Manalyze report for 871f964595caf47f8509e1b5d98d3ae5

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1992-Jun-19 22:22:17
Detected languages	English - United States
CompanyName
FileDescription	World's smallest FLV player
FileVersion	`1.0.0.0`
InternalName
LegalCopyright	(C) 2011 SVSoftware
LegalTrademarks
OriginalFilename
ProductName
ProductVersion	`1.0.0.0`

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX v2.0 -> Markus, Laszlo & Reiser (h)` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Info	Interesting strings found in the binary:	`Contains domain names: .savevideoplugin.com savevideoplugin.com`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegCloseKey` `Possibly launches other programs: ShellExecuteA` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc`
Suspicious	The PE header may have been manually modified.	`Resource P is possibly compressed or encrypted.` `Resource T is possibly compressed or encrypted.` `The resource timestamps differ from the PE header: 2016-Aug-31 04:28:32`
Malicious	VirusTotal score: 17/67 (Scanned on 2021-04-10 01:34:58)	`Lionic: Trojan.Win32.Generic.4!c` `McAfee: Artemis!871F964595CA` `Cylance: Unsafe` `Zillya: Adware.DealPly.Win32.1828` `Paloalto: generic.ml` `Symantec: ML.Attribute.HighConfidence` `APEX: Malicious` `VIPRE: Trojan.Win32.Generic!BT` `McAfee-GW-Edition: BehavesLike.Win32.Dropper.lc` `Sophos: Mal/Generic-S` `Webroot: W32.Malware.Gen` `Kingsoft: Win32.Troj.Generic_a.c.(kcloud)` `Gridinsoft: Trojan.Win32.Downloader.sa` `VBA32: BScope.Trojan-Dropper.Injector` `Malwarebytes: Malware.Heuristic.1003` `Rising: Malware.Heuristic!ET#86% (CLOUD)` `eGambit: Unsafe.AI_Score_70%`

Hashes

MD5	`871f964595caf47f8509e1b5d98d3ae5`
SHA1	`cba7a37ddb8092c3d727a9cc2cdf3eef1ce7320a`
SHA256	`1ddb7a7effd34cf7aeda40787f4c04a8bdb293bd75c930c875109b0ef1bcdd1e`
SHA3	`e2a6ab85337f3d4e0c52b29503a15a451ed6b5c24907d48bf30ab5e3fbe20b69`
SSDeep	`384:ukuSEcxau+6nAEN4lkKL569kdDa6o9GPxl:ukuSEcxN+qLN4lj6adDa6o9GPx`
Imports Hash	`cf1b4f7cfd2f1c661a8ebe7ec3e346cf`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x3000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0x7000`
AddressOfEntryPoint	`0x0000AB10 (Section: UPX1)`
BaseOfCode	`0x8000`
BaseOfData	`0xb000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xc000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x7000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`257846db0ca1c4295dcd937183c8bfd7`
SHA1	`17875b4c2c5d2bec92abce9ed34b428dd9424d9c`
SHA256	`e3eaf4139e17d46d7b43bdbcd215884250ae858ca2837ada838ce10d63650052`
SHA3	`891a5c9e973e117cad8819c7a81b5e71122fed342e48021de61b6436487f295f`
VirtualSize	`0x3000`
VirtualAddress	`0x8000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.74024`

.rsrc

MD5	`26b6df4898dcdc496581983f009da3e6`
SHA1	`71b6f237d4fa6fb5b1e9865641c16a8dff875d8b`
SHA256	`5de30448dca75cd176a7adefa1de5381f58d70bb704e084e58ae33f8f6556fb8`
SHA3	`997fe3dbccae12cd8114531d777d55b0a9eec9661884121238c4664a72089094`
VirtualSize	`0x1000`
VirtualAddress	`0xb000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.70927`

Imports

KERNEL32.DLL	`LoadLibraryA` `GetProcAddress` `VirtualProtect` `VirtualAlloc` `VirtualFree` `ExitProcess`
advapi32.dll	`RegCloseKey`
comdlg32.dll	`GetOpenFileNameW`
ole32.dll	`CoInitialize`
shell32.dll	`ShellExecuteA`
user32.dll	`SetMenu`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2016-Aug-31 04:28:32
Entropy	`3.92731`
MD5	`09c56e834cbdc820dc36138412813d51`
SHA1	`ef1a4cfec90c4880e05afd341065180e85718541`
SHA256	`2bca62b456189d1f5e3e990674c6e1391536ee1dced1af6894bb5dfdd1250e1f`
SHA3	`6fd879d483fec29728afaa8d988109265deece817fc733a97d828cd197cbb79c`

P

Type	`RT_MENU`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ca`
TimeDateStamp	2016-Aug-31 04:28:32
Entropy	`7.41944`
MD5	`1b9575a1eb993cac1428dbed95842c70`
SHA1	`97e5f6eae15a732d663b63b54513da7e44725144`
SHA256	`607b03bfdd667813ae4d49b5a99ebd4d3aaf58bd504b6729b07e731ac2cf5840`
SHA3	`5c90e3fba2da5f2f786fd56d4e30ec70e11beb2234377bdebbd3522e6f01a37b`

T

Type	`RT_MENU`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x22c`
TimeDateStamp	2016-Aug-31 04:28:32
Entropy	`7.36751`
MD5	`3d01d997f93d67e046cf0514f47c0cb4`
SHA1	`5a88b2a02849ce32a6d4ba50368251c9cec67f17`
SHA256	`38b0726599beb41fd5c4366a8171c613ead184184cb5a9f6e5956c18aaf46f31`
SHA3	`f04f045eaeb7c69457ced2d25df463cfda733e4a6a24d6f9a53281c3ea8ac221`

MAINICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2016-Aug-31 04:28:32
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`42cf62b780813706e75fb9f2b2e8c258`
SHA1	`a022d5c1cfdd8aace0089f3e72f2eedd41bda464`
SHA256	`a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf`
SHA3	`0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2b0`
TimeDateStamp	2016-Aug-31 04:28:32
Entropy	`3.22722`
MD5	`3a3e3faea93fa880de460944f1d9b835`
SHA1	`4c84cfec1af1ffe0d8ad40ae3bcf1874f897f4be`
SHA256	`e755e4eb6b90ec401ae959f60248915a2ff9bc548bbc331782a189ec47faa785`
SHA3	`5584cefd838855ef9814ed52a38100b64a25176743062f81dc53f82dcf7b5e6f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName
FileDescription	World's smallest FLV player
FileVersion (#2)	1.0.0.0
InternalName
LegalCopyright	(C) 2011 SVSoftware
LegalTrademarks
OriginalFilename
ProductName
ProductVersion (#2)	1.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!