Manalyze report for 45051225e4e19832bdab5c82f2b4eccb

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Mar-30 21:11:41

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX v2.0 -> Markus, Laszlo & Reiser (h)` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `The PE only has 9 import(s).`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Uses Microsoft's cryptographic API: CryptGenRandom` `Can take screenshots: BitBlt GetDC`
Info	The PE's resources present abnormal characteristics.	`Resource 102 is possibly compressed or encrypted.` `Resource 105 is possibly compressed or encrypted.` `Resource 106 is possibly compressed or encrypted.` `Resource 107 is possibly compressed or encrypted.` `Resource 108 is possibly compressed or encrypted.` `Resource 111 is possibly compressed or encrypted.` `Resource 112 is possibly compressed or encrypted.` `Resource 113 is possibly compressed or encrypted.` `Resource 115 is possibly compressed or encrypted.` `Resource 101 is possibly compressed or encrypted.`
Malicious	VirusTotal score: 49/71 (Scanned on 2024-04-26 21:14:37)	`ALYac: Misc.Keygen` `APEX: Malicious` `AVG: Win32:MiscX-gen [PUP]` `AhnLab-V3: Unwanted/Win32.KeyGen.R280659` `Antiy-AVL: GrayWare/Win32.Presenoker` `Arcabit: Trojan.Application.Keygen.22` `Avast: Win32:MiscX-gen [PUP]` `BitDefender: Gen:Variant.Application.Keygen.22` `BitDefenderTheta: Gen:NN.ZexaF.36804.ImGfaW4oWWoG` `Bkav: W32.Common.57A60A11` `CAT-QuickHeal: Trojan.Fuerboos` `Cylance: unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of Win32/Keygen.ADF potentially unsafe` `Elastic: malicious (moderate confidence)` `Emsisoft: Gen:Variant.Application.Keygen.22 (B)` `FireEye: Generic.mg.45051225e4e19832` `Fortinet: Riskware/KeyGen` `GData: Gen:Variant.Application.Keygen.22` `Google: Detected` `Gridinsoft: Trojan.Win32.Agent.dg` `Ikarus: Trojan.Win32.Agent` `Jiangmin: Trojan.PE.er` `K7AntiVirus: Unwanted-Program ( 005329e01 )` `K7GW: Unwanted-Program ( 005329e01 )` `Lionic: Trojan.Win32.Generic.4!c` `MAX: malware (ai score=100)` `Malwarebytes: Generic.Malware.AI.DDS` `MaxSecure: Trojan.Malware.241378900.susgen` `McAfee: RDN/Generic PUP.z` `MicroWorld-eScan: Gen:Variant.Application.Keygen.22` `Microsoft: HackTool:Win32/Keygen` `NANO-Antivirus: Trojan.Win32.Kryptik.htfnpi` `Paloalto: generic.ml` `Panda: PUP/Hacktool` `Rising: Trojan.Tiggre!8.ED98 (CLOUD)` `SUPERAntiSpyware: Hack.Tool/Gen-KeyGen` `Skyhigh: BehavesLike.Win32.Generic.hc` `Sophos: Generic Reputation PUA (PUA)` `Symantec: PUA.Keygen` `TrendMicro: PUA.Win32.KeyGen.CRRM` `TrendMicro-HouseCall: PUA.Win32.KeyGen.CRRM` `VIPRE: Gen:Variant.Application.Keygen.22` `Varist: W32/ABTrojan.GQWI-4961` `Webroot: W32.Trojan.Gen` `Xcitium: Malware@#15oxy75hbjv7n` `Yandex: Trojan.Igent.bRVtlK.1` `Zillya: Trojan.Keygen.Win32.110`

