Manalyze report for 6a21bee2b2c2a299a1ec2a1a681afad5

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Sep-11 09:03:34
Detected languages	English - United States
CompanyName	SanSoft
FileDescription	idchadvn^%$R^%%$CFCVFHG^&%hgvcjdb)!~%tJHGtyxtsx\|ihb',>.//?b`bjhbs@
FileVersion	`2.0.0.0`
InternalName	CrackME_v2.0
LegalCopyright	Copyright (C)By HN 2022
OriginalFilename	CrackME_v2.0
ProductName	CrackME v2.0
ProductVersion	`2.0.0.0`

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: crl.symauth.com http://pki-crl.symauth.com http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07 http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crl0 http://pki-ocsp.symauth.com0 pki-crl.symauth.com symauth.com`
Suspicious	The PE is possibly packed.	`Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Section .rsrc is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Section .data is both writable and executable.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCloseKey` `Possibly launches other programs: ShellExecuteA`
Info	The PE's resources present abnormal characteristics.	`Resource MYLOGO is possibly compressed or encrypted.`
Malicious	VirusTotal score: 39/72 (Scanned on 2022-12-13 12:38:55)	`Bkav: W32.AIDetect.malware1` `tehtris: Generic.Malware` `MicroWorld-eScan: Gen:Variant.Application.Graftor.737496` `FireEye: Generic.mg.6a21bee2b2c2a299` `McAfee: Artemis!6A21BEE2B2C2` `Sangfor: Trojan.Win32.Packed.Vski` `K7AntiVirus: Trojan ( 0052ab361 )` `Alibaba: Packed:Win32/EnigmaProtector.206d5968` `K7GW: Trojan ( 0052ab361 )` `Cybereason: malicious.2b2c2a` `Elastic: malicious (high confidence)` `ESET-NOD32: a variant of Win32/Packed.EnigmaProtector.M suspicious` `Cynet: Malicious (score: 100)` `APEX: Malicious` `BitDefender: Gen:Variant.Application.Graftor.737496` `Tencent: Win32.Trojan.Malware.Ikjl` `Ad-Aware: Gen:Variant.Application.Graftor.737496` `Emsisoft: Gen:Variant.Application.Graftor.737496 (B)` `VIPRE: Gen:Variant.Application.Graftor.737496` `McAfee-GW-Edition: BehavesLike.Win32.PUP.vc` `Trapmine: malicious.high.ml.score` `Sophos: Mal/Generic-S` `SentinelOne: Static AI - Suspicious PE` `GData: Gen:Variant.Application.Graftor.737496` `Webroot: W32.Adware.Gen` `MAX: malware (ai score=99)` `Antiy-AVL: Trojan[Packed]/Win32.EnigmaProtector` `Kingsoft: Win32.Troj.Generic.jm.(kcloud)` `Arcabit: Trojan.Application.Graftor.DB40D8` `Microsoft: Program:Win32/Uwamson.A!ml` `Google: Detected` `ALYac: Gen:Variant.Application.Graftor.737496` `VBA32: Trojan.Wacatac` `Malwarebytes: Malware.AI.4258679026` `Ikarus: Trojan.Win32.Enigma` `MaxSecure: Trojan.Malware.300983.susgen` `Fortinet: Riskware/Application` `Zoner: Probably Heur.ExeHeaderL` `CrowdStrike: win/malicious_confidence_70% (W)`

Hashes

MD5	`6a21bee2b2c2a299a1ec2a1a681afad5`
SHA1	`bf7d67faf807519d95be4c20d15cd72e877ab556`
SHA256	`d02073df234f693d60aac7218705efef297e6cab2d320f60ecbf280006301228`
SHA3	`d1964398127d1ca23a5d4bcdcb1e1a2deb0aa04f25a2999e31074900f5c4fe25`
SSDeep	`49152:z6LA1uNZF4ezU+mDzLhjBkP7QisyfD6jo/QZYcMpiyQsChxCM17yX9x:zGFZPm/JBGUnyL6jo42cAihFCMoXT`
Imports Hash	`8ca725a2068c8289d66d1d2724a05399`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2022-Sep-11 09:03:34
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x281600`
SizeOfInitializedData	`0x1d2e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x008071C8 (Section: .data)`
BaseOfCode	`0x1000`
BaseOfData	`0x283000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x80a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x200000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

Section_1

MD5	`e1d0486d1aa53b7e5283e1914cd04801`
SHA1	`9f8ae5f318268f4720218cf08fef7c23e33e3796`
SHA256	`ce2dd8aad58b145aced9825c7948d957356f437c10f7497e83cb7a6773a823aa`
SHA3	`f24c50ede4b831bfceb0e0d486b6547459278ae5a05621fe37c3e280902dc6dd`
VirtualSize	`0x282000`
VirtualAddress	`0x1000`
SizeOfRawData	`0xcfc00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99972`

