Manalyze report for 74b91fb5bb5c61ed31d7e0ddf5ea7cd1c5ddea3648860dd99633e73850e83f37

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2008-Jan-07 15:35:41
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C# v7.0 / Basic .NET` `Microsoft Visual C++ 8.0` `MASM/TASM - sig1(h)` `MSVC++ v.8 (procedure 1 recognized - h)`
Suspicious	PEiD Signature:	`Armadillo v4.30 - 4.40 -> Silicon Realms Toolworks`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VirtualPC presence: 0f 3f 07 0b`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to TEA`
Malicious	The PE is packed with Aspack or Armadillo	`Unusual section name found: .text1` `Section .text1 is both writable and executable.` `Unusual section name found: .adata` `Section .adata is both writable and executable.` `Unusual section name found: .data1` `Unusual section name found: .ARTeam` `The RICH header checksum is invalid.`
Suspicious	The PE contains functions most legitimate programs don't use.	`Can access the registry: RegSetValueExA RegCloseKey RegCreateKeyExA` `Possibly launches other programs: CreateProcessA` `Manipulates other processes: ReadProcessMemory WriteProcessMemory`
Info	The PE's resources present abnormal characteristics.	`Resource 3 is possibly compressed or encrypted.`
Malicious	VirusTotal score: 45/72 (Scanned on 2025-08-22 15:54:00)	`APEX: Malicious` `Alibaba: Trojan:Win32/Tiggre.4a67da45` `Antiy-AVL: Trojan/Win32.Wacatac` `CAT-QuickHeal: Trojan.HeurCS.S148159` `CTX: exe.trojan.tiggre` `ClamAV: Win.Trojan.6891780-1` `CrowdStrike: win/malicious_confidence_90% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `Google: Detected` `Ikarus: Backdoor.Win32.VB` `Jiangmin: DangerousObject.Multi.age` `K7AntiVirus: Riskware ( 0040eff71 )` `K7GW: Riskware ( 0040eff71 )` `Kaspersky: UDS:DangerousObject.Multi.Generic` `Kingsoft: malware.kb.a.1000` `Lionic: Trojan.Win32.Tiggre.4!c` `Malwarebytes: Malware.AI.2404128375` `MaxSecure: Trojan.Malware.1402400.susgen` `McAfeeD: ti!74B91FB5BB5C` `Microsoft: Trojan:Win32/Tiggre!rfn` `NANO-Antivirus: Trojan.Win32.Agent.mtyya` `Paloalto: generic.ml` `Panda: Trj/CI.A` `Rising: Trojan.Kryptik@AI.96 (RDML:MZkG2W6CK7HFmFQWxU/cNw)` `SUPERAntiSpyware: Trojan.Agent/Gen-Kazy` `Sangfor: Trojan.Win32.Tiggre.Vy3k` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Backdoor.dm` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.11493083` `Trapmine: malicious.moderate.ml.score` `TrellixENS: GenericRXAT-KM!6E4AA3D87CB3` `TrendMicro: TROJ_GEN.R002C0CD525` `TrendMicro-HouseCall: TROJ_GEN.R002C0CD525` `VBA32: Trojan.Tiggre` `Varist: W32/Risk.NKQL-7357` `VirIT: Trojan.Win32.Generic.NOV` `Webroot: W32.Malware.Gen` `Xcitium: Malware@#1pd8hr8hjztgy` `alibabacloud: Software:Multi/Tiggre.Gen` `tehtris: Generic.Malware`

Hashes

MD5	`6e4aa3d87cb3b35dbdef34b5f268a374`
SHA1	`441ed576b03558130ecacd7c03408c6033b54894`
SHA256	`74b91fb5bb5c61ed31d7e0ddf5ea7cd1c5ddea3648860dd99633e73850e83f37`
SHA3	`bcfcc4cd9c3266c4037f50af07dec5d3aa7a3a872fb03c734e04166a5c7efb00`
SSDeep	`12288:AX2IRXk+aiptW5v9edN1gFAbdYgxBLraaW:AX2Ie+qI+oBraaW`
Imports Hash	`619cbd37c91afb50adfd1979e535ddf6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`9`
TimeDateStamp	2008-Jan-07 15:35:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`83.0`
SizeOfCode	`0x1000`
SizeOfInitializedData	`0x6e000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000104C (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x403000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`4.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xf5000`
SizeOfHeaders	`0x1000`
Checksum	`0xc1814`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0e4670d20bd02df910af7cd52231d112`
SHA1	`7c358187c3a0a9ecb9fcac0fb90edc6129005011`
SHA256	`5a606724ae3784dbcdedbb35c98d867272328c17f18876c1fd7a271ebef81f99`
SHA3	`c0cbfb64012fbe0e0847f39bf7423d1cd9132f783cab9c1ccb6f5f70ffb87988`
VirtualSize	`0x1000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`2.31316`

.rdata

MD5	`6b5d85025672a21121bae67b112744af`
SHA1	`820304aa2fed0f05c5a82bae9ea93ee0580f4a2a`
SHA256	`fc041534e1bf253cc12dddb01ff8770a0fca7300ce6d58f3183f297766f128ff`
SHA3	`47656af1c44f3dc01328eadcc1ec1d66ad0a762b12921dc5098fd7ef95b15a72`
VirtualSize	`0x1000`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.347275`

.data

MD5	`4b7204f4aef354e96c5df49ee375bb6f`
SHA1	`3b05adf23967bb84511f1c2dbbff92ad9074d659`
SHA256	`862beb74976e576251e162bfa61b797b54d2a8c895fbb1455e8f5fcbb36b62c5`
SHA3	`9d90e7d9c4823452573defa7ffd674dece698a40369964eadff8a86eb8c136d5`
VirtualSize	`0x1000`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.687095`

.text1

MD5	`a4b53fc53da28b4849320110a45de909`
SHA1	`2f3b51c265cbc9e2364540b92e81e5d4f68d98f9`
SHA256	`a2554d361f5f63c49d002935730fb2101b1fe366545edd0c869d73e339b89311`
SHA3	`7fe8202b5a060b1c064cf8363085328532ebd37e786e7f325681db59ba10d706`
VirtualSize	`0x50000`
VirtualAddress	`0x4000`
SizeOfRawData	`0x50000`
PointerToRawData	`0x4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.753`

.adata

MD5	`e42494d2c1e9e42ceb65c853a5d41ee4`
SHA1	`b669e91a673e30f428b2c942451255c2d2159e9c`
SHA256	`81dfad27ed541a1b880c9a3933ca64f2a689e8f57a3705d04c947e6a9f9718a6`
SHA3	`1153095c3bb7df17a9d9f55a57d7e1b6a01851aa79f6f48a26d3524ef4bcff10`
VirtualSize	`0x10000`
VirtualAddress	`0x54000`
SizeOfRawData	`0x10000`
PointerToRawData	`0x54000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.93082`

.data1

MD5	`2db3e7741d74e24f9460010730bc8c82`
SHA1	`6538f1ec523eb9cc2ae46a86862c19ff527d00dc`
SHA256	`e5d331e2103ee57e6406bc29e7bc7f735272f3601288fb0cef04ef3cc8186818`
SHA3	`1d745949317936180132c4c374df0dc104fd59f2204e81abc65612b4eb64ab61`
VirtualSize	`0x20000`
VirtualAddress	`0x64000`
SizeOfRawData	`0x20000`
PointerToRawData	`0x64000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.68086`

.pdata

MD5	`d4b522b567f790661dacef7e7e249a48`
SHA1	`9828ccafcfac6b3e59c73c6b2d8318df99e4c724`
SHA256	`6e91087d8301d2134463b3513c85f8c8db4396cd6680435b0f909537ca235ff9`
SHA3	`3ea16048cc5e311c7f3bf0bf19fdcf8dd7067723c4489cc8b027d7ab919022d2`
VirtualSize	`0x50000`
VirtualAddress	`0x84000`
SizeOfRawData	`0x50000`
PointerToRawData	`0x84000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.30668`

.rsrc

MD5	`cb6257d325d286825aa5d0868686e3e9`
SHA1	`42c349374808a724ceaee81caf1cd072158bc50b`
SHA256	`fe488c1444d56cc896190a9e3761093420de20db36e528d62c64f9cf16253836`
SHA3	`02d90964f3926e62a6ba77b57fd88245dbbc7452dab32bdaa95dedb2244f50fb`
VirtualSize	`0x20000`
VirtualAddress	`0xd4000`
SizeOfRawData	`0x20000`
PointerToRawData	`0xd4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.36307`

.ARTeam

MD5	`e9e7f4d8c5a87b84f659ccb5b5885f35`
SHA1	`ccab4a6a13b36e2ebefdb99089c2a425d5bb36b6`
SHA256	`d8b9801764337ff12a46b6cff873168fe6b389dfd88715e5cca6b7eee3400532`
SHA3	`d53044677031ea92793dcfe2bdba6145b2722a5171ff74af9ab7aaebe310485b`
VirtualSize	`0x1000`
VirtualAddress	`0xf4000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xf4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.867626`

Imports

ADVAPI32.dll	`RegSetValueExA` `RegCloseKey` `RegCreateKeyExA`
kernel32.dll	`CreateProcessA` `DeleteFileA` `ExitProcess` `FindResourceA` `ReadProcessMemory` `CreateFileA` `Sleep` `SuspendThread` `TerminateProcess` `WriteFile` `WriteProcessMemory` `CloseHandle` `ResumeThread`
USER32.dll	`MessageBoxA`

Delayed Imports

50

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xac93`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.75721`
Detected Filetype	PNG graphic file
MD5	`28bcf40dd224e0df7e81d1536f22375c`
SHA1	`cd104c7b724dda18d22e5a57ee7db7f412d569c9`
SHA256	`0be53b5c559174058f31e1563abdb7152f5086ea81ca086ecd0db3df3700be1c`
SHA3	`71ab88a2e003050ca9d5102b18b6c9e03a9dc07a7fcc2d29dbfd1b3970437921`

51

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34119`
MD5	`140f7131faae57fb84f8219243794b41`
SHA1	`968f636757330677880dab27f1c3d89f01e09233`
SHA256	`c013b59a09a570acdb6d5a44ac803ab18f6b97b2cf3cd99b8054f0e43bcae4e4`
SHA3	`8531ca8a7069a02f55c168cc80900832211ce5105b76484a45a800082a891c5c`

52

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.6146`
MD5	`208b2430db84ec8a4a2672f0b8f68a43`
SHA1	`69a69b6d9500fe4e4146434205e42b6ea5cfb158`
SHA256	`c8d5f5cb826c9a1b67c19ee5f55a6b8aee4929ec61c46de4aeb7159c2c57e5bf`
SHA3	`f6fce58a282de3d3056d3da0b49217de1a03bda2d01b23bc6f8a87beddbc0e1e`

53

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.90344`
MD5	`dbd83a2c266b2b6ca206dd6aa8854efa`
SHA1	`4257a4666e052fec6fab24d10a61c643a1fec388`
SHA256	`e6faaec0e83cf1031db07b73b72e914817dfe9038d5ac992a4375229bd88ba2c`
SHA3	`2f18945162e6c61d98bb7e3b5731cc63d308bbb5df3d449e37e303ee1a337bb2`

54

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.12202`
MD5	`4ce0b94d2f77a3f38ad4afb32e7413e1`
SHA1	`9e4ce3ba1745c93b4b350a74aeec27280f8f1a9d`
SHA256	`4980db67317ed20027e5c0064daf163f70907f3b92a5c946b7389ebbb4eaba26`
SHA3	`ba953022ec66766b34fc57fb163768692973c394083753b712f8b1f683ee2083`

55

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.4446`
MD5	`5db2720433633e2ba17e3c445d129749`
SHA1	`1f1aac08a7e416454afccaa6a053beddf4fb28f1`
SHA256	`99f69f03f7ed3ef49617df751ebb7462ba73e52d2b4b955ede2685b766f6910c`
SHA3	`2603704e801427a036a1fa226b88c046c868119768ecccca46a488fed534fce1`

2

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x112`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.12192`
MD5	`fb9e3fce7fe287419a2a8cbffcf0499c`
SHA1	`d5deec2a10703b1f6de57365edd425578ac33904`
SHA256	`6fd79169ade0ec374000bc4491a27a4a44a3050070547aa383428e2c44e3e8fb`
SHA3	`78acac2e1415357190bc8407140fc9a32319282ff2197f6e6558c5b331015c73`

3

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.47826`
MD5	`0de37f6b2c1e34ed985fa40edc5b9911`
SHA1	`61be7840de9931a288ca9abdea1c942b84ce66b6`
SHA256	`4c1dfddfaceda12bb8e92ade509330efbf10a8372d0a4ba901267cb467fe190d`
SHA3	`a879d8e4986c5c654ac025851bb6d0c8bdc1238e04221a1bd66d70a49f3087c0`

ICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.91607`
Detected Filetype	Icon file
MD5	`558fd65f6c5527aba31aacf793c09e9d`
SHA1	`fba9048d8c30f3cdeea6d55b40c65297929cb81f`
SHA256	`72c0bb6b0a2bd2aca663b2c4d5130e9f49d11eb947b64a2caa8e947b5bf65a91`
SHA3	`07e2aac5f95010ab937b9e7f33dab734454a248ba6e30579edc83d52599f4591`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x167f96c6`
Unmarked objects	`0`
19 (8078)	`24`
18 (8444)	`1`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

Leave a comment

No comments yet.