Manalyze report for 91f6888159d2cc4d1e12bc962b432170

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Oct-20 11:04:41

Plugin Output

Suspicious	The PE is possibly packed.	`The PE only has 6 import(s).`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Malicious	VirusTotal score: 53/72 (Scanned on 2022-10-28 10:24:38)	`Bkav: W32.AIDetect.malware2` `Lionic: Trojan.Win32.Fugrafa.4!c` `MicroWorld-eScan: Gen:Variant.Lazy.256797` `McAfee: Artemis!91F6888159D2` `Cylance: Unsafe` `VIPRE: Gen:Variant.Lazy.256797` `Sangfor: Infostealer.Win32.Lazy.Vn3j` `K7AntiVirus: Riskware ( 00584baa1 )` `Alibaba: TrojanSpy:Win32/Stealer.bd3fe57a` `K7GW: Riskware ( 00584baa1 )` `Cybereason: malicious.159d2c` `Cyren: W32/ABRisk.IAPV-5267` `Symantec: ML.Attribute.HighConfidence` `Elastic: malicious (high confidence)` `ESET-NOD32: a variant of Win32/PSW.Agent.OOQ` `APEX: Malicious` `Paloalto: generic.ml` `Cynet: Malicious (score: 100)` `Kaspersky: Trojan-Spy.Win32.Stealer.cwaa` `BitDefender: Gen:Variant.Lazy.256797` `Avast: Win32:PWSX-gen [Trj]` `Tencent: Win32.Trojan-Spy.Stealer.Ikjl` `Ad-Aware: Gen:Variant.Lazy.256797` `Emsisoft: Gen:Variant.Lazy.256797 (B)` `F-Secure: Trojan.TR/Spy.Stealer.pzcau` `DrWeb: Trojan.PWS.Siggen3.23706` `TrendMicro: TROJ_GEN.R002C0PJP22` `McAfee-GW-Edition: RDN/GenericD` `Trapmine: suspicious.low.ml.score` `FireEye: Generic.mg.91f6888159d2cc4d` `Sophos: Mal/Generic-S` `GData: Gen:Variant.Lazy.256797` `Webroot: W32.Trojan.Gen` `Avira: TR/Spy.Stealer.pzcau` `Antiy-AVL: Trojan/Script.Phonzy` `Kingsoft: Win32.Troj.Generic.jm.(kcloud)` `Arcabit: Trojan.Lazy.D3EB1D` `ZoneAlarm: Trojan-Spy.Win32.Stealer.cwaa` `Microsoft: Backdoor:Win32/Aicat.A!ml` `Google: Detected` `AhnLab-V3: Trojan/Win.Generic.C5286220` `BitDefenderTheta: AI:Packer.4A0C22D01E` `ALYac: Gen:Variant.Lazy.256797` `MAX: malware (ai score=82)` `VBA32: BScope.TrojanPSW.Racealer` `Malwarebytes: Spyware.RaccoonStealer` `TrendMicro-HouseCall: TROJ_GEN.R002C0PJP22` `Rising: Stealer.Convagent!8.1326D (TFE:4:3xkpIFlj1qM)` `MaxSecure: Trojan.Malware.300983.susgen` `Fortinet: W32/PossibleThreat` `AVG: Win32:PWSX-gen [Trj]` `Panda: Trj/Chgt.AA` `CrowdStrike: win/malicious_confidence_100% (W)`

Hashes

MD5	`91f6888159d2cc4d1e12bc962b432170`
SHA1	`274e52ef8ea0b7ca68e16ad7e7dc6b006e15ae6f`
SHA256	`980095faad7ac452f5f2827290c5f00904f9aaed2facf9ed690850f8739437ed`
SHA3	`06a5732323aaba8fa2ef4d315a821ec536c65b5e04ddb299d39b34157faab36b`
SSDeep	`1536:IVp01Eca2z/LvhbUDZUN1T04K3rJJOFOEey:j1EcfBUDZi03Key`
Imports Hash	`f15c46dd0ebd22938b2ec56664ea6a28`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2022-Oct-20 11:04:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xb600`
SizeOfInitializedData	`0x3200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000088B5 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xd000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x12000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c0d9212baacd3eef308a5b66d0a77a87`
SHA1	`d905613646f66e29bf01d99a052dedebde3cd515`
SHA256	`3277c8130ca5c3920ce4f357ae6edddc4f1558e69dc589f9127d80d1cd96f5e6`
SHA3	`a30f0f5d443fe0be33a2feb3a57b2a747ae22293657f4dc67f497b033fca54ca`
VirtualSize	`0xb40b`
VirtualAddress	`0x1000`
SizeOfRawData	`0xb600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.90382`

.rdata

MD5	`5cb16a0b9d5369ce6ebec5eaf0430be0`
SHA1	`33982d380489180de53b79a245489e34d51be7f7`
SHA256	`d30652a46390091aab6da11dcbcfeb89793088669892858e267539ac9267f531`
SHA3	`03f0023840b64c8d2fca4d2066baa31d125cc4c8c9710e5530d41cebde14cb30`
VirtualSize	`0x28a2`
VirtualAddress	`0xd000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0xba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.59057`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x5b8`
VirtualAddress	`0x10000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.CRT

MD5	`0de7925f85ad752d0042ee0ba6881ccd`
SHA1	`d318e1b4cc33d59a011fa885c0c14e89e27f5163`
SHA256	`84da4036eeb2ed2092f0ff2b8ee331d21715a5b9f440a7f500728d45df344549`
SHA3	`011aa1031066ab5c17532ace5bc1f58260f75af0d7c2eceef937f6a555783b11`
VirtualSize	`0x4`
VirtualAddress	`0x11000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.21508`

Imports

KERNEL32.dll	`GetProcAddress` `CreateFileW` `lstrlenA` `LocalAlloc` `LoadLibraryA`
ole32.dll	`CoInitialize`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Oct-20 11:04:41
Version	`0.0`
SizeofData	`244`
AddressOfRawData	`0xf6e0`
PointerToRawData	`0xe0e0`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2022-Oct-20 11:04:41
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x87c008ae`
Unmarked objects	`0`
C objects (27412)	`2`
C objects (CVTCIL) (27412)	`1`
Imports (27412)	`5`
Total imports	`6`
C++ objects (LTCG) (VS2019 Update 11 (16.11.4-5) compiler 30136)	`18`
Linker (VS2019 Update 11 (16.11.4-5) compiler 30136)	`1`

Errors

[*] Warning: Section .data has a size of 0!