Manalyze report for 5bb5c8facbe1b7e13ce6d86555755925

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00
TLS Callbacks	3 callback(s) detected.

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains references to system / monitoring tools: taskmgr.exe`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Suspicious	The PE contains functions most legitimate programs don't use.	`Functions which can be used for anti-debugging purposes: FindWindowA` `Possibly launches other programs: system`
Malicious	VirusTotal score: 3/69 (Scanned on 2021-07-21 22:09:16)	`DrWeb: Trojan.KillProc2.13084` `Symantec: Trojan Horse` `MaxSecure: Trojan.Malware.300983.susgen`

Hashes

MD5	`5bb5c8facbe1b7e13ce6d86555755925`
SHA1	`6d179b68bef152e49af93a7b4b66f0fcc450a2e9`
SHA256	`c46e477847187137b76f5845c6e8f4a0c789d8f0f34c94f3880199c76b46b99c`
SHA3	`00fbac61f11a2ee855c5a3cf8a7f256746f114bd462cd91203952d9f51d16afd`
SSDeep	`12288:H/1VE7bOBUvVxPAPb8z85pmkXuuPYmejpG:HdVE3OBUvVUb8z85pmkXu6Qd`
Imports Hash	`4d008907faa9b3f554d0e192d65bae26`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x70c00`
SizeOfInitializedData	`0xa5e00`
SizeOfUninitializedData	`0x1800`
AddressOfEntryPoint	`0x0000000000001500 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xad000`
SizeOfHeaders	`0x400`
Checksum	`0xb55a5`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`539d1a639d32905ae73014d0e4e6c0cb`
SHA1	`14dab1288a329c86de66d85331b57d28dd30d197`
SHA256	`be28cd30a6b3852af86459788b7efe68ebc31855117f6900a84468141b3e9918`
SHA3	`7f5a756d9e125d8af9d25804c6308307709e2004f56c8f5c1abe6c1f34de9a6c`
VirtualSize	`0x70b98`
VirtualAddress	`0x1000`
SizeOfRawData	`0x70c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.15586`

.data

MD5	`75bc223f4cb112cf3b9b325152403e44`
SHA1	`2c7b1f7d235a6bba50462271be3f3d1168a06f61`
SHA256	`3b9719f8acd9864c43dd138b4f455f4535d77633627ed0eaf4b9b66e1de54d45`
SHA3	`090c6c958e4e95eb304d8b30a7a5ed3db0bda1a5ad90d6e41abdebb356c43853`
VirtualSize	`0x150f0`
VirtualAddress	`0x72000`
SizeOfRawData	`0x15200`
PointerToRawData	`0x71000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0341468`

.rdata

MD5	`eb78cdd49ee25bce775f23dc9f2159ea`
SHA1	`b7068de8ccf11ec636c8cd3aec62a6523646e838`
SHA256	`439a504c94df5f9e54c0c132b123643c2e54cba881831172bd894e0e1a515946`
SHA3	`67290bdd74b2a2d36943fd2d21cff410cbbc1ee59c7459a512607157dc4ada28`
VirtualSize	`0xcfa0`
VirtualAddress	`0x88000`
SizeOfRawData	`0xd000`
PointerToRawData	`0x86200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.32756`

.pdata

MD5	`21d00f1fb7f90a2cfdfc8c310b1f6f1d`
SHA1	`e266c2841365f902f9f86f7c220674371d15c564`
SHA256	`eccc010e110f6b3124dbf311d3dc0812ea119696bce8b001d2a028dbd57f0571`
SHA3	`48f18f5745b3ca04b51df934488c57128913d6083e0f6fbe0dfe567af137f23f`
VirtualSize	`0x74dc`
VirtualAddress	`0x95000`
SizeOfRawData	`0x7600`
PointerToRawData	`0x93200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.8535`

.xdata

MD5	`f8c72eb03fe04b66874530b3966d7754`
SHA1	`886f5c2844baddd0e933f545d579b25833bd1c8d`
SHA256	`fe0f44d17c184d0e3125a2d87bb9705593a0877206005d8d8f4afc7d27ff272d`
SHA3	`d5c87b09572afbf2854614c78c7b5ccd826779e35ccfc88051dd7402f95329cb`
VirtualSize	`0x9ff4`
VirtualAddress	`0x9d000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x9a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.84618`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1700`
VirtualAddress	`0xa7000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`db16a5015234c803a88c54dc29070b9b`
SHA1	`b6dd536d22e8e9667d30a435fa7357b6cb69b916`
SHA256	`7cc0f6a0eb07317e82a9f5ec768c7e04be814fb5a4eaf718d1c8ade966bedfab`
SHA3	`1951eed40b8668ae97cd951ddef089bac89bcb66101dafd27f3c05fe0071d705`
VirtualSize	`0x14f8`
VirtualAddress	`0xa9000`
SizeOfRawData	`0x1600`
PointerToRawData	`0xa4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.34362`

.CRT

MD5	`03c7bc4b5642aae497073535f5ba920d`
SHA1	`4f310844516a318419d0b006faa34a4edb5f9728`
SHA256	`71b50d2a6e81814d167f7dd9d8ccffcea0189e1c42f913a951a3c605bc8e40c8`
SHA3	`e918b0c3af9240c29536bb97f92af425c40974e40a55d712712946f4a1e7c2f4`
VirtualSize	`0x70`
VirtualAddress	`0xab000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.330356`

.tls

MD5	`7189e618785eebef04fec2668054f76b`
SHA1	`b2f8a21be7827e9876818d0be089b98963029640`
SHA256	`9a2708cfa01cd42bdf720a0b41548c59f331b1644e383d54a77fbc39209c3c49`
SHA3	`274d05343aae0578968282f1ef96a646d19f55d779b4affbdeb62e7a048be2c4`
VirtualSize	`0x68`
VirtualAddress	`0xac000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.204488`

Imports

KERNEL32.dll	`AddAtomA` `AllocConsole` `CloseHandle` `CreateEventA` `CreateMutexA` `CreateSemaphoreA` `DeleteCriticalSection` `DuplicateHandle` `EnterCriticalSection` `FindAtomA` `GetAtomNameA` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThread` `GetCurrentThreadId` `GetHandleInformation` `GetLastError` `GetModuleHandleW` `GetProcAddress` `GetProcessAffinityMask` `GetStartupInfoA` `GetSystemTimeAsFileTime` `GetThreadContext` `GetThreadPriority` `GetTickCount` `InitializeCriticalSection` `IsDBCSLeadByteEx` `LeaveCriticalSection` `MultiByteToWideChar` `QueryPerformanceCounter` `RaiseException` `ReleaseMutex` `ReleaseSemaphore` `ResetEvent` `ResumeThread` `RtlAddFunctionTable` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlUnwindEx` `RtlVirtualUnwind` `SetCriticalSectionSpinCount` `SetEvent` `SetLastError` `SetProcessAffinityMask` `SetThreadContext` `SetThreadPriority` `SetUnhandledExceptionFilter` `Sleep` `SuspendThread` `TerminateProcess` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TryEnterCriticalSection` `UnhandledExceptionFilter` `VirtualProtect` `VirtualQuery` `WaitForMultipleObjects` `WaitForSingleObject` `WideCharToMultiByte`
msvcrt.dll	`__C_specific_handler` `___lc_codepage_func` `__dllonexit` `__doserrno` `__getmainargs` `__initenv` `__iob_func` `__lconv_init` `__mb_cur_max` `__pioinfo` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_beginthreadex` `_cexit` `_endthreadex` `_errno` `_fdopen` `_filelengthi64` `_fileno` `_fileno` `_fmode` `_fstat64` `_ftime` `_initterm` `_lock` `_lseeki64` `_onexit` `_read` `_setjmp` `_strnicmp` `_unlock` `_write` `_write` `abort` `calloc` `exit` `fclose` `fflush` `fgetpos` `fopen` `fprintf` `fputc` `fputs` `fread` `free` `fsetpos` `fwrite` `getc` `getenv` `getwc` `isspace` `iswctype` `localeconv` `longjmp` `malloc` `memchr` `memcmp` `memcpy` `memmove` `memset` `printf` `putc` `putwc` `realloc` `setlocale` `setvbuf` `signal` `sprintf` `strcmp` `strcoll` `strerror` `strftime` `strlen` `strncmp` `strxfrm` `system` `towlower` `towupper` `ungetc` `ungetwc` `vfprintf` `wcscoll` `wcsftime` `wcslen` `wcsxfrm`
USER32.dll	`FindWindowA` `SendMessageA` `ShowWindow`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x4ac000`
EndAddressOfRawData	`0x4ac060`
AddressOfIndex	`0x4a794c`
AddressOfCallbacks	`0x4ab040`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x000000000040EB10` `0x000000000040EAE0` `0x000000000041B6C0`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!