Manalyze report for 8324c109c3066d7cc88c67952ca898ae

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1992-Jun-19 22:22:17
Detected languages	English - United States Russian - Russia
Comments
CompanyName	reset trial EDIUS8.3.0.320_beta_5
FileDescription	reset trial EDIUS8.3.0.320_beta_5 reset trial EDIUS8.3.0.320
FileVersion	`reset trial EDIUS8.3`
LegalCopyright	reset trial EDIUS8.3.0.320_beta_5

Plugin Output

Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities (PowerLoader): GetWindowLongA FindWindowA` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegCloseKey RegSetValueExA RegQueryInfoKeyA RegEnumKeyExA RegCreateKeyExA` `Possibly launches other programs: WinExec ShellExecuteA` `Can create temporary files: GetTempPathA CreateFileA` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Manipulates other processes: OpenProcess` `Can take screenshots: CreateCompatibleDC BitBlt GetDCEx GetDC FindWindowA` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 2011-Nov-29 02:27:00`
Suspicious	The file contains overlay data.	`12023540 bytes of data starting at offset 0x2c600.` `The overlay data has an entropy of 7.99978 and is possibly compressed or encrypted.` `Overlay data amounts for 98.5108% of the executable.`
Malicious	VirusTotal score: 5/69 (Scanned on 2020-01-20 02:10:11)	`Sangfor: Malware` `CrowdStrike: win/malicious_confidence_60% (W)` `TotalDefense: Win32/Jorik.KJ` `eGambit: Unsafe.AI_Score_74%` `Cybereason: malicious.01f372`

Hashes

MD5	`8324c109c3066d7cc88c67952ca898ae`
SHA1	`e75d5ac01f372e10818a1c46d96ac893b97f80b4`
SHA256	`7f262481335dc6444afd6e912cf1998cd67269b99add45883b0df4635b1a9b38`
SHA3	`e37dbc5553e5a2ec466d99cd2acd48842737ec8c10b80afdd6efdee5121f1ad1`
SSDeep	`196608:jKrGOUBDPLsZAgEqdnLXdkTRlnqpTqSoN+OllQxC798c9kf8x1pZCIgeM//wNByE:4GJDPd70nzCRNCoiC798cekx1nrM/47n`
Imports Hash	`ce716da9251b947d59e469bddfc16f2f`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x24600`
SizeOfInitializedData	`0x7c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00025468 (Section: CODE)`
BaseOfCode	`0x1000`
BaseOfData	`0x26000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x33000`
SizeOfHeaders	`0x400`
Checksum	`0x35fad`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

CODE

MD5	`bac8bae7a5e5326cf49943b90d1c062a`
SHA1	`d71f59b9a5e078f9ba9facd24daf3e466ea0fea6`
SHA256	`78eca24ed96de9156e0463dd476781d73e66b39c254d5abac6e00ead7a5d2510`
SHA3	`99b0bfc83d1153875b6d6a1f634f44f7258b28086b3fd36daaae1150a20e28fc`
VirtualSize	`0x244cc`
VirtualAddress	`0x1000`
SizeOfRawData	`0x24600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.59438`

DATA

MD5	`abafcbfbd7f8ac0226ca496a92a0cf06`
SHA1	`e6d34e556463e08e8b1c5b5cbb9967c3c662c029`
SHA256	`1706c98e15f709d9343227787f451017d335ab86c060c7cbbb5cf12170f4e54d`
SHA3	`99ba741825583169851f5fc2106947193c1021ddc956a8bf921c453b2ee93673`
VirtualSize	`0x2894`
VirtualAddress	`0x26000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x24a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.79376`

BSS

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x10f5`
VirtualAddress	`0x29000`
SizeOfRawData	`0`
PointerToRawData	`0x27400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`7a4934595db0efc364c3982c4e335d8c`
SHA1	`ef5533e0aa30ca3fb193ac5f2701611d033f3215`
SHA256	`7d81aba86207985ddf5dd4b53d0e590967b3004273761b38c072081224ed18c2`
SHA3	`d6a708508a927c0da53acc10012f97e49edcfd88610833b466dcb03c13d774ef`
VirtualSize	`0x1798`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x27400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.88549`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8`
VirtualAddress	`0x2d000`
SizeOfRawData	`0`
PointerToRawData	`0x28c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`c4fdd0c5c9efb616fcc85d66056ca490`
SHA1	`7d9ccb6391020266050c96487449a1aadfbe589d`
SHA256	`47fb5182ffc61caf80b51da5ccc9690af4db7850e9606940aa64090eebb0561f`
SHA3	`e73ffc12e5d80d115e474806fa706823f53afebd7eb00e88f4d4c7917059f51e`
VirtualSize	`0x18`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x28c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`0.204488`

.reloc

MD5	`867a1120317d51734587a74f6ee70016`
SHA1	`4d98e9a5cd438d32008aa2db9c2af8f5714c89fd`
SHA256	`4bfa53f467e9ba6e24b464f4752e9b753fe097cfafc81796a450acc5bf3a8bd2`
SHA3	`739b765ee273d2e256360c45444e6e24c2c66a9164e4d6d331eae0dd622a393e`
VirtualSize	`0x1884`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x28e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`6.58665`

.rsrc

MD5	`901c5b32f54bac6615f68b60f9c6d2c8`
SHA1	`727185792dc9bbabb8f939621c7cbccd35ae78b1`
SHA256	`17d1e7d23301fe79a219b9e15bf29fc69e6db124a2c2fc77bf368331089a86fb`
SHA3	`f79f2a37e04420fbd8d67681ee08e495c428104950b49a80779f247c71bdaad5`
VirtualSize	`0x1cdc`
VirtualAddress	`0x31000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x2a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`4.79885`

Imports

kernel32.dll	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `WideCharToMultiByte` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
user32.dll	`GetKeyboardType` `MessageBoxA`
advapi32.dll	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
oleaut32.dll	`SysFreeString` `SysReAllocStringLen`
kernel32.dll (#2)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `WideCharToMultiByte` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
advapi32.dll (#2)	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
kernel32.dll (#3)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `WideCharToMultiByte` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
gdi32.dll	`StretchDIBits` `StretchBlt` `SetWindowOrgEx` `SetTextColor` `SetStretchBltMode` `SetRectRgn` `SetROP2` `SetPixel` `SetDIBits` `SetBrushOrgEx` `SetBkMode` `SetBkColor` `SelectObject` `SaveDC` `RestoreDC` `OffsetRgn` `MoveToEx` `IntersectClipRect` `GetStockObject` `GetPixel` `GetDIBits` `ExtSelectClipRgn` `ExcludeClipRect` `DeleteObject` `DeleteDC` `CreateSolidBrush` `CreateRectRgn` `CreateDIBitmap` `CreateDIBSection` `CreateCompatibleDC` `CreateCompatibleBitmap` `CreateBrushIndirect` `CreateBitmap` `CombineRgn` `BitBlt`
user32.dll (#2)	`GetKeyboardType` `MessageBoxA`
advapi32.dll (#3)	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
kernel32.dll (#4)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `WideCharToMultiByte` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
gdi32.dll (#2)	`StretchDIBits` `StretchBlt` `SetWindowOrgEx` `SetTextColor` `SetStretchBltMode` `SetRectRgn` `SetROP2` `SetPixel` `SetDIBits` `SetBrushOrgEx` `SetBkMode` `SetBkColor` `SelectObject` `SaveDC` `RestoreDC` `OffsetRgn` `MoveToEx` `IntersectClipRect` `GetStockObject` `GetPixel` `GetDIBits` `ExtSelectClipRgn` `ExcludeClipRect` `DeleteObject` `DeleteDC` `CreateSolidBrush` `CreateRectRgn` `CreateDIBitmap` `CreateDIBSection` `CreateCompatibleDC` `CreateCompatibleBitmap` `CreateBrushIndirect` `CreateBitmap` `CombineRgn` `BitBlt`
user32.dll (#3)	`GetKeyboardType` `MessageBoxA`
shell32.dll	`SHGetFileInfoA`
comctl32.dll	`ImageList_Draw` `ImageList_SetBkColor` `ImageList_Create` `InitCommonControls`
ole32.dll	`OleInitialize`
oleaut32.dll (#2)	`SysFreeString` `SysReAllocStringLen`
winmm.dll	`timeKillEvent` `timeSetEvent`
shell32.dll (#2)	`SHGetFileInfoA`
cabinet.dll	`FDIDestroy` `FDICopy` `FDICreate`
ole32.dll (#2)	`OleInitialize`
shell32.dll (#3)	`SHGetFileInfoA`

Delayed Imports

50

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25755`
MD5	`c5af786bfd9fd1c53c8fe9f0bd9ce38b`
SHA1	`4f6f7d9973b47063aa5353225a2bc5a76aa2a96a`
SHA256	`f59f62e7843b3ff992cf769a3c608acd4a85a38b3b302cda8507b75163659d7b`
SHA3	`e178a71f02edb18e31bf550d484b2cba8d865e1e9796065addb07855ce5627f9`

51

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.01345`
MD5	`87a87d466c346af301329560b09ab989`
SHA1	`794ec1b8cb5a020d896f6d7031e5567e3add87ed`
SHA256	`20b96f33222ac6d2497caa98c8b2fe4a65eaae9ee3bb77f9033708833df9ecda`
SHA3	`da2618fd638e32f3c88a30c9e6a45422b9dce3588926335f55d91faad81038f5`

52

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.92897`
MD5	`d1512267272359d89fcdc4ed578b10f0`
SHA1	`400cb27c181ba2acc918560de2cdac219042b924`
SHA256	`48e149f94171ee6ef1a80e58c5c16a3a4c2af3a52a2269262d175b0ff286417c`
SHA3	`26a1156d1f3e45af7b0a80c175f89d5c323dfb09dc55ca01da742df9331a5691`

53

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.27475`
MD5	`ad13abe95e0ffe07c8a1f03ea8072e7d`
SHA1	`7905640f8407cd50fadae8f2fb9d5746c63ed459`
SHA256	`5ab2f8b14f4cd7931ef0f52f68d74c43d324d07ffea5ed522118a3e35cf53d81`
SHA3	`c5a26534ba1191959f3eaef1af4d3b267814061e626b74125080bea1d47324e0`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2011-Nov-29 02:27:00
Entropy	`4`
MD5	`d8090aba7197fbf9c7e2631c750965a8`
SHA1	`04f73efb0801b18f6984b14cd057fb56519cd31b`
SHA256	`88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610`
SHA3	`a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x110`
TimeDateStamp	2011-Nov-29 02:27:00
Entropy	`5.28362`
MD5	`cd3f3a95f32892104001a47b0ace7da6`
SHA1	`8b55295a662ca688b520ab42f03173c8b7901278`
SHA256	`ec34834c069d4c2c47f66567a10a9946065364f0fca50f321e89c4a03cd3b372`
SHA3	`bc878db0cc1382298b686e131b3bd0201410ec7f94340f0f8a08c69b0508fd2a`

MAINICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.57938`
Detected Filetype	Icon file
MD5	`cbf239a681aae0153bc59c49f579bd66`
SHA1	`3f19a37d5e5c5cd405996824da1d7e797e04c102`
SHA256	`d1ef67a05c282dc142bcecb9a0d37e4f144521a7b6f384a10e32a409d400621a`
SHA3	`eadb85528632e4d1ff988f7d5ea555a75aa03ba150ffe8db2ade60bd968bd19a`

1

Type	`RT_VERSION`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x374`
TimeDateStamp	2011-Nov-29 02:27:00
Entropy	`3.08351`
MD5	`203225b8c7a0da6a03d3ab8aaebd0ffc`
SHA1	`8b56fa2ed6978d842724b1c0cb630a483ce40407`
SHA256	`4b4689b677a6fac9b3da3c405669a6eb5bee58e552d1652e0aed7d2f8a2b4a97`
SHA3	`11928d9964329cb3f3a81606082e9aa5c7fef5d9e0b0cf4d45f227ee3b6768ec`

1 (#2)

Type	`RT_MANIFEST`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x376`
TimeDateStamp	2011-Nov-29 02:27:00
Entropy	`4.93923`
MD5	`609957cfd6c1674f59c260b2da0a2a72`
SHA1	`2949d33d30c03887a101ebefca1db917f1d2bac7`
SHA256	`1e9cffb6544cb40c042cf9413e0481026699ef5f8e74613293bd60ae098f3c09`
SHA3	`413f25170a49ac4d961ec8a798af1da7800fb4d2db8734d4172695e4a2ebc823`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments
CompanyName	reset trial EDIUS8.3.0.320_beta_5
FileDescription	reset trial EDIUS8.3.0.320_beta_5 reset trial EDIUS8.3.0.320
FileVersion (#2)	reset trial EDIUS8.3
LegalCopyright	reset trial EDIUS8.3.0.320_beta_5

Resource LangID	Russian - Russia

TLS Callbacks

StartAddressOfRawData	`0x42d000`
EndAddressOfRawData	`0x42d008`
AddressOfIndex	`0x42608c`
AddressOfCallbacks	`0x42e010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0!
[*] Warning: Section .tls has a size of 0!