Hashes

MD5	`45051225e4e19832bdab5c82f2b4eccb`
SHA1	`0b8db6591161e5d00b2ef521dd062bf59ac49d63`
SHA256	`586612d325f9d2d219dc0dfaa8ccdc38f73b13bccaf1157cb191580decea3539`
SHA3	`ae7f9a77f14eca07345dd4bf6c2554affc7b3d1766f47c768eebacd2f313bc81`
SSDeep	`12288:R4sWe/ZY0q9HV1+TgcB0UasIlXQCkpkHTrlpJ9fUvu4vSoS:RVWuYLNODOjNg0TvV+`
Imports Hash	`ad0aa93d067e6e21dc2475bf680b49a3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2019-Mar-30 21:11:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x89000`
SizeOfInitializedData	`0x3000`
SizeOfUninitializedData	`0x1a6000`
AddressOfEntryPoint	`0x0022F020 (Section: UPX1)`
BaseOfCode	`0x1a7000`
BaseOfData	`0x230000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x233000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1a6000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`91a4ed11102d7088f2b3dd5f017f6251`
SHA1	`3061ce08b4cf7c277d18741b2c434e902f7a9b9b`
SHA256	`2832289c36c5258607abb4f2301efcd4bdf71f90c11b9a20f664656b6c02d3ae`
SHA3	`6e916eaffac0ca61fe05d127a2656e4063b5b9eab7fbcc36b6c6d90a3557eda8`
VirtualSize	`0x89000`
VirtualAddress	`0x1a7000`
SizeOfRawData	`0x88e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99913`

.rsrc

MD5	`0345b63a9d11807965921cf1cd85f5bb`
SHA1	`a4789b313568c2ee3aa2d9ec654f2fbf6ecf479a`
SHA256	`d25789e101487c7c6c1af4ced6a02f475ffd77c5e9ac5069c2145508d02a3e21`
SHA3	`5f58b8039da6c8fa823fab839d4b60b8aa52b927eac2d71ea6b2a3e27ad3e94e`
VirtualSize	`0x3000`
VirtualAddress	`0x230000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x89200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.85871`

Imports

ADVAPI32.dll	`CryptGenRandom`
GDI32.dll	`BitBlt`
KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`
SHELL32.dll	`SHBrowseForFolderA`
USER32.dll	`GetDC`
WINMM.dll	`waveOutOpen`

Delayed Imports

102

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x293aa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.9989`
MD5	`3543a8cad7bd956f41e687f7f5821186`
SHA1	`7e7a1a52aeb3639d56df145cfa0475057ade0e92`
SHA256	`42fa63cca91f99b9c947a6db3f60acb6fa1d27774cc50d2b01e7a33a5a340e20`
SHA3	`f84beecc8763b489b19986a14c62eab732f6f6d0af443e5f17eb983ac43c5737`
Preview

105

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xf08`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94699`
MD5	`49f88fdc45288d8641abfa55e10da671`
SHA1	`d2fe2ee3a94b0a5b6e310d517dcb6fc5d53c4561`
SHA256	`c337ca8b4643d95149f7f4746cdc29e042a53a9c9505e6458c2c25d6409ec881`
SHA3	`58ba8c640653f93751d85a6964363e201e5cbc5eba131026cda683be063a4fc7`
Preview

106

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xf06`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94395`
MD5	`87132e5f82c28cb0db934975ff167c43`
SHA1	`57ef128c90b3c3794cd8cf7bc930566950d99e46`
SHA256	`e5befb177695e0e74391b060157519ae87018e9fc348bf2211bc4736bc4a98a9`
SHA3	`a10a368cddd694d9126e8add2235d1ec7d524d38ed09afee71df18f21fd7c8b6`
Preview

107

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xf08`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95245`
MD5	`ffd78e61ed503b2eee612adb8f962d31`
SHA1	`063d713ca695fc25067d9ff76e096f8ad5c9df35`
SHA256	`439542f163c661b601ee2a3e2f2780b7c54f79ca8bca5bf32d0ed31cf02472c4`
SHA3	`85e9001295cf90565ab67909f10d374a68e93a1fb2fdaf74463afb49fb0c0521`
Preview

108

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xf06`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.95479`
MD5	`6d8177e8a43b7fa53d60e0338cf2fcc2`
SHA1	`31dc13786816712b7ce22a41b80b468204aeb7be`
SHA256	`29e8a71ca5c4aa2fe5ac9d571c5de045302abc6847a44065c5418f544a321a63`
SHA3	`93b5b364f26ffe80d56c167f2b2485fd2f500660d56a5376890661d440551de6`
Preview

111

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2ee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.69449`
MD5	`d6e22427200278a09386e9d068983b06`
SHA1	`9261986c5c824a1ce91fc77e6a118bfc34a068cd`
SHA256	`f100b4e28070f0c92f6fb8f486cfc02733e2f4bbe89c09a750be159b422876ef`
SHA3	`c179c630d518bc3c46bc077f03e3e784385af4c9af8d5cf92d285619e6f558cd`
Preview

112

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x356`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.76009`
MD5	`3d2d2ebaadb2599890c424aaccefb95a`
SHA1	`69aa812cb6e3ad02a2661364c14180820b613090`
SHA256	`9a50e07f4c03decdd619bd97abd07daf3e8adad31cee3ab49f5de8f5d5b6f7d3`
SHA3	`b94ba37dff635e2c62db2a9040a33775234b4c5ebb2d2c553e16d13d5d4e95d2`
Preview

113

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xf08`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94883`
MD5	`2d2e9b6316f0a4b47841f2be3b8f4e73`
SHA1	`92823eff4489045a2ea4c56a2a78331c164a1e85`
SHA256	`60f7bc7ee5e382b27404df05653b9c894ebfa6508b9b6425ceaa3dbc6ab64b78`
SHA3	`cfe9607347b4f68b6fdd03ad7515c364ade46dab78954d524b4a5fc22992f5cf`
Preview

115

Type	`RT_BITMAP`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xf08`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.94451`
MD5	`839bdba460c8c19fc6bab55846e6ee04`
SHA1	`e03c06dee67eb78b4ecfc12fb8eef8a2a1300b8d`
SHA256	`d2f9bb82540908909b951fdf8181ff0d2f203a6cf49188f15f034ce6f41aac72`
SHA3	`e0a4f04f6fec55164d02bb3b176a1ce93f92baebd808fc2cad0254a1aa06efe3`
Preview

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.93643`
MD5	`3993505c429db3d1b8279e155d0bd7b5`
SHA1	`62ffee3afcb8b59cb43e7e6e0f9cffc1f5ffbb2a`
SHA256	`18f9d1bdd6995916d64641fc471df75fde770f18f383484b635c885d520895d4`
SHA3	`9fe7a9552ccb5f7078ea4b4915f1062679cf888a17c7e8cf1b5677267d03c06e`

101

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x114`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.18212`
MD5	`53825edc231a06efd7bd87b1495f865e`
SHA1	`093efc4387c6007e5e127d830b9745801f08f86c`
SHA256	`2d4372c491f6ec095b83ce2806d7b347fcd7a0145c7497e8e1a3b8447e24a3e9`
SHA3	`276afa91b45306cc21b3cd416a7be112b54eeb048b17bb2ccde9a760084c671d`

103

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`e5e5a43c3fe2d6ce9e1c48462c08de9b`
SHA1	`102da52437d828765fe09d1fafca1cb2acb2824a`
SHA256	`ebdbbf828eaca2f5930352386aa667a45402d6afd4c724b611da2a06a05579f2`
SHA3	`3ebbf0e7a0a9ee8a285b5f627c5a49fb3677ca649575b7a0a81149bba1fd3e70`

Version Info

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x59fcd8`
SEHandlerTable	`0x42b3e0`
SEHandlerCount	`1421`

RICH Header

XOR Key	`0x1a802e9e`
Unmarked objects	`0`
ASM objects (VS2015/2017 runtime 25711)	`23`
C++ objects (VS2015/2017 runtime 25711)	`164`
C objects (VS2015/2017 runtime 25711)	`24`
ASM objects (VS2017 v15.6.6 compiler 26131)	`24`
C++ objects (VS2017 v15.6.6 compiler 26131)	`123`
C objects (VS2017 v15.6.6 compiler 26131)	`34`
19 (8034)	`2`
C++ objects (LTCG) (VS2017 v15.7.4 compiler 26431)	`27`
C++ objects (VS2017 v15.7 compiler 26428)	`34`
Imports (VS2015/2017 runtime 25711)	`11`
Total imports	`186`
C++ objects (VS2017 v15.7.4 compiler 26431)	`5`
Resource objects (VS2017 v15.7.4 compiler 26431)	`1`
Linker (VS2017 v15.7.4 compiler 26431)	`1`

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section UPX0 has a size of 0!