Section_2

MD5	`2e5f1ed09b9970a78cf9f4491e668a4c`
SHA1	`fc9b47bc3c09cb1af9fcd42386e339e0b3ed6f18`
SHA256	`7aa436f1ca8efb4ae33e6ece8ed2b0f078effd013316960363fb97b272f0c9b0`
SHA3	`110c50103992bb8c354a5849e497707675261f4dbd9eaba80a54346fca3e488f`
VirtualSize	`0x11c000`
VirtualAddress	`0x283000`
SizeOfRawData	`0x43400`
PointerToRawData	`0xd0000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99872`

Section_3

MD5	`bcc2d06f23871319f849652457fe2f84`
SHA1	`2e6bab908cacde484d1664a35d5d00720ad543e9`
SHA256	`a2d9e9ec6fe1d7bcdc3cebbc0f75ff0530d170c59bb140117bcfc41796dfa1e7`
SHA3	`3c00c4faab18f0983475f0a50d82fde93b42534ab116a18cee51fe9452609612`
VirtualSize	`0x37000`
VirtualAddress	`0x39f000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x113400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.98015`

Section_4

MD5	`5ff8ce104b4e24b5b6b3d45a176bd1a3`
SHA1	`815088d705c3d8e3c6e925ab040bb6d9f0b1e457`
SHA256	`d8501e4104c12038aff91b93ac058a9b6a02c9439cfbed580968d81f759956e9`
SHA3	`1f894fc9d5d54932b67865f2bb250829959f002eb33e41515c2bf65454edcf3c`
VirtualSize	`0x44000`
VirtualAddress	`0x3d6000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x115c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.69781`

Section_5

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x3e000`
VirtualAddress	`0x41a000`
SizeOfRawData	`0`
PointerToRawData	`0x117400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`ea29a9b0dfbc8293e5cb176045d27af8`
SHA1	`5fc3b0fbc56d48a8557a7629341589253076d1b2`
SHA256	`7aa335da475da73e088e2904a511f8bd04ac4976252f2c1ad90d5f5265582daa`
SHA3	`8c1fa7f15cb52bc4b9cd0d9be89b25cad7ed2db3c7356a60bd98b26bce0b276e`
VirtualSize	`0x4000`
VirtualAddress	`0x458000`
SizeOfRawData	`0x3200`
PointerToRawData	`0x117400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.42137`

Section_7

MD5	`c06c982927456410ba49f266eab9f196`
SHA1	`f7686fd13f95f4c8b95b45f87f4b0f242ef5a997`
SHA256	`c8807d5610fce054dccff0e5c6dc400691487bec5f2ec4302018ccd6638f5445`
SHA3	`8714445a79e1d431d8aa2c2a04f8f8368b3b460ab59393b6f5dedabfebfc5dc7`
VirtualSize	`0x29d000`
VirtualAddress	`0x45c000`
SizeOfRawData	`0x2fc00`
PointerToRawData	`0x11a600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99886`

.data

MD5	`b768fde6fd828e3a13d2098f89fd781a`
SHA1	`28649f44486d414f3498aa3d4cceffb956abd639`
SHA256	`ebb9434ce45ef820c016e59fb2251e2b8d66a4ddda8644cb3588f02848e84a0f`
SHA3	`e930b2760ba8fc0bb11be8fa068e269e36239bfd482ee26e1dc1e6e6aaf8dc7d`
VirtualSize	`0x111000`
VirtualAddress	`0x6f9000`
SizeOfRawData	`0x110200`
PointerToRawData	`0x14a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.9767`

Imports

kernel32.dll	`GetModuleHandleA` `GetProcAddress` `ExitProcess` `LoadLibraryA`
user32.dll	`MessageBoxA`
advapi32.dll	`RegCloseKey`
oleaut32.dll	`SysFreeString`
gdi32.dll	`CreateFontA`
shell32.dll	`ShellExecuteA`
version.dll	`GetFileVersionInfoA`
COMCTL32.dll	`#17`
RPCRT4.dll	`UuidToStringW`
OLEACC.dll	`LresultFromObject`
UxTheme.dll	`SetWindowTheme`
MSVCP140.dll	`??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z`
SHLWAPI.dll	`SHAutoComplete`
MSIMG32.dll	`GradientFill`
VCRUNTIME140.dll	`_except_handler4_common`
api-ms-win-crt-heap-l1-1-0.dll	`malloc`
api-ms-win-crt-runtime-l1-1-0.dll	`exit`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vsscanf`
api-ms-win-crt-string-l1-1-0.dll	`wcsncpy`
api-ms-win-crt-convert-l1-1-0.dll	`wcstod`
api-ms-win-crt-utility-l1-1-0.dll	`qsort`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-time-l1-1-0.dll	`_gmtime64`
api-ms-win-crt-environment-l1-1-0.dll	`_wgetcwd`
api-ms-win-crt-filesystem-l1-1-0.dll	`_wremove`
api-ms-win-crt-math-l1-1-0.dll	`_libm_sse2_sin_precise`
WINSPOOL.DRV	`DocumentPropertiesW`
COMDLG32.dll	`CommDlgExtendedError`
ole32.dll	`ReleaseStgMedium`

Delayed Imports

MYLOGO

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x40428`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.8852`
MD5	`044cf19df53eb14e397ceb76956aa2a0`
SHA1	`7f8afa51f54bcc776f5646ae840afd7559cb3ffd`
SHA256	`0e4460998efe9ade37a801f3f7984dc6cfe249d73d6a902947ff19023b8615ce`
SHA3	`6b40df0e327cfaed21c50d6a5a06036ff81065c2d20bacf9d72747310df0b597`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x289a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.84883`
Detected Filetype	PNG graphic file
MD5	`c376f761ba54e7d0b0f33f425703b53e`
SHA1	`68691870fb001926aa560a6e10e748faae892a71`
SHA256	`68b0877d4a9516edc795f38044244d1a07f553cbd0d5e6160738b921eeb87b59`
SHA3	`59bdaf220eadd40a6895c0c6e74e92e25fc57552b71d0adb8dc9b62193f071bf`

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.51664`
Detected Filetype	Icon file
MD5	`723b37f9a29d92721298f374f84a61c8`
SHA1	`b021d68eea25bc1c444c3df19d4a1eaf3f76d74c`
SHA256	`3e702cded575467267f0b79217e9095877a8617eb4b74f09a0ff22e7aef7598a`
SHA3	`2e4ad13f8efb548f63ef049726f9f2a9130580b41cf0e91587874d3739654859`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x330`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.54076`
MD5	`9cc6687826a382ad3300dfb491d1c1d1`
SHA1	`e9509364596909467cd8a3891f89bf8c1ff74ed2`
SHA256	`22c33fb906e1254a8e9da76357dd5e87df191285bb4f6f7e35e4eef9afde90fc`
SHA3	`b2021ad3648dca0abbc0c8ad3d757ae2e89418f535a4f1b6fc374ba55ecf52f9`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.7816`
MD5	`19c88f8b9807e50f5d6ce68ee876a578`
SHA1	`95db9afaaa1448628d6972b90e86927630636ba6`
SHA256	`9672049d94bcd83926b406da350c7c0e0edf322ba6a309f8362da4584bcee65e`
SHA3	`f7427a739c46ab2f703ab82d436b633d8ddf00e324eaab898e599df6fe5ea1f5`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.0.0.0
ProductVersion	2.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	SanSoft
FileDescription	idchadvn^%$R^%%$CFCVFHG^&%hgvcjdb)!~%tJHGtyxtsx\|ihb',>.//?b`bjhbs@
FileVersion (#2)	2.0.0.0
InternalName	CrackME_v2.0
LegalCopyright	Copyright (C)By HN 2022
OriginalFilename	CrackME_v2.0
ProductName	CrackME v2.0
ProductVersion (#2)	2.0.0.0

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0xafc028`
EndAddressOfRawData	`0xafc1a0`
AddressOfIndex	`0xafc018`
AddressOfCallbacks	`0xafc020`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

XOR Key	`0x8e1f943`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`22`
C++ objects (VS2022 Update 3 (17.3.0) compiler 31616)	`34`
C objects (VS2022 Update 3 (17.3.0) compiler 31616)	`12`
ASM objects (VS2022 Update 3 (17.3.0) compiler 31616)	`11`
Imports (VS2022 Update 3 (17.3.0) compiler 31616)	`4`
C objects (VS2022 Update 3 (17.3.0-3) compiler 31629)	`25`
C++ objects (VS2022 Update 3 (17.3.0-3) compiler 31629)	`268`
C objects (30795)	`9`
C objects (CVTCIL) (30795)	`1`
Imports (30795)	`31`
Total imports	`761`
C++ objects (LTCG) (VS2022 Update 3 (17.3.0-3) compiler 31629)	`2`
Resource objects (VS2022 Update 3 (17.3.0-3) compiler 31629)	`1`
151	`1`
Linker (VS2022 Update 3 (17.3.0-3) compiler 31629)	`1`

Errors

[*] Warning: Section  has a size of 0!