Manalyze report for 8b1c69227afe8f10d8455fa90525c360

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2002-Apr-01 20:32:30

Plugin Output

Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Malicious	VirusTotal score: 27/67 (Scanned on 2019-02-14 23:41:14)	`McAfee: Artemis!8B1C69227AFE` `Cylance: Unsafe` `Symantec: Trojan.Gen.2` `TrendMicro-HouseCall: TROJ_GEN.R002C0DKO18` `Paloalto: generic.ml` `ClamAV: Win.Trojan.Emotet-6748801-0` `Comodo: Malware@#lgy9qjzteiv8` `McAfee-GW-Edition: Artemis!Trojan` `Trapmine: malicious.high.ml.score` `Ikarus: Trojan-Banker.Emotet` `Cyren: W32/Trojan.WPSS-2134` `Webroot: W32.Trojan.Emotet` `Antiy-AVL: Trojan[Banker]/Win32.Emotet` `Microsoft: Trojan:Win32/Emotet.I` `Endgame: malicious (high confidence)` `AegisLab: Trojan.Win32.Emotet.4!c` `GData: Win32.Trojan.Agent.72CERB` `Acronis: suspicious` `MAX: malware (ai score=99)` `Malwarebytes: Trojan.Emotet` `Panda: Trj/CI.A` `Rising: Trojan.Zpevdo!8.F912 (CLOUD)` `SentinelOne: static engine - malicious` `Fortinet: W32/PossibleThreat` `AVG: Win32:Malware-gen` `Avast: Win32:Malware-gen` `CrowdStrike: malicious_confidence_100% (W)`

Hashes

MD5	`8b1c69227afe8f10d8455fa90525c360`
SHA1	`ba06e9fce2147e6764add0fa0a56e904c6e70235`
SHA256	`4b2d557727af5d833bfd785aac2921cfdbd594777c5852f314d4e76d967a040e`
SHA3	`6744f68b918a81b06b53910937db834d3a1f8f1ce533d6ab25d13c81e630e488`
SSDeep	`3072:82d/6PxfwvbOTJQhq1Xcj5P/Yqfjyfolt9UqHougcV:Vd/qwvs+4fit9RHoYV`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2002-Apr-01 20:32:30
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0`
SizeOfInitializedData	`0x49000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000C23C2 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x10d000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`870496feb705840df432bb9e1aeaf460`
SHA1	`077e4dcf10b5875fb6881161f5cc006f95f39a52`
SHA256	`b97cd647ca7297b7edadb12520221b97c5121eb55bcb3258b33000c18685c92c`
SHA3	`401d1655205209344ed1a1d4da5a730cf85bdbd04636190465371d9c97ac6b84`
VirtualSize	`0xc2ee6`
VirtualAddress	`0x1000`
SizeOfRawData	`0xc3000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`3.76932`

.data

MD5	`dca005a91641e5c1d7e06ac8def6d0bc`
SHA1	`b4857f6ca66bf7674aa3be113c98d5c09019e5ab`
SHA256	`8522ba971fc0a0c3652e669ff39b09cf017dbd101592726beb1401daf84a6c5e`
SHA3	`cd45bd089d293cb931130a4cdb74e4c545021903cbd3c80fc17493df1b9f724d`
VirtualSize	`0xa598`
VirtualAddress	`0xc4000`
SizeOfRawData	`0x9000`
PointerToRawData	`0xc4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.0734`

.CRT

MD5	`c01676207e21901f2db6b8ed352b4e3e`
SHA1	`899021da813907a014269ba19447b91e80d75716`
SHA256	`a0e680aae163bdcbeadf74f225f4a894957e6d618669791872f6d076afd079aa`
SHA3	`9577522b61390a2567f93e066b5b68518310c376ec1349cc34a468d5b1072238`
VirtualSize	`0x3d2`
VirtualAddress	`0xcf000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xcd000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.58039`

.pdata

MD5	`2a3d04c3f4807cb4a0a6c29760391a94`
SHA1	`20e2ceb62a9e62d1ab6d15fa7d5d1f442f174009`
SHA256	`59ea3663e965a35fcaeb5b346ec9ad587dc5cc2576cf6ec3b850d8f258cb7aed`
SHA3	`a5cdf600dba2cc8f5b331bfaf87b5f5b38e0b87708223ae5aedc5e846aeb6ffe`
VirtualSize	`0x3bea4`
VirtualAddress	`0xd0000`
SizeOfRawData	`0x3c000`
PointerToRawData	`0xce000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_LNK_COMDAT` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.51952`

.rsrc

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4f8`
VirtualAddress	`0x10c000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x10a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read an import's name.
[!] Error: Could not read the exported DLL name.
[!] Error: Could not read an IMAGE_RESOURCE_DIRECTORY.
[*] Warning: Section .rsrc is larger than the executable!
[*] Warning: Section .rsrc is larger than the executable!
[*] Warning: Section .rsrc is larger than the executable!