Manalyze report for 78734cd268e5c9ab4184e1bbe21a6eb9

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Jan-17 03:24:07
Detected languages	English - United States
Debug artifacts	K:\GPUTweakCodeVer2031NoSkin20120111\ASGT_2011.04.16\Release\ASGT.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	PEiD Signature:	`FASM 1.5x` `FASM v1.5x`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCloseKey RegOpenKeyExA RegQueryValueExA` `Possibly launches other programs: CreateProcessA CreateProcessAsUserA` `Functions related to the privilege level: DuplicateTokenEx OpenProcessToken` `Interacts with services: ControlService OpenSCManagerA QueryServiceStatus CreateServiceA DeleteService OpenServiceA`
Suspicious	The file contains overlay data.	`64000 bytes of data starting at offset 0xd800.` `The overlay data has an entropy of 7.99373 and is possibly compressed or encrypted.`
Malicious	VirusTotal score: 47/67 (Scanned on 2018-08-29 00:26:35)	`MicroWorld-eScan: Trojan.GenericKD.40352713` `CAT-QuickHeal: TrojanDropper.FelixRoot` `ALYac: Trojan.Dropper.Agent` `Cylance: Unsafe` `K7GW: Riskware ( 0040eff71 )` `K7AntiVirus: Riskware ( 0040eff71 )` `Arcabit: Trojan.Generic.D267BBC9` `TrendMicro: TROJ_FRS.VSN0AH18` `Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9634` `Symantec: Trojan Horse` `TrendMicro-HouseCall: TROJ_FRS.VSN0AH18` `Avast: Win32:Malware-gen` `Kaspersky: Trojan-Dropper.Win32.Agent.bjveuj` `BitDefender: Trojan.GenericKD.40352713` `NANO-Antivirus: Trojan.Win32.Generic.feircw` `ViRobot: Trojan.Win32.S.Agent.119296.XG` `Tencent: Win32.Trojan-dropper.Agent.Aiid` `Ad-Aware: Trojan.GenericKD.40352713` `Emsisoft: Trojan.GenericKD.40352713 (B)` `F-Secure: Trojan.GenericKD.40352713` `DrWeb: Trojan.MulDrop8.32653` `Zillya: Dropper.Agent.Win32.378699` `Invincea: heuristic` `McAfee-GW-Edition: Generic-FAEX` `Sophos: Mal/Behav-321` `Paloalto: generic.ml` `Cyren: W32/Trojan.DGFN-4552` `Jiangmin: TrojanDropper.Agent.gfpv` `Avira: TR/Agent.rwsdv` `Fortinet: W32/Agent.SCT!tr` `Antiy-AVL: Trojan/Win32.TSGeneric` `Endgame: malicious (high confidence)` `Microsoft: TrojanDropper:Win32/FelixRoot` `AegisLab: Troj.Dropper.W32.Agent!c` `ZoneAlarm: Trojan-Dropper.Win32.Agent.bjveuj` `AhnLab-V3: Trojan/Win32.Agent.C2640876` `McAfee: Generic-FAEX` `MAX: malware (ai score=100)` `VBA32: Malware-Cryptor.General.3` `ESET-NOD32: Win32/Agent.SCT` `Rising: Dropper.Agent!8.2F (CLOUD)` `Yandex: Trojan.DR.Agent!/sJBXoyj9nI` `GData: Trojan.GenericKD.40352713` `AVG: Win32:Malware-gen` `Panda: Trj/CI.A` `CrowdStrike: malicious_confidence_60% (D)` `Qihoo-360: Win32/Trojan.Dropper.453`

Hashes

MD5	`78734cd268e5c9ab4184e1bbe21a6eb9`
SHA1	`d5ac50d38f8b98decda52fb8fcf85a576b0494c7`
SHA256	`573ea78afb50100f896185164da3b8519e2e0f609a34a7c70460eca5b4ae640d`
SHA3	`92a6b6f742391335841df1dc0b4a234640bab6beea517315eb0d033dad866139`
SSDeep	`1536:82dRSDlre9NigEv4bahAOSSd5AAKIyax6lB027TUqYe6POoauGEz1qIUAWs2h+M:0eaAM7Ld5AAKIwlB3ORWqvzkzoMU`
Imports Hash	`0867dae1b7dc01d9b94be5a2c4d8d929`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2012-Jan-17 03:24:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x9600`
SizeOfInitializedData	`0x3e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00008371 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xb000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x12000`
SizeOfHeaders	`0x400`
Checksum	`0x273c2`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b409a73f3882c852c9f1d2121fade4ce`
SHA1	`89c552f65fb461cd9978df8eaa969f5aa646778f`
SHA256	`ac1c1288c3c4bc7b27f72e48b982688d2be6bb30cfc77e606766d55256b07796`
SHA3	`22d3a5607c5b03ce3b8b8a15ffd2beb04f820ac32167c611789fb816305bcee7`
VirtualSize	`0x9600`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.88277`

.rdata

MD5	`8cf474841dbcabcad6410bfb53361173`
SHA1	`4b591c2f429e15754a6708b3554e53bf088455d1`
SHA256	`d44f704fe2d488754fa4dd47694a744abac791687a1d8d3576280f822d7a50be`
SHA3	`86fc7e67bdaab107a2333a2bc664336ac0be85dddf8f9747877483670040bfa2`
VirtualSize	`0x2a38`
VirtualAddress	`0xb000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x9a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.40674`

.data

MD5	`252fd1f9506bd4d87a1dd6653f701087`
SHA1	`36b4c2fb553b1e906e8ef24b9ac4dece2284a1f1`
SHA256	`33c7c98f8c8d5e0da07db1bb2484a1ab20db9b97deb04b8de4f003e34b1cb959`
SHA3	`d3a527c32453740d65ac9a7ac0aa974dafff3b2108aa5509ba7377775b86fbbe`
VirtualSize	`0x2c84`
VirtualAddress	`0xe000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xc600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.10391`

.rsrc

MD5	`81195ca9b22c050f79e44175e9e7150e`
SHA1	`c5ab2bb5fd494c24e57c83dc6bb902eaa0dc7c30`
SHA256	`3329dcfd3c785098e3d024dda1387ee950cdd4a2a857337a8006952114611c09`
SHA3	`97bccdfe004270d5acf25793824aae6354bbc9b178b4150052a389dea07aad30`
VirtualSize	`0x1b4`
VirtualAddress	`0x11000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.10501`

Imports

WTSAPI32.dll	`WTSEnumerateSessionsA` `WTSFreeMemory`
KERNEL32.dll	`CloseHandle` `GetVersionExA` `GetModuleFileNameA` `GetLastError` `CreateProcessA` `CreateEventA` `Sleep` `SetEvent` `WaitForSingleObject` `GetCurrentProcess` `SetLastError` `GetModuleHandleW` `GetProcAddress` `ExitProcess` `GetCommandLineA` `HeapFree` `TerminateProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `GetCPInfo` `InterlockedIncrement` `InterlockedDecrement` `GetACP` `GetOEMCP` `IsValidCodePage` `TlsGetValue` `TlsAlloc` `TlsSetValue` `TlsFree` `GetCurrentThreadId` `WriteFile` `GetStdHandle` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `LoadLibraryA` `InitializeCriticalSectionAndSpinCount` `FreeEnvironmentStringsA` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStringsW` `SetHandleCount` `GetFileType` `GetStartupInfoA` `HeapCreate` `VirtualFree` `QueryPerformanceCounter` `GetTickCount` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `HeapAlloc` `VirtualAlloc` `HeapReAlloc` `LCMapStringA` `MultiByteToWideChar` `LCMapStringW` `GetStringTypeA` `GetStringTypeW` `GetLocaleInfoA` `SetFilePointer` `GetConsoleCP` `GetConsoleMode` `RtlUnwind` `HeapSize` `SetStdHandle` `WriteConsoleA` `GetConsoleOutputCP` `WriteConsoleW` `CreateFileA` `FlushFileBuffers`
ADVAPI32.dll	`CloseServiceHandle` `RegCloseKey` `ControlService` `GetLengthSid` `OpenSCManagerA` `SetServiceStatus` `QueryServiceStatus` `DuplicateTokenEx` `RegOpenKeyExA` `ReportEventA` `RegisterServiceCtrlHandlerExA` `SetTokenInformation` `DeregisterEventSource` `CreateServiceA` `RegQueryValueExA` `DeleteService` `StartServiceCtrlDispatcherA` `CreateProcessAsUserA` `OpenServiceA` `RegisterEventSourceA` `OpenProcessToken`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2012-Jan-17 03:24:07
Version	`0.0`
SizeofData	`94`
AddressOfRawData	`0xcd28`
PointerToRawData	`0xb728`
Referenced File	K:\GPUTweakCodeVer2031NoSkin20120111\ASGT_2011.04.16\Release\ASGT.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x40e00c`
SEHandlerTable	`0x40cd90`
SEHandlerCount	`3`

RICH Header

XOR Key	`0x1f2d73c0`
Unmarked objects	`0`
C++ objects (VS2008 build 21022)	`35`
ASM objects (VS2008 build 21022)	`16`
C objects (VS2008 build 21022)	`96`
Imports (VS2012 build 50727 / VS2005 build 50727)	`7`
Total imports	`114`
138 (VS2008 build 21022)	`1`
Resource objects (VS2008 build 21022)	`1`

78734cd268e5c9ab4184e1bbe21a6eb9

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors