Manalyze report for 5afc961d2d393c35232f4d924a77b382

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` `Contains domain names: gcc.gnu.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256` `Uses constants related to AES` `Uses known Mersenne Twister constants`
Malicious	This program may be a miner.	`Contains a valid Monero address: 48edfHu7V9Z84YzzMa6fUueoELZ9ZRXq9VetWzYGzKt52XU5xvqgzYnDK9URnRoJMk1j8nLwEVsaSWJ4fhdUyZijBGUicoD`
Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Suspicious	The file contains overlay data.	`1594880 bytes of data starting at offset 0x18ca00.`
Malicious	VirusTotal score: 34/71 (Scanned on 2023-05-24 18:01:38)	`Elastic: malicious (moderate confidence)` `MicroWorld-eScan: Gen:Variant.Fugrafa.179127` `FireEye: Generic.mg.5afc961d2d393c35` `ALYac: Gen:Variant.Fugrafa.179127` `Malwarebytes: BitcoinMiner.Trojan.Miner.DDS` `Sangfor: Miner.Win32.Ursu_1081.se2` `CrowdStrike: win/malicious_confidence_90% (W)` `Symantec: ML.Attribute.HighConfidence` `tehtris: Generic.Malware` `APEX: Malicious` `Cynet: Malicious (score: 100)` `BitDefender: Gen:Variant.Fugrafa.179127` `Avast: Win32:Malware-gen` `Emsisoft: Gen:Variant.Fugrafa.179127 (B)` `DrWeb: Tool.BtcMine.1710` `VIPRE: Gen:Variant.Fugrafa.179127` `McAfee-GW-Edition: BehavesLike.Win32.Generic.wt` `Sophos: Mal/Generic-S` `Ikarus: Trojan.Win32.Injector` `GData: Gen:Variant.Fugrafa.179127` `MAX: malware (ai score=85)` `Antiy-AVL: Trojan[Downloader]/Win32.Fugrafa` `Gridinsoft: Risk.CoinMiner.B.vl!yf` `Arcabit: Trojan.Fugrafa.D2BBB7` `Microsoft: Trojan:Win32/IRCBot.MS!MTB` `Google: Detected` `AhnLab-V3: Trojan/Win.IRCBot.R454198` `McAfee: GenericRXQM-MW!5AFC961D2D39` `TACHYON: Trojan/W32.Fugrafa.3219456` `Rising: Trojan.Kryptik!1.CAC5 (CLASSIC)` `Fortinet: W32/Fugrafa.76624!tr` `AVG: Win32:Malware-gen` `Cybereason: malicious.183181` `DeepInstinct: MALICIOUS`

Hashes

MD5	`5afc961d2d393c35232f4d924a77b382`
SHA1	`f19bcb0183181878fdf50d100a02695058a18501`
SHA256	`95fc2786a89ef8f46c734aebec684f30b0ee99c8703d5f55b68748f4fe859062`
SHA3	`d49ffefddc8a4487d7602ee877b1a7b23a73820172ae1fbaa293b3a0de8bfcf9`
SSDeep	`49152:KxDD9i68/kuRRcJ9ltrLwPlmh/sLUDCQWT:Wi68/kxLwPlQsL4CdT`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`3.0`
SizeOfCode	`0xc910`
SizeOfInitializedData	`0x604`
SizeOfUninitializedData	`0x24f0`
AddressOfEntryPoint	`0x0000D8B0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xe000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x193000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x1000000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0f05dcb02708ef0000d8a8ae2e524bde`
SHA1	`1f04c78d64cccc321fc2dc7f4fe001e30af65c01`
SHA256	`1b5c62ba8f22f9b7663b8f2a15fd402f88bc8915f39a10bb5fca40ef17db4132`
SHA3	`8e8f1a674b5ec89bdd20245026f6d27233afeede466ba667baec709366c49573`
VirtualSize	`0x401000`
VirtualAddress	`0x1000`
SizeOfRawData	`0xca00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.9232`

.data

MD5	`a0e490d13ea43cc5da67895d4a74b3ee`
SHA1	`e06615f99d049eb5fbd8cb94b35374a215ca265c`
SHA256	`3b16f802ff6702c97d4fad586de931c8d8039eacba309f28377a4e88e5c96fb5`
SHA3	`1c8348449566968941cd64adc55907acd4bf2d2e6b6b70a205273cfa399b517d`
VirtualSize	`0x40e000`
VirtualAddress	`0xe000`
SizeOfRawData	`0x800`
PointerToRawData	`0xce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.93301`

.rdata

MD5	`3ed8039df89f2004de5f148ebaa44c08`
SHA1	`80262c93bf57e43c4a7998c446fa833d38bd9570`
SHA256	`cc08fe755a2f888db9ab9baaf4c51b70861a9e764e187046ddc944a3899333bd`
SHA3	`24b2ac482b649f01e8f63b75d5c032f3169ec25bb63c62888e6da2e4512ee5b7`
VirtualSize	`0x17e888`
VirtualAddress	`0xf000`
SizeOfRawData	`0x17ea00`
PointerToRawData	`0xd600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.50762`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x24f0`
VirtualAddress	`0x18e000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.CRT

MD5	`f49ef6d9b2295b9c63660ea47960d68a`
SHA1	`c7ff1a01f8097f144e7b42d5b06492ebfdac7e05`
SHA256	`ed9a85441dd6adfa5cb12c2546187e16429ab34dc1dacf907457e64cf2d2689c`
SHA3	`b694e1012b47b42e8cf446bfbbab9636bbbc25bfb40f3c60570d865a82968805`
VirtualSize	`0xc`
VirtualAddress	`0x191000`
SizeOfRawData	`0x200`
PointerToRawData	`0x18c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.77238`

.idata

MD5	`d4eca94692af5a9010bdbe19286f490a`
SHA1	`7b4f59ba149ce1c547e48a4e897d9a3fd78ff618`
SHA256	`638e45828a18a67986fb84d317c1e662bce0eeabd484682c1022fcbf5c417e40`
SHA3	`b63a56516c8ccf5f9948d907a5f9ec26cf5869d85ecdcbb075ceaf3b0b9d70af`
VirtualSize	`0x7cd`
VirtualAddress	`0x192000`
SizeOfRawData	`0x800`
PointerToRawData	`0x18c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.811278`

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .bss has a size of 0!
[!] Error: Yara error: ERROR_TOO_MANY_MATCHES