Manalyze report for 73f4914a93a144fc2ad8bfe42b4e3024

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2023-May-25 18:10:23
TLS Callbacks	1 callback(s) detected.
Debug artifacts	D:\a\sfsu\sfsu\target\i686-pc-windows-msvc\release\deps\sfsu.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	Interesting strings found in the binary:	`Contains domain names: github.com https://docs.rs https://github.com`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Malicious	VirusTotal score: 31/71 (Scanned on 2023-05-26 21:34:04)	`MicroWorld-eScan: Gen:Variant.Zusy.465520` `McAfee: GenericRXAA-AA!73F4914A93A1` `Malwarebytes: Malware.AI.3869784776` `VIPRE: Gen:Variant.Zusy.465520` `Sangfor: Trojan.Win32.Zusy.Va4w` `Cyren: W32/Zusy.QV.gen!Eldorado` `Symantec: ML.Attribute.HighConfidence` `Elastic: malicious (high confidence)` `BitDefender: Gen:Variant.Zusy.465520` `Avast: Win32:TrojanX-gen [Trj]` `McAfee-GW-Edition: BehavesLike.Win32.Dropper.th` `FireEye: Gen:Variant.Zusy.465520` `Emsisoft: Gen:Variant.Zusy.465520 (B)` `GData: Gen:Variant.Zusy.465520` `Jiangmin: Trojan.DllHijacker.bj` `Antiy-AVL: Trojan/Win32.SGeneric` `Arcabit: Trojan.Zusy.D71A70` `ViRobot: Trojan.Win.Z.Zusy.1935872.A` `Microsoft: Trojan:Win32/Sabsik.FL.B!ml` `Google: Detected` `AhnLab-V3: Trojan/Win.Generic.R580561` `ALYac: Gen:Variant.Zusy.465520` `MAX: malware (ai score=89)` `VBA32: BScope.Trojan.Agent` `Cylance: unsafe` `Panda: Trj/Genetic.gen` `TrendMicro-HouseCall: TROJ_GEN.R002H09EP23` `Rising: Trojan.Generic@AI.100 (RDML:nPlif50iabbwOGgiJp/tbg)` `Fortinet: W32/PossibleThreat` `AVG: Win32:TrojanX-gen [Trj]` `DeepInstinct: MALICIOUS`

Hashes

MD5	`73f4914a93a144fc2ad8bfe42b4e3024`
SHA1	`854451dc4c6dd8b374c390f1624683c4d6282508`
SHA256	`a7d2cc01c174bb6a61e5447de1ce0ee2dd8631621a75c2adfe8f2229a588689a`
SHA3	`da25a06c1371955021ca21c074cb66b7b036b16e67dfc7b2100838ce40829fb2`
SSDeep	`24576:IYvEYaSAPyoOvn60Vfn1lFSU4sOTYoR5FZ1bZkTWo+G8juvpAF0C7E4ThY+9Pe5:IY4yTKsERRTTbdnYKp7YIzNqc`
Imports Hash	`6dfcd225de21ec589ed99725ebedeaf0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2023-May-25 18:10:23
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x158200`
SizeOfInitializedData	`0x80800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00151A22 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x15a000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1dc000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`33378310b65a1aca72862bc87bdd6a3c`
SHA1	`204d58606d14bafcc70b46755ce58ccd538af9d8`
SHA256	`23868db5881a672d170908fd031675bcbbf2c32f7959c3bc255423ac06b6be28`
SHA3	`ca672766e67fda17a8ecaf8a2273ad83696abdba295deffdc702e5fd7d4aa2c0`
VirtualSize	`0x1580fe`
VirtualAddress	`0x1000`
SizeOfRawData	`0x158200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.40178`

.rdata

MD5	`c646268cf84e66c9064f23a34786bfe6`
SHA1	`f94e07fa800990d902d8d3c60b671ddf4f9ffc05`
SHA256	`7c86d6851ea4c99b81b3bb5ace5785b5a81a1b87acd0a0080b0f8d98aeef2397`
SHA3	`36463f860e1b1d7f883e1778b130622ef713fe3b8ceafdbb2d7ae723296e7032`
VirtualSize	`0x73774`
VirtualAddress	`0x15a000`
SizeOfRawData	`0x73800`
PointerToRawData	`0x158600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.29807`

.data

MD5	`ebb7377b63c8a1cf95832942856f956b`
SHA1	`f1a3611fce9626ba56073012774a46acb721a22c`
SHA256	`d63d08d72f8c78b74dd4a9155666b5c5aa541eb008198f132fdb9079d5d18993`
SHA3	`e97330f60e01842d0709a52480b041705da35ab733e98609cac76639ab343203`
VirtualSize	`0x5f4`
VirtualAddress	`0x1ce000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1cbe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.41987`

.reloc

MD5	`5c840498a826db68fa8dd5da4ff521f1`
SHA1	`669b78caa03fb10006807a9876cfae783e40602d`
SHA256	`6bb3f104d43d40b7374a25992c5bed59bc8c504c4b55c4b728b23309be470c4f`
SHA3	`b88c8c747450b34042da84da6deae84ba613b4056f117d0cfc889458b42f3643`
VirtualSize	`0xc99c`
VirtualAddress	`0x1cf000`
SizeOfRawData	`0xca00`
PointerToRawData	`0x1cc000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.55088`

Imports

ole32.dll	`CoTaskMemFree`
kernel32.dll	`ReleaseMutex` `FindClose` `ReleaseSRWLockShared` `AddVectoredExceptionHandler` `SetThreadStackGuarantee` `SwitchToThread` `GetCurrentThread` `RtlCaptureContext` `SetLastError` `GetCurrentDirectoryW` `GetEnvironmentVariableW` `SystemTimeToTzSpecificLocalTime` `GetCommandLineW` `SetFilePointerEx` `FileTimeToSystemTime` `SystemTimeToFileTime` `WaitForSingleObject` `GetTimeZoneInformation` `FormatMessageW` `HeapAlloc` `SleepConditionVariableSRW` `GetLastError` `GetCurrentProcessId` `TerminateProcess` `WakeAllConditionVariable` `WakeConditionVariable` `QueryPerformanceCounter` `GetFileType` `HeapReAlloc` `AcquireSRWLockShared` `WaitForSingleObjectEx` `CreateMutexA` `IsProcessorFeaturePresent` `GetModuleHandleA` `FindNextFileW` `CreateFileW` `GetFileInformationByHandle` `FindFirstFileW` `GetFinalPathNameByHandleW` `LoadLibraryA` `HeapFree` `GetProcessHeap` `GetModuleHandleW` `GetModuleFileNameW` `ExitProcess` `GetFullPathNameW` `GetCurrentProcess` `MultiByteToWideChar` `WriteConsoleW` `CreateThread` `InitOnceBeginInitialize` `TlsAlloc` `InitOnceComplete` `TlsFree` `GetSystemTimeAsFileTime` `GetFileInformationByHandleEx` `SetConsoleMode` `GetConsoleMode` `GetStdHandle` `TlsGetValue` `TlsSetValue` `lstrlenW` `GetConsoleScreenBufferInfo` `SetConsoleTextAttribute` `GetProcAddress` `GetCurrentThreadId` `TryAcquireSRWLockExclusive` `CloseHandle` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetSystemInfo`
shell32.dll	`SHGetKnownFolderPath`
advapi32.dll	`SystemFunction036`
bcrypt.dll	`BCryptGenRandom`
VCRUNTIME140.dll	`memmove` `_except_handler4_common` `__current_exception_context` `__current_exception` `_CxxThrowException` `__CxxFrameHandler3` `memset` `memcmp` `memcpy`
api-ms-win-crt-runtime-l1-1-0.dll	`_set_app_type` `_initterm` `_configure_narrow_argv` `_exit` `__p___argc` `_initialize_narrow_environment` `__p___argv` `_cexit` `_c_exit` `exit` `_register_thread_local_exe_atexit_callback` `_get_initial_narrow_environment` `_seh_filter_exe` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `_controlfp_s` `terminate` `_initterm_e`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-stdio-l1-1-0.dll	`_set_fmode` `__p__commode`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`free` `_set_new_mode`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2023-May-25 18:10:23
Version	`0.0`
SizeofData	`89`
AddressOfRawData	`0x1be39c`
PointerToRawData	`0x1bc99c`
Referenced File	D:\a\sfsu\sfsu\target\i686-pc-windows-msvc\release\deps\sfsu.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2023-May-25 18:10:23
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x1be3f8`
PointerToRawData	`0x1bc9f8`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-May-25 18:10:23
Version	`0.0`
SizeofData	`812`
AddressOfRawData	`0x1be40c`
PointerToRawData	`0x1bca0c`

TLS Callbacks

StartAddressOfRawData	`0x5be748`
EndAddressOfRawData	`0x5be749`
AddressOfIndex	`0x5ce280`
AddressOfCallbacks	`0x55a21c`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_1BYTES`
Callbacks	`0x0053B420`

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x5ce164`
SEHandlerTable	`0x5bd6a0`
SEHandlerCount	`806`

RICH Header

XOR Key	`0x78158704`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
Imports (31935)	`2`
C objects (30795)	`1`
C++ objects (31935)	`24`
C objects (31935)	`12`
ASM objects (31935)	`6`
Imports (30148)	`14`
Imports (30795)	`3`
Total imports	`200`
C objects (32217)	`1`
Unmarked objects (#2)	`43`
Linker (32217)	`1`

73f4914a93a144fc2ad8bfe42b4e3024

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.reloc

Imports

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors