Manalyze report for 766e28b7836848abc9187d1d07fa46fa

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1999-Oct-12 13:06:06

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Info	Interesting strings found in the binary:	`Contains domain names: globes.com globetrotter.com www.globetrotter.com`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegCloseKey RegQueryValueExA RegOpenKeyExA RegSetValueExA RegDeleteValueA RegCreateKeyExA RegEnumValueA RegQueryValueA RegOpenKeyA` `Enumerates local disk drives: GetVolumeInformationA GetDriveTypeA`
Suspicious	VirusTotal score: 2/71 (Scanned on 2024-11-29 12:27:36)	`MaxSecure: Trojan.Malware.300983.susgen` `VBA32: TrojanRansom.Medusa`

Hashes

MD5	`766e28b7836848abc9187d1d07fa46fa`
SHA1	`a5fc6bcb4331afbb12bf150d6f0d4c1acc81bcbd`
SHA256	`1b959e41db4271c409661aeba6374239d24ac7fd694eca1770c0ecc96f131702`
SHA3	`77a102c5b230ff8da6b3cef0a61fecf6e26d19cc9634285e2423c791c0a459ae`
SSDeep	`12288:was662PgWi4CBvy9QX7OEdgsAS9i/2cqMWrFGjuuH9/1jZirU:j62PgWi4CB69QXaS9i/2caoJRGU`
Imports Hash	`983d80295aa2fc9026cc4a0bfd17f720`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	1999-Oct-12 13:06:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6b000`
SizeOfInitializedData	`0x18000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0003C0DB (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x6c000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x84000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`89ef53d5f856e0550ef5061b72fd0b7c`
SHA1	`af34cb11bfa3703a1f347bce833963798ed03766`
SHA256	`3fbda50fe7533b5a9fd721372bdfe6d46c3ab6520682ad93fe46ae914a47329e`
SHA3	`925be807c6f0ddb366f3db56809f3e5f95b5d787720b2cf5e21901dea56133e3`
VirtualSize	`0x6a4e4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6b000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.28321`

.rdata

MD5	`94b7ee048bfebfafb429a200dee903e5`
SHA1	`6db09c82927d776e1d84426b9f998c68b09d45d9`
SHA256	`ff8f6f3af6f203f58610e226b178c3efc60d316ba5a8b7e3d077ec26a2ebf5d6`
SHA3	`3b82e5b83de4867db5f743c70319d698fc4925f3a69c2246d99fb3b30df9500c`
VirtualSize	`0x1ffa`
VirtualAddress	`0x6c000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x6c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.43179`

.data

MD5	`5525d37ce96c4f58fa628f2ac3e6bfcf`
SHA1	`15d6a5c6a0f39de4fcfaef5fa4fe64de6b0243d8`
SHA256	`8ae68ee7b70f8f0b90d6285bbb4c4e70273ae861680b793cc95e7f87bf63c64c`
SHA3	`8fbbd0f2dbf2736f2d6dadc02332ad7ea3379525f6acbb24418e0a3536bdf3d6`
VirtualSize	`0x15844`
VirtualAddress	`0x6e000`
SizeOfRawData	`0xc000`
PointerToRawData	`0x6e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.17743`

Imports

KERNEL32.dll	`GetCurrentProcess` `GetVolumeInformationA` `GetDriveTypeA` `GlobalFree` `GetProcessTimes` `GlobalAlloc` `FindFirstFileA` `FindNextFileA` `FindClose` `OpenSemaphoreA` `CreateSemaphoreA` `GetCurrentThread` `CreateFileA` `ReleaseSemaphore` `SetThreadPriority` `ReadFile` `WriteFile` `DeviceIoControl` `SleepEx` `QueryPerformanceCounter` `QueryPerformanceFrequency` `GetPrivateProfileStringA` `GetPrivateProfileIntA` `GetTimeZoneInformation` `GetSystemTime` `GetLocalTime` `GetCommandLineA` `ExitProcess` `HeapAlloc` `InterlockedDecrement` `InterlockedIncrement` `HeapFree` `MultiByteToWideChar` `ResumeThread` `CreateThread` `TlsSetValue` `ExitThread` `TerminateProcess` `EnterCriticalSection` `LeaveCriticalSection` `FileTimeToSystemTime` `FileTimeToLocalFileTime` `CreateDirectoryA` `GetFileAttributesA` `DeleteFileA` `UnhandledExceptionFilter` `GetModuleFileNameA` `FreeEnvironmentStringsA` `GetWindowsDirectoryA` `GetTickCount` `GetEnvironmentStrings` `GetEnvironmentStringsW` `SetHandleCount` `GetStdHandle` `GetFileType` `GetStartupInfoA` `DeleteCriticalSection` `GetCurrentThreadId` `TlsAlloc` `SetLastError` `TlsGetValue` `HeapDestroy` `HeapCreate` `GetVersionExA` `RtlUnwind` `InitializeCriticalSection` `VirtualAlloc` `HeapReAlloc` `GetStringTypeA` `GetStringTypeW` `LCMapStringA` `LCMapStringW` `FlushFileBuffers` `SetEnvironmentVariableW` `SetEnvironmentVariableA` `GetFullPathNameA` `GetCurrentDirectoryA` `SetFilePointer` `HeapSize` `GetCPInfo` `GetACP` `GetOEMCP` `SetStdHandle` `CompareStringA` `CompareStringW` `SetEndOfFile` `SetConsoleTitleA` `SetErrorMode` `LoadLibraryA` `GetProcAddress` `FindResourceA` `GetModuleHandleA` `SetEvent` `CreateEventA` `WaitForSingleObject` `ResetEvent` `FreeLibrary` `CloseHandle` `Sleep` `GetVersion` `GetLastError` `WideCharToMultiByte` `FreeEnvironmentStringsW` `VirtualFree` `DuplicateHandle` `GetCurrentProcessId` `SetFileTime` `MoveFileA` `UnlockFile` `LockFile` `LocalFileTimeToFileTime` `SystemTimeToFileTime`
USER32.dll	`GetDlgItem` `GetWindowRect` `ShowWindow` `SendMessageA` `wsprintfA` `GetParent` `GetDlgItemTextA` `SetDlgItemTextA` `DestroyWindow` `MessageBoxA` `PostMessageA` `GetFocus` `CreateDialogParamA` `MessageBeep` `WinHelpA` `EnableWindow` `ScreenToClient` `MoveWindow`
NETAPI32.dll	`Netbios`
ADVAPI32.dll	`RegCloseKey` `RegQueryValueExA` `RegOpenKeyExA` `DeregisterEventSource` `ReportEventA` `RegisterEventSourceA` `RegSetValueExA` `RegDeleteValueA` `RegCreateKeyExA` `RegEnumValueA` `GetUserNameA` `RegQueryValueA` `RegOpenKeyA`
comdlg32.dll	`GetOpenFileNameA`
COMCTL32.dll	`PropertySheetA` `#17`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xdd285d39`
Unmarked objects	`0`
19 (8034)	`11`
Total imports	`155`
12 (7291)	`12`
C++ objects (VS98 build 8168)	`1`
14 (7299)	`25`
Unmarked objects (#2)	`170`
C objects (VS98 build 8168)	`151`

766e28b7836848abc9187d1d07fa46fa

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors