Manalyze report for 6ae646fa1bb9b9632a50cc9a87cbffb32319a08422566ea0004dba93b437c300

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Mar-07 22:42:34
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.
CompanyName	YUB-X
FileDescription	YUB-X
FileVersion	`1.3.0`
ProductName	YUB-X
ProductVersion	`1.3.0`

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .\zW` `Unusual section name found: .Q!m` `Unusual section name found: .+Iy`
Suspicious	The PE contains functions most legitimate programs don't use.	`Leverages the raw socket API to access the Internet: freeaddrinfo`
Malicious	VirusTotal score: 36/71 (Scanned on 2026-03-11 19:01:50)	`AVG: Win64:MalwareX-gen [Misc]` `Arcabit: QD:Trojan.GenericQ.467B04B736` `Avast: Win64:MalwareX-gen [Misc]` `BitDefender: QD:Trojan.GenericKDQ.467B04B736` `Bkav: W64.AIDetectMalware` `CTX: exe.trojan.vmprotect` `CrowdStrike: win/malicious_confidence_90% (D)` `Cylance: Unsafe` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/Packed.VMProtect.AC suspicious application` `Elastic: malicious (high confidence)` `Emsisoft: QD:Trojan.GenericKDQ.467B04B736 (B)` `Fortinet: Riskware/Application` `GData: QD:Trojan.GenericKDQ.467B04B736` `Google: Detected` `Gridinsoft: Trojan.Heur!.02212023` `Lionic: Trojan.Win32.GenericKDQ.4!c` `Malwarebytes: Malware.AI.1172563012` `MaxSecure: Trojan.Malware.324995110.susgen` `McAfeeD: ti!6AE646FA1BB9` `MicroWorld-eScan: QD:Trojan.GenericKDQ.467B04B736` `Microsoft: Trojan:Win64/VMProtect!MTB` `Paloalto: generic.ml` `Rising: Trojan.VMProtect!8.F782 (LESS:bWQ1Ooqe7go0RMnZk/zlDwGdJek)` `Sangfor: Trojan.Win64.VMProtect.V78f` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: Artemis` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.high.ml.score` `TrellixENS: Artemis!7D44B04D3FCF` `TrendMicro-HouseCall: TROJ_GEN.R002H01CB26` `VIPRE: QD:Trojan.GenericKDQ.467B04B736` `Varist: W64/ABApplication.FUZH-1971` `alibabacloud: VirTool:Win/Wacatac.B9nj`

Hashes

MD5	`7d44b04d3fcf7726fe2a42565eb1d5e8`
SHA1	`8df259e630bdacffabb63fe306b6c9382203c679`
SHA256	`6ae646fa1bb9b9632a50cc9a87cbffb32319a08422566ea0004dba93b437c300`
SHA3	`c8e1a0c929707858c2d3e9ab3291749f6ccb29509d5c9df26340320867583725`
SSDeep	`196608:dg7N0XAP9DAg9trWGesu3DYux4xLCBtJw+pLE4CTaNDLQzRId6yNpHz/RCw84+D:+7ZegzKG//B8t2+pY4Ce1dRHqf3CEw`
Imports Hash	`dbde9c6f5d9d465b2630d54dbb97c0f2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2026-Mar-07 22:42:34
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xbdc600`
SizeOfInitializedData	`0x7d9a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000001BE7FDC (Section: .+Iy)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2e23000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xbdc5e0`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x703e04`
VirtualAddress	`0xbde000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x5bf8`
VirtualAddress	`0x12e2000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.pdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xb184c`
VirtualAddress	`0x12e8000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.\zW

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x73a8c4`
VirtualAddress	`0x139a000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.Q!m

MD5	`96c42b3e2456535a15f37a5af98a9915`
SHA1	`99566b3e9372b56785a11e04d4da8ebb08b095fe`
SHA256	`5d37f5d090ea3f25c7cd373fd18295a9210f304f3ddd94e2c16807b43d8030f1`
SHA3	`3dba7e5e57ba70dc230776edf4259a36c63cd9a0937992b23640d2146f8d4655`
VirtualSize	`0x450`
VirtualAddress	`0x1ad5000`
SizeOfRawData	`0x600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.871835`

.+Iy

MD5	`5ed744e5e063312ee59d5a22fe6239bd`
SHA1	`415b62fd921ed11d749d83d6d21f9468344ddd30`
SHA256	`75c72c9ea873db292d9ce8283698ef924de9de1d6edec8e9f252cf9950c43a4d`
SHA3	`dec63263f8e3e3786f57ff1ce9394c7fb73f81001d09fb477c1396c9ca1c8f54`
VirtualSize	`0x133b7b4`
VirtualAddress	`0x1ad6000`
SizeOfRawData	`0x133b800`
PointerToRawData	`0xa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`7.89905`

.rsrc

MD5	`4ff82d8ff0ded3bd773468d2cafc9f71`
SHA1	`228de30d79450bd166d79f2e7aea212b2613411d`
SHA256	`2ac15cc75c7a71e0802c89452c0e0c4101bf9bc0402e3ce7b61fa772d2c52353`
SHA3	`920c95b66da13f91f5480be0b7e4470c23c1efa12094a9155ef1228164b4f8dc`
VirtualSize	`0xf89c`
VirtualAddress	`0x2e12000`
SizeOfRawData	`0xfa00`
PointerToRawData	`0x133c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.8522`

.reloc

MD5	`1239d03658ecd9856ac5bcda7354fa5c`
SHA1	`52dd532dea636571af18705a60ee38a590c24208`
SHA256	`213fcb49f77eca198050b4f7753311dccf7b14fa346c1c6797927190c130dc7e`
SHA3	`5f971a8564f88647eaeef880c6163262691c23f498f49d089616bff3e7e7b1a3`
VirtualSize	`0x114`
VirtualAddress	`0x2e22000`
SizeOfRawData	`0x200`
PointerToRawData	`0x134bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.74265`

Imports

bcryptprimitives.dll	`ProcessPrng`
ntdll.dll	`NtWriteFile`
advapi32.dll	`GetTokenInformation`
kernel32.dll	`OutputDebugStringW`
user32.dll	`GetParent`
ole32.dll	`CoUninitialize`
comctl32.dll	`SetWindowSubclass`
shlwapi.dll	`SHCreateMemStream`
api-ms-win-core-synch-l1-2-0.dll	`WakeByAddressSingle`
gdi32.dll	`DeleteObject`
dwmapi.dll	`DwmGetWindowAttribute`
shell32.dll	`CommandLineToArgvW`
oleaut32.dll	`SysStringLen`
secur32.dll	`AcceptSecurityContext`
ws2_32.dll	`freeaddrinfo`
crypt32.dll	`CertEnumCertificatesInStore`
shell32.dll (#2)	`CommandLineToArgvW`
advapi32.dll (#2)	`GetTokenInformation`
kernel32.dll (#2)	`OutputDebugStringW`
pdh.dll	`PdhEnumObjectsA`
powrprof.dll	`CallNtPowerInformation`
psapi.dll	`GetModuleFileNameExW`
bcrypt.dll	`BCryptGenRandom`
api-ms-win-crt-math-l1-1-0.dll	`roundf`
api-ms-win-crt-heap-l1-1-0.dll	`malloc`
api-ms-win-crt-string-l1-1-0.dll	`wcslen`
api-ms-win-crt-convert-l1-1-0.dll	`wcstol`
api-ms-win-crt-runtime-l1-1-0.dll	`__p___argv`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xf171`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.89353`
Detected Filetype	PNG graphic file
MD5	`589bcf69633600df71d8d731bafb2179`
SHA1	`72ef2cde483687aef64ab1a4bdfb49eca987f43d`
SHA256	`f4ebb1979cb656d96557231651197a148ea02127980d67bb5eae24de06cea361`
SHA3	`c0b2aa98e40835e042fb4c2c00056e7a9ec239133b9ee420851cb051f41607f7`

32512

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.51664`
Detected Filetype	Icon file
MD5	`c59998fd089aa2eb3d08e60d683cc0ee`
SHA1	`15f82ec7b47336d942d2301d0da6290e9afe4099`
SHA256	`11d1922ba4fe582162c5982526a02fb03fc24cb7891fb33573c5be6da363b070`
SHA3	`c0193d37a321b7e235e000c84d73c64666b27575a1de6f44b658769cbb833773`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1c4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19545`
MD5	`5bc2a00a101ae5ad94386911aa0f7f68`
SHA1	`694b9126d5f011138f1f64fe4f2a565ba8e8dc44`
SHA256	`3aa66ce1776311854c0483929f12fbe23bd3fa6ca5a3f1d18e9a4de6ff0f4192`
SHA3	`f7a8c3fac3b49beef5dca63f6d211280ef28b95a1ef4723e8d017282be2d696c`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x414`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.25279`
MD5	`44c2520f1a0c9aef2581a1cc22c58807`
SHA1	`ad861189f8f2084fd34dc6867657a6e032810b9b`
SHA256	`70b548f0b452d41d61fd0916347ea21d2e6a97dd833ad86cbcf9cdf567dacfc1`
SHA3	`6fa15955789bd271b7337a64e4741a7adbddf86aec078766c62c755612038ba4`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.2.0.0
ProductVersion	1.2.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	YUB-X
FileDescription	YUB-X
FileVersion (#2)	1.3.0
ProductName	YUB-X
ProductVersion (#2)	1.3.0

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0x141ad51e8`
EndAddressOfRawData	`0x141ad541c`
AddressOfIndex	`0x1412e74e0`
AddressOfCallbacks	`0x142299048`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_8BYTES`
Callbacks	`0x00000001428D4351` `0x0000000140B671F0`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1412e4f00`

RICH Header

Errors

[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .pdata has a size of 0!
[*] Warning: Section .\zW has a size of 0!

Leave a comment

No comments yet.