Manalyze report for 71e74306d9f78dbb9583c3327f875946

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2013-Oct-17 03:09:52
Detected languages	English - United States
Comments	Microsoft Teams
CompanyName	Microsoft Corporation
FileDescription	Microsoft Teams
LegalCopyright	Microsoft Corporation
LegalTrademarks	MS
ProductName	Microsoft Teams
FileVersion	`1.10.0056`
ProductVersion	`1.10.0056`
InternalName	MSTEAM
OriginalFilename	MSTEAM

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual Basic 5.0` `Microsoft Visual Basic v5.0/v6.0` `Microsoft Visual Basic v5.0 - v6.0`
Malicious	VirusTotal score: 26/68 (Scanned on 2021-07-28 15:12:52)	`Bkav: W32.AIDetect.malware2` `Elastic: malicious (high confidence)` `McAfee: Artemis!71E74306D9F7` `CrowdStrike: win/malicious_confidence_80% (D)` `BitDefenderTheta: Gen:NN.ZevbaF.34050.fm0@a4iXa5ai` `ESET-NOD32: a variant of Win32/GenKryptik.FIBC` `APEX: Malicious` `Kaspersky: UDS:DangerousObject.Multi.Generic` `BitDefender: Gen:Variant.Razy.897973` `MicroWorld-eScan: Gen:Variant.Razy.897973` `Avast: Win32:Trojan-gen` `Ad-Aware: Gen:Variant.Razy.897973` `F-Secure: Trojan.TR/Kryptik.unbgj` `McAfee-GW-Edition: BehavesLike.Win32.BadFile.mm` `FireEye: Gen:Variant.Razy.897973` `Emsisoft: Gen:Variant.Razy.897973 (B)` `GData: Gen:Variant.Razy.897973` `Arcabit: Trojan.Razy.DDB3B5` `ZoneAlarm: UDS:DangerousObject.Multi.Generic` `Microsoft: Trojan:Win32/Caynamer.A!ml` `ALYac: Gen:Variant.Razy.897973` `MAX: malware (ai score=80)` `SentinelOne: Static AI - Suspicious PE` `Fortinet: W32/Kryptik.FHVV!tr` `AVG: Win32:Trojan-gen` `Qihoo-360: HEUR/QVM03.0.E37B.Malware.Gen`

Hashes

MD5	`71e74306d9f78dbb9583c3327f875946`
SHA1	`086bc0e2994e030d79484b138ed57ea6611467dd`
SHA256	`963043215c54f2a5b1ae6a53787ed78c838beb576e2744e304665f611c7fcb60`
SHA3	`c277061810b013a5532fcee3bf06b1206859480e72ab2bab32c44e133df1f836`
SSDeep	`768:tmsR22y5tviCz8AvoXicxStuKFDVvmyCE8sjk01eqG2tfolL3uDbhosOc:tms45fz8AwycmFDNmnso07G2tKeoo`
Imports Hash	`7be5ce563aba0a332d6ee101ce2ee420`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2013-Oct-17 03:09:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.10`
SizeOfCode	`0x11000`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001324 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x12000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`1.A`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x14000`
SizeOfHeaders	`0x1000`
Checksum	`0x224df`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`44f65429a7c4e947f297b27919bd92da`
SHA1	`42254e5b403ae9ef96653b4092219c1a4a0a60ab`
SHA256	`ddb9974126e8f3aa0df6f561c0b61b657c8b5acf009c3fc8e1bc7ab205f5dfd4`
SHA3	`f1fef41a7306c5dc3e24329477ecf1b5273907d2961ce93ceb801845c40a6e76`
VirtualSize	`0x10304`
VirtualAddress	`0x1000`
SizeOfRawData	`0x11000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.08113`

.data

MD5	`620f0b67a91f7f74151bc5be745b7110`
SHA1	`1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d`
SHA256	`ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7`
SHA3	`a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563`
VirtualSize	`0xd1c`
VirtualAddress	`0x12000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x12000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`5eed1e38faff0bf691cb608e445f4744`
SHA1	`94825c04ccb07422d64afc5ebba9ab0d9214a5da`
SHA256	`7d96420fb84d2c0ce60f8764d7c83d80cc3ffd0221d1e3a81301dbfec75eb11a`
SHA3	`95b5234bbafe4a49d5936fbabfd5694329cebe525c24b341a5f6b6d67c1fe059`
VirtualSize	`0x57c`
VirtualAddress	`0x13000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x13000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.48311`

Imports

MSVBVM60.DLL	`_CIcos` `_adj_fptan` `__vbaFreeVar` `__vbaStrVarMove` `__vbaFreeVarList` `__vbaEnd` `_adj_fdiv_m64` `#514` `__vbaFreeObjList` `_adj_fprem1` `__vbaSetSystemError` `__vbaHresultCheckObj` `_adj_fdiv_m32` `__vbaObjSet` `__vbaCyAdd` `#595` `_adj_fdiv_m16i` `__vbaObjSetAddref` `_adj_fdivr_m16i` `#705` `_CIsin` `__vbaChkstk` `EVENT_SINK_AddRef` `__vbaStrCmp` `__vbaVarTstEq` `DllFunctionCall` `_adj_fpatan` `__vbaLateIdCallLd` `EVENT_SINK_Release` `_CIsqrt` `EVENT_SINK_QueryInterface` `__vbaFpCmpCy` `__vbaExceptHandler` `_adj_fprem` `_adj_fdivr_m64` `#531` `#716` `__vbaFPException` `#717` `_CIlog` `#647` `__vbaFileOpen` `__vbaNew2` `_adj_fdiv_m32i` `_adj_fdivr_m32i` `__vbaStrCopy` `__vbaFreeStrList` `_adj_fdivr_m32` `_adj_fdiv_r` `#685` `#100` `__vbaVarTstNe` `__vbaI4Var` `__vbaLateMemCall` `__vbaVarDup` `__vbaStrToAnsi` `_CIatan` `__vbaStrMove` `__vbaUI1Str` `#541` `_allmul` `__vbaLateIdSt` `_CItan` `_CIexp` `#580` `__vbaFreeStr` `__vbaFreeObj`

Delayed Imports

30001

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x128`
TimeDateStamp	2013-Oct-17 03:09:52
Entropy	`2.92396`
MD5	`4662dbe118465dd5730f0df0d0af6405`
SHA1	`6c500d3504b6d57ecbfee17a427d85b4e33c67d3`
SHA256	`38aa31f0c94ab953b40b21e75ff918ed29893260a989635a49c5e88dba3b0c0b`
SHA3	`a3dc02e31bd54fac336d6aeafdbcd4699e1e4fb086b50e2a6006127915e2e60b`

1

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Unicode (UTF 16LE)
Size	`0x14`
TimeDateStamp	2013-Oct-17 03:09:52
Entropy	`2.25772`
Detected Filetype	Icon file
MD5	`791c51c977eb395cf47d1cf0a36cc458`
SHA1	`149cd043fa7e95ffc3828bce01ea5d424fe57907`
SHA256	`6b50a88f2d9901ebf48799084ebd0a534ca27cd097c21c90deb439ab844698eb`
SHA3	`5a5899fed526ae3758e2b687ff0a34f1e8d00b2d28a5359d6d8106c53dab70bc`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Unicode (UTF 16LE)
Size	`0x350`
TimeDateStamp	2013-Oct-17 03:09:52
Entropy	`3.30818`
MD5	`becbc1c17b77b641e6916751be09b184`
SHA1	`403278c94e62be6f30b9a0dfbdc8c2ba63b41a5a`
SHA256	`f3e0ec0a4dd3690907d3b7d5c014638d52d772b8881d07226e27468fa050a467`
SHA3	`d84545d4b3866dd19845c9a8ca80c08d1e353a4e35e0ee5df68fee52d630926b`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.10.0.56
ProductVersion	1.10.0.56
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	Microsoft Teams
CompanyName	Microsoft Corporation
FileDescription	Microsoft Teams
LegalCopyright	Microsoft Corporation
LegalTrademarks	MS
ProductName	Microsoft Teams
FileVersion (#2)	1.10.0056
ProductVersion (#2)	1.10.0056
InternalName	MSTEAM
OriginalFilename	MSTEAM

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x91a80893`
Unmarked objects	`0`
14 (7299)	`1`
9 (8783)	`8`
13 (VS98 SP6 build 8804)	`1`

71e74306d9f78dbb9583c3327f875946

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.rsrc

Imports

Delayed Imports

30001

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors