Manalyze report for 84e59dbf86072e66f5acdcbf860b5a58

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Dec-12 15:03:59
Detected languages	English - United States

Plugin Output

Suspicious	The PE is possibly packed.	`The PE only has 7 import(s).`
Malicious	VirusTotal score: 4/72 (Scanned on 2024-02-04 16:06:13)	`APEX: Malicious` `Cynet: Malicious (score: 100)` `Rising: Trojan.Generic@AI.82 (RDML:DCP+rWmFWRJ3qaN1eDTEEw)` `Webroot: W32.Malware.Gen`

Hashes

MD5	`84e59dbf86072e66f5acdcbf860b5a58`
SHA1	`ca0741a1b3e18aff37267b2fdd56f53000c925b7`
SHA256	`28f01d834b50464200a777d30560819f5cad5acf616fea0330874364adf43b5f`
SHA3	`8ac6c898d11ab88dbe634d099f11d5f19785c5ede88b9cf7d48f453a83f8b6c8`
SSDeep	`24:etGStvbg+FbyQFD2Kmx8SBD0+OmvmLeWRfrh0HHsvr6Gp5HTEttaZXk:6tDgObyQFD2KmBoDfLB05GpZIttq`
Imports Hash	`1b105e61742cc860b7401c25a7e22ffc`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2012-Dec-12 15:03:59
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`5.0`
SizeOfCode	`0x200`
SizeOfInitializedData	`0x600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001000 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`4.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x5000`
SizeOfHeaders	`0x400`
Checksum	`0x12ca`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d85621ea8ea7fc13b850a58582974c96`
SHA1	`9a536aeb2c6e038d70373c53041bd37529042288`
SHA256	`c57aac9fb17d2eae3676fe808a22b9e1c4e0ecd7c2149a18855ea9d3891f198e`
SHA3	`95cdfe67aaf369cc6e9562db68c6c7dfffa0ed9523fc22b13b3a47eb6e628ba3`
VirtualSize	`0x186`
VirtualAddress	`0x1000`
SizeOfRawData	`0x200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.45884`

.rdata

MD5	`633ee8e9536aef7cdf79edc6453fa6fd`
SHA1	`2ed3f1efd218c09e560a0e535896612c6cc9eee0`
SHA256	`1c7340b3d1ab18a6fdda0cd08311674f5c3e8dd0c8e6b604308a45b9e30175bb`
SHA3	`7f1185cd07b1d4474055f954c0a79360d211450fb557aca9928da48fb59c57e1`
VirtualSize	`0x112`
VirtualAddress	`0x2000`
SizeOfRawData	`0x200`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.5732`

.data

MD5	`c71f7b8fa27a908db0c0ccc02bb442d3`
SHA1	`0c3130c74c468fea69161cbf8cc4abbce78ae574`
SHA256	`63c324e019beb8d21cf1c0dd806c9113ebdb2cb94141d987c586f005740b734d`
SHA3	`0570d863d742d3b76d72f02057bab3344d6da023977d46b62819a39c31b95ac3`
VirtualSize	`0x1a4`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.87193`

.rsrc

MD5	`78378b68ab1f371d3f5720d43e9f8240`
SHA1	`daf575ab7663cfc88115c6787002cd5a5e10a68d`
SHA256	`f87b5f41e704a595cc037ac10923df65697d6ed8a043c8232f2e425ed1fec4d7`
SHA3	`11d47be3ce3c4cb878fc97219845586edbcf8d7e7e794a60eca4878fcc74cc2e`
VirtualSize	`0x198`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.37945`

Imports

user32.dll	`SetDlgItemTextA` `GetDlgItemTextA` `EndDialog` `DialogBoxParamA`
kernel32.dll	`RtlZeroMemory` `GetModuleHandleA` `ExitProcess`

Delayed Imports

101

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x134`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17537`
MD5	`46fd87fac5b4d5cb9d11e37ea6ac66c4`
SHA1	`b78762b4d950621f0c11604d72ca3b441c9335ca`
SHA256	`03c4c7d6b3351c720551c4964fbc337a7421fc4a7f8089eb54b14af500dbf485`
SHA3	`f3dfe62d54b7c54fc8484e3debe93a03dc56e15bf9fc8be8534c896743ba804f`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xbae52990`
Unmarked objects	`0`
19 (8078)	`12`
18 (8444)	`3`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

84e59dbf86072e66f5acdcbf860b5a58

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

101

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors