Manalyze report for 795f093a536f118fb4c34fcedfa42165

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2011-Mar-11 10:55:44
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Installer VISE Custom` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Interacts with services: OpenServiceA CreateServiceA OpenSCManagerA ControlService`
Malicious	VirusTotal score: 24/72 (Scanned on 2020-05-08 22:40:42)	`CAT-QuickHeal: Trojan.IGENERIC` `Cylance: Unsafe` `Zillya: Downloader.Agent.Win32.291715` `Sangfor: Malware` `Alibaba: Trojan:Win32/Generic.278e6526` `Baidu: Win32.Trojan.Agent.apq` `Symantec: Trojan.Gen.MBT` `ESET-NOD32: Win32/Agent.WOI` `APEX: Malicious` `NANO-Antivirus: Trojan.Win32.Agent.dvyioc` `Avast: Win32:Malware-gen` `Comodo: Malware@#1z26xgwy7wzrb` `DrWeb: Trojan.Siggen8.36839` `VIPRE: Trojan.Win32.Generic!BT` `Webroot: W32.Malware.Gen` `Antiy-AVL: Trojan/Win32.BTSGeneric` `Microsoft: Trojan:Win32/Bluteal!rfn` `AegisLab: Trojan.Win32.Generic.4!c` `GData: Win32.Trojan.Agent.0LD235` `VBA32: BScope.Adware.Presenoker` `Rising: Trojan.Agent!8.B1E (CLOUD)` `Ikarus: not-a-virus:Monitor.Win32.KeyKey` `Fortinet: W32/Agent.WOI!tr` `AVG: Win32:Malware-gen`

Hashes

MD5	`795f093a536f118fb4c34fcedfa42165`
SHA1	`c83624b0c3c65abea42305143db7c8619443df3a`
SHA256	`e55cfa92acc2fac8b3b41002ebbef343bfdb61abf876e9c713f323e143d5e451`
SHA3	`e88acdfbd7c872f2852fdb31e7e4c25871f352004403606c869616ef7e0ef71f`
SSDeep	`192:qXiNgihI+YS9EYSksmCUQsrQXPuPJvTmZBdZDrEO6loGiMMMn9ZllL1LyykbXHG:Rjm+Y8NbjTmluOiNyyUWrh6oZu/p`
Imports Hash	`391ab0dd6132776aa513357f29b6a263`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2011-Mar-11 10:55:44
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x3000`
SizeOfInitializedData	`0x3000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001090 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x7000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4a6e3b2d1dcc4cd759f4c8d630a4857e`
SHA1	`be55a2a9cae0f340a79f1dfe6259890277c0edf6`
SHA256	`6ed42059e38fcac27e43f8047b4f0e7b4c329ef5d014a4590ec15171e8326db4`
SHA3	`c4e1150c9a4d05edbf594b10597154d3a46ffbda09044abc883d4af4807f249f`
VirtualSize	`0x290e`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.95481`

.rdata

MD5	`5b2c06febf5c16970b4bc7c2ade17f01`
SHA1	`29ec570976f38336c3b16797a400233d69a91e8c`
SHA256	`179f56af762df2d66ff18ee208f571574a0b9e4f7847c2239c7a5ab6ab200fc3`
SHA3	`8477bc3cba7fb18570c1c7e5be8d7137c6c95370b50a2ff2dff152a14e0734b0`
VirtualSize	`0x7de`
VirtualAddress	`0x4000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.18907`

.data

MD5	`0e5cf6bf4967e03bf22235a2e165151a`
SHA1	`cda1710e6dc239d044a706a132de4f91546e70aa`
SHA256	`39e07d11759e2b0c70fa5339394131f49fb0e5b2e769f6a9ce6a82c6e567cf04`
SHA3	`f9ac8d7ab664ca6d57b8c7c61d49a068820b9b17fc0e8f20f8f37425ccd103c5`
VirtualSize	`0xa9c`
VirtualAddress	`0x5000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.984443`

.rsrc

MD5	`5045c8f96eac20bbe7e2b7f2a9270140`
SHA1	`fe88dc397a5c426936bea95d94070c949798ba44`
SHA256	`dc0d6e8b28ad4ded9415bc3bdc9a2588f37ada513ab3ec44bc688d669ed1f2a5`
SHA3	`3ad9abaf8c0543fd44b73754a1d7e717a3408a44b28671e780415dd4b8eb9ef2`
VirtualSize	`0x990`
VirtualAddress	`0x6000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.82365`

Imports

ADVAPI32.dll	`StartServiceA` `OpenServiceA` `CreateServiceA` `OpenSCManagerA` `ControlService`
KERNEL32.dll	`GetModuleHandleA` `GetStartupInfoA` `GetCommandLineA` `GetVersion` `ExitProcess` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `GetModuleFileNameA` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStrings` `GetEnvironmentStringsW` `SetHandleCount` `GetStdHandle` `GetFileType` `HeapDestroy` `HeapCreate` `VirtualFree` `HeapFree` `RtlUnwind` `WriteFile` `GetCPInfo` `GetACP` `GetOEMCP` `HeapAlloc` `VirtualAlloc` `HeapReAlloc` `GetProcAddress` `LoadLibraryA` `MultiByteToWideChar` `LCMapStringA` `LCMapStringW` `GetStringTypeA` `GetStringTypeW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.05428`
MD5	`b351ed987e48fd6f8adc2054dfdcb412`
SHA1	`4084d647b544feb47d43f7fed4f9de96814a88b3`
SHA256	`69365ffbf4f943e9026510049fee32fe6bc608611aa8d2dd64d8d8e8b0d60c4f`
SHA3	`78f25feb19188289a6a63cfd4d5d96937c14f006d1b03be4d1966a9520c81e65`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91284`
MD5	`efb77e2c3bbde814cba6c15145a516f7`
SHA1	`d2f0106beec74f163c97df7b1d3d09eff4b5384c`
SHA256	`7629da75cdcb648b8215b49a3077359cee6cbd92850e446666db3a1ffd6ea299`
SHA3	`276fe964ae536a66b6a809487c477ebbe122cf698ff36cfaa6b7c1f05a3684b4`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.94148`
MD5	`44c6cb2159d7e526624192fa98ae9996`
SHA1	`3a6b929ea1b37fc22abacecffc6bb9c9ee05c96f`
SHA256	`3fa012c3ca7c8ac0b08311ee5fe8d6a6312be181c695f8e2dce48d10a48ec4aa`
SHA3	`8aaca71e73e3a7f0531f410c4261903652a2d7adf76b1ebb97e066cbd817465e`

109

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.71163`
MD5	`2886ccd7dc1bd6dec8413a00b53046a0`
SHA1	`a09dea8ae745541a9d191d42d68510db8f648b5d`
SHA256	`a29831e4a3fac395e2aa86df5a0906ed2beebda018745be869477d636148f7af`
SHA3	`fc89873b946c12a8b176b7eff05b2c4445b56a96c045e40e9d49ecc09a4d0fcb`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xfa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34362`
MD5	`5c9b2604ded0d1e71ccbb5d068fb87ea`
SHA1	`ab712f63bff1d8d7770c5d08726348281b72f8aa`
SHA256	`ab3942803d812e22760c9a1a8991b64a5a1ebd998c94dc266441594a0e0064e3`
SHA3	`ede0ed05c7fa5524a5e9c60121513d4ec5b1a401432eac121345b737de02a174`

7

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.53478`
MD5	`3a46f29d6d78cc65c90af217e3dcb45c`
SHA1	`5e39eecbd609567d0a35e891d116f0a2dcf5cd1e`
SHA256	`8b28ed1592a2330319bc0463d983457dcf44646406e1afdb704fd364c7b085a2`
SHA3	`ca0925c313dc5336d2907c9e5f702216b358983d76080a4022fe8dd24664aec5`

109 (#2)

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.79879`
MD5	`3d2b1af3424dbcd504f73918619c7d99`
SHA1	`10d6ed54ea742211a14a05414883f6c00c03080a`
SHA256	`c2f0c188d6c493d7827bf83fb89c704815796445a0178bb2ae79658d96703a3c`
SHA3	`b8c5f28d2c132e5bc304e4dc1b314a3f32a2e48675c06828a2a8a014ea05e7fb`

107

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

108

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`60f05e3b8ea9e18928923bdbcc112277`
SHA1	`d97726a6e9c326a37507f879feca7e152157839c`
SHA256	`7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a`
SHA3	`390fd88c6012552aecc7f109e733a1bf00339b8b3758127752832484c9f13ce6`

String Table contents

RegWriterApp
Hello World!
REGWRITERAPP

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xa5513598`
Unmarked objects	`0`
C objects (VS98 build 8168)	`22`
14 (7299)	`9`
Total imports	`42`
19 (8034)	`5`
Resource objects (VS98 cvtres build 1720)	`1`
C++ objects (VS98 build 8168)	`3`

795f093a536f118fb4c34fcedfa42165

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

2

3

109

103

7

109 (#2)

107

108

String Table contents

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors