Manalyze report for 611e95bc196994f719694d8d38336945

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Apr-05 05:39:54
Detected languages	English - United States

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .hpp0` `Unusual section name found: .hpp1`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Possibly launches other programs: ShellExecuteA` `Leverages the raw socket API to access the Internet: #115` `Functions related to the privilege level: AdjustTokenPrivileges`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`611e95bc196994f719694d8d38336945`
SHA1	`c2d7d93a256435a5a79663b5dccf6d5f762dbcb9`
SHA256	`018f057100fb740ffd385bb8c4448cddd33d92e7405f91e95dfb3324fe45f03f`
SHA3	`622444424f54a1503a254da296818765583abea87179873e3a532835d0a07d24`
SSDeep	`196608:8prkX06gYzKyjraysDsgkeyu5V7DOLFjUoUjV2t92:8prkFgm+ysDvP5Vvaj+Vo9`
Imports Hash	`4b74c4635a6051bd91494e43b52b13cb`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2019-Apr-05 05:39:54
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xae200`
SizeOfInitializedData	`0x86600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0068BB56 (Section: .hpp1)`
BaseOfCode	`0x1000`
BaseOfData	`0xb0000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xd2c000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xae0cc`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x29b68`
VirtualAddress	`0xb0000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x52f8c`
VirtualAddress	`0xda000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.hpp0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4b6687`
VirtualAddress	`0x12d000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`

.hpp1

MD5	`66972f720cdf3286f8393d2d6603ebee`
SHA1	`6c8b39d37288491b574533e5efa743b18aae54d4`
SHA256	`b6753c552e29defb64ddfb195d2bd9b3d6d679be575adbe2aaf073d443f7816e`
SHA3	`40ffd539cb326f1713365f97e32d9bdce5ddddef8650b86a024c334a07074fbb`
VirtualSize	`0x745040`
VirtualAddress	`0x5e4000`
SizeOfRawData	`0x745200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`7.9745`

.reloc

MD5	`c99aadb83cd4c7dc3d4b4797467892a3`
SHA1	`cfa9967b2a0a102dd83d0e06192aa99bd634ede8`
SHA256	`c119c5354c6ae1630d1f08fbc4561d0c20f5cf16e785150fb2f5ba32144372ca`
SHA3	`c47917ad1347a588e59c674f251310f25160881e3d86c15f40bab9e96248d83b`
VirtualSize	`0x5f0`
VirtualAddress	`0xd2a000`
SizeOfRawData	`0x600`
PointerToRawData	`0x745600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.29617`

.rsrc

MD5	`a157642e8c6b246e72da27708913e051`
SHA1	`daf0525a326d6493dff249bb626653590ed4fc26`
SHA256	`88510771d4467457e54d12139d4f7aa222db813d4ff2bd95b63bf6462f94a4b1`
SHA3	`08e14b505195788e773677f2a1dc7e0682b65b48bbd8ebf3d04e322928a7f276`
VirtualSize	`0x1d5`
VirtualAddress	`0xd2b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x745c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72473`

Imports

KERNEL32.dll	`SetPriorityClass`
USER32.dll	`EmptyClipboard`
ADVAPI32.dll	`AdjustTokenPrivileges`
SHELL32.dll	`ShellExecuteA`
ole32.dll	`CoSetProxyBlanket`
OLEAUT32.dll	`#6`
OPENGL32.dll	`glDisable`
WS2_32.dll	`#115`
IMM32.dll	`ImmSetCompositionWindow`
WTSAPI32.dll	`WTSSendMessageW`
KERNEL32.dll (#2)	`SetPriorityClass`
USER32.dll (#2)	`EmptyClipboard`
KERNEL32.dll (#3)	`SetPriorityClass`
USER32.dll (#3)	`EmptyClipboard`

Delayed Imports

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read the exported DLL name.
[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .hpp0 has a size of 0!