Manalyze report for 7d686ffd3406ab4a0629e4d634817070

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Sep-30 10:08:22
Detected languages	English - United Kingdom English - United States
Comments	This installation was built with Inno Setup.
CompanyName
FileDescription	Devil May Cry 5 Setup
FileVersion
LegalCopyright
ProductName	Devil May Cry 5
ProductVersion

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: mKH6AVu.ca`
Suspicious	This PE is packed with Themida	`Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found: .imports` `Unusual section name found: .themida` `Section .themida is both writable and executable.` `Unusual section name found: .boot`
Malicious	VirusTotal score: 52/71 (Scanned on 2024-02-18 12:07:51)	`ALYac: Trojan.GenericKD.70930334` `APEX: Malicious` `AVG: Win64:Malware-gen` `Acronis: suspicious` `AhnLab-V3: Trojan/Win.Trojan-gen.R574919` `Alibaba: Packed:Win64/Themida.95c06319` `Antiy-AVL: Trojan[Packed]/Win64.Themida` `Arcabit: Trojan.Generic.D43A4F9E` `Avast: Win64:Malware-gen` `Avira: HEUR/AGEN.1365560` `BitDefender: Trojan.GenericKD.70930334` `Bkav: W64.AIDetectMalware` `CrowdStrike: win/malicious_confidence_100% (W)` `Cybereason: malicious.8d127f` `Cylance: unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of Win64/Packed.Themida.NH` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.GenericKD.70930334 (B)` `F-Secure: Heuristic.HEUR/AGEN.1365560` `FireEye: Generic.mg.7d686ffd3406ab4a` `Fortinet: W32/PossibleThreat` `GData: Trojan.GenericKD.70930334` `Gridinsoft: Trojan.Heur!.03210423` `Ikarus: Trojan.Win64.Themida` `K7AntiVirus: Trojan ( 0059644d1 )` `K7GW: Trojan ( 0059644d1 )` `Kaspersky: HEUR:Trojan-Banker.Win32.ClipBanker.gen` `Kingsoft: Win32.Trojan-Banker.ClipBanker.gen` `Lionic: Trojan.Win32.Themida.7!c` `MAX: malware (ai score=80)` `Malwarebytes: Malware.AI.66263504` `MaxSecure: Trojan.Malware.73484953.susgen` `McAfee: Artemis!7D686FFD3406` `MicroWorld-eScan: Trojan.GenericKD.70930334` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Panda: Trj/Chgt.AD` `Sangfor: Packer.Win32.Themida.swycg` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win64.Injector.tc` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.13f1cab7` `Trapmine: malicious.moderate.ml.score` `TrendMicro: TROJ_GEN.R002C0XKD23` `TrendMicro-HouseCall: TROJ_GEN.R002C0XKD23` `VIPRE: Trojan.GenericKD.70930334` `Varist: W64/Trojan.GKA.gen!Eldorado` `Zillya: Trojan.Themida.Win64.9422` `ZoneAlarm: HEUR:Trojan-Banker.Win32.ClipBanker.gen` `tehtris: Generic.Malware`

Hashes

MD5	`7d686ffd3406ab4a0629e4d634817070`
SHA1	`9f04a668d127fcb4ae16031120e2415f60861cee`
SHA256	`c61b951e930442974d718b776c8f2dc2506ca30f7c7ff68312ba2e19d145fac1`
SHA3	`146a8093cb4246ad1c7bb5714dbea45db68b82af212ff8324539471ea4a69241`
SSDeep	`98304:gKY50AYSEnTw6oAnzz2kh+P8p6Z6TD6ol+UMNqii30ieZ9f9rxTmqVxx9jgbJlf:ugTXHzCk0wnaQ+U+ayVr3Vxx9kh`
Imports Hash	`1cd069a1d0a6220306935daaf0c539a1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`12`
TimeDateStamp	2023-Sep-30 10:08:22
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xb3400`
SizeOfInitializedData	`0xb9e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000098C208 (Section: .boot)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xe68000`
SizeOfHeaders	`0x600`
Checksum	`0x5f0dfa`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x400000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

MD5	`b2ee31e730508d294ae93811cacd9165`
SHA1	`63caec642f112e73361ea7e1d94991a857163664`
SHA256	`51cd64a19736bc99561a36fbb57513bdf511d5db2bdf7fa8652d7f260a07029b`
SHA3	`0f67962a4ed1378a3f57f4ec3f292c1a4231e76d441cae5d0dc8ce1723f0c3ed`
VirtualSize	`0xb3328`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5f9a1`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.98552`

(#2)

MD5	`faa5a4ab5bda3f5f9d1e5ef8f64e27c7`
SHA1	`aa6baea2a2085c05cbcba30514b45798feae02e7`
SHA256	`e14f3ae58ca7249f6d2f8b9ed966ba09ab355aff76e9ccab0110cd17f93b7a68`
SHA3	`6bd6bc0f1c3399f9ee312c891a972a39faac65af2ca43ce2ff6ccc853d932833`
VirtualSize	`0x34204`
VirtualAddress	`0xb5000`
SizeOfRawData	`0xedc7`
PointerToRawData	`0x60000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.96289`

(#3)

MD5	`c7b7c9a7be95f1fbeb4892fe464ff420`
SHA1	`f82ea346bbcbbd9c00bfa302e01c1a5206342e0b`
SHA256	`2368408db570dfaea777c3fd587373f877d02f29f47ce5542b4a40425b4e54b0`
SHA3	`9bf18818b3837c547c74bc7c11b57d71174878f13748b19d708a17981223ce6b`
VirtualSize	`0x9120`
VirtualAddress	`0xea000`
SizeOfRawData	`0x2f9`
PointerToRawData	`0x6ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.66541`

(#4)

MD5	`fa2f9cc4babe4d2be25f9a6063882bd7`
SHA1	`aabad80001bbcbf64a96b2aa7fc20efd7d4f8d33`
SHA256	`d2d00a384c8bdce65f0fc0b0edc2cbda9d46ea0bd016862c1401b41bebbcd315`
SHA3	`912b8689a43172ba15581cc7bf3a27b068eaf10bf2186b0ab676f3e7a374c0d1`
VirtualSize	`0x6f48`
VirtualAddress	`0xf4000`
SizeOfRawData	`0x4186`
PointerToRawData	`0x6f200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.75187`

(#5)

MD5	`9524e0ae394b4b1c27295bc942ed1c12`
SHA1	`c18fa7c053e5cea1e13270c8a6fdb515aa22e592`
SHA256	`ef450240cf3a24c0a5be92992688d7fdd186323fb3e1ba5ec0b905540042dd3e`
SHA3	`c73c1857f04b34a2f6063149cb856f48d087e9ece925a5cb3955de35af866e63`
VirtualSize	`0x79000`
VirtualAddress	`0xfb000`
SizeOfRawData	`0x567e8`
PointerToRawData	`0x73400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.94824`

(#6)

MD5	`ddfb4e4c8dbc7f6d1a6b29df34cd5c4c`
SHA1	`041e454bebb2f1c22418796f56d465f7a7632911`
SHA256	`703282bd4df603fc5791461dea711e59c31bc148efebf9fe782725788e130109`
SHA3	`7809b9a0fc2483748d1a6d4e3670a40fc83840612dc9bf7520dd1d79ad9a8a80`
VirtualSize	`0xa74`
VirtualAddress	`0x174000`
SizeOfRawData	`0x703`
PointerToRawData	`0xc9c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.73825`

.imports

MD5	`2e4c183fd70e34787a5b0404471b11be`
SHA1	`9a02b154d9e4005de948c2f4fc0414c7edd51331`
SHA256	`290ee3af2d2b60a7403756e60384e9e69ca8be8ade80a69ea1cd89102fea8956`
SHA3	`1fc7006c4deb9156970377071867f5108e9ce99199bc06454740c0c040f9a332`
VirtualSize	`0x1000`
VirtualAddress	`0x175000`
SizeOfRawData	`0x600`
PointerToRawData	`0xca400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.04228`

.tls

MD5	`ebd780fb60a0b63e0cb9886e1604f0ef`
SHA1	`5ade67fd994de23793829cf742144579a47fd8ac`
SHA256	`79e877486a15bc7f1eaefcbdf19419df9e565a5ad837b14751c4f83cbdf71dc8`
SHA3	`5391c47e3c52583f273ce88ba530931cb61c7b6ff844eb1bf0684ab8534d0b22`
VirtualSize	`0x1000`
VirtualAddress	`0x176000`
SizeOfRawData	`0x200`
PointerToRawData	`0xcaa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.284569`

.rsrc

MD5	`2ff175948af4884a6e26ab02b1b96ddd`
SHA1	`821d377f3397a0a0584d8727a6abc57e1dd0e720`
SHA256	`219fe0974e5a2f596a592b673833ed0e4a5cfba47e8454a50c13587ab4d2f199`
SHA3	`b6e01aa790b6571200b74c6dbe02221597725aa728ac0828a661a94964547729`
VirtualSize	`0x42c00`
VirtualAddress	`0x177000`
SizeOfRawData	`0x42c00`
PointerToRawData	`0xcac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.39944`

.themida

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x7d0000`
VirtualAddress	`0x1ba000`
SizeOfRawData	`0`
PointerToRawData	`0x10d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.boot

MD5	`5d964e3b3a1449abb1cc7eb6266df26c`
SHA1	`509451ea9353bd48654c942e22344b4079eaedcd`
SHA256	`7c3573bc1aa5c2bc98bdd82728acab5fa14ef95d57316a703c9aa1e63e8c31e0`
SHA3	`7927c0299d14ea55f1073e548197ab42a5955679122d75e2b709509021cbc694`
VirtualSize	`0x4dc600`
VirtualAddress	`0x98a000`
SizeOfRawData	`0x4dc600`
PointerToRawData	`0x10d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.95981`

.reloc

MD5	`69f12cddc72c9ecc4e99192e77ad2906`
SHA1	`dca4eb36f0337d3bff03c40f5e96be8f86285ef4`
SHA256	`abaa7821b1f9e025fc2685fdda80d626ce54f9996b4bd7df4137d3ecae64b2f3`
SHA3	`5b0a0182e8d2fddefe680f362d77672d3ae8704f0d629e991d52c7b7a4dfdc57`
VirtualSize	`0x1000`
VirtualAddress	`0xe67000`
SizeOfRawData	`0x10`
PointerToRawData	`0x5e9e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ`
Entropy	`2.4746`

Imports

kernel32.dll	`GetModuleHandleA`
WSOCK32.dll	`gethostbyname`
VERSION.dll	`GetFileVersionInfoW`
WINMM.dll	`timeGetTime`
COMCTL32.dll	`ImageList_ReplaceIcon`
MPR.dll	`WNetGetConnectionW`
WININET.dll	`HttpOpenRequestW`
PSAPI.DLL	`GetProcessMemoryInfo`
IPHLPAPI.DLL	`IcmpSendEcho`
USERENV.dll	`DestroyEnvironmentBlock`
UxTheme.dll	`IsThemeActive`
USER32.dll	`GetMenuStringW`
GDI32.dll	`EndPath`
COMDLG32.dll	`GetSaveFileNameW`
ADVAPI32.dll	`GetAce`
SHELL32.dll	`DragFinish`
ole32.dll	`CoTaskMemAlloc`
OLEAUT32.dll	`VariantChangeType`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.15056`
MD5	`103a012026174b7a88dfbc7d5432ba7d`
SHA1	`5a442f0fcac7402e38c1579fdbf6303d0290c4f8`
SHA256	`fa9c269c1e7f9524082766a54732129b6609c3d28fefcfb6d1b0678015297f53`
SHA3	`0e410f989d8278dd99e9d0289671433c74c39c68696e4af2d79456603caa708d`

2

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.29952`
MD5	`80331f3d00a5bb2214f6caf806a2c54e`
SHA1	`a45f579cd36ced3b22a8d638eab339b6fc2ab943`
SHA256	`47659b1c796c794a0d031b5b12965ef63c0de1e5c6d9e866e0e95e492664699a`
SHA3	`748884713bb7ad2306e4684b50579e02915ff743ef123094a79a921eae91a74b`

3

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.41958`
MD5	`1219e175d355ca9b1c8aaaac670b8544`
SHA1	`334eee2bacddd5e3a2e8217e316d73ab72980f79`
SHA256	`24bb55264afa1bb27339ab61e0ed95b9219d2863f0657d0e9877bb27c690e40e`
SHA3	`1d65ba7c37efcd94ff84160d456af74fd4c84d672c8292315b8b477e239fa44f`

4

Type	`RT_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.54396`
MD5	`13ac759a5feafa7e9425de1a039ce49e`
SHA1	`b622f09bf51abe1a5f2b83ee41b0be4a37852727`
SHA256	`6cffe89ec1d7d394915d8312f39df4b9fc60d17e2f97fc055f61ae39a092de26`
SHA3	`bc2cb5ac02bfb62008a3dc890d1fdec38cd192c5797ca32b98054a64a67e5e8c`

99

Type	`RT_GROUP_ICON`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.44089`
Detected Filetype	Icon file
MD5	`4d1b601eaab36bedc2f92d4b43588870`
SHA1	`e3c0ac2b1ba9e5824487c214c4fe8b1f6496eef5`
SHA256	`a5fbe65643641dfe0c59b1cbd643f7c6074eee6d479de5c06acebfa6a5dd50dd`
SHA3	`4820e5939e2b617e5b74cae4d0e88dd6f30e2954560118eb5f88783727a1f85f`

1 (#2)

Type	`RT_VERSION`
Language	English - United Kingdom
Codepage	UNKNOWN
Size	`0x4b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.56065`
MD5	`a59a96f2b39fda9596e25022cc9112ab`
SHA1	`ecded385a8353e9c9f97765729b966be9977ee7b`
SHA256	`9bdd93808c70d8505eb59b30e6f94118b95632094bf3ce7fb1e7ee09e791c167`
SHA3	`1374ae2093271487de235a5d5d224de3bd2fd3bc6c7054bf4ba8ce59b555bbc8`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3fa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.39264`
MD5	`79ff2b6cfbaed20d0761e88f8b47dc80`
SHA1	`7ef2897a5a54be6eb3e82c3a936d070dc001e537`
SHA256	`2fb51dac382441e19215b5016eddd256a4fdf99d325fe691d77a6e450988ecbe`
SHA3	`02bda12ac26ccf7986d96ff43cdceb70ea576bb4a29fba484a5200fb71103412`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	This installation was built with Inno Setup.
CompanyName
FileDescription	Devil May Cry 5 Setup
FileVersion (#2)
LegalCopyright
ProductName	Devil May Cry 5
ProductVersion (#2)

Resource LangID	English - United Kingdom

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xb847502b`
Unmarked objects	`0`
241 (40116)	`21`
243 (40116)	`156`
242 (40116)	`33`
199 (41118)	`1`
C++ objects (VS 2015/2017 runtime 26706)	`46`
C objects (VS 2015/2017 runtime 26706)	`17`
ASM objects (VS 2015/2017 runtime 26706)	`8`
C objects (VS2008 SP1 build 30729)	`8`
135 (VS2008 SP1 build 30729)	`1`
Imports (VS2008 SP1 build 30729)	`37`
Total imports	`557`
C++ objects (POGO O) (27045)	`80`
ASM objects (27045)	`1`
Resource objects (27045)	`1`
151	`1`
Linker (27045)	`1`

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .themida has a size of 0!