Manalyze report for 79c2dd053543c9905b6f69db96984f40

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Feb-23 13:04:10
Detected languages	English - United States

Plugin Output

Malicious	VirusTotal score: 61/70 (Scanned on 2023-05-22 22:41:08)	`Bkav: W32.AIDetectMalware` `Lionic: Trojan.Win32.FakeAV.llP4` `tehtris: Generic.Malware` `DrWeb: Trojan.Fakealert.20511` `MicroWorld-eScan: Gen:Variant.Symmi.14935` `ALYac: Gen:Variant.Symmi.14935` `Malwarebytes: Adware.SystemSecurity` `VIPRE: Gen:Variant.Symmi.14935` `Sangfor: Suspicious.Win32.Save.a` `K7AntiVirus: Trojan ( 002a00f61 )` `Alibaba: Malware:Win32/km_2431.None` `K7GW: Trojan ( 002a00f61 )` `CrowdStrike: win/malicious_confidence_90% (W)` `BitDefenderTheta: Gen:NN.ZexaF.36196.xqW@amq3Mimi` `VirIT: FraudTool.SystemTool.B` `Cyren: W32/FakeAlert.JW.gen!Eldorado` `Symantec: ML.Attribute.HighConfidence` `Elastic: malicious (high confidence)` `ESET-NOD32: Win32/Adware.SystemSecurity.AF` `APEX: Malicious` `ClamAV: Win.Trojan.Fakeav-1634` `Kaspersky: Trojan.Win32.FraudPack.cstz` `BitDefender: Gen:Variant.Symmi.14935` `NANO-Antivirus: Trojan.Win32.FakeAV.bxskx` `SUPERAntiSpyware: Trojan.Agent/Gen-FakeAV` `Avast: Win32:FakeAlert-ACY [Trj]` `Rising: Trojan.FakeAV!1.658F (CLASSIC)` `Emsisoft: Gen:Variant.Symmi.14935 (B)` `F-Secure: Trojan.TR/FakeAV.btxt.8` `Zillya: Trojan.FakeAV.Win32.52763` `TrendMicro: TROJ_FAKEAV.SMID` `McAfee-GW-Edition: BehavesLike.Win32.Generic.fc` `Trapmine: malicious.high.ml.score` `FireEye: Generic.mg.79c2dd053543c990` `Sophos: Mal/FakeAV-IS` `SentinelOne: Static AI - Malicious PE` `GData: Gen:Variant.Symmi.14935` `Jiangmin: Trojan/Fakeav.noe` `Avira: TR/FakeAV.btxt.8` `MAX: malware (ai score=81)` `Antiy-AVL: Trojan/Win32.FraudPack` `Xcitium: TrojWare.Win32.Kryptik.AG@39coru` `Arcabit: Trojan.Symmi.D3A57` `ViRobot: Trojan.Win32.A.FraudPack.377731` `ZoneAlarm: Trojan.Win32.FraudPack.cstz` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Cynet: Malicious (score: 100)` `AhnLab-V3: Win-Trojan/Fakeav.320000.AT` `Acronis: suspicious` `McAfee: Generic FakeAV.oi` `VBA32: BScope.Trojan.MulDrop` `Cylance: unsafe` `Panda: Trj/Cycbot.gen` `TrendMicro-HouseCall: TROJ_FAKEAV.SMID` `Tencent: Malware.Win32.Gencirc.10bda555` `Ikarus: Trojan.Win32.FakeAV` `MaxSecure: Trojan.Malware.300983.susgen` `Fortinet: W32/FakeAlert.AMB!tr` `AVG: Win32:FakeAlert-ACY [Trj]` `Cybereason: malicious.53543c` `DeepInstinct: MALICIOUS`

Hashes

MD5	`79c2dd053543c9905b6f69db96984f40`
SHA1	`1bef48c1dfacadfa5b2aadb889ccbd53a50434b9`
SHA256	`28d83d1f3340c7fd999ee1164a990283d2c29082946b29d68a6a6f7c0607201a`
SHA3	`a9b5f766c6d7250705973773a4ee732c5dec2027bbc1780305ffbf23df1eefcc`
SSDeep	`6144:lyJ23H4Fy+M0njbB5aNJo+f43uqYZQv9A9SCqEVrsHHce7DUksJ9gMnrebo5MRo:8J23YFBMivkJos4RWQv38V+U1nniboM`
Imports Hash	`f02b580ebb91995819eaa930dc033cdd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	1970-Feb-23 13:04:10
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x30200`
SizeOfInitializedData	`0x2a600`
SizeOfUninitializedData	`0x1000`
AddressOfEntryPoint	`0x00004172 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x32000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0xb9000`
SizeOfHeaders	`0x400`
Checksum	`0x5fa50`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`dbefb836b23787585b21230b4427f758`
SHA1	`11a39041d7f2ff58da5e36d3648f6003d92471bd`
SHA256	`2130e057c1a1ce5d524c0bf6695acd40ec5eaca58115e4d6fad5f8c34c372b97`
SHA3	`d688cb031daa1419d4eb8081dd6f2a542aa7d303cba1b0e516c73a381ba765ac`
VirtualSize	`0x3006f`
VirtualAddress	`0x1000`
SizeOfRawData	`0x30200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.00641`

.rdata

MD5	`360e4d69ed06b8abfca19e577747bbf5`
SHA1	`858bd15d1ab596231828fdcb4b64aa4571fe1e81`
SHA256	`18817e9a728b8545e40add55cefb469a205f4736f4076e7faf45c49e287a709a`
SHA3	`8b4188b79d5964e595e3f32b4b42dc3728867164c35817309ebcf03d54a3cb8a`
VirtualSize	`0x680`
VirtualAddress	`0x32000`
SizeOfRawData	`0x800`
PointerToRawData	`0x30600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.63517`

.data

MD5	`6f2c0ab6fdbef6e2a14e564d030953b2`
SHA1	`13813d6c6044daecd2c4d56f077e42cc73f44412`
SHA256	`f09babff9356a3a7da4c91b67c012bf7fc1c2c54948ede2398da8789142359d1`
SHA3	`6188969e8f146236c02b94a7015358b3344a1569017e31bc4e302344f4d752d7`
VirtualSize	`0x83980`
VirtualAddress	`0x33000`
SizeOfRawData	`0x2a600`
PointerToRawData	`0x30e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.88155`

.rsrc

MD5	`84fecd969cca61377408320663ed6de7`
SHA1	`d9e59cd8ec3f752c32d7ad1e38b8b56fc70242de`
SHA256	`04824476c7be6879c34411e86c13d369d9719b29e7812ac843e0d81e14defe72`
SHA3	`e1b4a1fa6cad2d7802da2c28f05e4580058e471478b79da198d772aa637038fc`
VirtualSize	`0x2000`
VirtualAddress	`0xb7000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x5b400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.16272`

Imports

KERNEL32.dll	`FreeEnvironmentStringsA` `GetEnvironmentStrings` `SetHandleCount` `GetFileType` `GetTimeZoneInformation` `GetConsoleCP` `GetConsoleMode` `FlushFileBuffers` `EnumSystemLocalesA` `IsValidLocale` `WriteConsoleA` `GetConsoleOutputCP` `SetStdHandle` `SetEndOfFile` `SetEnvironmentVariableA` `LocalAlloc` `GetCurrentProcess` `GetCurrentThreadId` `LeaveCriticalSection` `InterlockedExchange` `SetLastError` `SetProcessShutdownParameters` `FlushInstructionCache` `GetProcessShutdownParameters` `GetCurrentProcessId` `InterlockedDecrement` `GetLastError` `DeleteCriticalSection` `HeapFree` `CloseHandle` `GetProcessHeap` `HeapAlloc` `VirtualFree` `VirtualQueryEx` `VirtualAlloc` `GetCommandLineA` `GetStartupInfoA` `RtlUnwind` `LCMapStringA` `GetStringTypeA` `ExitThread` `ExitProcess` `CreateThread` `HeapCreate` `GetStdHandle` `GetOEMCP`
USER32.dll	`GetKeyState` `CharLowerA` `GetWindowWord`
MSIMG32.dll	`TransparentBlt`
GDI32.dll	`GetBkColor` `BitBlt` `SelectObject` `GetBkMode` `SetLayoutWidth` `GetPixel` `SetTextCharacterExtra`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24733`
MD5	`46f08519ebd1cd9bb1bdbdd4986b6f96`
SHA1	`6c5f49b7b64bbd88fabf3639245433e4dec81557`
SHA256	`e2adebe512c094c9399bec0c824153b8237967bf0461c42fa92bec72fd001e7a`
SHA3	`615697896b104a541b5d8e5431a5f0be2b8bea6196af7c6f88226bb407b82561`

1700

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67866`
MD5	`4f57717eec182d42ffebbc39e5ec8bc9`
SHA1	`3a4e024a8aa9d64ca536170a30b534626d077fbf`
SHA256	`cd147f78c10d4ee21c203735d14c39d21dce3ee8f6f6d09e122ced56923682b2`
SHA3	`3b9ab82e3e26b504bbe8e4602448cacfe6726743327e562e6a66706a0eef055a`

290

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.7815`
Detected Filetype	Icon file
MD5	`3c68f77c35c26ff079a1c410ee44fa62`
SHA1	`0b40150c95fc2c6414c90d44ee78b8d8814b3393`
SHA256	`a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0`
SHA3	`590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x244`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.92477`
MD5	`2d3d83cc44292af2ac474e9525b324a1`
SHA1	`cc2cbab1a0e6a89824d14de9ed14b149ae06c6c1`
SHA256	`28cf0bf5a0f07b9683576362a58ecc5993ee31a78f241605ce36bacc317f9318`
SHA3	`945b6de5cb575f49fbe8d7ba9b7e433286ab50e7526c96a4d937a66a2f0734f8`

Version Info

UNKNOWN

Characteristics	`659060615`
TimeDateStamp	2004-Apr-03 20:34:47
Version	`30527.26845`
SizeofData	`176151351`
AddressOfRawData	`0x2daab3f1`
PointerToRawData	`0x4ce11b70`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xca172d24`
Unmarked objects	`0`
138 (VS2008 SP1 build 30729)	`1`
Total imports	`579`
Imports (VS2008 SP1 build 30729)	`17`
ASM objects (VS2008 SP1 build 30729)	`4`
Exports (VS2008 SP1 build 30729)	`1`
C++ objects (VS2008 SP1 build 30729)	`75`
C objects (VS2008 SP1 build 30729)	`61`
Linker (VS2008 SP1 build 30729)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

Errors

[!] Error: directory 9 has a RVA of 0 but a non-null size.