`b5ee991b5f48bfb491250c087f33590856ce898bd59aab7c089de4a641549d02`
SHA3	`695867a9da36289203f672ab334669153261fb84020ec07fcba9422f020d58ff`
VirtualSize	`0x24c`
VirtualAddress	`0x6000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.53746`

.rsrc

MD5	`c9c6e32824a642a7ef45a0865ac1c60f`
SHA1	`4fbb4767fb1fcb7e304c48dd1856fd3616b62366`
SHA256	`bff04e69c580625576190dedc5f2b8ceb1d41bd9a6d79b439ccf92b2f5a803ba`
SHA3	`a172ed75479670728796b969750ad2d046483701d0cff83e6f9e2db697b7bb71`
VirtualSize	`0x988`
VirtualAddress	`0x7000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x4200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.02827`

.reloc

MD5	`759115691133ffd1630e33e2abb39fd3`
SHA1	`fe3419cce78121e97fd40303417a105121fca77e`
SHA256	`d49ef0dc9038db0768d8879f4e6ed38649867e9763adee7de4b59c094b70f17c`
SHA3	`36c3cef1ff0c321aa861be34bda2a4e44feeb67144bb7bcb5cdf2db45fb20a37`
VirtualSize	`0x30`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.713773`

Imports

USER32.dll	`MessageBoxW` `MessageBoxA`
python39.dll	`PyObject_CallObject` `PyObject_Str` `PyMem_RawFree` `Py_Exit` `Py_SetPath` `PyImport_ImportModule` `PyErr_NormalizeException` `PySys_GetObject` `Py_NoSiteFlag` `PyMem_RawMalloc` `PyUnicode_FromString` `_Py_NoneStruct` `PyTuple_New` `PyExc_SystemExit` `Py_Finalize` `Py_SetProgramName` `PyMem_Free` `PyUnicode_Join` `_Py_Dealloc` `Py_Initialize` `PyErr_ExceptionMatches` `PyErr_Fetch` `PyLong_AsLong` `PyUnicode_AsWideCharString` `Py_FrozenFlag` `Py_IgnoreEnvironmentFlag` `PyObject_GetAttrString` `PySys_SetArgvEx` `PyUnicode_Format` `PyErr_Clear` `Py_DecodeLocale`
KERNEL32.dll	`GetSystemTimeAsFileTime` `GetModuleFileNameW` `LoadLibraryExW` `GetModuleHandleW` `GetStartupInfoW` `IsDebuggerPresent` `InitializeSListHead` `RtlCaptureContext` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `AddDllDirectory`
VCRUNTIME140.dll	`__current_exception_context` `__current_exception` `__C_specific_handler` `wcsrchr` `memcpy` `memset`
api-ms-win-crt-stdio-l1-1-0.dll	`fclose` `__p__commode` `fread` `_wfopen` `_set_fmode`
api-ms-win-crt-runtime-l1-1-0.dll	`_initialize_onexit_table` `terminate` `_register_onexit_function` `_c_exit` `_cexit` `_exit` `exit` `_initterm_e` `_initterm` `_get_wide_winmain_command_line` `_initialize_wide_environment` `_configure_wide_argv` `_crt_atexit` `_set_app_type` `_seh_filter_exe` `__p___wargv` `_register_thread_local_exe_atexit_callback` `__p___argc`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode`

Delayed Imports

1

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x9c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.70641`
MD5	`4be6c4289ea6ce3e517d4aafb0a58e3b`
SHA1	`c7a0a60a863809ebebd3038586e7f18d0bd9934b`
SHA256	`454df595fa0830fb675eecdd7cdfdea28976d9c33fe5b303300d06fbfadbf6eb`
SHA3	`0902089b3d53bb1928d5d93ad7d106ab1d620ae2a9862b4b56cf1273ac51abcc`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2bc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.20751`
MD5	`775c851d7179ec5e51564ae5de96d8fb`
SHA1	`e8cfb9c4ced46da88ada041840ed10cd990b54f4`
SHA256	`83225bad9f45424d15c0e9264ba083dbba745b100a467fdcfa7c7b36e47e1abe`
SHA3	`cc025dea26410e342e01cbdcdb335044b929915fa564a949d97dd24528b1032a`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x545`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25824`
MD5	`7ef51f60309aa7899efdfed89aa1ad6f`
SHA1	`264a1f51d8f3ac1aeaf37369038f97f24c48b52c`
SHA256	`13160d8e413f8a06f47aec8b20edc6ea5d63b63190f77ae9a1ec1bed7195da79`
SHA3	`1703fb9fa22fef65c6d90d8634f5f13be70b4e181cebba09710acd59ce832e29`

String Table contents

Just to ensure that buggy EndUpdateResource doesn't fall over.

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.1.0.0
ProductVersion	0.1.0.0
FileFlags	`VS_FF_DEBUG`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileDescription	T-RanSom
FileVersion (#2)	0.1.0.0
InternalName	T-RanSom.exe
CompanyName
LegalCopyright
LegalTrademarks
OriginalFilename	T-RanSom.exe
ProductName	T-RanSom
ProductVersion (#2)	0.1
Comments

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Jul-16 21:33:57
Version	`0.0`
SizeofData	`644`
AddressOfRawData	`0x3a70`
PointerToRawData	`0x2c70`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140005000`

RICH Header

XOR Key	`0x44deb455`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
Imports (33731)	`2`
ASM objects (33731)	`4`
C objects (33731)	`10`
C++ objects (33731)	`19`
Imports (VS2019 Update 11 (16.11.11) compiler 30141)	`2`
Imports (30795)	`5`
Total imports	`90`
C objects (LTCG) (33811)	`1`
Resource objects (33811)	`1`
Linker (33811)	`1`

37cb37cd91e88fe1edfaac233fd39df6

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

1 (#3)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors