Manalyze report for 8153d024faf9786a50eadca4b034a6b5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-May-20 09:43:34
Detected languages	English - United States

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Suspicious	VirusTotal score: 1/65 (Scanned on 2018-05-22 19:28:07)	`Endgame: malicious (high confidence)`

Hashes

MD5	`8153d024faf9786a50eadca4b034a6b5`
SHA1	`90a61e307af99928e40baa4f036c0f439a546ba0`
SHA256	`0c9f54fc6e42dacfa22683dd6bcd1e9bbd2c6693f16ee667c497e19492938fb8`
SHA3	`b6123e236efbc97d1c74613b70ae72e22a6156541e2d880c4392087643490520`
SSDeep	`192:+tp07rBlST/mDkwI+DMhuwjzPeejfBBTLWdrIcVAPQdupDGs:C07tlQfvW+FBTSBImqVGs`
Imports Hash	`8a0ec40e4e3e63534ac1fafca0af60a7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2018-May-20 09:43:34
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`9.0`
SizeOfCode	`0x2600`
SizeOfInitializedData	`0x1600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000002EE8 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x400`
Checksum	`0xf254`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`33e5ecef93819c000440e42fabced5c7`
SHA1	`fea486d9ea7205d60e540102e0e7c562c1d638cd`
SHA256	`7d58d01f55ea2a921afe23ffa7eb9e28d0aa1af3f0d542a8d0ea8311e14dfa82`
SHA3	`b42c43f6021446d33af7d6efadc7d73220f03bc176d9f91a0f741703d373c295`
VirtualSize	`0x2421`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.54683`

.rdata

MD5	`ec91f2e06c305fbf1dd5ab663848e0fd`
SHA1	`38f7255bf578cd919c919e96b2e57688af351626`
SHA256	`d0895a50c37324698cd140552c94c3129f0ad520ee66c1b1b6511a300a58162a`
SHA3	`1fe4dc07363e54d3a9057140344dc54b61b83f13f47a5c3acf6d8f4c40fc66bd`
VirtualSize	`0x9f6`
VirtualAddress	`0x4000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x2a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.29594`

.data

MD5	`7a27bb39c9553315dfcbef1bebab11d3`
SHA1	`0736f4349205289e7cb6319994fdd7f8b227cd9f`
SHA256	`541140d563fb365a55f360789cd2f73ca37db1b115792233a372ae5a2e479bf8`
SHA3	`3368f08f9cdbb0bf2f289b1c0469cb758600025c630251d82ca435e5ee117a13`
VirtualSize	`0xd58`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.903442`

.pdata

MD5	`21ee42bc22c142ecf5f07d941af00093`
SHA1	`73cd58688b8cceeb5db4d61562cfce4eef5832ac`
SHA256	`ce1be2c208a814dea78efde345692e41b175e53454c9a686f0bffe1ab415f25e`
SHA3	`798de5b5ff65be774b79f7dad3acb9ee67cd1fc9fe8e9b3cb078b09f3375354d`
VirtualSize	`0x204`
VirtualAddress	`0x6000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.21148`

.rsrc

MD5	`df7207a96744cd407d0a4b54ba0c6df0`
SHA1	`0ac569dda4dc01a3ae7b90c630e2e1d2e6b8c04a`
SHA256	`a094f7a9cf437a7e338fafccd61eddaf1a07937b13507de65807ca5ae0e51b5b`
SHA3	`c4be58bb5692db0781883bc3efbc34c2c93da05252fa4c2fa423af83a4c41f64`
VirtualSize	`0x2b0`
VirtualAddress	`0x7000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.19068`

.reloc

MD5	`1bd354c8dcb31855f2e46e1b2440f961`
SHA1	`176dabc9951d3a99ba03fe732e926eea552d0426`
SHA256	`ef22ea2bea9ce64979f3c749344a294ad4ddacc78abf577489c471feb0dcf26f`
SHA3	`8e3f16a4bf170b1b7f09e2a8e81a6713873c9ca8fc788267fa0724694d464248`
VirtualSize	`0x54`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.323251`

Imports

KERNEL32.dll	`GetProcAddress` `GetModuleHandleW` `LoadLibraryA` `GetModuleFileNameW` `GetCurrentProcessId` `GetCurrentThreadId` `GetTickCount` `QueryPerformanceCounter` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `GetStartupInfoW` `Sleep` `GetSystemTimeAsFileTime`
MSVCR90.dll	`??3@YAXPEAX@Z` `wcscat_s` `_amsg_exit` `__wgetmainargs` `__C_specific_handler` `_XcptFilter` `_exit` `_cexit` `exit` `_wcmdln` `free` `_initterm_e` `_configthreadlocale` `__setusermatherr` `_commode` `_fmode` `_encode_pointer` `__set_app_type` `__crt_debugger_hook` `?terminate@@YAXXZ` `_unlock` `__dllonexit` `_lock` `_onexit` `_decode_pointer` `_wfopen_s` `fseek` `ftell` `fread` `fclose` `realloc` `strcpy` `memset` `wcscpy` `memcmp` `strlen` `memcpy` `__CxxFrameHandler3` `malloc` `_initterm`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x258`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02403`
MD5	`b6c9de7af7305228bb29a3066a9a642b`
SHA1	`a1e44717040eec213819b56d0c96e3225547997e`
SHA256	`93cec4eed0318327e6fa8ddba6ec9ad551ad335e02168b835ef171a7fa55abd7`
SHA3	`d4b52c637f99101ef5b3bbb64d9b5074c54e531f6f3ee9b996b5eb8195b1ef2b`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x8627932b`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`2`
ASM objects (VS2008 SP1 build 30729)	`1`
C objects (VS2008 SP1 build 30729)	`17`
Imports (VS2012 build 50727 / VS2005 build 50727)	`3`
Total imports	`59`
C++ objects (VS2008 SP1 build 30729)	`3`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

8153d024faf9786a50eadca4b034a6b5

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors