Manalyze report for 7fcd8dac3c611c4fcff0e295326c654f

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Jul-24 22:19:26
Detected languages	English - United States
Comments	Spaebook Ryddelige Spasticitets
CompanyName	Tarerende
InternalName	Neologisms latterliggrelserne.exe
OriginalFilename	Neologisms latterliggrelserne.exe

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://nsis.sf.net http://nsis.sf.net/NSIS_Error nsis.sf.net`
Suspicious	The PE is an NSIS installer	`Unusual section name found: .ndata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegCreateKeyExW RegEnumKeyW RegQueryValueExW RegSetValueExW RegCloseKey RegDeleteValueW RegDeleteKeyW RegOpenKeyExW RegEnumValueW` `Possibly launches other programs: CreateProcessW` `Can create temporary files: GetTempPathW CreateFileW` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Changes object ACLs: SetFileSecurityW` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	The file contains overlay data.	`84748 bytes of data starting at offset 0x1da00.` `The overlay data has an entropy of 7.99782 and is possibly compressed or encrypted.`
Malicious	VirusTotal score: 11/70 (Scanned on 2022-09-22 03:29:53)	`McAfee: Artemis!7FCD8DAC3C61` `Elastic: malicious (high confidence)` `Paloalto: generic.ml` `Avast: FileRepMalware [Misc]` `McAfee-GW-Edition: BehavesLike.Win32.Dropper.dh` `Ikarus: Win32.Outbreak` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Google: Detected` `Malwarebytes: MachineLearning/Anomalous.97%` `Fortinet: NSIS/Injector.AOW!tr` `AVG: FileRepMalware [Misc]`

Hashes

MD5	`7fcd8dac3c611c4fcff0e295326c654f`
SHA1	`a333d63bb0eefdba7d3952b0fdb88647aec94ba8`
SHA256	`051ac6e0fca12ae57566490f8c0701bda80ac1607ebc63775d4b273d93639dd2`
SHA3	`c6df0efb8de91ed3b6cf741bfd15642a48602ed984ff3b0fe19c33a3549eafb5`
SSDeep	`3072:HuxVUg3yGDRb8lc7uj8yiTCIMybAzi0ocfaGB7xtBH5KlGbvwMfbxuHhVsRcWqTn:OgORaXvwMfN8hVs+TTvBR`
Imports Hash	`c05041e01f84e1ccca9c4451f3b6a383`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2021-Jul-24 22:19:26
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6600`
SizeOfInitializedData	`0x22a00`
SizeOfUninitializedData	`0x800`
AddressOfEntryPoint	`0x000035D8 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`6.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x7f000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`869e1d11bbf88d92521c022fa6f3d4f0`
SHA1	`3442c1bb49ba3c7bfc46618255cc471a7e3e3bb7`
SHA256	`7a538c35c247872f01b15c7f6c3ef38e2beb898ed0ee2831791dc252f682d7e4`
SHA3	`18176b457042f120366c90c49be5dfbfd7c65ac06c739b685d60bb7038e8d9a2`
VirtualSize	`0x6572`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.45392`

.rdata

MD5	`79e286249499b713a2ddbee33baa50da`
SHA1	`fe2bedee8c2ca0b3a39a9a62d201d08eee8b3f17`
SHA256	`83bea15184035cd426d88b077d6973382cb3ec99b72dda413183a0d751fcab2c`
SHA3	`12c7013e4c1c09d5a669b32a2e022721f8916191a733fbcdb2f1894d6a86c61c`
VirtualSize	`0x1398`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x6a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.13672`

.data

MD5	`b6d02c867f7bfbcf68de2cfeea94fd73`
SHA1	`ac77cc46ab8d1809c15541e5c084c069a6bf8107`
SHA256	`c49462737ce149cb4c498bfa3d56d6883dca161155785402c8af95c10e3d7e29`
SHA3	`ecd4b42a60e0ce1edc396ff446f1b645da4584097cd55da5e4ef561ef43a6174`
VirtualSize	`0x20378`
VirtualAddress	`0xa000`
SizeOfRawData	`0x600`
PointerToRawData	`0x7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.09681`

.ndata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x3e000`
VirtualAddress	`0x2b000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`33f00f7f67167e671cfd9a0c9a00ad00`
SHA1	`ee9251a3cd1980b155a4caf4e8a114b72735bfa1`
SHA256	`62011eada01708291b5e1e2214e96baed7a9f5c2901ca704f3e8a46edced2482`
SHA3	`233bad29e397603d9597e24bfb048008c99afe0ab24b9b1246cfc365d4061bf4`
VirtualSize	`0x15530`
VirtualAddress	`0x69000`
SizeOfRawData	`0x15600`
PointerToRawData	`0x8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.82617`

Imports

ADVAPI32.dll	`RegCreateKeyExW` `RegEnumKeyW` `RegQueryValueExW` `RegSetValueExW` `RegCloseKey` `RegDeleteValueW` `RegDeleteKeyW` `AdjustTokenPrivileges` `LookupPrivilegeValueW` `OpenProcessToken` `SetFileSecurityW` `RegOpenKeyExW` `RegEnumValueW`
SHELL32.dll	`SHGetSpecialFolderLocation` `SHFileOperationW` `SHBrowseForFolderW` `SHGetPathFromIDListW` `ShellExecuteExW` `SHGetFileInfoW`
ole32.dll	`OleInitialize` `OleUninitialize` `CoCreateInstance` `IIDFromString` `CoTaskMemFree`
COMCTL32.dll	`#17` `ImageList_Create` `ImageList_Destroy` `ImageList_AddMasked`
USER32.dll	`GetClientRect` `EndPaint` `DrawTextW` `IsWindowEnabled` `DispatchMessageW` `wsprintfA` `CharNextA` `CharPrevW` `MessageBoxIndirectW` `GetDlgItemTextW` `SetDlgItemTextW` `GetSystemMetrics` `FillRect` `AppendMenuW` `TrackPopupMenu` `OpenClipboard` `SetClipboardData` `CloseClipboard` `IsWindowVisible` `CallWindowProcW` `GetMessagePos` `CheckDlgButton` `LoadCursorW` `SetCursor` `GetWindowLongW` `GetSysColor` `SetWindowPos` `PeekMessageW` `SetClassLongW` `GetSystemMenu` `EnableMenuItem` `GetWindowRect` `ScreenToClient` `EndDialog` `RegisterClassW` `SystemParametersInfoW` `CreateWindowExW` `GetClassInfoW` `DialogBoxParamW` `CharNextW` `ExitWindowsEx` `DestroyWindow` `CreateDialogParamW` `SetTimer` `SetWindowTextW` `PostQuitMessage` `SetForegroundWindow` `ShowWindow` `wsprintfW` `SendMessageTimeoutW` `FindWindowExW` `IsWindow` `GetDlgItem` `SetWindowLongW` `LoadImageW` `GetDC` `ReleaseDC` `EnableWindow` `InvalidateRect` `SendMessageW` `DefWindowProcW` `BeginPaint` `EmptyClipboard` `CreatePopupMenu`
GDI32.dll	`SetBkMode` `SetBkColor` `GetDeviceCaps` `CreateFontIndirectW` `CreateBrushIndirect` `DeleteObject` `SetTextColor` `SelectObject`
KERNEL32.dll	`GetExitCodeProcess` `WaitForSingleObject` `GetModuleHandleA` `GetProcAddress` `GetSystemDirectoryW` `lstrcatW` `Sleep` `lstrcpyA` `WriteFile` `GetTempFileNameW` `lstrcmpiA` `RemoveDirectoryW` `CreateProcessW` `CreateDirectoryW` `GetLastError` `CreateThread` `GlobalLock` `GlobalUnlock` `GetDiskFreeSpaceW` `WideCharToMultiByte` `lstrcpynW` `lstrlenW` `SetErrorMode` `GetVersion` `GetCommandLineW` `GetTempPathW` `GetWindowsDirectoryW` `SetEnvironmentVariableW` `ExitProcess` `CopyFileW` `GetCurrentProcess` `GetModuleFileNameW` `GetFileSize` `CreateFileW` `GetTickCount` `MulDiv` `SetFileAttributesW` `GetFileAttributesW` `SetCurrentDirectoryW` `MoveFileW` `GetFullPathNameW` `GetShortPathNameW` `SearchPathW` `CompareFileTime` `SetFileTime` `CloseHandle` `lstrcmpiW` `lstrcmpW` `ExpandEnvironmentStringsW` `GlobalFree` `GlobalAlloc` `GetModuleHandleW` `LoadLibraryExW` `MoveFileExW` `FreeLibrary` `WritePrivateProfileStringW` `GetPrivateProfileStringW` `lstrlenA` `MultiByteToWideChar` `ReadFile` `SetFilePointer` `FindClose` `FindNextFileW` `FindFirstFileW` `DeleteFileW`

Delayed Imports

110

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.22336`
MD5	`3811c1e0a9153b958f1da69a3f801f3c`
SHA1	`4044512d457358973fc8f9180edca0486227e1fe`
SHA256	`a875f9b3c1f31835b3f70c23a8a1daa06404b82d61887d035731eb13f649c0db`
SHA3	`a1ff563ee071b39f785871bba806b49079d9b91b72bc90853b26e663f150d722`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46544`
MD5	`a55b06cb4ff21e27aedef7efef5c0c49`
SHA1	`84c663dd695055b7cbbcedd202eec95fdd1dac97`
SHA256	`31e758ec18616308e7b94168c0135be158ffa5672a3f01f5e00126dd33f6a935`
SHA3	`3665dab389c49c32a42ce0cb4f4d15eee4a66a3e543daa83eeb0f6931dbeb5ed`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.00673`
MD5	`9dcb6c8374bee60b030e3288da30b725`
SHA1	`62fc9380157520ce69bb772459eee5ec020b54eb`
SHA256	`84d6ecd8be3d9dbdd53d82ca9ffe8fb9a61a07d7a8b2eedb4817299ebea91465`
SHA3	`b3b87d9171b3a68e3845dfc0642179af9fd11d60ec87a8b0dbdd9f846e7c8f16`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.13738`
MD5	`1a1c101fae5f5ade45d50e3d99f73c96`
SHA1	`f155e1a385579a9314499b40745ccb6cbba438a0`
SHA256	`cf2c0d9e162a7b4ef68094188579cfafab5781bd0584fc00fecb310e3259e028`
SHA3	`0b3c02024085157b4959a974dfb9d43765c29459aced3c178e408ffa036933cf`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.52714`
MD5	`db4165721e86c3ac25e340f6c567e170`
SHA1	`cfe9a00508a3e800aa80f7a5450caa21d330f2a2`
SHA256	`b5731301e43b8c08a08e7a1a989bb1e92df29f00cc7663cfde762062393f6cc1`
SHA3	`5d75a02fd5d48ed5f2f8abd03e51c92bd0044c1a5fba4ae767c4fbbca2f339b9`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x144`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.61782`
MD5	`46e58d12697ed2f2a218e47ae5bcfa3c`
SHA1	`1b5cde960720d5c1a9c26ded031e89d9e9ec2ecb`
SHA256	`18cfaba468cd4b07a8909fc3273f06302319b7963f75c4dda78b688c576511f0`
SHA3	`b08f048407ff29a6cadc4ed351fb591beeb4ccb1a0be22148fc38832807cb1b3`

104

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x13c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.6935`
MD5	`f710f3209a382e2a0e846cba6190f7d7`
SHA1	`357127cda13b5efb04d3dbde8bff3c4e17633447`
SHA256	`0a8e57a753806a4051f65d26f2da369cc30a0820b2d275bb3ad4ec43127afc25`
SHA3	`33f283ae26c36baeca1b65a18d658bc4c43e7095fd7fe682dd5ebec5f055755b`

105

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x120`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67899`
MD5	`19f02cf5a4cbf18a214c49f9f9c73edf`
SHA1	`a7af1fe0e24f2358f81d3e50d30a2b2b5fa03e80`
SHA256	`16cb7e02a8424a3bf23993f2c2a34a06997b1ae35865c7d9a3166b43f5355b4f`
SHA3	`0df906b366c8558ffccf10b6fde41ead5d25ef9f7ec7d6fd58a7c7d1b98ba87d`

106

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88094`
MD5	`2d12c45dc2c029044aaff357141cb900`
SHA1	`083db861ab3c7db23c6257878296e73a89a74b8b`
SHA256	`69897c784f1491eb3024b0d52c2897196a2e245974497fda1915db5fefcf8729`
SHA3	`349b5d605c9c3efe5e0c4e2faa12dd21022fc5f9b053f2cbf4e2a6b8bc656442`

107

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62276`
MD5	`b3b970ba2a434ca224efafe05aad1d06`
SHA1	`d972e50cdb3e17d9b8d22b160b65c2d6c8b66c52`
SHA256	`2d986f26ff752607366192a903078cdd7d6da06ab97309c85cd5c8cf05f823b6`
SHA3	`7b712c22d11a139c02d0f53916c725b62010452bca8c6fa37dad7542e322d0b8`

111

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48825`
MD5	`6be4e1387d369cf86e68eacbdd0e81dd`
SHA1	`351970fe2681b9b35b5d59ad052011ed96a96e17`
SHA256	`85025c8556952f6a651c2468c8a0d58853b0ba482be9ad5cd3060f216540dfc0`
SHA3	`45e552e173141e06d113209b6cc915042ad0b4d5531464b8dbe5637029f489cb`

103 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.65982`
Detected Filetype	Icon file
MD5	`6fa39a5f6db3ad3489ae7c80de34d0af`
SHA1	`461e0c84813d6c2f9e33b08cb928a69d5f3e97cf`
SHA256	`d58d7d4bbc58f023d4bb203dd967e15f6681460612b02ad935e7ff3979dc6102`
SHA3	`5b2e3150d50439424a0da2167805f6606a0d1cabed9ce800c5e259a72a21d091`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x238`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16123`
MD5	`bab95c1d13ab1e928309b2cdf2a64ff3`
SHA1	`428ee7ed291652bdee958cf3449cfda958666d82`
SHA256	`9f5b33cd054bb42e83bcaa44f3cd6a04f34724546ec0c2ca3d5f93963799e84c`
SHA3	`a6a29125b34e998fd2ee05eed1bb8b6f5e7c17d7b4ae16142dd1a88a4e3d9d31`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x33e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.30097`
MD5	`eaaa0a4fd60901b0409fbb19f98bdef8`
SHA1	`2ccca03e8fd17872aa20203f66f08b99ce603773`
SHA256	`569760545eb52bc52d09b727a8aab21c3b578f0bf16114753d4c1ad4d7da7c98`
SHA3	`7d0357fdb8e37c86aae75a3d12ceda86030a4de8f2b6985b2842002f50ea922c`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0`
FileVersion	1.3.0.0
ProductVersion	1.3.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	Spaebook Ryddelige Spasticitets
CompanyName	Tarerende
InternalName	Neologisms latterliggrelserne.exe
OriginalFilename	Neologisms latterliggrelserne.exe

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xd26650e9`
Unmarked objects	`0`
C objects (VS2003 (.NET) build 4035)	`2`
Total imports	`165`
Imports (VS2003 (.NET) build 4035)	`15`
48 (9044)	`10`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section .ndata has a size of 0!