Manalyze report for 8e0ba6b2b3d0415b0aa1e952d6744bba

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2004-Jan-23 23:39:42
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	PEiD Signature:	`PolyEnE 0.01+ by Lennart Hedlund` `Upack 0.399 -> Dwing` `Upack v0.39 final -> Sign by hot_UNP`
Suspicious	The PE is possibly packed.	`Unusual section name found: PS\xff\xd5\xab\xeb\xe7\xc3` `Section PS\xff\xd5\xab\xeb\xe7\xc3 is both writable and executable.` `Unusual section name found: \x00\x10@\x00\xf0\x94@` `Section \x00\x10@\x00\xf0\x94@ is both writable and executable.` `Unusual section name found: \xb8t@\x00\xfc\x0f@` `Section \xb8t@\x00\xfc\x0f@ is both writable and executable.` `The PE only has 0 import(s).`
Malicious	VirusTotal score: 40/56 (Scanned on 2015-08-08 04:52:22)	`Bkav: W32.OnGamesLT180912HKGHAAI.Trojan` `MicroWorld-eScan: DeepScan:Generic.Malware.dld!!g.8AC8DD1D` `CAT-QuickHeal: Win32.Trojan.Glox.gen!damaged.3` `Malwarebytes: Malware.Packer.Gen` `TheHacker: W32/Behav-Heuristic-060` `K7GW: Trojan ( 003b1b581 )` `K7AntiVirus: Trojan ( 003b1b581 )` `NANO-Antivirus: Trojan.Win32.Genome.dquraq` `F-Prot: W32/SuspPack.CY.gen!Eldorado` `Symantec: Suspicious.DLoader` `ESET-NOD32: a variant of Win32/TrojanDownloader.Small.AEZ` `TrendMicro-HouseCall: TSPY_ONLINEG.IA` `Avast: Win32:Malware-gen` `ClamAV: Trojan.Onlinegames-2021` `Kaspersky: Trojan-Downloader.Win32.Genome.qgdd` `BitDefender: DeepScan:Generic.Malware.dld!!g.8AC8DD1D` `Agnitum: Trojan.DL.Genome!jd94hw7+fvU` `Ad-Aware: DeepScan:Generic.Malware.dld!!g.8AC8DD1D` `Emsisoft: DeepScan:Generic.Malware.dld!!g.8AC8DD1D (B)` `Comodo: Packed.Win32.MUPACK.~KW` `F-Secure: DeepScan:Generic.Malware.dld!!g.8AC8DD1D` `DrWeb: Trojan.DownLoader11.55803` `VIPRE: Trojan.Win32.Packer.Upack0.3.9 (ep)` `TrendMicro: TSPY_ONLINEG.IA` `McAfee-GW-Edition: BehavesLike.Win32.Downloader.xc` `Cyren: W32/SuspPack.CY.gen!Eldorado` `Jiangmin: Trojan/PSW.OnLineGames.bhmz` `Avira: TR/Hijacker.Gen` `Microsoft: Trojan:Win32/Senta!rfn` `Arcabit: DeepScan:Generic.Malware.dld!!g.8AC8DD1D` `AhnLab-V3: Trojan/Win32.OnlineGameHack` `GData: DeepScan:Generic.Malware.dld!!g.8AC8DD1D` `ALYac: DeepScan:Generic.Malware.dld!!g.8AC8DD1D` `AVware: Trojan.Win32.Packer.Upack0.3.9 (ep)` `VBA32: BScope.Trojan.Win32.Inject.2` `Rising: PE:Trojan.Win32.Generic.18A7393B!413612347` `Ikarus: Trojan-PWS.Win32.OnLineGames` `AVG: Downloader.Generic14.SVL` `Panda: Trj/Pupack.A` `Qihoo-360: HEUR/QVM14.0.Malware.Gen`

Hashes

MD5	`8e0ba6b2b3d0415b0aa1e952d6744bba`
SHA1	`023bcfba32b18916fdc587e20e7d064f3f268f3a`
SHA256	`7fb898b9c2ff320d4e7bdb523478ac88c147fe5728657235a1793d5e59aad8e4`
SHA3	`d2ebedffcf0e0956b172d217492a2f5cf990a0f6826fa8511b203446c5c21f70`
SSDeep	`96:u4JB3s1PEXOg3RMOujV6G7m9TIlxXBXMDciCsLCSPu1GOkiT/P7ue0fX9D+8w0cB:M8LMOO/myxBfinvm1Bj7ueozccap`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x454b`
e_cp	`0x4e52`
e_crlc	`0x4c45`
e_cparhdr	`0x3233`
e_minalloc	`0x442e`
e_maxalloc	`0x4c4c`
e_ss	`0`
e_sp	`0x4550`
e_csum	`0`
e_ip	`0x14c`
e_cs	`0x3`
e_ovno	`0x4011`
e_oemid	`0x148`
e_oeminfo	`0x10f`
e_lfanew	`0x10`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2004-Jan-23 23:39:42
PointerToSymbolTable	`0xff50ad00`
NumberOfSymbols	`2095789174`
SizeOfOptionalHeader	`0x148`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`76.58`
SizeOfCode	`0x694c6461`
SizeOfInitializedData	`0x72617262`
SizeOfUninitializedData	`0x4179`
AddressOfEntryPoint	`0x00001018 (Section: PS\xff\xd5\xab\xeb\xe7\xc3)`
BaseOfCode	`0x10`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.3A`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x12000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`10`

PS\xff\xd5\xab\xeb\xe7\xc3

MD5	`70c911d69f2da1e53c3234e917373396`
SHA1	`74834080efc8f964bc95f41f1c608dbd038a31af`
SHA256	`46ca6b4ab5c9437ff73614a8c05d42a8760a69332748f37dc37d24cb444dacea`
SHA3	`0db0f7048437776cdc38bbf93ace929ca1d99d73f612721da09d384d857da634`
VirtualSize	`0x7000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1f0`
PointerToRawData	`0x10`
PointerToRelocations	`0x408000`
PointerToLineNumbers	`0x4094bb`
NumberOfLineNumbers	`0`
NumberOfRelocations	`203`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.13005`

\x00\x10@\x00\xf0\x94@

MD5	`6fc0cbd0b869be237120b4455134f912`
SHA1	`883ed50ca2df1a95eb6c47c9aadeed9c2f84eb79`
SHA256	`50a616ef487d3237bf4b33a45fc841974ddeb24d83895094892110a81dcc36a7`
SHA3	`05df2b1f130b59bb6fc5222bc24c4ed976d11fee7173e7d458cacefd50dbf7ce`
VirtualSize	`0x9000`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1618`
PointerToRawData	`0x200`
PointerToRelocations	`0x403010`
PointerToLineNumbers	`0x406fff`
NumberOfLineNumbers	`64`
NumberOfRelocations	`38424`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.96007`

\xb8t@\x00\xfc\x0f@

MD5	`70c911d69f2da1e53c3234e917373396`
SHA1	`74834080efc8f964bc95f41f1c608dbd038a31af`
SHA256	`46ca6b4ab5c9437ff73614a8c05d42a8760a69332748f37dc37d24cb444dacea`
SHA3	`0db0f7048437776cdc38bbf93ace929ca1d99d73f612721da09d384d857da634`
VirtualSize	`0x1000`
VirtualAddress	`0x11000`
SizeOfRawData	`0x1f0`
PointerToRawData	`0x10`
PointerToRelocations	`0x409488`
PointerToLineNumbers	`0x40948b`
NumberOfLineNumbers	`64`
NumberOfRelocations	`38042`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.13005`

Imports

KERNEL32.DLL	`(EMPTY)`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read a COFF symbol.
[*] Warning: The PE's sections are not aligned to its reported FileAlignment. It was almost certainly crafted manually.
[*] Warning: Could not read an import's name.
[!] Error: Could not reach an IMPORT_LOOKUP_TABLE.
[*] Warning: An error occurred while trying to read functions imported by module KERNEL32.DLL.
[*] Warning: directory 6 has a size of 0! This PE may have been manually crafted!
[!] Error: Could not reach the requested directory (offset=0x0).
[!] Error: Could not reach the requested directory (offset=0x0).
[*] Warning: Could not read a WIN_CERTIFICATE's header.