Manalyze report for 781ee529966b0e09a711be8d7fe0f3cb

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Oct-12 03:41:32
Detected languages	English - United States Russian - Russia
CompanyName	Ubisoft
FileDescription	Ubisoft Connect
FileVersion	`1.0`
InternalName	Ubisoft Connect
LegalCopyright	(c) Ubisoft
LegalTrademarks1	Ubisoft Connect
OriginalFilename	UbisoftConnect.exe
ProductName	Ubisoft Connect
ProductVersion	`2.0.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	The PE is possibly packed.	`Unusual section name found: .12u3uQW`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Info	The PE's resources present abnormal characteristics.	`Resource 101 is possibly compressed or encrypted.`
Malicious	VirusTotal score: 38/69 (Scanned on 2021-10-13 19:07:35)	`Bkav: W32.AIDetect.malware1` `Elastic: malicious (high confidence)` `McAfee: GenericRXAA-AA!781EE529966B` `Cylance: Unsafe` `Sangfor: Suspicious.Win32.Save.a` `CrowdStrike: win/malicious_confidence_60% (W)` `BitDefender: Gen:Variant.Razy.952886` `K7GW: Trojan ( 00588b5b1 )` `K7AntiVirus: Trojan ( 00588b5b1 )` `BitDefenderTheta: Gen:NN.ZexaF.34214.wy0@aSKAgFdk` `Cyren: W32/Kryptik.FLC.gen!Eldorado` `Symantec: ML.Attribute.HighConfidence` `ESET-NOD32: a variant of Win32/Kryptik.HMSW` `APEX: Malicious` `Cynet: Malicious (score: 100)` `Kaspersky: HEUR:Trojan-PSW.Win32.Reline.gen` `MicroWorld-eScan: Gen:Variant.Razy.952886` `Avast: Win32:Trojan-gen` `Ad-Aware: Gen:Variant.Razy.952886` `Emsisoft: Gen:Variant.Razy.952886 (B)` `DrWeb: Trojan.Siggen15.22471` `McAfee-GW-Edition: BehavesLike.Win32.Generic.fc` `FireEye: Generic.mg.781ee529966b0e09` `Sophos: Generic ML PUA (PUA)` `Jiangmin: TrojanSpy.Stealer.fvc` `Microsoft: Trojan:Win32/Sabsik.FL.B!ml` `Arcabit: Trojan.Razy.DE8A36` `ZoneAlarm: HEUR:Trojan-PSW.Win32.Reline.gen` `GData: Win32.Trojan.PSE.1IOO1LR` `AhnLab-V3: Trojan/Win.Generic.C4695927` `ALYac: Gen:Variant.Razy.952886` `MAX: malware (ai score=80)` `Malwarebytes: Spyware.PasswordStealer` `Rising: Trojan.Generic@ML.98 (RDML:d5Cb7x0I+2w18WpZG2CKvg)` `SentinelOne: Static AI - Suspicious PE` `Fortinet: W32/Kryptik.HMSW!tr` `AVG: Win32:Trojan-gen` `Qihoo-360: HEUR/QVM20.1.95C7.Malware.Gen`

Hashes

MD5	`781ee529966b0e09a711be8d7fe0f3cb`
SHA1	`61b404c45457f2353e9a36db15c847b74138fcc7`
SHA256	`2f1e386982e2eec222d82dc5a03c52a9ad81b097058c896937feb47c1ee0525a`
SHA3	`55527fed057488164097c1cb8bb04bcfae129ce02428b2e8c1530f0dbb1e69cb`
SSDeep	`6144:zUSw3fbq4a6LKXpzdKgneetfFqJTTiabAOPSeQuQmh1tb0xaaSlOZN5PoK9Nier:z5w3fbq4a6Lap7CTRo9mh1tb02KOe`
Imports Hash	`7e6d410cb0ee9d4d9be8ad4e6fd75b64`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2021-Oct-12 03:41:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x29000`
SizeOfInitializedData	`0x30400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000704D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2b000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x5c000`
SizeOfHeaders	`0x400`
Checksum	`0x628d4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e0688dce670ec1e5d205609e1a596747`
SHA1	`d836f9439bff55b9f0ecb5d718d1af5e2a1f99eb`
SHA256	`6393869ed6c09640f606badb84159b2f48a2a29f5d903ac6f61243d0702a304b`
SHA3	`d3083ae9e85271e13e9835e661ddfd3c80399331ffee2ac09f6313f082017d5b`
VirtualSize	`0x22062`
VirtualAddress	`0x1000`
SizeOfRawData	`0x22200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.64538`

.12u3uQW

MD5	`e07d6d77dfb6b4cce90480be6c69344f`
SHA1	`3db161ddd0777f869676fad54a409bef901ccf28`
SHA256	`cb178cf75025070f3475fb128da91310adee0eb5b2d04a519effb3e9126d7357`
SHA3	`1443e72ce6d678de15844ef63266f723c382370f279834e5727fde42683291ae`
VirtualSize	`0x6c45`
VirtualAddress	`0x24000`
SizeOfRawData	`0x6e00`
PointerToRawData	`0x22600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.9579`

.rdata

MD5	`45dc12d602027021d05198d4bf8dca5b`
SHA1	`2746cb3b88b39474e5e2c307e7a4a6b9b60c46b3`
SHA256	`72d05b046008e9cf735a0342f48cbac74f56e5804ebf44fbab63c47474ab3418`
SHA3	`bbed5df67cca17e93a93a32a24a30f93cb63cebec74eecc53e4a5c6f1cc691ac`
VirtualSize	`0xfbfe`
VirtualAddress	`0x2b000`
SizeOfRawData	`0xfc00`
PointerToRawData	`0x29400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.41575`

.data

MD5	`f926bd577cf9573c4e8629f13835b510`
SHA1	`74b4c17ff6595ecbf64fb2ed1f18087b776abb59`
SHA256	`3b735cc28b984e3b6c49470d43c75bb2f8c3629f043df9ebc0d93c158769b6ce`
SHA3	`a06922937f0a2f8cbe90fc1ac1f6b8c1147363ef1324349dc3d8bf160fe07887`
VirtualSize	`0x1cf8`
VirtualAddress	`0x3b000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x39000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.06669`

.rsrc

MD5	`e6e56391e6d3a27f40bb2635af899287`
SHA1	`2e568f641996438f36b086ab29f43e6d099160ce`
SHA256	`a676aa3ecd3cea1d7d8bc4846ccb48a91c7abb0263e56597eb3ffc14b6988a39`
SHA3	`3b708e9790f087f08339962a760c2f9aaf21f09df44c5dc6cff1ade1c5fca694`
VirtualSize	`0x1ca5d`
VirtualAddress	`0x3d000`
SizeOfRawData	`0x1cc00`
PointerToRawData	`0x3a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.19373`

.reloc

MD5	`7a5200c284a50fa51db4101fb8af532c`
SHA1	`8c2b9b89091f7f38981bd63eaf3aecc9fe321c5d`
SHA256	`de11ddee605048c256b9cfe71eea7e155218106876db00a139396bf0d766a3fd`
SHA3	`cf0a2ae1c6be2ec6ef1c422e5796d8876b4eb7853f54b49dc1f3b35af8cd0e58`
VirtualSize	`0x1ca0`
VirtualAddress	`0x5a000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x56c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.4473`

Imports

KERNEL32.dll	`Sleep` `GetSystemInfo` `GetTickCount` `GetModuleHandleW` `FindResourceW` `GetConsoleWindow` `CreateFileW` `HeapSize` `GetProcessHeap` `SetStdHandle` `SetEnvironmentVariableW` `WideCharToMultiByte` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `EncodePointer` `DecodePointer` `MultiByteToWideChar` `LCMapStringEx` `GetStringTypeW` `GetCPInfo` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetCurrentProcess` `TerminateProcess` `RaiseException` `RtlUnwind` `GetLastError` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `GetCommandLineA` `GetCommandLineW` `HeapAlloc` `HeapFree` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetFileType` `CloseHandle` `FlushFileBuffers` `GetConsoleOutputCP` `GetConsoleMode` `ReadFile` `GetFileSizeEx` `SetFilePointerEx` `ReadConsoleW` `HeapReAlloc` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `WriteConsoleW`
USER32.dll	`ShowWindow` `MessageBoxA` `MessageBeep`

Delayed Imports

101

Type	`RT_RCDATA`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x1c4f8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.20404`
MD5	`aac9af50422bca8fa7d895826216bcd2`
SHA1	`d726238b7ae9275a24db5170ac38f540376146c0`
SHA256	`06eeae0d84df691a2c5c6727f4dce585c9eb296e6309d86c6a5261f8bc652782`
SHA3	`e333b1f317ce37e68c2f162f62fbcd584a8cf2e11b775a1d7850775566ce64be`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x300`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32724`
MD5	`cac894624eaf47def496954b45d03bc6`
SHA1	`b39cb0d28a46575764791b2a5065f9e7c0707a6f`
SHA256	`e9f689be55b0c6d7e7a9b63e8a31a395e0ee64578a698e962ec814d18de0e925`
SHA3	`040ff8856c27826e138ecda1486a6c7bfb86a19fca9285b5f835685f91f0eb26`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.0.0.0
ProductVersion	2.0.0.0
FileFlags	`VS_FF_DEBUG` `VS_FF_PRERELEASE` `VS_FF_PRIVATEBUILD`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Ubisoft
FileDescription	Ubisoft Connect
FileVersion (#2)	1.0
InternalName	Ubisoft Connect
LegalCopyright	(c) Ubisoft
LegalTrademarks1	Ubisoft Connect
OriginalFilename	UbisoftConnect.exe
ProductName	Ubisoft Connect
ProductVersion (#2)	2.0.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Oct-12 03:41:32
Version	`0.0`
SizeofData	`852`
AddressOfRawData	`0x39100`
PointerToRawData	`0x37500`

TLS Callbacks

Load Configuration

Size	`0xbc`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x43b024`
SEHandlerTable	`0x438820`
SEHandlerCount	`37`

RICH Header

XOR Key	`0xce30c993`
Unmarked objects	`0`
ASM objects (27412)	`13`
C++ objects (27412)	`166`
C objects (27412)	`22`
C objects (30034)	`17`
ASM objects (30034)	`21`
C++ objects (30034)	`74`
Imports (27412)	`5`
Total imports	`95`
C++ objects (30133)	`1`
Resource objects (30133)	`1`
151	`1`
Linker (30133)	`1`

781ee529966b0e09a711be8d7fe0f3cb

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.12u3uQW

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

101

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors