Manalyze report for 4a6fbd18be693897f63386d6e34027f9

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2014-Nov-21 20:03:38

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.`
Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Malicious	VirusTotal score: 13/56 (Scanned on 2016-02-25 22:00:01)	`Bkav: HW32.Packed.E61F` `MicroWorld-eScan: Gen:Variant.Mikey.29402` `Arcabit: Trojan.Mikey.D72DA` `Avast: Win32:Qakbot-AV [Trj]` `BitDefender: Gen:Variant.Mikey.29402` `AegisLab: Troj.W32.Gen` `Ad-Aware: Gen:Variant.Mikey.29402` `Emsisoft: Gen:Variant.Mikey.29402 (B)` `F-Secure: Gen:Variant.Mikey.29402` `GData: Gen:Variant.Mikey.29402` `ALYac: Gen:Variant.Mikey.29402` `Rising: PE:Trojan.Obfuscated!1.9A68 [F]` `Qihoo-360: HEUR/QVM20.1.Malware.Gen`

Hashes

MD5	`4a6fbd18be693897f63386d6e34027f9`
SHA1	`5180d08c5bb00d13e0325c9e88da07d543815c06`
SHA256	`df98883e0882456aee8ca24495134ce8d4a467c6d7f486da10c4e0b2900fc21f`
SHA3	`57c425c0e7d71bf18fe5cf437264a3f420afcd9d6855ce3669d6261de966de4f`
SSDeep	`3072:UIxD1eWzakfXMxBUR73C46N4PcQ5p2XyEykCLk6wsyhpyr9/nHjE6vLptKbeuTw:B51/zakO+Lj4euTzRrVSEfx9bJM3`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2014-Nov-21 20:03:38
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6000`
SizeOfInitializedData	`0x52000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00006000 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x70000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x59000`
SizeOfHeaders	`0x1000`
Checksum	`0x69d7d`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`394d455c558e03bffbd8fd0314595b14`
SHA1	`6b38861319202372978ca7a0709d6558c06f3e5b`
SHA256	`bd73c9bd9c7c08dc5210d7f4d5f3dc354c0babce318ffdfe6d576eaa11a78539`
SHA3	`3c121f2cb92a55f5e57bf2d4b6dee50674682870616bbc64d6e8626d22f5c630`
VirtualSize	`0x5532`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.25072`

.rdata

MD5	`ad6ee6d1c5161b285a0360e16f19f6d2`
SHA1	`12bdf172d10af857dd78d9f4bfd1f67af7e75fe4`
SHA256	`a04e376285dde631f3195d2ecf3db5fac503755f2c77469f9477c45247e09b81`
SHA3	`983653a8b6848fbb6d7aa92593ffce12ad54bce1ef8163702605f1735ccb923b`
VirtualSize	`0x31a73`
VirtualAddress	`0x7000`
SizeOfRawData	`0x32000`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.14714`

.data

MD5	`54fc8885e43be0c52d769af7175eb898`
SHA1	`925567388ccbf04af355fe4f336fc958cf338de4`
SHA256	`68ba469619d86cf9f291f541f9abbf9fce4c7efed9c35cfa1bc23371d68afc05`
SHA3	`17a8f32f8650543470c8fb30a883d45917ec45ce103038a30a542454b1dee6bb`
VirtualSize	`0x33c`
VirtualAddress	`0x39000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x39000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.77794`

.reloc

MD5	`364977fb1b43caaba6cb1b8204078e5b`
SHA1	`26f6ef79e01cfdf0a8165e0cd61deb3fc8b8047f`
SHA256	`5f94825456280d0e2d3987d50aef3a2f1a294b17b230eeacd5846faaf869b75f`
SHA3	`32642132e61ee68a26833312e635ca8ff94bccb4878383cc69730cef3229cae9`
VirtualSize	`0x407`
VirtualAddress	`0x3a000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.59554`

.rsrc

MD5	`630ec6615be00e6f26965397dce41619`
SHA1	`7abf37859678b7994cc6f660b47a07a9e0778a14`
SHA256	`45f3db5f21a4d7247d4d0ffb793deefc84b4e8b395dd24ac671f429ec3ff6057`
SHA3	`cc8a9a908ef8c2b84e488ee0f846fdc1d87edb06d2cf06129e70b724d30baf8a`
VirtualSize	`0x1d27c`
VirtualAddress	`0x3b000`
SizeOfRawData	`0x1e000`
PointerToRawData	`0x3b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.6053`

Imports

Delayed Imports

Version Info

UNKNOWN

Characteristics	`3029139456`
TimeDateStamp	1970-Jan-01 16:21:56
Version	`35584.9404`
SizeofData	`2620115849`
AddressOfRawData	`0xbc24`
PointerToRawData	`0x249c8900`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x4a0cf939`
Unmarked objects	`0`
Total imports	`23`
Imports (30806)	`3`
C objects (30826)	`15`
94 (2179)	`1`
Linker (30806)	`1`

Errors

[!] Error: Could not read an import's name.
[*] Warning: Could not read the name of the DLL to be delay-loaded!
[!] Error: The PE's resource section is invalid or has been manually modified. Resources will not be parsed.
[*] Warning: Could not read a WIN_CERTIFICATE's header.