Manalyze report for 8363436878404da0ae3e46991e355b83

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2011-Jan-19 16:10:41

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX v2.0 -> Markus, Laszlo & Reiser (h)` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `Unusual section name found: UPX2` `The PE only has 9 import(s).`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc` `Has Internet access capabilities: InternetOpenA` `Interacts with services: CreateServiceA`
Malicious	VirusTotal score: 56/72 (Scanned on 2023-10-25 02:07:19)	`Bkav: W32.AIDetectMalware` `Lionic: Trojan.Win32.Zbot.lsXA` `Elastic: malicious (moderate confidence)` `DrWeb: Trojan.Click3.12740` `ClamAV: Win.Malware.Agent-6350563-0` `Skyhigh: Generic.ait` `ALYac: Trojan.Startpage.3072` `Malwarebytes: Trojan.Agent.UPX` `VIPRE: Gen:Variant.Ser.Ulise.216` `Sangfor: Suspicious.Win32.Save.a` `BitDefender: Gen:Variant.Ser.Ulise.216` `Cybereason: malicious.cbcb77` `Arcabit: Trojan.Ser.Ulise.216` `BitDefenderTheta: Gen:NN.ZexaF.36792.amGfaWi867f` `VirIT: Trojan.Win32.Generic.CMEY` `Symantec: Trojan Horse` `ESET-NOD32: Win32/TrojanClicker.Agent.NVM` `APEX: Malicious` `Cynet: Malicious (score: 100)` `Alibaba: TrojanClicker:Win32/Generic.47e7b5e4` `NANO-Antivirus: Trojan.Win32.Click3.iaupgs` `MicroWorld-eScan: Gen:Variant.Ser.Ulise.216` `Avast: Win32:Malware-gen` `Tencent: Malware.Win32.Gencirc.10be33c6` `Sophos: Mal/Generic-S` `F-Secure: Trojan.TR/Downloader.Gen` `Baidu: Win32.Trojan-Clicker.Agent.ad` `Zillya: Trojan.Agent.Win32.1288291` `TrendMicro: TROJ_GEN.R002C0DHD20` `Trapmine: malicious.high.ml.score` `FireEye: Generic.mg.8363436878404da0` `Emsisoft: Gen:Variant.Ser.Ulise.216 (B)` `Jiangmin: Trojan.Generic.fxlq` `Webroot:` `Google: Detected` `Avira: TR/Downloader.Gen` `Antiy-AVL: Trojan/Win32.SGeneric` `Kingsoft: win32.troj.undef.a` `Gridinsoft: Trojan.Win32.Downloader.sd!s2` `Xcitium: Malware@#22epuiwih8vym` `GData: Gen:Variant.Ser.Ulise.216` `Varist: W32/Agent.DJC.gen!Eldorado` `AhnLab-V3: Trojan/Win32.StartPage.C26214` `McAfee: Generic.ait` `MAX: malware (ai score=100)` `VBA32: Trojan.Click` `Cylance: unsafe` `TrendMicro-HouseCall: TROJ_GEN.R002C0DHD20` `Rising: Trojan.Clicker-Agent!8.13 (CLOUD)` `Yandex: Trojan.CL.Agent!SYJ1YyE/ZV4` `Ikarus: Trojan.Win32.TrojanClicker` `MaxSecure: Trojan.Malware.300983.susgen` `Fortinet: W32/Agent.NVM!tr` `AVG: Win32:Malware-gen` `DeepInstinct: MALICIOUS` `CrowdStrike: win/malicious_confidence_100% (W)`

Hashes

MD5	`8363436878404da0ae3e46991e355b83`
SHA1	`5a016facbcb77e2009a01ea5c67b39af209c3fcb`
SHA256	`c876a332d7dd8da331cb8eee7ab7bf32752834d4b2b54eaa362674a2a48f64a6`
SHA3	`90d0ce9fc80f299d134bc0ac67b1b2931565587a8c99d00f2ccabcf720ebf7f6`
SSDeep	`48:atUKzxRhvlNZEVtfbn4m3ZUJSSeJY8JTaIcLoBgs:0UKXktfb4KOJzcK`
Imports Hash	`096aa05b8a2e1f2dc66fc73a1a978a7b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2011-Jan-19 16:10:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x1000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0x4000`
AddressOfEntryPoint	`0x00005410 (Section: UPX1)`
BaseOfCode	`0x5000`
BaseOfData	`0x6000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x7000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`ad0f236c2b34f1031486c8cc4803a908`
SHA1	`bd7ea516ea0f96cc57d5b7c008db3de3a2f6d0f5`
SHA256	`ac4fe158d7fbb3b8bdea75cbb8459d9b8d2faedcdb50a3a30d563a1c76366e7c`
SHA3	`019186b62dc01e505f6db65644b94effec6c5b37613e0728ba95a7dac7d70ae5`
VirtualSize	`0x1000`
VirtualAddress	`0x5000`
SizeOfRawData	`0x600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.06718`

UPX2

MD5	`f998d25f473e69cc89bf43af3102beea`
SHA1	`cdc7c68f02e81c18e9d40b6e94e4e40038ce80e5`
SHA256	`17e519e58fbf915862e673b8f108f7b8994f3cc503b63496ca677383abc358ca`
SHA3	`54cb54cd617c76deda5e1604c2778ef12544fea8bd58b79898e2939ee1ff298e`
VirtualSize	`0x1000`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.7978`

Imports

KERNEL32.DLL	`LoadLibraryA` `GetProcAddress` `VirtualProtect` `VirtualAlloc` `VirtualFree` `ExitProcess`
ADVAPI32.dll	`CreateServiceA`
MSVCRT.dll	`exit`
WININET.dll	`InternetOpenA`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xdc0ba0a7`
Unmarked objects	`0`
C objects (VS98 build 8168)	`11`
14 (7299)	`1`
Linker (VS98 build 8168)	`2`
Unmarked objects (#2)	`4`
Total imports	`27`
19 (8034)	`5`
C++ objects (VS98 build 8168)	`2`

Errors

[*] Warning: Section UPX0 has a size of 0!