Manalyze report for 925940c3be6ea09351757f9b7a3413e9

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.`
Info	Cryptographic algorithms detected in the binary:	`Uses known Mersenne Twister constants`
Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Suspicious	The file contains overlay data.	`1594880 bytes of data starting at offset 0x18ca00.`
Malicious	VirusTotal score: 36/69 (Scanned on 2023-05-26 08:30:22)	`tehtris: Generic.Malware` `MicroWorld-eScan: Gen:Variant.Fugrafa.179127` `FireEye: Generic.mg.925940c3be6ea093` `McAfee: GenericRXQM-MW!925940C3BE6E` `Malwarebytes: Generic.Malware.AI.DDS` `Sangfor: Miner.Win32.Ursu_1081.se2` `CrowdStrike: win/malicious_confidence_100% (W)` `Symantec: ML.Attribute.HighConfidence` `Elastic: malicious (high confidence)` `APEX: Malicious` `Cynet: Malicious (score: 100)` `BitDefender: Gen:Variant.Fugrafa.179127` `Avast: Win32:Malware-gen` `TACHYON: Trojan/W32.Fugrafa.3219456` `Emsisoft: Gen:Variant.Fugrafa.179127 (B)` `DrWeb: Tool.BtcMine.1710` `VIPRE: Gen:Variant.Fugrafa.179127` `TrendMicro: TROJ_GEN.R03BC0DEP23` `McAfee-GW-Edition: GenericRXQM-MW!925940C3BE6E` `Sophos: Mal/Generic-S` `GData: Gen:Variant.Fugrafa.179127` `Antiy-AVL: Trojan[Downloader]/Win32.Fugrafa` `Arcabit: Trojan.Fugrafa.D2BBB7` `Microsoft: Trojan:Win32/AgentCrypt.SM!MTB` `Google: Detected` `AhnLab-V3: Trojan/Win.IRCBot.R454198` `ALYac: Gen:Variant.Fugrafa.179127` `MAX: malware (ai score=81)` `Panda: Trj/CI.A` `TrendMicro-HouseCall: TROJ_GEN.R03BC0DEP23` `Rising: Trojan.Kryptik!1.CAC5 (CLASSIC)` `Ikarus: Win32.Outbreak` `Fortinet: W32/Fugrafa.76624!tr` `AVG: Win32:Malware-gen` `Cybereason: malicious.9a2b44` `DeepInstinct: MALICIOUS`

Hashes

MD5	`925940c3be6ea09351757f9b7a3413e9`
SHA1	`05095cc9a2b448bffd1b82d7f8914c975b742be5`
SHA256	`6ad113b8257b0e21c8765b2009b1bdaa4bc46935fad9918d61d303d330a2da48`
SHA3	`5fca902596117d4c81567d7f0285bc010ff08d0d3c17430208afb89dd3cb4093`
SSDeep	`24576:41txXTADYDZL89t68/kGhluhQkibRRcJ9ltZa9AHjnLw+oOqWYP/rYRSwKDJyR5u:KxDD9i68/kuRRcJ9ltrLwec/GXe`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`3.0`
SizeOfCode	`0xc910`
SizeOfInitializedData	`0x604`
SizeOfUninitializedData	`0x24f0`
AddressOfEntryPoint	`0x0000D8B0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xe000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x193000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x1000000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0f05dcb02708ef0000d8a8ae2e524bde`
SHA1	`1f04c78d64cccc321fc2dc7f4fe001e30af65c01`
SHA256	`1b5c62ba8f22f9b7663b8f2a15fd402f88bc8915f39a10bb5fca40ef17db4132`
SHA3	`8e8f1a674b5ec89bdd20245026f6d27233afeede466ba667baec709366c49573`
VirtualSize	`0x401000`
VirtualAddress	`0x1000`
SizeOfRawData	`0xca00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.9232`

.data

MD5	`a0e490d13ea43cc5da67895d4a74b3ee`
SHA1	`e06615f99d049eb5fbd8cb94b35374a215ca265c`
SHA256	`3b16f802ff6702c97d4fad586de931c8d8039eacba309f28377a4e88e5c96fb5`
SHA3	`1c8348449566968941cd64adc55907acd4bf2d2e6b6b70a205273cfa399b517d`
VirtualSize	`0x40e000`
VirtualAddress	`0xe000`
SizeOfRawData	`0x800`
PointerToRawData	`0xce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.93301`

.rdata

MD5	`80a5e80b326ba2d045e118b994626727`
SHA1	`74775c487d2aca85b8b2f64992de2a7dfa108ac7`
SHA256	`e311eab95530b4e9b640d9c5cd51fdaa7b9e2b125091895d1fcd24d833c5fee1`
SHA3	`349ae12021b034b11a993365db5c527f50bd0b5f5f96058c466618617521bc5f`
VirtualSize	`0x17e888`
VirtualAddress	`0xf000`
SizeOfRawData	`0x17ea00`
PointerToRawData	`0xd600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.43937`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x24f0`
VirtualAddress	`0x18e000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.CRT

MD5	`58530308f31cd17adf54d08af3a0451d`
SHA1	`9613f612d0a12fca24bcae204f46dad5b0474ec9`
SHA256	`b5c78ca67119cc760c39986a3b0dcf0f3550e0513f05edef4322c69e4b7057e0`
SHA3	`e9b31a9cb13fc7eac743436609f7c128ae5ce9ca3a62d4dc425954aaa8f6cef8`
VirtualSize	`0xc`
VirtualAddress	`0x191000`
SizeOfRawData	`0x200`
PointerToRawData	`0x18c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.811278`

.idata

MD5	`01b7c9b9dbe59812a66acc1d9cdd8226`
SHA1	`fe0ff3529fa45e67f49a5d1b5bdf65330f071e53`
SHA256	`10f293b397c000e7bb05f0113b31e142aae36c057c92aa375c4ebc3fdf4c147c`
SHA3	`2e3c713260e552ea8d145c01dd2ddc5dffa755e01c75e2e57c69b0edc5ecec04`
VirtualSize	`0x7cd`
VirtualAddress	`0x192000`
SizeOfRawData	`0x800`
PointerToRawData	`0x18c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.811278`

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read an import's name.
[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .bss has a size of 0!