Manalyze report for 7f790f63573759d70880b5ef49397d3f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2009-Jan-12 11:44:17
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++ 8` `Microsoft Visual C++ 8.0` `MSVC++ v.8 (procedure 1 recognized - h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` `Contains domain names: hacks.de mp-hacks.de www.mp-hacks.de`
Suspicious	The PE is possibly packed.	`Unusual section name found: .modu`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities: WriteProcessMemory CreateRemoteThread VirtualAllocEx OpenProcess VirtualAlloc` `Memory manipulation functions often used by packers: VirtualProtectEx VirtualAllocEx VirtualAlloc` `Manipulates other processes: Process32Next WriteProcessMemory Process32First OpenProcess`
Malicious	VirusTotal score: 35/71 (Scanned on 2020-06-27 07:56:16)	`FireEye: Generic.mg.7f790f63573759d7` `Cylance: Unsafe` `Zillya: Adware.BrowseFox.Win32.139956` `SUPERAntiSpyware: Trojan.Agent/Gen-PWS` `Sangfor: Malware` `CrowdStrike: win/malicious_confidence_90% (W)` `Alibaba: HackTool:Win32/Mmorpg.f200a48a` `K7GW: Unwanted-Program ( 004ba41e1 )` `K7AntiVirus: Unwanted-Program ( 004ba41e1 )` `Invincea: heuristic` `F-Prot: W32/Heuristic-KPP!Eldorado` `Symantec: Trojan.Gen.2` `APEX: Malicious` `AegisLab: Riskware.Win32.Game.1!c` `Sophos: Cheathappens (PUA)` `Comodo: Malware@#3uirww886ef3s` `VIPRE: Trojan.Win32.Generic!BT` `TrendMicro: HKTL_GAMEHACK` `Trapmine: malicious.high.ml.score` `SentinelOne: DFI - Malicious PE` `Jiangmin: Trojan.Generic.foya` `Fortinet: Riskware/GameHack` `Endgame: malicious (high confidence)` `Cynet: Malicious (score: 100)` `AhnLab-V3: Spyware/Win32.Gampass.C1115832` `McAfee: RDN/PWS-Mmorpg.gen` `MAX: malware (ai score=100)` `VBA32: Trojan.Agent.12115` `Malwarebytes: HackTool.Agent.AIM` `ESET-NOD32: a variant of Win32/GameHack.BB potentially unsafe` `TrendMicro-HouseCall: HKTL_GAMEHACK` `Rising: Malware.Heuristic!ET#99% (CLOUD)` `Yandex: Riskware.GameHack!TJ5BfqSNE7o` `GData: Win32.Application.Agent.7VTR6Q` `BitDefenderTheta: Gen:NN.ZexaF.34130.ruW@ayfHkmni`

Hashes

MD5	`7f790f63573759d70880b5ef49397d3f`
SHA1	`b20a5ec9943779b7834bbb4be834f0d0c1daf8d0`
SHA256	`7004127f9fddc7bc6f2ed76a579e2d2e4a6e190451f3a6c7d7433957b8c64286`
SHA3	`966a19f8e71499fec91ba44f18f6859c84260062f8a25614b249758d1d86261f`
SSDeep	`3072:DfVnFLFAMjGr4RjtWNcjm/gGvQyINWsHbGTh1iQHX1FVZMdPt/qg3Idht:XBAdoA+jmfcGSQtZ05qX7`
Imports Hash	`a6e6f9cdd81c0d4c0d6ee4f96278eb59`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2009-Jan-12 11:44:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x14000`
SizeOfInitializedData	`0x8000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00005CA4 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x15000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x49000`
SizeOfHeaders	`0x1000`
Checksum	`0x24665`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3ef564074d2d4912b38191f0d6476acc`
SHA1	`b1bbe174201acd7d2481b679df5bc50140404686`
SHA256	`dc2c7135f98698d5e9f428ffa22effe49fd44f043389b804598ac7ce5e7f9dc0`
SHA3	`1ac54530be7d589d24f542dfccc9209927565421c810f3fac0446d730319383c`
VirtualSize	`0x14000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x14000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.52621`

.rdata

MD5	`fec1429dd199529938b8c5bb5ee55df6`
SHA1	`caa7e3aec567d872aa1e6abe16524ca1efc93b59`
SHA256	`3993cebc10d216524d9411e5889e2060ba403eb0d34480222d123348a3c4b644`
SHA3	`9c91372bf8fd788525ccb4d19bb4fce136b77a65ef038590d3b24bdac3299cfc`
VirtualSize	`0x5000`
VirtualAddress	`0x15000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x15000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.65159`

.data

MD5	`6f1534964d3b620d5e9cf63951856797`
SHA1	`fbe771c164fac5d18a599b3e80d9496f93c3ba0e`
SHA256	`db78c5ad0de491bbab57ca263f7d9fd4b41a22685835d5dcd87c23526f4b500a`
SHA3	`144b815f848f6b5c5c6bf241328dbda3d441d7ba1ead0d558ab134315b108977`
VirtualSize	`0x4000`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x1a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.13837`

.rsrc

MD5	`f18fdd6190f843e769fb92c0557a86cc`
SHA1	`4e97d0ddb294a92ae0fe4e31737a0732030d0bd6`
SHA256	`54cd0d5d561c21d86c12317ebc26388f941733fd7ea1191bc119e193da4109f0`
SHA3	`81974742462aff2f8ec598f70b24a12bd66e6c38ccc0de2ddb9aac1c2ce8583b`
VirtualSize	`0x1000`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.05647`

.modu

MD5	`db673c492f4accd33ff39594148f2f67`
SHA1	`ab38ca30f6c8493d1152fd70eefda7528510fc3d`
SHA256	`05b3d9235212e906c7258baa8c77812cd25ec2f011be00ddf0e84b73c9504d4d`
SHA3	`878b3ece83aba0f6422395ea564a109af0e2ddc269165406ef9425335bdd4866`
VirtualSize	`0x2a000`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x2a000`
PointerToRawData	`0x1d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.30552`

Imports

KERNEL32.dll	`GetFileSize` `LoadLibraryA` `CloseHandle` `VirtualFreeEx` `Process32Next` `ReadFile` `GetProcAddress` `GetCompressedFileSizeA` `WriteProcessMemory` `CreateRemoteThread` `CreateToolhelp32Snapshot` `Process32First` `GetFileAttributesA` `VirtualProtectEx` `VirtualAllocEx` `WaitForSingleObject` `OpenProcess` `GetModuleFileNameA` `Module32First` `Module32Next` `CreateFileA` `GetModuleHandleA` `GlobalFree` `WriteFile` `GlobalAlloc` `InterlockedIncrement` `InterlockedDecrement` `Sleep` `InitializeCriticalSection` `DeleteCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `GetLastError` `HeapFree` `GetCommandLineA` `GetVersionExA` `HeapAlloc` `GetProcessHeap` `RtlUnwind` `RaiseException` `LCMapStringA` `WideCharToMultiByte` `MultiByteToWideChar` `LCMapStringW` `GetCPInfo` `TlsGetValue` `TlsAlloc` `TlsSetValue` `TlsFree` `SetLastError` `GetCurrentThreadId` `HeapDestroy` `HeapCreate` `VirtualFree` `VirtualAlloc` `HeapReAlloc` `ExitProcess` `GetStdHandle` `FreeEnvironmentStringsA` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `SetHandleCount` `GetFileType` `GetStartupInfoA` `QueryPerformanceCounter` `GetTickCount` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `GetACP` `GetOEMCP` `IsValidCodePage` `GetUserDefaultLCID` `GetLocaleInfoA` `EnumSystemLocalesA` `IsValidLocale` `GetStringTypeA` `GetStringTypeW` `HeapSize` `GetConsoleCP` `GetConsoleMode` `FlushFileBuffers` `SetFilePointer` `WriteConsoleA` `GetConsoleOutputCP` `WriteConsoleW` `SetStdHandle` `GetLocaleInfoW`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x56`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.65542`
MD5	`bd62b6f553a2d1d012cc53fc325221d2`
SHA1	`c5353cec27b30fb35e414dd5f3d0e9205aaf1c07`
SHA256	`388f75e900f0c15fd66249d7b2e7edf6e14eeefb859e6f766b75058e44f27af6`
SHA3	`b59854a353caba5e0be1002399bcb847b4dd99e37cff0c7967dd0d42c1eab089`

Version Info

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x41a5a8`
SEHandlerTable	`0x417ca0`
SEHandlerCount	`39`

RICH Header

7f790f63573759d70880b5ef49397d3f

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.modu

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors