Manalyze report for 4923773c67ee7cdba2997296655a0f4bde0092864d4567cc0408daceb9b8b6ef

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2016-Apr-02 03:20:05
Detected languages	English - United States

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: eurodance90.fr http://nsis.sf.net http://nsis.sf.net/NSIS_Error https://stream-eurodance90.fr nsis.sf.net stream-eurodance90.fr`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExA` `Can access the registry: RegDeleteValueA RegOpenKeyExA RegDeleteKeyA RegEnumValueA RegCloseKey RegCreateKeyExA RegSetValueExA RegQueryValueExA RegEnumKeyA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Can create temporary files: GetTempPathA CreateFileA` `Changes object ACLs: SetFileSecurityA` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	The file contains overlay data.	`8916406 bytes of data starting at offset 0x9000.` `The overlay data has an entropy of 7.99958 and is possibly compressed or encrypted.` `Overlay data amounts for 99.5883% of the executable.`
Malicious	VirusTotal score: 31/71 (Scanned on 2026-05-21 12:57:13)	`ALYac: Gen:Variant.Application.Tedy.3862` `AVG: NSIS:MalwareX-gen [Misc]` `Antiy-AVL: RiskWare/Win32.Agent` `Arcabit: Trojan.Application.Tedy.DF16` `Avast: NSIS:MalwareX-gen [Misc]` `Avira: TR/Agent` `BitDefender: Gen:Variant.Application.Tedy.3862` `Bkav: W32.Malware.7B49B01D` `CTX: exe.trojan.tedy` `DeepInstinct: MALICIOUS` `Emsisoft: Gen:Variant.Application.Tedy.3862 (B)` `F-Secure: Trojan.TR/Agent` `Fortinet: Riskware/Application` `GData: Gen:Variant.Application.Tedy.3862` `Google: Detected` `K7AntiVirus: Riskware ( 00584baa1 )` `K7GW: Riskware ( 00584baa1 )` `Lionic: Trojan.Win32.Generic.4!c` `Malwarebytes: Neshta.Virus.FileInfector.DDS` `MaxSecure: Trojan.Malware.507904540.susgen` `McAfeeD: ti!4923773C67EE` `MicroWorld-eScan: Gen:Variant.Application.Tedy.3862` `Paloalto: generic.ml` `Sangfor: Riskware.Win32.Agent.V5ou` `Sophos: Generic Reputation PUA (PUA)` `Symantec: PUA.Gen.2` `TrellixENS: Artemis!77D4E9A335F5` `TrendMicro-HouseCall: Trojan.Win32.Gen.TL0101D926Z8` `VIPRE: Gen:Variant.Application.Tedy.3862` `Varist: W32/ABApplication.MVLO-3519` `alibabacloud: Trojan`

Hashes

MD5	`77d4e9a335f5fa4c9008def6343ab675`
SHA1	`3f37c90f10349ecd4a6690b9e1b8a55fa7e9dfb2`
SHA256	`4923773c67ee7cdba2997296655a0f4bde0092864d4567cc0408daceb9b8b6ef`
SHA3	`0e3db188ec45e9612b6c88831d96b20772c8942cda244a6164ff8dd297c05f6c`
SSDeep	`196608:bmIyXdCt03tZMF6Oc48EWrCI7dDQhnHhPpLZveS1uVLVZQO1lCDYF:b6rgr8EWrWnLgS1uVJZNlQYF`
Imports Hash	`b76363e9cb88bf9390860da8e50999d2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2016-Apr-02 03:20:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x5c00`
SizeOfInitializedData	`0x1d600`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x000030FB (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x39000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c8acf839f47203d12ad6cec446c57975`
SHA1	`8bc590432a61c723b8fe463b43dc7f98f78338f7`
SHA256	`c00c3140239382b7d7a1e6178689c167e5a9a5a83c10ceee665e7775640c6333`
SHA3	`03453f7955b5f59d4dbdd629ccf8c681090cb1c94d132ce0eec406c8a6b76af0`
VirtualSize	`0x5aeb`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.42231`

.rdata

MD5	`94f06cebbbcced874aa75b26d73e8db1`
SHA1	`e06cd9949d235f6ea7cad99b8a208dda8c4ed3fd`
SHA256	`febf8a5bc22b8e530f9c61f1bd833af8e93df968b9c2959a866ad967f3ba6b60`
SHA3	`51578e5fcafda3128e7d8e4c8ef0efdb894dadfe8a4c2bd5e5b334bc67c85de0`
VirtualSize	`0x1196`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.20292`

.data

MD5	`87bf5d11434348ef3f172e2ab24257ce`
SHA1	`bea2bec5eb5168a5def4bd81fbdf51736d5924b4`
SHA256	`7b510ca7f51941d4637f65ef9553ede8293ee15696eff0ced3af63c7a435bda0`
SHA3	`c06ca1a03003b92df7d6f085a4cd5fef357c8ebf8179a6a6c1128df7412bd9de`
VirtualSize	`0x1b038`
VirtualAddress	`0x9000`
SizeOfRawData	`0x600`
PointerToRawData	`0x7200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.04751`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x12000`
VirtualAddress	`0x25000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`c3f97fd3bc8ee22d4a31f3bb7fe8ae70`
SHA1	`d81f82a284029b39bd26877b6f2fcc13a545750f`
SHA256	`d77bf09e2e3a7bf4d9da26e8f270ebc03266018924ac7e2043333d3e0b39aa6b`
SHA3	`d0e73524a33c5adfd77546efcfb480816fe098fdccc7c683493d4c653ba7b5d8`
VirtualSize	`0x16c0`
VirtualAddress	`0x37000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x7800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.0596`

Imports

KERNEL32.dll	`GetTickCount` `GetShortPathNameA` `GetFullPathNameA` `MoveFileA` `SetCurrentDirectoryA` `GetFileAttributesA` `SetFileAttributesA` `CompareFileTime` `SearchPathA` `GetFileSize` `GetModuleFileNameA` `GetCurrentProcess` `CopyFileA` `ExitProcess` `GetWindowsDirectoryA` `GetTempPathA` `Sleep` `lstrcmpiA` `GetVersion` `SetErrorMode` `lstrcpynA` `GetDiskFreeSpaceA` `GlobalUnlock` `GlobalLock` `CreateThread` `GetLastError` `CreateDirectoryA` `CreateProcessA` `RemoveDirectoryA` `CreateFileA` `GetTempFileNameA` `lstrcatA` `GetSystemDirectoryA` `WaitForSingleObject` `SetFileTime` `CloseHandle` `GlobalFree` `lstrcmpA` `ExpandEnvironmentStringsA` `GetExitCodeProcess` `GlobalAlloc` `lstrlenA` `GetCommandLineA` `GetProcAddress` `FindFirstFileA` `FindNextFileA` `DeleteFileA` `SetFilePointer` `ReadFile` `FindClose` `GetPrivateProfileStringA` `WritePrivateProfileStringA` `WriteFile` `MulDiv` `MultiByteToWideChar` `LoadLibraryExA` `GetModuleHandleA` `FreeLibrary`
USER32.dll	`SetCursor` `GetWindowRect` `EnableMenuItem` `GetSystemMenu` `SetClassLongA` `IsWindowEnabled` `SetWindowPos` `GetSysColor` `EndDialog` `ScreenToClient` `LoadCursorA` `CheckDlgButton` `GetMessagePos` `LoadBitmapA` `CallWindowProcA` `IsWindowVisible` `CloseClipboard` `SetForegroundWindow` `GetWindowLongA` `RegisterClassA` `TrackPopupMenu` `AppendMenuA` `CreatePopupMenu` `GetSystemMetrics` `SetDlgItemTextA` `GetDlgItemTextA` `MessageBoxIndirectA` `CharPrevA` `DispatchMessageA` `PeekMessageA` `GetDC` `EnableWindow` `InvalidateRect` `SendMessageA` `DefWindowProcA` `BeginPaint` `GetClientRect` `FillRect` `DrawTextA` `SystemParametersInfoA` `CreateWindowExA` `GetClassInfoA` `DialogBoxParamA` `CharNextA` `ExitWindowsEx` `SetTimer` `PostQuitMessage` `SetWindowLongA` `SendMessageTimeoutA` `LoadImageA` `wsprintfA` `GetDlgItem` `FindWindowExA` `IsWindow` `SetClipboardData` `EmptyClipboard` `OpenClipboard` `EndPaint` `CreateDialogParamA` `DestroyWindow` `ShowWindow` `SetWindowTextA`
GDI32.dll	`SelectObject` `SetBkMode` `CreateFontIndirectA` `SetTextColor` `DeleteObject` `GetDeviceCaps` `CreateBrushIndirect` `SetBkColor`
SHELL32.dll	`SHGetSpecialFolderLocation` `SHGetPathFromIDListA` `SHBrowseForFolderA` `SHGetFileInfoA` `SHFileOperationA` `ShellExecuteA`
ADVAPI32.dll	`RegDeleteValueA` `SetFileSecurityA` `RegOpenKeyExA` `RegDeleteKeyA` `RegEnumValueA` `RegCloseKey` `RegCreateKeyExA` `RegSetValueExA` `RegQueryValueExA` `RegEnumKeyA`
COMCTL32.dll	`ImageList_AddMasked` `ImageList_Destroy` `ImageList_Create` `#17`
ole32.dll	`OleUninitialize` `OleInitialize` `CoTaskMemFree` `CoCreateInstance`

Delayed Imports

110

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x666`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82633`
MD5	`b6bf70baab40fe438feff063bfb9ff6f`
SHA1	`7d4659d43e08d368ddacd31945872461c0b06253`
SHA256	`0e90a9e4b8f3a5bf990e8aadfd8096ad7aeaf1a4e032ac7b6395ce191d61c142`
SHA3	`cab98fabaf20118d9a8a4d2bcff4383a7291a0e04ff11a8690e71eed619c75e7`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28351`
MD5	`2e0f6af8f70a289cbb63303750badb39`
SHA1	`dda8f15e85d92441deb5bbe3af210c183211587c`
SHA256	`3b1a6558f0ec0ad49d6e631f994f39d7adcebb311c9d97b3ed7f3aa44ab38e63`
SHA3	`1a8c62ad5dc0413026642bf987ef194314c472bd4ee0062f8e63639c6fd41f01`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.8505`
MD5	`46b565276718b30fb121941511bf31bb`
SHA1	`a8ae1ba72ffe3f09f6c3bb2e5941cf80867dd24d`
SHA256	`0ff0c88478157ffd2920ca1a9a7f27cbb7a46417f5f060e4504052c36d453083`
SHA3	`7ee0dd469746d03b920732e870ab55d839ebb0af092289ac748c7168db407e53`

102

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71813`
MD5	`7add80697358fcc3e63354d269ea5ac9`
SHA1	`72c0a1363b9b4fee0a4acb42b31cd9b5e0664c4c`
SHA256	`b29c7a1301ddb0e896faf944d8ea8f4e57ff4f3d5fc3e5dc5bf3e64ed6be2fdd`
SHA3	`40a0e6b6b579b110550a4c3304eb33293a293d9aa288b02b11750143b52423fe`

104

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x158`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67866`
MD5	`693e5fde9e50f9d2b6c4795f5b47f576`
SHA1	`502c331f05e8ca78ad66dab64fd17a25df2bfbd0`
SHA256	`ed2f2d936eb10234e9fe3c6f4e7a8172c05281796fdffcd21eb435ab89c656f5`
SHA3	`372550d961df1a704067fb4e07d96996b047d6973033d425fed1eb611d48753f`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x200`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67385`
MD5	`d1a92272fbd597e1aa19021483110d5a`
SHA1	`9f75072682b37c6c52361d8c988ebd06dd003f63`
SHA256	`15663576584c947d634dab9848defcc7d8f05eb0b7e7c6d52d81eca695fc7a6e`
SHA3	`704756797695ae34f6fae500852bca70e5066a1d1993348fe40ccf626235d0d6`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91148`
MD5	`fa83652660409e90e0db9731ad2adb17`
SHA1	`0a8f0af67723c87fe26ccf676b8e19ec6357b4dc`
SHA256	`4a55bd714f5d50cd8eabba10e57f0618f1842717dcfa582d73a917b1933cd1d4`
SHA3	`5b3e1cb25be7a2dbae4f08f0d4794ed23dbd6ea37a3f9702be12dba588f42a7b`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xee`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.92787`
MD5	`5dfa289639a3bcc0497da8db163f01fe`
SHA1	`6e2c6ea1e2594b66f563fb589276642c127e875f`
SHA256	`18466509968c3c0bf92ba410fea075def2b257a5a799a113cbc60f13e75f4b01`
SHA3	`85abdc8c431d91c72f3595a39881c96637ead09a0278d3cec0c1c9a8d873f031`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.97134`
Detected Filetype	Icon file
MD5	`7b7f93484836248c876373f971a4ad8e`
SHA1	`387464b2c62f1b2aa3d22ec0f60dbd55c1409bc0`
SHA256	`0ee85f5ed10a2f8b3755900275b7a3ff827119dffa2161f4ace552f1ee858340`
SHA3	`edb96dadcc1ef53d255f3c4f35289dc36406c43d401bf061ea50241478052658`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3be`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.21417`
MD5	`9c3b88e938f953ecc735c511d7a8facc`
SHA1	`0d23fc04046aa1fea468a9007ec9909c44667045`
SHA256	`5ab55ea1740dfd7dbd3104bc63e3c22f2c7ced0ac1b58e0be2535573d55f8402`
SHA3	`01bc560ae60a565dc11168c900acbebeb190eb4fb21a944fdb6623690dca1999`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd24651e9`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`152`
Imports (VS2003 (.NET) build 4035)	`15`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!

Leave a comment

No comments yet.