Manalyze report for 7fa530c0fbd3dda1fb992033bf890665101b3e79a8b99e80169a1f5c5f58c571

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2016-Jun-23 16:59:10

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VirtualPC presence: 0f 3f 07 0b`
Suspicious	The PE is possibly packed.	`Unusual section name found: \x00` `Section \x00 is both writable and executable.` `Unusual section name found: .rsrc` `Unusual section name found: .idata` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found: zzjwokmg` `Section zzjwokmg is both writable and executable.` `Unusual section name found: ullhjynz` `Section ullhjynz is both writable and executable.` `The PE only has 2 import(s).`
Malicious	VirusTotal score: 34/73 (Scanned on 2024-10-25 17:55:12)	`APEX: Malicious` `AVG: Win32:Malware-gen` `Alibaba: Packed:Win32/Themida.aec34f39` `Antiy-AVL: Trojan[Packed]/Win32.Themida` `Avast: Win32:Malware-gen` `Bkav: W32.AIDetectMalware` `CTX: exe.trojan.generic` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of Win32/Packed.Themida.HEK` `Elastic: malicious (high confidence)` `FireEye: Generic.mg.d5c269e0422059d2` `Fortinet: PossibleThreat` `Gridinsoft: Malware.Win32.Gen.bot!se40363` `K7AntiVirus: Trojan ( 0055e39b1 )` `K7GW: Trojan ( 0055e39b1 )` `Lionic: Trojan.Win32.Generic.4!c` `Malwarebytes: Trojan.MalPack` `MaxSecure: Trojan.Malware.300983.susgen` `McAfee: Artemis!D5C269E04220` `McAfeeD: ti!7FA530C0FBD3` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Rising: Malware.Undefined!8.C (CLOUD)` `Sangfor: Trojan.Win32.Packed.Vvtl` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: BehavesLike.Win32.Generic.vc` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.high.ml.score` `VBA32: BScope.TrojanDropper.Sysn` `Webroot: W32.Malware.Gen` `Zoner: Probably Heur.ExeHeaderL` `tehtris: Generic.Malware`

Hashes

MD5	`d5c269e0422059d2e6d5ed2c0b1b61a7`
SHA1	`9a6b2d1f6af03a5db206b48f16d942235fce4224`
SHA256	`7fa530c0fbd3dda1fb992033bf890665101b3e79a8b99e80169a1f5c5f58c571`
SHA3	`89df9bd26200077276d242332e296742df8a8d134456253fa57eb1c936ff506f`
SSDeep	`49152:WMxBO8pfUSGS2Ra9rYchzGNSKHTkQ2Qb9xXvoKE:rxtpfuS2RaachzBKH4ZQb9xXvo1`
Imports Hash	`baa93d47220682c04d92f7797d9224ce`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2016-Jun-23 16:59:10
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0xaf200`
SizeOfInitializedData	`0x9b000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0054F000 (Section: ullhjynz)`
BaseOfCode	`0x1000`
BaseOfData	`0xb1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x550000`
SizeOfHeaders	`0x400`
Checksum	`0x20c0fb`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

\x00

MD5	`c34281866a1ea875a81ca28a71751120`
SHA1	`7562850cdcba0dfb0975ad64b4d9360392e37b4a`
SHA256	`e729daa5b7e6afa6dd0de5f24009ce0d63d32c35a511f6ed5f161e1b9e9ab1ea`
SHA3	`c460c75238f87bf6b45cb72dc7f61144e5baa5db959e15772cf6025c91278c40`
VirtualSize	`0x144000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x8da00`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.98147`

.rsrc

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1000`
VirtualAddress	`0x145000`
SizeOfRawData	`0`
PointerToRawData	`0x8ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`efa8732c6ea1591fb42d12a4f0735b48`
SHA1	`6cbead18778ba585738191811fe9a0652586ef2f`
SHA256	`c0cb603b2c1c5cc1effcc17343b2dd5ae007427fffaf21dbee94bedf717109a0`
SHA3	`c5fcb295c13330e547ba5ec74383ac83ca9bf458b845af52aab9f811c276f0a6`
VirtualSize	`0x1000`
VirtualAddress	`0x146000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.28405`

MD5	`5b37724084efe0c773321f74c46d2d16`
SHA1	`eff61d40f83b835cec8302432b3d477ad756fb6e`
SHA256	`fd4166361337d31d102de65353f9ff4ea2f2c8aab32bd58feaced29acee5ccee`
SHA3	`b7f43ca1610968993e6e0c699327f2943bbed3b01c557606782d910032fb4997`
VirtualSize	`0x28b000`
VirtualAddress	`0x147000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8ec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.260771`

zzjwokmg

MD5	`957a2e7046fd8c1384b5e21dba018f29`
SHA1	`2c14e1223b1c49a5e643208de8c95fba4e3d1ce3`
SHA256	`735786e4723a68cc2e1ae886d1a6c942e734c9b80b686f3d97c0a497ef0f3dc4`
SHA3	`53c95bc496127e1250b8df55f5df85625ef56e0f74430c14aeabe664782caccc`
VirtualSize	`0x17d000`
VirtualAddress	`0x3d2000`
SizeOfRawData	`0x17cc00`
PointerToRawData	`0x8ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.95539`

ullhjynz

MD5	`179ea71b4b95c907c11934bde05c9ef7`
SHA1	`aec70955445751fd0227c7f2196f1dd8b00cb2fa`
SHA256	`1ece204d7eb864a17f690f34c3758b66baaf43a6ce5caca4b973e4c0a6b6f94f`
SHA3	`45e362b7355bd41449362d39de20e8159c6b2414696fb8932b6f8fb9395a849e`
VirtualSize	`0x1000`
VirtualAddress	`0x54f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x20ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.35772`

Imports

kernel32.dll	`lstrcpy`
comctl32.dll	`InitCommonControls`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xcdaa433d`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`2`
199 (41118)	`9`
C++ objects (VS2013 build 21005)	`66`
ASM objects (VS2013 build 21005)	`35`
C objects (VS2013 build 21005)	`222`
Imports (65501)	`15`
Total imports	`213`
C objects (VS2010 build 30319)	`137`
C objects (2190)	`1`
C++ objects (8798)	`3`
Unmarked objects (#2)	`2`
C++ objects (VS98 SP6 build 8804)	`1`
C objects (VS98 SP6 build 8804)	`72`
18 (8444)	`1`
C objects (VS2013 UPD4 build 31101)	`3`
Linker (VS2013 UPD4 build 31101)	`1`

Errors

[*] Warning: Section .rsrc    has a size of 0!

Leave a comment

No comments yet.