Manalyze report for 93debcb396fb3473b4e8b2d4f92ac400

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2020-Jan-09 18:23:40

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `Unusual section name found: UPX2` `Section UPX2 is both writable and executable.` `The PE only has 4 import(s).`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress`
Suspicious	The file contains overlay data.	`256 bytes of data starting at offset 0x1fd00.`
Malicious	VirusTotal score: 41/73 (Scanned on 2020-01-22 15:50:55)	`Bkav: HW32.Packed.` `DrWeb: Trojan.Packed.140` `MicroWorld-eScan: Gen:Trojan.Heur.GM.0800032020` `FireEye: Generic.mg.93debcb396fb3473` `Cylance: Unsafe` `Sangfor: Malware` `K7AntiVirus: Riskware ( 0040eff71 )` `K7GW: Riskware ( 0040eff71 )` `Cybereason: malicious.396fb3` `Arcabit: Trojan.Heur.GM.D2FAF8514` `BitDefenderTheta: AI:Packer.899750511D` `Symantec: ML.Attribute.HighConfidence` `TrendMicro-HouseCall: Cryp_Xed-16` `Avast: Win32:Trojan-gen` `BitDefender: Gen:Trojan.Heur.GM.0800032020` `Paloalto: generic.ml` `AegisLab: Trojan.Win32.Malicious.4!c` `Rising: Malware.Undefined!8.C (CLOUD)` `Ad-Aware: Gen:Trojan.Heur.GM.0800032020` `Emsisoft: Gen:Trojan.Heur.GM.0800032020 (B)` `Comodo: Packed.Win32.MUPX.Gen@24tbus` `F-Secure: Trojan.TR/Crypt.U.Gen` `TrendMicro: Cryp_Xed-16` `McAfee-GW-Edition: RDN/Generic.dx` `Trapmine: malicious.high.ml.score` `Sophos: Mal/HckPk-A` `Ikarus: Trojan.Crypt` `Cyren: W32/Trojan.GMMI-6131` `Webroot: W32.Trojan.Gen` `Avira: TR/Crypt.U.Gen` `Endgame: malicious (moderate confidence)` `Microsoft: Trojan:Win32/Occamy.C` `SentinelOne: DFI - Malicious PE` `McAfee: RDN/Generic.dx` `VBA32: Heur.Trojan.Hlux` `APEX: Malicious` `Tencent: Win32.Trojan.Xed.Hupq` `GData: Gen:Trojan.Heur.GM.0800032020` `AVG: Win32:Trojan-gen` `CrowdStrike: win/malicious_confidence_90% (W)` `Qihoo-360: Generic/HEUR/QVM11.1.A54F.Malware.Gen`

Hashes

MD5	`93debcb396fb3473b4e8b2d4f92ac400`
SHA1	`2cac5e3b858dc8b58dcc2af06ee370b1d4267bf1`
SHA256	`161bddc63eadbf39092b495ac888af7dc6fa5106c612bd8a4a62761f98ff4d3c`
SHA3	`336e8d21bc686f2f62b7c7fe2cb8eb0da79079c633e89db873d11c0843b92057`
SSDeep	`3072:KiCTCecU72Ojl1f//8USX5mgqdurEKh2TFqfwNbQuAu:LCZ8Ojl1//colEzhYYfwB3H`
Imports Hash	`6ed4f5f04d62b18d96b26d6db7c18840`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2020-Jan-09 18:23:40
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x1f000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0x4f000`
AddressOfEntryPoint	`0x0006F0A8 (Section: UPX2)`
BaseOfCode	`0x50000`
BaseOfData	`0x6f000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x71000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4f000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`3b589bf06dcb39e5b88c92fc9e9426b8`
SHA1	`70ec1464b33bb9cce9ce7b224df2898447ba3af3`
SHA256	`39a4d5909d5b7ccba23fb19d531757525c0a25d2a28e49361b9fb6278968d068`
SHA3	`6c978aaba7f9bf6045d3f18ee0c5c7e62ab9b09321132773257fb32137513a69`
VirtualSize	`0x1f000`
VirtualAddress	`0x50000`
SizeOfRawData	`0x1e600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.92042`

UPX2

MD5	`6f6d1c6e09b8af801c909acb4de0b20a`
SHA1	`8355a91ea2219b174daf5561ca582b4b7e35f2c4`
SHA256	`35ab3d90820e18003f9c877b5010e5c2999c37e96e825b23544ff7d258b5bc00`
SHA3	`6381806da2cedd13483b0deb992a39e4c8396a007c05b02eb041d91fe8c0b113`
VirtualSize	`0x2000`
VirtualAddress	`0x6f000`
SizeOfRawData	`0x1300`
PointerToRawData	`0x1ea00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.64803`

Imports

KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

Size	`0xa4`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4640c8`
SEHandlerTable	`0x461f50`
SEHandlerCount	`7`

RICH Header

XOR Key	`0x56acf275`
Unmarked objects	`0`
ASM objects (26715)	`12`
C++ objects (26715)	`138`
C objects (26715)	`18`
Imports (26715)	`3`
Total imports	`80`
C++ objects (VS2019 Update 2 (16.2) compiler 27905)	`37`
C objects (VS2019 Update 2 (16.2) compiler 27905)	`17`
ASM objects (VS2019 Update 2 (16.2) compiler 27905)	`17`
C objects (28106)	`1`
Linker (28106)	`1`

Errors

[*] Warning: Section UPX0 has a size of 0!