Manalyze report for 97d52f54dfdbe3f2fc2171b54afa8b97647a1bc88d2bf2e387fe8f78b55c85aa

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2026-Jun-12 11:21:22

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities: WriteProcessMemory VirtualAllocEx OpenProcess CreateRemoteThread` `Can access the registry: RegSetValueExA RegQueryValueExA RegOpenKeyExW RegOpenKeyExA RegDeleteKeyA RegCreateKeyExA RegCloseKey RegSetValueExW` `Memory manipulation functions often used by packers: VirtualProtectEx VirtualAllocEx VirtualProtect` `Leverages the raw socket API to access the Internet: socket WSAGetLastError recv connect closesocket WSAStartup WSACleanup freeaddrinfo getaddrinfo send` `Manipulates other processes: ReadProcessMemory WriteProcessMemory Process32Next OpenProcess Process32First`
Malicious	VirusTotal score: 54/67 (Scanned on 2026-06-26 06:04:44)	`ALYac: Gen:Variant.Application.Mikey.108129` `APEX: Malicious` `AVG: Win64:MalwareX-gen [Misc]` `AhnLab-V3: Trojan/Win.Generic.C5801837` `Alibaba: Trojan:Win64/Mikey.1ade1626` `Antiy-AVL: Trojan/Win64.Mikey` `Arcabit: Trojan.Application.Mikey.D1A661` `Avast: Win64:MalwareX-gen [Misc]` `Avira: TR/W64.Agent` `BitDefender: Gen:Variant.Application.Mikey.108129` `Bkav: W32.Malware.566F5FD4` `CAT-QuickHeal: Trojan.Multi` `CTX: exe.trojan.mikey` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/Agent.GUY trojan` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Application.Mikey.108129 (B)` `F-Secure: Trojan.TR/W64.Agent` `Fortinet: Adware/Agent` `GData: Gen:Variant.Application.Mikey.108129` `Google: Detected` `Gridinsoft: Trojan.Win64.Agent.sa` `K7AntiVirus: Trojan ( 005ce2c31 )` `K7GW: Trojan ( 005ce2c31 )` `Kaspersky: UDS:DangerousObject.Multi.Generic` `Kingsoft: malware.kb.a.712` `Lionic: Trojan.Multi.Generic.4!c` `Malwarebytes: Malware.AI.3300400203` `MaxSecure: Trojan.Malware.325668341.susgen` `McAfeeD: ti!97D52F54DFDB` `MicroWorld-eScan: Gen:Variant.Application.Mikey.108129` `Microsoft: Trojan:Win64/Mikey!pz` `Paloalto: generic.ml` `Panda: Trj/GdSda.A` `Rising: Trojan.Agent!8.B1E (TFE:5:AWGNN05nltM)` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: BehavesLike.Win64.NetLoader.dh` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.10c48c4a` `Trapmine: malicious.high.ml.score` `TrendMicro: Trojan.Win32.ZYX.USBLFC26` `TrendMicro-HouseCall: Trojan.Win32.ZYX.USBLFC26` `VIPRE: Gen:Variant.Application.Mikey.108129` `Varist: W64/ABApplication.NGBF-6725` `VirIT: Trojan.Win64.GenK.JAX` `Webroot: W32.Malware.gen` `Zillya: Trojan.Agent.Win64.188222` `alibabacloud: Riskware:Win/Mikey.Gen` `huorong: Trojan/Injector.cmi`

Hashes

MD5	`1f122145a516407b9d7899ef9d98a7ac`
SHA1	`1ea7701f291d8feba331c8b5105358492ace1d77`
SHA256	`97d52f54dfdbe3f2fc2171b54afa8b97647a1bc88d2bf2e387fe8f78b55c85aa`
SHA3	`b51367c23731acb3f60860333481324f59e5bbdb4badfe8b8f86fbc2330d8266`
SSDeep	`3072:CbwWE5nqVsRiV3nGNeGviwYap+JbdaWnnFB4Yv/X3QrVyE+gCr:AGnqasVGlMxdHNf3Q0eCr`
Imports Hash	`c21f7e17d1d746619c809b3ce642d7e8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2026-Jun-12 11:21:22
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x28000`
SizeOfInitializedData	`0x17200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000A5F4 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x43000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5d751740591afdd602363ad82bc66ae3`
SHA1	`294ff8ca4cda63ffc1d3e4c3bdd9d5fa62d2eb3f`
SHA256	`cb9b063999fce08cd71d8e0f81edb0654622220d9d922ac8007fda9e0be2093f`
SHA3	`af29ebc630f88ef41a8ff8cd7de68191b3f14ac96402ae576d7b0ccca76ed13f`
VirtualSize	`0x27f30`
VirtualAddress	`0x1000`
SizeOfRawData	`0x28000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.3776`

.rdata

MD5	`907e0a3064ab908724586b887821e8de`
SHA1	`e284f3e32b23ef178ce79259146ceedad7f68812`
SHA256	`741409bc7d2e907bdc3b5e6c052cc32e2157489715a46c808c39d0fff0a59fe6`
SHA3	`b935718ddc293e5ad2dbb08b19b21990220c28737d9ed1e896c7ab3c6285f5fb`
VirtualSize	`0xc5ac`
VirtualAddress	`0x29000`
SizeOfRawData	`0xc600`
PointerToRawData	`0x28400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.11162`

.data

MD5	`1672764f0230c6f31515685c050ca0fb`
SHA1	`50e4262b5ddf6aba4ed6fb7f0f44eb340b67fe19`
SHA256	`70ab795df5568baea1e5f44b0f38e7660d68de2c7627be3efb82f07866b20ef0`
SHA3	`0e7e51f84bf8e686ddb20a82140f95c5552fb014ae59989c2d0143a956c5dfaa`
VirtualSize	`0x7f88`
VirtualAddress	`0x36000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x34a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.26642`

.pdata

MD5	`dcd7c2df331e628794030d17e18d75fa`
SHA1	`823c1bcef0d0ef25356ad4f260b797314a81e466`
SHA256	`3871574fd32f7f5a7de3f86eefc8ac52660a8587bb49e30e4e1d8a6fbf1fd6f1`
SHA3	`3bf03cbdca44f9bb1684d23a61038245afe7863666071b04986d0f00ed61b6fa`
VirtualSize	`0x2130`
VirtualAddress	`0x3e000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x3ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.2705`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0x41000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.reloc

MD5	`e5d82e1cd5cfdf6d6c8d5bff3ffd6020`
SHA1	`df52858bfa8fa7db595c78c73336cb7243974767`
SHA256	`5f62bcb4f3bf4e26015805ce38d7d76a8ca438ca819656c2424478f2a7bd23e9`
SHA3	`aae79006ec843d40aac4bc1674551857c30a6ed7bf150c42fe442198e528a954`
VirtualSize	`0x710`
VirtualAddress	`0x42000`
SizeOfRawData	`0x800`
PointerToRawData	`0x3de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.17559`

Imports

KERNEL32.dll	`ReadProcessMemory` `WriteProcessMemory` `GetModuleHandleA` `GetProcAddress` `CreateToolhelp32Snapshot` `VirtualProtectEx` `Process32Next` `WriteConsoleW` `CreateFileW` `HeapReAlloc` `HeapSize` `VirtualAllocEx` `GetTickCount64` `OpenProcess` `CreateRemoteThread` `Sleep` `WaitForSingleObject` `GetLastError` `Process32First` `CloseHandle` `SetFilePointerEx` `GetFileSizeEx` `ReadConsoleW` `ReadFile` `GetConsoleMode` `GetConsoleOutputCP` `FlushFileBuffers` `GetProcessHeap` `GetStringTypeW` `SetStdHandle` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlPcToFileHeader` `RaiseException` `RtlUnwindEx` `SetLastError` `EncodePointer` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `GetCommandLineA` `GetCommandLineW` `HeapAlloc` `HeapFree` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `InitializeCriticalSectionEx` `VirtualProtect` `CompareStringW` `LCMapStringW` `GetFileType` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `RtlUnwind`
USER32.dll	`GetAsyncKeyState` `SendInput`
ADVAPI32.dll	`RegSetValueExA` `RegQueryValueExA` `RegOpenKeyExW` `RegOpenKeyExA` `RegDeleteKeyA` `RegCreateKeyExA` `RegCloseKey` `RegSetValueExW`
WS2_32.dll	`socket` `WSAGetLastError` `recv` `connect` `closesocket` `WSAStartup` `WSACleanup` `freeaddrinfo` `getaddrinfo` `send`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2026-Jun-12 11:21:22
Version	`0.0`
SizeofData	`800`
AddressOfRawData	`0x32be8`
PointerToRawData	`0x31fe8`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x14003c2c0`

RICH Header

XOR Key	`0x8fa0b4db`
Unmarked objects	`0`
C++ objects (33140)	`149`
C objects (33140)	`12`
ASM objects (33140)	`9`
ASM objects (35207)	`9`
C objects (35207)	`17`
C++ objects (35207)	`46`
Imports (33140)	`9`
Total imports	`125`
C++ objects (35217)	`3`
Linker (35217)	`1`

Errors

Leave a comment

No comments yet.