Manalyze report for 80e975c6494e101b2404851623545a8d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2013-Aug-22 03:49:38

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Malicious	VirusTotal score: 32/67 (Scanned on 2019-02-14 23:43:17)	`K7AntiVirus: Riskware ( 0040eff71 )` `CAT-QuickHeal: Trojan.IGENERIC` `McAfee: RDN/Generic.dx` `Cylance: Unsafe` `K7GW: Riskware ( 0040eff71 )` `TrendMicro: TROJ_GEN.R002C0DKA18` `Symantec: Trojan.Gen.2` `TrendMicro-HouseCall: TROJ_GEN.R002C0DKA18` `Paloalto: generic.ml` `ClamAV: Win.Trojan.Emotet-6748801-0` `GData: Win32.Trojan.Agent.PVVU7X` `Avast: Win32:Malware-gen` `Invincea: heuristic` `McAfee-GW-Edition: RDN/Generic.dx` `Trapmine: suspicious.low.ml.score` `Sophos: Mal/Generic-S` `SentinelOne: static engine - malicious` `Cyren: W32/Trojan.IORT-3001` `Webroot: W32.Trojan.Emotet` `Antiy-AVL: Trojan[Banker]/Win32.Emotet` `Microsoft: Trojan:Win32/Occamy.C` `AegisLab: Trojan.Win32.Generic.4!c` `AhnLab-V3: Malware/Win32.Generic.C2867040` `Acronis: suspicious` `Malwarebytes: Trojan.Emotet` `Rising: Trojan.Kryptik!1.B4A3 (CLOUD)` `Ikarus: Trojan.Win32.Pynamer` `eGambit: Unsafe.AI_Score_53%` `Fortinet: W32/PossibleThreat` `AVG: Win32:Malware-gen` `Panda: Trj/CI.A` `CrowdStrike: malicious_confidence_90% (W)`

Hashes

MD5	`80e975c6494e101b2404851623545a8d`
SHA1	`1684c0f9b8a44f314ec6e0ba5df9f0f1def96c8b`
SHA256	`bf88ede913181fe979957cb726e0a3cf9b30debbb810b30c68e740e4423d8fa2`
SHA3	`e9f807209d534a861d0a65b93b64b951439362deab9c9424a2da5d576b54cc51`
SSDeep	`3072:kQOkqb6NCJgqdB1cbT+/LfA73vAXL2tyxlB2jJvEqf/lO11OPv6/YywVW8sdSmO:B6MEqf/lJ2I9mOVjS`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x130`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2013-Aug-22 03:49:38
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x94000`
SizeOfInitializedData	`0x12000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00093192 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x95000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0xa7000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`be18ce55a6eeb9d9658ed61d243a8bcf`
SHA1	`36e8e0062df3fd1c3129ac801ecda205a8d1657f`
SHA256	`f56bf1a6e6e46a800baf17a005fb0ba4ff03b09cbcf4ecf680d1b55d02d504e0`
SHA3	`bc2eff4675c42f3f8309adcfa6a6bd6dd0ef0d4f4cbf2ded1cde79e3867240c9`
VirtualSize	`0x93928`
VirtualAddress	`0x1000`
SizeOfRawData	`0x94000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.30781`

.data

MD5	`2b9cbba2fb54b0d11cf991c1d96cab1b`
SHA1	`bdf6e26cabd3c4ae4abb57085120617802d5480c`
SHA256	`f41ba0a6cc032ad01ea931739a3ca0bce3ff925d7b9cb9f95dbe6a91f32c7d11`
SHA3	`7fb347e9dbfa7a3a483dc21591c6f4d900857e3cfc9d490fdfc6086cfbff7017`
VirtualSize	`0xf88c`
VirtualAddress	`0x95000`
SizeOfRawData	`0xf000`
PointerToRawData	`0x95000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.54373`

.idata

MD5	`30d6c889cb18e7a2e538ed6a8e988d85`
SHA1	`30f181b3b5ce84118d37a0521ee1c34a768084cf`
SHA256	`25f9a9873afcb9bb6ad42d02189700015e48fe170f6acf089cd12de710366889`
SHA3	`f725685e5b839432b3795fe757fce1ce6087d11c1b93f5774b60c7e5e1702fd5`
VirtualSize	`0x61a`
VirtualAddress	`0xa5000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xa4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.90455`

.rsrc

MD5	`6c5527bbd5c43f1ba726f8a6bda00ced`
SHA1	`2afc1ee4078aab0f60b0c2f8f5d325b66093f168`
SHA256	`43c06b825961fcbe247b28772f5dc2a6602c97ce9b4d34f3b3c9d226237b0639`
SHA3	`4f3fa2733360619cad80f593533b9b6cf85c5742b46e49426804cae066e6a54f`
VirtualSize	`0x420`
VirtualAddress	`0xa6000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xa5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.32868`

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xfaafb53e`
Unmarked objects	`0`
ASM objects (65501)	`5`
Total imports	`143`
Imports (65501)	`9`
C++ objects (65501)	`7`
C objects (65501)	`16`
Exports (65501)	`1`
211 (65501)	`8`
Resource objects (65501)	`1`
Linker (65501)	`1`

Errors

[!] Error: Could not read an import's name.
[*] Warning: An IMAGE_RESOURCE_DIRECTORY's characteristics should always be 0. The PE may have been manually edited.