Manalyze report for 775416971e2a69064b8acd575d3dff4d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1997-Dec-29 05:26:56
TLS Callbacks	2 callback(s) detected.

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses constants related to SHA512` `Uses constants related to AES`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW` `Functions which can be used for anti-debugging purposes: SwitchToThread` `Possibly launches other programs: CreateProcessA` `Can create temporary files: CreateFileA GetTempPathA` `Leverages the raw socket API to access the Internet: WSACleanup WSACreateEvent WSAEnumNetworkEvents WSAEventSelect WSAGetLastError WSAStartup accept bind closesocket connect gethostbyname htonl htons listen recv send setsockopt shutdown socket`
Suspicious	VirusTotal score: 2/69 (Scanned on 2022-11-23 19:26:22)	`APEX: Malicious` `MaxSecure: Trojan.Malware.5578382.susgen`

Hashes

MD5	`775416971e2a69064b8acd575d3dff4d`
SHA1	`ea44d51285330e198d79baebe224c884ccbb2442`
SHA256	`1a7919487ff69796754219239d5d5b5472d019af988757b5c4092253e7a78f2b`
SHA3	`bc5f65213b2fecd2f19c69832c4f428859daa84dbbe8994b9ae75e492a9a4a72`
SSDeep	`24576:6i7yMKsa9qhtG2K6gBRf6UGLXZp9D8M27FuFPCmk5ak43:N7xe0UYXbWM7FPCmksv`
Imports Hash	`c4a900e425ab1ceb4a9b86fc3742c75e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`9`
TimeDateStamp	1997-Dec-29 05:26:56
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xa5a00`
SizeOfInitializedData	`0xe6400`
SizeOfUninitializedData	`0x13400`
AddressOfEntryPoint	`0x000014F0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xa7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x100000`
SizeOfHeaders	`0x400`
Checksum	`0xeba5e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`92b7e4e94d4675103b2cf50197385a3f`
SHA1	`f72a2340df835f725afd4ebd1cde11207e8d037d`
SHA256	`66e4dc9baae26623ef3d34c73097053b21eef88c6f67c7c48a7ee29845fb8800`
SHA3	`043e4987a6589e176f9b67cdfbd12581779284967dcc01adf85b71eecd3e96f4`
VirtualSize	`0xa58e0`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa5a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.17094`

.data

MD5	`7c1cf6df70f41f42ccec71611f8a1eee`
SHA1	`24165f9d24f80e6dda4a5c5e980ba1b0aa5f8617`
SHA256	`c25909f0e50883fc0736e5f1db90f2067ed6cbf6583d1e7c011130ff5149322a`
SHA3	`38c4806df76be17beede49b35ff6df9fde0d783d6f1424a3d90cb2288cdec527`
VirtualSize	`0x4f60`
VirtualAddress	`0xa7000`
SizeOfRawData	`0x5000`
PointerToRawData	`0xa5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.160018`

.rdata

MD5	`2e54b1494c76e775b053556ecc540529`
SHA1	`ef410257da02d5b349b393094fdf485993a27fe1`
SHA256	`be04abd4a777ba1c62133c81325a9cd0188c5b5b591ecd564e5b527c6fc4486a`
SHA3	`241d86fa7c4e9283ee90e621cde8f8a92a992d7f7ee5a5da126957e6de7ce0a6`
VirtualSize	`0x31720`
VirtualAddress	`0xac000`
SizeOfRawData	`0x31800`
PointerToRawData	`0xaae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.05673`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x13380`
VirtualAddress	`0xde000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.edata

MD5	`4ec2f6caa3672a10d617ae5476824bf1`
SHA1	`0c9e833136485a62e691d993e57440cb263ed13a`
SHA256	`5e1bcd12c1e2e12eb1d4bd2572e82a4ac9ff5feaff62f0af1d64306a56b29a5c`
SHA3	`f101db9c956ecbff058f8680c3fe26fe1a36809ad3e1d30e0b67685306c08509`
VirtualSize	`0x30`
VirtualAddress	`0xf2000`
SizeOfRawData	`0x200`
PointerToRawData	`0xdc600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.43711`

.idata

MD5	`b7ad213bbbe06a51b2c33cdaed0403e5`
SHA1	`f1ec7bcfe96a07f2a681005b8fa23e8a71daf36c`
SHA256	`7c8b5fa7ddf798545c75cc111c790da7192359ec0cd3f99769365afa96c12116`
SHA3	`4c56e0357e05ca4907f7bc9aff9cd2f9f6bed09556177f2a04217ecc49c21b14`
VirtualSize	`0x1508`
VirtualAddress	`0xf3000`
SizeOfRawData	`0x1600`
PointerToRawData	`0xdc800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.20824`

.CRT

MD5	`bf9145b2a1adcf7fff11d1361dbc9f1e`
SHA1	`a4cb339679ef505b6a73a7651924172a5ac2585e`
SHA256	`86d24b7357591e0af5bc15628897039425baf4ee53a1530a9d6f0386d10f5370`
SHA3	`ba8c85ad0989651ac8e5f1f3af4062a08fb97b14225a0e0f04915d961bf7b4c8`
VirtualSize	`0x34`
VirtualAddress	`0xf5000`
SizeOfRawData	`0x200`
PointerToRawData	`0xdde00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.280401`

.tls

MD5	`e9e3c5e28f1ca8ed76f1a5131525c4a6`
SHA1	`936085fd2e884f17347b5ac2a0f14a24e3f77e17`
SHA256	`fef63f7b2e27d30697603838868a8a41d6899788ed507dabf81dc93004683f18`
SHA3	`ba05aeea43da3fd5261e63753cbe6ccd4000b319849f6c2ba4ce2223970cf206`
VirtualSize	`0x20`
VirtualAddress	`0xf6000`
SizeOfRawData	`0x200`
PointerToRawData	`0xde000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.22482`

.reloc

MD5	`6da0a24c0a38edfb2753d49feeea431c`
SHA1	`72716fe543a8319cd8c3247a7592f67b9c754f68`
SHA256	`702f539629ff318fbd5a86e461a7ffccf4b6dbc9143ca76d9117bf74185345b5`
SHA3	`aa6fbc306693bfa381bccf18cb1c2d0609050ca11ca36c3abd1eedb229829bf2`
VirtualSize	`0x8544`
VirtualAddress	`0xf7000`
SizeOfRawData	`0x8600`
PointerToRawData	`0xde200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.66519`

Imports

AdbWinApi.dll	`AdbCloseHandle` `AdbCreateInterfaceByName` `AdbEnumInterfaces` `AdbGetEndpointInformation` `AdbGetInterfaceName` `AdbGetSerialNumber` `AdbGetUsbDeviceDescriptor` `AdbGetUsbInterfaceDescriptor` `AdbNextInterface` `AdbOpenDefaultBulkReadEndpoint` `AdbOpenDefaultBulkWriteEndpoint` `AdbReadEndpointSync` `AdbWriteEndpointSync`
ADVAPI32.dll	`SystemFunction036`
KERNEL32.dll	`CloseHandle` `CreateEventA` `CreateFileA` `CreatePipe` `CreateProcessA` `CreateSemaphoreA` `DeleteCriticalSection` `EnterCriticalSection` `GetConsoleMode` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetFileAttributesA` `GetFileSize` `GetFileType` `GetLastError` `GetModuleFileNameA` `GetModuleHandleA` `GetProcAddress` `GetStartupInfoA` `GetStdHandle` `GetSystemTimeAsFileTime` `GetTempPathA` `GetTickCount` `GetTimeZoneInformation` `InitializeCriticalSection` `InitializeCriticalSectionAndSpinCount` `IsDBCSLeadByteEx` `LeaveCriticalSection` `LoadLibraryW` `MultiByteToWideChar` `QueryPerformanceCounter` `ReadConsoleInputA` `ReadFile` `ReleaseSemaphore` `ResetEvent` `SetConsoleCtrlHandler` `SetConsoleMode` `SetEvent` `SetFilePointer` `SetHandleInformation` `SetLastError` `SetUnhandledExceptionFilter` `Sleep` `SwitchToThread` `TerminateProcess` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `UnhandledExceptionFilter` `VirtualProtect` `VirtualQuery` `WaitForMultipleObjects` `WaitForSingleObject` `WideCharToMultiByte` `WriteFile`
msvcrt.dll	`__dllonexit` `__getmainargs` `__initenv` `__lconv_init` `__mb_cur_max` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_beginthread` `_beginthreadex` `_cexit` `_endthreadex` `_errno` `_findclose` `_findfirst` `_fmode` `_fullpath` `_initterm` `_iob` `_lock` `_mkdir` `_onexit` `_stati64` `_vscprintf` `time` `gmtime` `_stricmp` `_strnicmp` `_unlock` `calloc` `exit` `fclose` `feof` `ferror` `fflush` `fgets` `fopen` `fputc` `fputs` `fread` `free` `fseek` `ftell` `fwrite` `getc` `getenv` `isalnum` `isalpha` `isdigit` `islower` `isspace` `isupper` `isxdigit` `localeconv` `malloc` `memchr` `memcmp` `memcpy` `memmove` `memset` `perror` `qsort` `realloc` `setlocale` `setvbuf` `signal` `sprintf` `strcat` `strchr` `strcmp` `strcpy` `strerror` `strlen` `strncmp` `strncpy` `strpbrk` `strrchr` `strtol` `strtoul` `abort` `atoi` `bsearch` `tolower` `ungetc` `wcslen` `_findnext` `_write` `_utime` `_unlink` `_umask` `_stricmp` `_strdup` `_read` `_getpid` `_getcwd` `_chmod`
SHELL32.DLL	`SHGetFolderPathA`
USER32.dll	`MapVirtualKeyA` `ToAscii`
WS2_32.dll	`WSACleanup` `WSACreateEvent` `WSAEnumNetworkEvents` `WSAEventSelect` `WSAGetLastError` `WSAStartup` `accept` `bind` `closesocket` `connect` `gethostbyname` `htonl` `htons` `listen` `recv` `send` `setsockopt` `shutdown` `socket`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x4f6018`
EndAddressOfRawData	`0x4f601c`
AddressOfIndex	`0x4f04d4`
AddressOfCallbacks	`0x4f5020`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x004902A0` `0x00490250`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!