Manalyze report for 79ffc87f096255eeb55d65fa3e2e2093

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2009-Jul-02 15:51:08
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++ 8` `Microsoft Visual C++ 8.0` `Microsoft Visual C++` `MSVC++ v.8 (procedure 1 recognized - h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: Cmd.exe cmd.exe`
Suspicious	The PE is possibly packed.	`Unusual section name found: .text1` `Unusual section name found: .trace`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Possibly launches other programs: CreateProcessA` `Can create temporary files: CreateFileA GetTempPathA`
Suspicious	VirusTotal score: 1/57 (Scanned on 2016-04-18 15:45:11)	`Ikarus: Backdoor.Win32.HacDef`

Hashes

MD5	`79ffc87f096255eeb55d65fa3e2e2093`
SHA1	`2a2487b8a9bf2913e8af0149ba47a379391cd313`
SHA256	`a2376934ed3039b80b36a7c441376f8f1a1b0762bc1fb4f2fbd75e6c862aaee3`
SHA3	`64bd053f71f1caecd58a424cf2f04a8b6d3c6034e7df698a8aa8827e05b784d1`
SSDeep	`12288:ifefnTQAFju/YYnoly4+T98tej13ZTn+9eMlSqut+4A+QysKo:eeNFju/YYnolyPTH9ZT+8Mljuzw9`
Imports Hash	`d6ed6c31c41f2bdd3f77f755e023728d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2009-Jul-02 15:51:08
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x8f000`
SizeOfInitializedData	`0x2b000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0006D73A (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x90000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x2038000`
SizeOfHeaders	`0x1000`
Checksum	`0xc0d46`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5e81b9aaaf8e31f4815fa6f80810c446`
SHA1	`e9e79111125598f7c079156791c2f7d0d7c1141e`
SHA256	`472767f1b8ff1b694204c464e5444e446618bd0bd0598ab16c35c2e1e3f44748`
SHA3	`59f45139520ad8e33aa8be6eceeeb4627a18603ddc232b2f403fed5f12377d8d`
VirtualSize	`0x8def3`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8e000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.61349`

.text1

MD5	`6252c3b949a7833d4a2854d9f6e113ca`
SHA1	`ef491fce5f5d69735ba1a0499e5c7d74a79f11c4`
SHA256	`ddfbe06e0749f76f424e8aff0a9afe919deb7b4e52bf0b1d9cb772b0069f7165`
SHA3	`f4bd47e8861bdc1cf9b9a2624426bd74224223ba185e9c4af176e887ea8659dd`
VirtualSize	`0xd0`
VirtualAddress	`0x8f000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x8f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0.499453`

.rdata

MD5	`d032229658a95033f828e74c548174e9`
SHA1	`fa246f9d37cd47118574a39fca03ca639e497c0b`
SHA256	`5cbf72e183c2ada1809d3dcb9dc519f38bb023c019a24ff7ac36b99a6cfd74aa`
SHA3	`7f3d0c1b53fa372e5d99172f7138bb8bcc044baf6e8d99900e67cdab298581b4`
VirtualSize	`0x207c0`
VirtualAddress	`0x90000`
SizeOfRawData	`0x21000`
PointerToRawData	`0x90000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.96319`

.data

MD5	`615cabf5fc6342ce33cf78096c12cf25`
SHA1	`88f2deabff4a246a3fab9368a2697d5607a6e77a`
SHA256	`a6b89ea7e126c53cad1e745db3ca4ac8b07507fa68996247c5d3ccdca721c1e7`
SHA3	`fd95e5b064c5e45fef681f6fda049c93d4a262d3c4d7093590d308f4de310173`
VirtualSize	`0x1f81c08`
VirtualAddress	`0xb1000`
SizeOfRawData	`0x5000`
PointerToRawData	`0xb1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.68457`

.trace

MD5	`f90ab7ac6c866265e60a32aef0048dbd`
SHA1	`bb8b49b1098c8cf8a3c512af930dbc8a1d3eb336`
SHA256	`030a04de679aadfdfeb0adb46d4861d16edb82a9ccdb1ec2ac3b54a6ee17fc3c`
SHA3	`76ea4d1f2e09174d54324f55b323990333d8e9c859c14b67eebdb9bd1bceb89a`
VirtualSize	`0x3020`
VirtualAddress	`0x2033000`
SizeOfRawData	`0x4000`
PointerToRawData	`0xb6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.29735`

.rsrc

MD5	`59d58653de26fca7dc9a8810eff5903d`
SHA1	`721c95feeec32f33d330393be5149de45a4c146e`
SHA256	`ca28a547f91f7cb7e3e59f4efa0c4530674dfa0903e77abebb2c47572088a51d`
SHA3	`30bba92757aaea7592e13c9a4374e66e9067b6bc163e399c328579819aadd0ef`
VirtualSize	`0xb0`
VirtualAddress	`0x2037000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xba000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.05918`

Imports

KERNEL32.dll	`FormatMessageA` `LoadLibraryA` `GetThreadLocale` `FreeLibrary` `CloseHandle` `GetLastError` `GetStdHandle` `GetProcAddress` `GetModuleHandleA` `WriteFile` `SetFilePointer` `CreateFileA` `IsDebuggerPresent` `GetFileType` `WaitForSingleObject` `Sleep` `InterlockedExchange` `TlsSetValue` `TlsGetValue` `SetLastError` `TlsAlloc` `TlsFree` `VirtualFree` `VirtualAlloc` `GetCurrentThreadId` `ReleaseMutex` `CreateMutexA` `SetEndOfFile` `GetCommandLineA` `GetACP` `SetErrorMode` `SetConsoleCtrlHandler` `LeaveCriticalSection` `EnterCriticalSection` `SetEvent` `ExitThread` `CreateEventA` `InitializeCriticalSection` `DeleteCriticalSection` `TerminateThread` `ReadFile` `GetFileInformationByHandle` `GetTempFileNameA` `GetTempPathA` `GetFullPathNameA` `DeleteFileA` `GetVersionExA` `SetThreadPriority` `CreateProcessA` `FlushFileBuffers` `HeapFree` `HeapAlloc` `GetProcessHeap` `ExitProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `HeapReAlloc` `WideCharToMultiByte` `GetConsoleCP` `GetConsoleMode` `SetStdHandle` `GetCurrentProcessId` `GetModuleFileNameA` `FreeEnvironmentStringsA` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `SetHandleCount` `GetStartupInfoA` `InterlockedIncrement` `InterlockedDecrement` `GetCurrentThread` `HeapDestroy` `HeapCreate` `QueryPerformanceCounter` `GetTickCount` `GetSystemTimeAsFileTime` `TerminateProcess` `GetCurrentProcess` `RtlUnwind` `GetCPInfo` `GetOEMCP` `LCMapStringA` `MultiByteToWideChar` `LCMapStringW` `HeapSize` `GetFileAttributesA` `WriteConsoleA` `GetConsoleOutputCP` `WriteConsoleW` `CompareStringA` `CompareStringW` `SetEnvironmentVariableA` `GetLocaleInfoA` `GetStringTypeA` `GetStringTypeW` `GetExitCodeProcess` `VirtualQuery`
imagehlp.dll	`SymCleanup` `SymInitialize` `StackWalk`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x56`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65542`
MD5	`bd62b6f553a2d1d012cc53fc325221d2`
SHA1	`c5353cec27b30fb35e414dd5f3d0e9205aaf1c07`
SHA256	`388f75e900f0c15fd66249d7b2e7edf6e14eeefb859e6f766b75058e44f27af6`
SHA3	`b59854a353caba5e0be1002399bcb847b4dd99e37cff0c7967dd0d42c1eab089`

Version Info

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4b4420`
SEHandlerTable	`0x4af8f0`
SEHandlerCount	`4`

RICH Header

XOR Key	`0x6fcb6320`
Unmarked objects	`0`
Imports (VS2003 (.NET) build 4035)	`5`
Total imports	`118`
ASM objects (VS2003 (.NET) build 3077)	`3`
ASM objects (VS2012 build 50727 / VS2005 build 50727)	`27`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`41`
C objects (VS2012 build 50727 / VS2005 build 50727)	`149`
Unmarked objects (#2)	`121`
Linker (VS2012 build 50727 / VS2005 build 50727)	`1`

79ffc87f096255eeb55d65fa3e2e2093

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.text1

.rdata

.data

.trace

.rsrc

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors