Manalyze report for 963dbb62e13c271b8a85ceeba6d6171e

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00
Detected languages	English - United States
CompanyName	Oracle Corporation
FileDescription	Java Platform SE binary
FileVersion	`8.0.2610.12`
Full Version	1.8.0_261-b12
InternalName	Setup Launcher
LegalCopyright	Copyright © 2020
OriginalFilename	online_wrapper-cab.exe
ProductName	Java Platform SE 8 U261
ProductVersion	`8.0.2610.12`

Plugin Output

Suspicious	The PE is packed with mpress	`Unusual section name found: .MPRESS1` `Section .MPRESS1 is both writable and executable.` `Unusual section name found: .MPRESS2` `Section .MPRESS2 is both writable and executable.` `The PE only has 2 import(s).`
Info	The PE is digitally signed.	`Signer: Marketing Concept s.r.o.` `Issuer: Sectigo RSA Code Signing CA`
Malicious	VirusTotal score: 47/67 (Scanned on 2021-08-27 12:20:19)	`Lionic: Trojan.Win32.Ulise.4!c` `Elastic: malicious (high confidence)` `MicroWorld-eScan: Trojan.Generic.30011202` `ALYac: Trojan.Downloader.1481240` `Cylance: Unsafe` `Zillya: Trojan.GenKryptik.Win64.1339` `Sangfor: Trojan.Win32.Kryptik.HGFD` `K7AntiVirus: Trojan ( 0056ee091 )` `Alibaba: Trojan:Win32/Kryptik.e0a6d2b1` `K7GW: Trojan ( 0056ee091 )` `CrowdStrike: win/malicious_confidence_100% (W)` `Cyren: W64/Kryptik.EAE.gen!Eldorado` `Symantec: Trojan.Maltrec.TS` `ESET-NOD32: a variant of Win32/Kryptik.HGFD` `TrendMicro-HouseCall: Trojan.Win64.ULISE.AA` `Paloalto: generic.ml` `ClamAV: Win.Packed.Cerbu-9832815-0` `BitDefender: Trojan.Generic.30011202` `NANO-Antivirus: Trojan.Win64.Kryptik.ixabtb` `Avast: Win64:DangerousSig [Trj]` `Ad-Aware: Trojan.Generic.30011202` `Emsisoft: Trojan.Generic.30011202 (B)` `DrWeb: Trojan.Siggen10.20192` `VIPRE: Trojan.Win32.Generic!BT` `TrendMicro: Trojan.Win64.ULISE.AA` `McAfee-GW-Edition: Artemis!Trojan` `SentinelOne: Static AI - Suspicious PE` `FireEye: Trojan.Generic.30011202` `Sophos: Mal/Generic-S` `APEX: Malicious` `GData: Trojan.Generic.30011202` `Webroot: W32.Trojan.Gen` `Avira: HEUR/AGEN.1138222` `MAX: malware (ai score=99)` `Antiy-AVL: Trojan/Generic.ASMalwS.335D931` `Gridinsoft: Trojan.Kryptik.dd!c` `Arcabit: Trojan.Generic.D2CA123D` `Cynet: Malicious (score: 100)` `AhnLab-V3: Dropper/Win32.Agent.C4193120` `McAfee: GenericRXAA-AA!963DBB62E13C` `Malwarebytes: RiskWare.Dropper` `Yandex: Trojan.GenKryptik!oGA5KtZ7h+Y` `Ikarus: Trojan.Win64.CoinMiner` `MaxSecure: Trojan.Malware.118206173.susgen` `Fortinet: W32/Kryptik.HGFD!tr` `AVG: Win64:DangerousSig [Trj]` `Panda: Trj/CI.A`

Hashes

MD5	`963dbb62e13c271b8a85ceeba6d6171e`
SHA1	`83761a2c6f1a16c3c75666fe74f9a1f80639e1cc`
SHA256	`da19399ca6cf769dfbe7e6e18b3ab726e72ebc7896b9a351c22dba8dd322d333`
SHA3	`96e1e5afdf4cb253cddc82405d36c2aab2a54b2acf489effaa7af2c34f003c15`
SSDeep	`24576:kMG0Do+wFZtMDmjWczyL8lV7JdDE4ejE5Ok2ahwCRfchN4h:9TDoJFZGDDc2yV77ejKDdRBh`
Imports Hash	`79b3362178937bf9559741c46bb9e035`

DOS Header

e_magic	`MZ`
e_cblp	`0x40`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x2`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0xb400`
e_oeminfo	`0xcd09`
e_lfanew	`0x40`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`3`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x4d2a00`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x275400`
SizeOfInitializedData	`0x41400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000524085 (Section: .MPRESS2)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x52d000`
SizeOfHeaders	`0x200`
Checksum	`0x170a0f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.MPRESS1

MD5	`b336bb26422abe53755b7ab6c6c0a517`
SHA1	`dbf629062cb37f423751218838a9626609c88a06`
SHA256	`7b5eb25ca2af534e60d96b26ac2d899fd48f602fddb880476ce2e51901003024`
SHA3	`8db17c09aa405bfa186f7d4b4e9a99fd473e4b49ca531954aa491075113655ba`
VirtualSize	`0x523000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x15ea00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99985`

.MPRESS2

MD5	`7fb51e2f5a7df5c23ba1374ce02bcf3b`
SHA1	`1d91c79b00329258ed3635105ecfc00afc7236be`
SHA256	`20bdda69c546e5cf9fbf736f3b076bd78ce0b4160e5428563c9af34abd163385`
SHA3	`f677e2621aa2fe3fd101b076492bb4261e8cae41a70ccef7ae2a93ef85a58cb8`
VirtualSize	`0xb7f`
VirtualAddress	`0x524000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x15ec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.03251`

.rsrc

MD5	`f774a254915f767b76e9e72d788b0035`
SHA1	`a4c8d631a20307151dac9a66472e81b352f607a1`
SHA256	`f37416abe3e7ba694423eb20efbd883d0702f0b75697bdb784ee245df8b13026`
SHA3	`456ab7c1bd6982fd70718a2500ef841576fd41b8d65bbb9a473585d368977224`
VirtualSize	`0x7cea`
VirtualAddress	`0x525000`
SizeOfRawData	`0x7e00`
PointerToRawData	`0x15f800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.85572`

Imports

KERNEL32	`GetModuleHandleA` `GetProcAddress`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.59438`
MD5	`9d0f6f07a2248bdcec199bffa13dfba5`
SHA1	`e8fb851d2faf332c161450ed1d33357ca571aef4`
SHA256	`afb87caf3186370a597d066b19f0f74e4acfaf0a8e5e5f569e2da75def3ffc43`
SHA3	`8e4e882c7e4e136a0d0d9645aaaf10e88266dbe9a14893c9bc3b726dbd3945a1`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.96826`
MD5	`787bac8701161530d75505d17919de19`
SHA1	`3d17733c52f7c7719b92b0d254e9c3331c6dd491`
SHA256	`1ff1edfe7779b95b24553fe1eeac40f72ce79a0bb2cbc8b711b7bf8265d5ee47`
SHA3	`c4c198821abba7f78e8c06b073f759c2c02a1b6b09666255ac63a154f9250678`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.90069`
MD5	`ebb5d7184cbe7f1f5a8f50152a49e433`
SHA1	`fb406caeb359cf8d7e5549c54c7f3291047b4db5`
SHA256	`f26171f3baeb9ccf71e80b12f92838a487f434119d12190cc1c8c4efbf0906f0`
SHA3	`fd0a11db1a75257cc7e710d1f84bd869d55d78a2868bc10497d0841e00afcdef`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.0155`
MD5	`42576bbff51607bfb66bf0dd9d0824cc`
SHA1	`e01dfea8b91b3ef79b8b821cd72bf8e3ead72205`
SHA256	`46ae400026b2c61a308e02b36c84e994328786a23a51059a72fc0ee038ebac3e`
SHA3	`e308c9ff1a606d1d8e566f8071963892e5e7d80bfbe8525f6f5c5b10f413716c`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.58618`
MD5	`6c3dc3215886ff31c733e2dda5317aed`
SHA1	`ea2f42acd8e27b860381d07530d6f344d2e48098`
SHA256	`467e07c1e3bcf890c4a61c9e1a675aab9dff875fc3b95648fe0cb6b5c76c0c11`
SHA3	`d004fc938e510b56d402dc33265de8f2a91083769c1b50556cd870159d5c37ed`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.53853`
MD5	`f866af729c0cc8df99c41a1df739cb27`
SHA1	`d931ef7fd85d25450eff147e9dee8d67f995cdaa`
SHA256	`37922e311d3ba1cc04eda58d19f0fb513ba48b50841791aa0e2b4f4241591e06`
SHA3	`9544b9f866a62aa92eca3681a11eb6b319a4998a004174c55fcd56a227179197`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.94465`
MD5	`e643fbe9999fa09c51723b2ddc1e8b51`
SHA1	`3ddc56b1c637133713acc49ad654a15e0415fa18`
SHA256	`fceb63fb5ea6edbe9a8f50e449e5041a9c8622c7b4a0a0d2bd332fa4298138ef`
SHA3	`4092f0cfc6063442d2d312c319f85acceba98dbe87316441a8f2c41e46db7eef`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81361`
MD5	`7f494966cd46d73e2b93db070ec1a9ea`
SHA1	`bff69b9bc6f060560adffbf5cee013cfa65b8364`
SHA256	`18830062c5276e87697169f9f359efb15aeb41e8a0ecc79a3c320845f64ca21f`
SHA3	`bce7726fe14d346a37dd7188010630defaad92d91d46745f298a33e1def2aad2`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.4261`
MD5	`054155198e2281c474861faf4cd3fc4f`
SHA1	`cc0c13027be349167f7bb8bd06e3000f6b905d4b`
SHA256	`752046db2d5ba9b48214cfdc907886277a63ca3638eb1d38a00f207878da0a7d`
SHA3	`9331f3cb9304e4f3de3d8ab87c5277549f7d1772fba31a7a1fe41933aa1d3056`

10

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.68846`
MD5	`a98752f0522554542224c17050b6cd45`
SHA1	`3844d164edc6c530ff4eb0f145b31b7618bec790`
SHA256	`f39679918b57ed83da31c7cb81d5ace2b1409700628cb3ece4224c3f143c29fb`
SHA3	`1b17a3c0a7c3e9d62fcafd66190c4ab56089f75a55adeaf8add4b8a79e3d81bb`

11

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.58248`
MD5	`7ffbccd219ca36487afed0150da8fc56`
SHA1	`ec1d1e0fae577ef0267d2614c3ff691a69be2795`
SHA256	`b72e0c24aaa3ead9220fd1b21e60c2adfe048c83c7bce3e98cb2207615777c30`
SHA3	`927b1c68751045785448b5fd2c65adb697edb1cb472fc00eaac2fdfea6fa71e6`

12

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.58485`
MD5	`7439f9bc2bac19fcbfd94aca0424f3d7`
SHA1	`41b5144e3fc3367e2cce5830b8127d7d55f2e3b0`
SHA256	`4e7aa9843e2f6b206a9b0fbc7e0edcd910b2cbdb0d103644c8fce426bb90415f`
SHA3	`4c3314a23445b81a621de4ca4e13d19a2fc179c63360d0f65dd98db1df07f52a`

101

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.06492`
Detected Filetype	Icon file
MD5	`9f09cf7bb38a28604b82294714b5aff8`
SHA1	`92235b3d49fd27218a58fbfad27ad6a619b54ffb`
SHA256	`d2d8ccd68849e94ea6b84f6835d0fe98ffa5c11e74a1138529e3c0b8d8edfe60`
SHA3	`31d634f42904a006333aee6a5258ab8c02eb1729897f4083ef50dad9565e0da3`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x35c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48523`
MD5	`aba7670e912411de95e34e61f1c60ed7`
SHA1	`57bda9c0ffbc1a60bdea36f751e7e8b5ace4dbdc`
SHA256	`5d45a552035a95873ae29e29f897c2724367d505b319470d2bd0105e3260fb51`
SHA3	`a59fd38262f70413f776f14950be55bfe0e1807c59cc96aa5fadbfb77fe499d8`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8258`
MD5	`4c95ce3366e916fb03f5259fa12285dc`
SHA1	`7ca66f4fe130cf42147678dce410eae31e6411f1`
SHA256	`cdfd94d676e194a42d9ba1d0b061e99b93e6079a8cc39933a515ce2fa84b690e`
SHA3	`8c8034990c6dbce339eb727b89fbfcecc10f9b972e8712365c3933b0f3a6fb7a`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	8.0.2610.12
ProductVersion	8.0.2610.12
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Oracle Corporation
FileDescription	Java Platform SE binary
FileVersion (#2)	8.0.2610.12
Full Version	1.8.0_261-b12
InternalName	Setup Launcher
LegalCopyright	Copyright © 2020
OriginalFilename	online_wrapper-cab.exe
ProductName	Java Platform SE 8 U261
ProductVersion (#2)	8.0.2610.12

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

963dbb62e13c271b8a85ceeba6d6171e

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.MPRESS1

.MPRESS2

.rsrc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

10

11

12

101

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors