Manalyze report for 4f86206bb30ed8661324873fdb3c6f14

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Sep-03 04:30:01
Detected languages	English - United States
CompanyName	crack-westernpips.com
FileDescription	musaviahmad952@gmail.com
FileVersion	`1.0.0.4`
InternalName	msimg32.dll
LegalCopyright	Copyright (C) 2021
OriginalFilename	msimg32.dll
ProductName	C6A0BE21-MT5
ProductVersion	`1.0.0.4`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: crack-westernpips.com gmail.com westernpips.com`
Suspicious	This PE is packed with VMProtect	`Unusual section name found: .detourc` `Unusual section name found: .detourd` `Unusual section name found: .vmp0` `Unusual section name found: .vmp1`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress`
Malicious	VirusTotal score: 7/67 (Scanned on 2021-09-13 12:24:58)	`APEX: Malicious` `Sophos: ML/PE-A + Mal/VMProtBad-A` `MaxSecure: Trojan.Malware.300983.susgen` `Microsoft: Trojan:Win32/Sabsik.FL.B!ml` `Cylance: Unsafe` `eGambit: Unsafe.AI_Score_93%` `Webroot: W32.Hack.Tool`

Hashes

MD5	`4f86206bb30ed8661324873fdb3c6f14`
SHA1	`1211da6d6787c66666b18b59287e96907904e54e`
SHA256	`25bebabc10ec583064724f4eb75cc1c0afabb3d658b917794108d735122e0bb5`
SHA3	`396dbd4233ea4c7d3474c8e190547601bf1a0f9c94b1f23c57114549fd87dfef`
SSDeep	`98304:/xJcVojE8OUV+6J0AFIr3G3Q+fBS4N9blW9m1XQQQJ+yugauFQqZ56:/DjE8XX7+r3riBS4Pb1XQQQ8oEqZ5`
Imports Hash	`c9a376b720494d9074e707abd4c3995c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`12`
TimeDateStamp	2021-Sep-03 04:30:01
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x11400`
SizeOfInitializedData	`0x10c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000040FBB5 (Section: .vmp1)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x8e2000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x112a4`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x9f60`
VirtualAddress	`0x13000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1cbc`
VirtualAddress	`0x1d000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.pdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1368`
VirtualAddress	`0x1f000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.gfids

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xe4`
VirtualAddress	`0x21000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.detourc

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x21f0`
VirtualAddress	`0x22000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.detourd

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x18`
VirtualAddress	`0x25000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x9`
VirtualAddress	`0x26000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.vmp0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x36b1c6`
VirtualAddress	`0x27000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`

.vmp1

MD5	`f2e8188dd57e493fdf75246e061be227`
SHA1	`3ab137284603ca32b46e4750d3052841595c8104`
SHA256	`c09c7f517d7a406b5aaae3b7540d507ba751898d59acc526c0be5ea1ef4d275e`
SHA3	`50fdcdc58136632662d47707c3937c0ed72dfda26e9a5f81a2b90178a7296a0f`
VirtualSize	`0x54c388`
VirtualAddress	`0x393000`
SizeOfRawData	`0x54c400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`7.90676`

.reloc

MD5	`7c5bcd45cd61e504bc8ea850ec3a3e6b`
SHA1	`8d43bb9dee5b8a98905e5e81cfed213f32d9e689`
SHA256	`245002ebe4e9ada4f9f208a35852355747b723a0fb5e951e25ff37e42b8e602b`
SHA3	`b01abda359d1094ede091b318a1a3e6f55b12eb56cb2f089d9a5ca69a92e1316`
VirtualSize	`0xa8`
VirtualAddress	`0x8e0000`
SizeOfRawData	`0x200`
PointerToRawData	`0x54c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.71654`

.rsrc

MD5	`575c1b180ae1d3fd38d4c5a601961f05`
SHA1	`fed4256e9cfc8f9961e8e85c77ce44c2897220ae`
SHA256	`a157ee591bc025274b2432aaf85a1106036eb63baabbe645fd01341843c4756e`
SHA3	`c423c26dc127c18464082eb79cd45a4be8315ab111081885852216d73728ee0a`
VirtualSize	`0x505`
VirtualAddress	`0x8e1000`
SizeOfRawData	`0x600`
PointerToRawData	`0x54ca00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.73581`

Imports

KERNEL32.dll	`DeviceIoControl`
ADVAPI32.dll	`SystemFunction036`
WTSAPI32.dll	`WTSSendMessageW`
KERNEL32.dll (#2)	`DeviceIoControl`
USER32.dll	`GetUserObjectInformationW`
KERNEL32.dll (#3)	`DeviceIoControl`
USER32.dll (#2)	`GetUserObjectInformationW`

Delayed Imports

AlphaBlend

Ordinal	`1`
Address	`0x1b80`

DllInitialize

Ordinal	`2`
Address	`0x1ba0`

GradientFill

Ordinal	`3`
Address	`0x1bc0`

TransparentBlt

Ordinal	`4`
Address	`0x1be0`

vSetDdrawflag

Ordinal	`5`
Address	`0x1c00`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.442`
MD5	`2bc2231ff8ca2ba0d77b81e204691ea3`
SHA1	`49a0a408b39fb6cc1fc68dec92ff70754b8fe007`
SHA256	`bf57817b1beda70e66fea36a7c24a2ccef403c06dca1d7498c102765c6d0b6a2`
SHA3	`83e49b3cd4cf525285d663f2df8444b0ef8fa6d7759c7f71c7ce860dbef6c524`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.4
ProductVersion	1.0.0.4
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	crack-westernpips.com
FileDescription	musaviahmad952@gmail.com
FileVersion (#2)	1.0.0.4
InternalName	msimg32.dll
LegalCopyright	Copyright (C) 2021
OriginalFilename	msimg32.dll
ProductName	C6A0BE21-MT5
ProductVersion (#2)	1.0.0.4

Resource LangID	English - United States

TLS Callbacks

Load Configuration

Size	`0x94`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x18001d018`

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .pdata has a size of 0!
[*] Warning: Section .gfids has a size of 0!
[*] Warning: Section .detourc has a size of 0!
[*] Warning: Section .detourd has a size of 0!
[*] Warning: Section .tls has a size of 0!
[*] Warning: Section .vmp0 has a size of 0!
[*] Warning: 1 invalid export(s) not shown.