Manalyze report for 704f0c9c0ac4b55474faaf699b960e07

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `Unusual section name found: UPX2` `The PE only has 4 import(s).`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress`
Malicious	VirusTotal score: 26/54 (Scanned on 2026-02-21 09:25:28)	`APEX: Malicious` `AhnLab-V3: Trojan/Win.Lazy.R740239` `Bkav: W32.AIDetectMalware` `CrowdStrike: win/malicious_confidence_100% (D)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DrWeb: Trojan.PWS.Salat.332` `ESET-NOD32: WinGo/Agent_AGen.OW trojan` `Elastic: malicious (moderate confidence)` `Google: Detected` `Ikarus: Trojan.WinGo.Agent` `K7AntiVirus: Trojan ( 005ce1d91 )` `K7GW: Trojan ( 005ce1d91 )` `Kingsoft: malware.kb.b.787` `Malwarebytes: Trojan.Injector.UPX` `McAfeeD: Real Protect-LS!704F0C9C0AC4` `Microsoft: Trojan:Win32/Wacatac.B!ml` `SentinelOne: Static AI - Malicious PE` `Sophos: Troj/Salat-B` `Tencent: Trojan.Win32.Stealer.16001830` `Trapmine: malicious.high.ml.score` `VBA32: BScope.TrojanDownloader.Ajent` `Varist: W32/Agent.KKL.gen!Eldorado` `Webroot: W32.Trojan.Gen` `ZoneAlarm: Troj/Salat-B` `huorong: Trojan/Agent.e!crit`

Hashes

MD5	`704f0c9c0ac4b55474faaf699b960e07`
SHA1	`8a0750f318046541c8afa631e4aa9ab4439874d5`
SHA256	`bbfb68a9a510eece38238b7cd42e5515d7ff1bd50a714a47bdfca3fa9ff80023`
SHA3	`543fe4980411102882bd2e5453b425288d0ea899a18f35c6731d748ab0ab1ec9`
SSDeep	`49152:pR4iHMi/Vn8/u6yY3C0n/iuZdPZc1MuuWAQ/TppPTeQCdyrzqGhp8PiwMpUXPKd:5VF6yY3CeRl6MNStpSQGyqGsioip5kR`
Imports Hash	`6ed4f5f04d62b18d96b26d6db7c18840`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0xb21600`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`3.0`
SizeOfCode	`0x325000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0x867000`
AddressOfEntryPoint	`0x00B8BF30 (Section: UPX1)`
BaseOfCode	`0x868000`
BaseOfData	`0xb8d000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0xb8e000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x867000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`96374e8a7eb38dd9ad8a35444e18638b`
SHA1	`011e53e3b004f1c4b8e42c9fdc27c145b9e25f8a`
SHA256	`69f3e34214ada2d728a207631c3802380a8bdc669b2954e8bacc393f26ac47bd`
SHA3	`6aa2f9774e94cc806200ddcb2721e08f52a5856dce2de65a266fe357536966c3`
VirtualSize	`0x325000`
VirtualAddress	`0x868000`
SizeOfRawData	`0x324c00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99994`

UPX2

MD5	`43bb29346ec7d62d3a9c4a56738a7b5a`
SHA1	`b9fd2592b57e3467de03867d14e79c72d4e6a00c`
SHA256	`432d7bcecb84d4f3956b09149bc5576def5993d908651a4fbee0bdca33621b50`
SHA3	`049c4580035ebfa11a1373c1dfb7ab40bb7b558e6c6c3faf871624e02464ac5a`
VirtualSize	`0x1000`
VirtualAddress	`0xb8d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x324e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.46963`

Imports

KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!