Manalyze report for 54e8914d704e4b564720bacf7c665f50

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2007-Sep-12 15:08:17
Detected languages	French - France

Plugin Output

Info	Matching compiler(s):	`Installer VISE Custom` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Malicious	The PE is possibly a dropper.	`Resource 101 detected as a PE Executable.`
Malicious	VirusTotal score: 5/66 (Scanned on 2018-05-15 15:42:36)	`McAfee: Artemis!E3870BDD69F7` `Cylance: Unsafe` `TrendMicro-HouseCall: Suspicious_GEN.F47V0418` `Babable: Malware.HighConfidence` `Jiangmin: Trojan.Generic.drng`

Hashes

MD5	`54e8914d704e4b564720bacf7c665f50`
SHA1	`892aa886b9f7ea34dbfb8db18a5fe89e2ba4f4f4`
SHA256	`1a7766bdcbe9d3a545028a5f1cb9b813b614fdf8245e41e045df7ddf76f1f188`
SHA3	`c5874607ebd95554ff40b3a40f492406572468519a00549be8fd3951d9ffe1c7`
SSDeep	`384:q5Iw9hJUml3txtnyymerh6oZxCIw9hJUml3txtnyymerh6oZU:K1DJdnyPQh6oe1DJdnyPQh6ou`
Imports Hash	`88468a2aad02cc7597aabe5e483f5202`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2007-Sep-12 15:08:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x3000`
SizeOfInitializedData	`0x9000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000101D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xd000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7c6b95642c33f402b4f2608b1d4afd17`
SHA1	`4b8c396bcffe06a1aa0afbbfb5035ae440365e3f`
SHA256	`e91b96735704a151f4b13c6a219b46fd4de660451c0bec1e2dea24e62c72f9c5`
SHA3	`2f2d99446da0ec43382133ca74d7a3a84d2bfd9f3233f8beae1b96218ed75f5f`
VirtualSize	`0x289e`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.91786`

.rdata

MD5	`cfa4f2c2aad49d75a12a734177384bb8`
SHA1	`2118308132ed588caa526d93aa7d12f3c538f130`
SHA256	`a32a4bc6e687599849833af9f48108a9d4c6122b38a7c04fcd53b6fbddedae4f`
SHA3	`bcd18dd9fb534289d253b6ea00cf12bcdb7de0a19b9f746689f7160279346556`
VirtualSize	`0x774`
VirtualAddress	`0x4000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.06355`

.data

MD5	`78f59be21639ecbed325f811aae8300a`
SHA1	`1c1e1c0c5bcbac90f409e64106a5919a31c4ab6e`
SHA256	`78a607ee0b7b3d07101187ffdd72711aa89794c9cfefd8d510477830457a53c2`
SHA3	`04e2a5662cc98d2908249e5f52e3ebd5a4d974f2b5890aad219144a739e9ab4a`
VirtualSize	`0x9dc`
VirtualAddress	`0x5000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.985097`

.rsrc

MD5	`4ab5a261a9fead597213ced6e97900e2`
SHA1	`6cb2f3c78c7f2d14845b7227952196d3559ee2d1`
SHA256	`d49307412418513ceea33ef3be1d2029690e028b0580ec33f2d0b6187099217b`
SHA3	`cbaa4405dbe7bd5a1fbe03a68fc80ddccc6de5a0062f592cfcc57b864a3bd9be`
VirtualSize	`0x6060`
VirtualAddress	`0x6000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.51269`

Imports

USER32.dll	`MessageBoxA`
KERNEL32.dll	`HeapCreate` `GetStringTypeW` `GetModuleHandleA` `GetStartupInfoA` `GetCommandLineA` `GetVersion` `ExitProcess` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `GetModuleFileNameA` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStrings` `GetEnvironmentStringsW` `SetHandleCount` `GetStdHandle` `GetFileType` `HeapDestroy` `VirtualFree` `HeapFree` `RtlUnwind` `WriteFile` `GetCPInfo` `GetACP` `GetOEMCP` `HeapAlloc` `VirtualAlloc` `HeapReAlloc` `GetProcAddress` `LoadLibraryA` `MultiByteToWideChar` `LCMapStringA` `LCMapStringW` `GetStringTypeA`

Delayed Imports

101

Type	`BIN`
Language	French - France
Codepage	Latin 1 / Western European
Size	`0x6000`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.2125`
Detected Filetype	PE Executable
MD5	`e3870bdd69f7dec28041edd69aef5618`
SHA1	`c4ffd1da58fc370cacb453044da7704821f0d67c`
SHA256	`33ae8ae0635afcfe1aa76d1fe41781fa50abe6f8bcdcd8af5dd4be170091aeb3`
SHA3	`4fab2544a3895cdc2a06f982472581fb31c2a871d12c7b63b9ccfd404cf9f2be`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xa158a888`
Unmarked objects	`0`
C objects (VS98 build 8168)	`22`
14 (7299)	`9`
Total imports	`38`
19 (8034)	`5`
C++ objects (VS98 build 8168)	`2`

54e8914d704e4b564720bacf7c665f50

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

101

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors