Manalyze report for 67f342baea54f97a663385bb4f67f53e

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Jun-04 17:02:52
Detected languages	English - United States
Debug artifacts	C:\Users\admin\Desktop\Новая папка\Release\ConsoleApplication9.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Malicious	VirusTotal score: 5/71 (Scanned on 2019-06-05 22:03:46)	`Kaspersky: UDS:DangerousObject.Multi.Generic` `Rising: Spyware.Quasar!8.1BB5/N3#81% (RDM+:cmRtazqG1M8c4epuKsvfKTstgnKd)` `ZoneAlarm: UDS:DangerousObject.Multi.Generic` `Panda: Trj/Genetic.gen` `Qihoo-360: HEUR/QVM20.1.AB6D.Malware.Gen`

Hashes

MD5	`67f342baea54f97a663385bb4f67f53e`
SHA1	`76e4373444626ca94b49423725ae13dda7bbeb13`
SHA256	`b42c959bee0d449b6fc42847f2cd2ad392634cf8e84993c4f4953acaa1e58e7b`
SHA3	`1590b4c4e32bec0e457635650a2579361512d320b50095e11776576594402810`
SSDeep	`3072:eTz5+Ky56fr17AfCaEJZGgq1wF05UaNdN6n/njkNOAg0FujI0T6bzp3DH:e3UKy50h7AfmJNSiBAOvTup3DH`
Imports Hash	`1ec0e8f524aab3fa611d906deb148d0e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2019-Jun-04 17:02:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x1a800`
SizeOfInitializedData	`0x6c600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000056A5 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1c000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x8d000`
SizeOfHeaders	`0x400`
Checksum	`0x957d3`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5a959665876543d97977a7523f82a9a3`
SHA1	`d578cd9d8d15312b42f1511b5943ae4611f392bd`
SHA256	`fd5d79ab2773f4415704bf53d68a776e2beb2246a1749dfafcc102bc4b231aa2`
SHA3	`727f6534b6a56b9fdb12c2d39ea4a05bcad84476eb51697f9767d08ae6088aff`
VirtualSize	`0x1a615`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1a800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63603`

.rdata

MD5	`7eebd6a472693bbdc4897c0d20e93d14`
SHA1	`66f621bfc943407a0a68e70cc8a9670f607b5592`
SHA256	`bbe9a0a41c2dc5547b94564362bb8c9e32a3d4a75d9e66b775de37d42c7d4536`
SHA3	`661f63b910ae7b706a596858d8680b8a901176f7029c6dc6fa71a766e45931cb`
VirtualSize	`0xebbe`
VirtualAddress	`0x1c000`
SizeOfRawData	`0xec00`
PointerToRawData	`0x1ac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.32076`

.data

MD5	`1b37836a9c1a4becfcb5e3b821cb789c`
SHA1	`0fa0f36c374907a556ef02eb37597ee2b97e0cdd`
SHA256	`10e851bf5d819d2b61867006005cac6cc7b8a99a51eadb1597201b9989feba95`
SHA3	`46ff84072a4ef7ca710e685dc4f52bdac1d2a85f7dfcc070ede6e877077b3657`
VirtualSize	`0x470c`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x29800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.33086`

.rsrc

MD5	`837119faa56054a37f54e6c497caee05`
SHA1	`d59eae1491a9ca49ff9dc6e91bb875183e558e1d`
SHA256	`2c12deb22733371cc545a5f64ba255686444b59647ccbca97ea41ccc7498e9c7`
SHA3	`eb92e7110b704d32412a4b3913da0ea17c5c1d4b0d6fe6644247579fe6903a31`
VirtualSize	`0x5a8e8`
VirtualAddress	`0x30000`
SizeOfRawData	`0x5aa00`
PointerToRawData	`0x2a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.47387`

.reloc

MD5	`2699b9a6c8afdaa14ddf5b7d65f6dba9`
SHA1	`b1d88d08c32fc2fe88a81da7cee85a1de7466b1b`
SHA256	`3836c834db4690a6f4a83572dfa1b71d3ac43761d9e7749373b33730a733766e`
SHA3	`311b5abda085edd8a328242255a32bf743f7a60f3650884755c19c43dcf63d4f`
VirtualSize	`0x1f64`
VirtualAddress	`0x8b000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x85200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.53476`

Imports

KERNEL32.dll	`MultiByteToWideChar` `ExitProcess` `RaiseException` `GetLastError` `InitializeCriticalSectionEx` `DeleteCriticalSection` `DecodePointer` `HeapAlloc` `HeapFree` `HeapReAlloc` `HeapSize` `GetProcessHeap` `LoadLibraryA` `GetModuleFileNameA` `GetShortPathNameA` `lstrcpyA` `lstrcatA` `GetEnvironmentVariableA` `GetProcAddress` `CreateFileW` `SetStdHandle` `CloseHandle` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `GetCommandLineA` `GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `ReadConsoleW` `ReadFile` `WideCharToMultiByte` `EncodePointer` `EnterCriticalSection` `LeaveCriticalSection` `SetLastError` `InitializeCriticalSectionAndSpinCount` `CreateEventW` `SwitchToThread` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemTimeAsFileTime` `GetModuleHandleW` `GetCPInfo` `LCMapStringW` `GetLocaleInfoW` `GetStringTypeW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `InitializeSListHead` `OutputDebugStringW` `RtlUnwind` `FreeLibrary` `LoadLibraryExW` `GetModuleHandleExW` `GetModuleFileNameW` `GetStdHandle` `WriteFile` `GetFileType` `GetFileSizeEx` `SetFilePointerEx` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `WriteConsoleW`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.7363`
MD5	`2f7a102df2b48e0169c11164c50f1d7f`
SHA1	`80748625a841f655f54847deea7fc033f5744fd9`
SHA256	`d110c78d4b3608799d292392f26feeafc8f2f04e71a0c4faac258e8e07cd9cbb`
SHA3	`8fa79a20280a6c8dd931b332e45dc90557b9abf5484b68711482b6a0a70018eb`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27516`
MD5	`062ec3e9acfc3e61460c6427036b629c`
SHA1	`513bd3ecd717b66cdd202c01ba005962d2157b35`
SHA256	`8f53a985509b1fcc53614c14b8953786352acb76821b2527ecaab5b2bac9193c`
SHA3	`7cc7739110c149c21f9d7b190381bc8b6590303a70632b48c69bf300095a9c58`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.18112`
MD5	`e91c425a833f005d96003d9da9bda915`
SHA1	`d796a27f64e5993c77e2f741889eefa63f0ea40c`
SHA256	`7c6bdb7cbc9c3cc4b7a69336df49b7622f542344e6d00dfd3807f03aec5c1345`
SHA3	`28a7d44e8f0f29d54956f765ff8ce179cb96217d6444840e7a91c0b5efa3246b`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.82607`
MD5	`974042e4f62fb7e788ca5f9d42479bdb`
SHA1	`a52585cc12e1196f0e0c3feabf7561854b1dc344`
SHA256	`17ab6b98ee602b21f4d40539eb2b6579e2841705785375a5505a08f05abec649`
SHA3	`738aad13acf54e796ad7b7f7d40f840b994fc0aa5e2d4904b389dc32725d0513`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.4945`
MD5	`66861a9cddc4348ee8d9c9ecd73f6df4`
SHA1	`6c620659949a14c947cd3c95af22fd8cf4543f1a`
SHA256	`9ff381bdec8dc9a9059ad1865c1f278d995a9fbee8a51fd837c1e9f9652bf6e8`
SHA3	`a18ee96488855b7abb29f76e84a110af23dfebfa0730e4cc8a02a13c82cd9c15`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.31458`
MD5	`43511752a1bfac72b60bec6a90d5298b`
SHA1	`bd75f4826bc3cd8b4421704a01d60d5311deea4b`
SHA256	`9972e41feee6ca2d46698d97a845eae062179d85a53a77f0aa53a0a3aabeb07c`
SHA3	`ee86a0fa7d865c7132c14902bf4f3985ab96e50b61a373b2eb22b815d1e9c2e9`

104

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76511`
Detected Filetype	Icon file
MD5	`b3b75b90fdb9c1f5cec8d48b6503dba2`
SHA1	`7cbf15737d536ef3b1b34ebbfeca693005fac5d0`
SHA256	`19622b5d67859c339fb0a11d445aed8b7e973365be9d4a7aad1b3c7fb106c770`
SHA3	`70d4caa8b55149f175dd7488abe2b48f783e523e840a5a9129f0586c458b66df`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Jun-04 17:02:52
Version	`0.0`
SizeofData	`101`
AddressOfRawData	`0x29520`
PointerToRawData	`0x28120`
Referenced File	C:\Users\admin\Desktop\Новая папка\Release\ConsoleApplication9.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Jun-04 17:02:52
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x29588`
PointerToRawData	`0x28188`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Jun-04 17:02:52
Version	`0.0`
SizeofData	`920`
AddressOfRawData	`0x2959c`
PointerToRawData	`0x2819c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2019-Jun-04 17:02:52
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x429944`
EndAddressOfRawData	`0x42994c`
AddressOfIndex	`0x42c5a0`
AddressOfCallbacks	`0x41c1d4`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x42b06c`
SEHandlerTable	`0x4294c0`
SEHandlerCount	`24`

RICH Header

XOR Key	`0x7365c67a`
Unmarked objects	`0`
ASM objects (26213)	`13`
C++ objects (26213)	`168`
C objects (26213)	`22`
ASM objects (VS 2015/2017 runtime 26706)	`22`
C++ objects (VS 2015/2017 runtime 26706)	`63`
C objects (VS 2015/2017 runtime 26706)	`33`
Imports (26213)	`13`
Total imports	`125`
265 (VS2017 v15.9.5-6 compiler 27026)	`12`
Resource objects (VS2017 v15.9.5-6 compiler 27026)	`1`
151	`1`
Linker (VS2017 v15.9.5-6 compiler 27026)	`1`

67f342baea54f97a663385bb4f67f53e

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

5

6

104

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors