Manalyze report for 85e62e876d670896c465f4934069ce68

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Feb-20 18:17:36
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: gmail.com`
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Uses Microsoft's cryptographic API: CryptDestroyHash CryptSignHashA CryptReleaseContext CryptDestroyKey CryptAcquireContextA CryptVerifySignatureA CryptHashData CryptCreateHash CryptImportKey`
Suspicious	VirusTotal score: 1/67 (Scanned on 2026-02-06 03:05:06)	`APEX: Malicious`

Hashes

MD5	`85e62e876d670896c465f4934069ce68`
SHA1	`bc17208a3075c40f218aff87776280bf2f8be599`
SHA256	`f6319ddedf818fde279ba6352ab15ab95cd94a93afeb83d53424dc1649fdbaac`
SHA3	`81be8c065e2965f6197f6c5655f58f807480fdf3ac935489562137fcb969c5ae`
SSDeep	`1536:wrJX/k0hwPIVhwK6DszyeGsj2Sh5hFDZYl8UuQ4IsWXmcdLsA3rhlXkAfYDYDzJ:wruIVhwKAJ3q2ShTFxUu4LsA37kAfY0`
Imports Hash	`f4b9046a394a2e2879d8c0c16d27cb7c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2017-Feb-20 18:17:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xb800`
SizeOfInitializedData	`0xac00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000025D5 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xd000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x1a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3a25066025aaf12e11756184d5f3f587`
SHA1	`af97102a5b2f46ccceb922a93420b004e2560d11`
SHA256	`129ba585246be87a3f8afeac38d9937df0925fd9ef347e73e9dd7e2e6bf6fc8f`
SHA3	`bdcae469f77100c05484d602af56d70c740d97946bf3d50c8917cd66254529bd`
VirtualSize	`0xb787`
VirtualAddress	`0x1000`
SizeOfRawData	`0xb800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.62274`

.rdata

MD5	`f6e9d88f505f84c430d01c94e22c34cc`
SHA1	`ae40e728f2b985762aa5edf459874dff59eda994`
SHA256	`1ef34d419ddd7032b10276d71366e440506ea4ed2766bbba8ea133c46fa11c08`
SHA3	`0b1a26e9d3534e84395ee5347a3e70ebae03e8c64745156acfdcf9fe940e7754`
VirtualSize	`0x685e`
VirtualAddress	`0xd000`
SizeOfRawData	`0x6a00`
PointerToRawData	`0xbc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.31194`

.data

MD5	`616ec6cb7a0f9113d4319f9f975e573d`
SHA1	`b997a4496424af5ca266c6d71c29a55c0627260d`
SHA256	`e2d5048123873b5a1f201b1dda1a95c5217bc92d3c75993d809140b5fa12b023`
SHA3	`a420ac01c03521690261c435fb33e83d8ef122c299934d8ee4016211c33fb63c`
VirtualSize	`0x15b0`
VirtualAddress	`0x14000`
SizeOfRawData	`0x800`
PointerToRawData	`0x12600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.98254`

.gfids

MD5	`b6eebaaa20a9fb74c92d143759516e8b`
SHA1	`17b0470d8e27fda5c99cb4988602be40ad1bfcf7`
SHA256	`756c2d1cd38b1ac657bf6e003c2f3a069976aba0942bcb402e17f2f4e8fd0339`
SHA3	`5f5db83f2cb50212ec6489b98ed6478609e25507623a7a45d0eae3a8bd5329ea`
VirtualSize	`0xac`
VirtualAddress	`0x16000`
SizeOfRawData	`0x200`
PointerToRawData	`0x12e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.41446`

.rsrc

MD5	`97c8d24870ae48a7e55d2b1eae0bd4a1`
SHA1	`af939cd5a83d9384644fa4e8f5e1f1b358c3ed51`
SHA256	`35f5d45b5f46a464b8a2b810b523e9a7e5cbd4694e627486595b5508ee9cf6d6`
SHA3	`6ea079cc8984c44d3671df8e78496008ef7b4a0a744bb70c8b650b5f0a80e785`
VirtualSize	`0x19e0`
VirtualAddress	`0x17000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x13000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.34096`

.reloc

MD5	`3651be315054299ea8922caee97d512b`
SHA1	`1900107b3bb9abecf9afb56445fd93543255f9fd`
SHA256	`ce791e3e0dcc7df17900bda0744b2aa247062102c5e3fdb44f36cd9adb98f141`
SHA3	`899c6dd25159dd88292321dfa344ddcfd09a5c373545e18c5c1327043b7515c8`
VirtualSize	`0xf68`
VirtualAddress	`0x19000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x14a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47367`

Imports

KERNEL32.dll	`GetConsoleMode` `GetConsoleCP` `FlushFileBuffers` `HeapReAlloc` `HeapSize` `GetStringTypeW` `GetFileType` `SetStdHandle` `SetFilePointerEx` `DecodePointer` `LCMapStringW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `WriteConsoleW` `CreateFileW` `WriteFile` `HeapFree` `ReadFile` `GetProcessHeap` `HeapAlloc` `CloseHandle` `GetFileSize` `CreateFileA` `GetCommandLineW` `GetCommandLineA` `GetCPInfo` `lstrcmpiA` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwind` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `GetStdHandle` `GetModuleFileNameA` `MultiByteToWideChar` `WideCharToMultiByte` `ExitProcess` `GetModuleHandleExW` `GetACP` `FindClose` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage` `GetOEMCP` `RaiseException`
USER32.dll	`SetWindowTextA` `wvsprintfA` `SetWindowPos` `MapWindowPoints` `SystemParametersInfoA` `GetWindowRect` `GetWindow` `GetParent` `GetWindowLongA` `CallWindowProcA` `PostMessageA` `RedrawWindow` `EndDeferWindowPos` `DeferWindowPos` `BeginDeferWindowPos` `GetClientRect` `CreateWindowExA` `SetWindowLongA` `GetDlgItem` `AppendMenuA` `GetSystemMenu` `LoadIconA` `SendMessageA` `DialogBoxParamA` `EndDialog`
COMDLG32.dll	`GetOpenFileNameA` `GetSaveFileNameA`
ADVAPI32.dll	`CryptDestroyHash` `CryptSignHashA` `CryptReleaseContext` `CryptDestroyKey` `CryptAcquireContextA` `CryptVerifySignatureA` `CryptHashData` `CryptCreateHash` `CryptImportKey`
SHELL32.dll	`DragQueryFileA` `DragAcceptFiles`
COMCTL32.dll	`InitCommonControlsEx`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x900`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.7791`
MD5	`025dcf13e24fce3a4be1e9e8f59fe2b3`
SHA1	`c613db144757a1570f6d75ff93824e4a1bd9ab7e`
SHA256	`1972281ec3c5e9b42508f83bbd844d84c96707591323b83bdb026a8901da831f`
SHA3	`8b117a61c1736e89b7caaae68ee39d6ebc8dff303fa1f3f7692d6acaa2484cda`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x900`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.7791`
MD5	`025dcf13e24fce3a4be1e9e8f59fe2b3`
SHA1	`c613db144757a1570f6d75ff93824e4a1bd9ab7e`
SHA256	`1972281ec3c5e9b42508f83bbd844d84c96707591323b83bdb026a8901da831f`
SHA3	`8b117a61c1736e89b7caaae68ee39d6ebc8dff303fa1f3f7692d6acaa2484cda`

120

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x19a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40674`
MD5	`34c7bc1484e9203f4d6a41f02776f6f8`
SHA1	`e0f56aa47c6be75f8c5771597ec19cea84c451b7`
SHA256	`5e2a613289b626ed9cc7be77cb03b2414886955e1a266b0161c8917be771f70f`
SHA3	`ca238d418542945f41f4a0fa30c206d5cd40df734132be56ff081384972ee264`

1000

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x146`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.34082`
MD5	`cdc462a03e16599394cbed33b0ef3c94`
SHA1	`1a5dc5e9abc935a5e221ba22fce574242c23121c`
SHA256	`2cbd8236b780ad0d1d981a8ca35a36877ba463e88ca533027475bcf8ce1493bc`
SHA3	`2c7ce78019465843e62c1bad3059e65846a7f25a14ee0a39bb612fb88bf9d2af`

7

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x38`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.52014`
MD5	`fc114b014cd4a14b96ea593ba339ceab`
SHA1	`e8522dd03cec8fa0ca8f175f8f4d89c25da90479`
SHA256	`16fcfc2cd1047e594701018a6d9b960f08a463182a5a556e06c4f00e87ee9857`
SHA3	`a68255d7a64738188724e955bbd7872e2eb052bf2954357c3da2b432ccf484ca`

100

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.67095`
Detected Filetype	Icon file
MD5	`702825dc0243b2e3835149d498b782c0`
SHA1	`00c44fca5beba72e75a15f947ccf64ccc1c4f8e0`
SHA256	`5d955d46cb4e48e027ff8eabec5f77198a992a980836426c93937ad8a92eec81`
SHA3	`14e1f1f7a236528229655497be993d2eceba0be59833d426fcd346096803ee4e`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.83321`
Detected Filetype	Icon file
MD5	`c008e2deb8a71ffcea7bcf218bf1e645`
SHA1	`168420a00dfd5d9c832c2599525b95d4e9582aa2`
SHA256	`8a757394213aeb3da5386b9c0084d9a9d1204aa394fbafa4929307435208045f`
SHA3	`a0bf5ebd994afea7d22d16c2a4ba60f48717d5116868333d8c3f2de5a65928fb`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x280`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.07176`
MD5	`0f3b71d0fa474d73aff7de9cdf842732`
SHA1	`7990f81c60b8ab722c5ad7367f69c85106be5ed5`
SHA256	`5055de34114f55b1bfafbbbda68ec60c4291109780b9c197557b7c222c9a4e09`
SHA3	`c819cff55bde393211a32de2e92c070f295200f1b580ba63c6d18be15e762375`

String Table contents

ADLICENSEGEN

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2017-Feb-20 18:17:36
Version	`0.0`
SizeofData	`696`
AddressOfRawData	`0x127dc`
PointerToRawData	`0x113dc`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2017-Feb-20 18:17:36
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x414004`
SEHandlerTable	`0x4127d0`
SEHandlerCount	`3`

RICH Header

XOR Key	`0x24efc6ef`
Unmarked objects	`0`
241 (40116)	`9`
243 (40116)	`120`
242 (40116)	`24`
ASM objects (VS2015 UPD3 build 24123)	`17`
C++ objects (VS2015 UPD3 build 24123)	`29`
C objects (VS2015 UPD3 build 24123)	`17`
Imports (VS2008 SP1 build 30729)	`13`
Total imports	`127`
C++ objects (LTCG) (VS2015 UPD3.1 build 24215)	`2`
Resource objects (VS2015 UPD3 build 24210)	`1`
151	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

85e62e876d670896c465f4934069ce68

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.gfids

.rsrc

.reloc

Imports

Delayed Imports

1

2

120

1000

7

100

101

1 (#2)

String Table contents

Version Info

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors