Manalyze report for 9a325943f05811008d6aa02f9a77db71

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Mar-08 01:19:43
Detected languages	English - United States
Debug artifacts	C:\Users\kyle\Desktop\trash\corruption.vip-master\2.pdb

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: qemu` `Miscellaneous malware strings: Exploit Virus`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Malicious	The PE contains functions mostly used by malware.	`Uses functions commonly found in keyloggers: GetForegroundWindow GetAsyncKeyState`
Malicious	VirusTotal score: 22/64 (Scanned on 2018-03-29 01:10:13)	`CAT-QuickHeal: Trojan.IGENERIC` `McAfee: Artemis!9A325943F058` `K7AntiVirus: Unwanted-Program ( 005261191 )` `K7GW: Unwanted-Program ( 005261191 )` `TrendMicro: TROJ_GEN.R03FC0OCC18` `Cyren: W32/Trojan.HADM-1030` `Symantec: Trojan.Gen.2` `TrendMicro-HouseCall: TROJ_GEN.R03FC0OCC18` `Paloalto: generic.ml` `AegisLab: Gen.Variant.Razy!c` `VIPRE: Trojan.Win32.Generic!BT` `McAfee-GW-Edition: BehavesLike.Win32.Trojan.dh` `Sophos: Harmony Loader (PUA)` `Ikarus: Trojan.Graftor` `Fortinet: Riskware/GameHack` `AVware: Trojan.Win32.Generic!BT` `MAX: malware (ai score=94)` `ESET-NOD32: a variant of Win32/GameHack.BZX potentially unsafe` `SentinelOne: static engine - malicious` `eGambit: Trojan.Generic` `Panda: Trj/GdSda.A` `Qihoo-360: Win32/Trojan.395`

Hashes

MD5	`9a325943f05811008d6aa02f9a77db71`
SHA1	`965375971bd753df40a1c47a502f0474e4ef33fe`
SHA256	`edd7ea4d270ead22a232713e393f2a3ce45f295112026727f5d5bb1b208f6068`
SHA3	`8798d0339930d1449094f03bc308697a41de9c8cbc4d2c2d4b0e02f48adfef9b`
SSDeep	`24576:DtM7WQ/XSfepyF9xXmEKfpQzG1AvHLzlDi+LzlDirZyJ:DtM7WkazWdOLzlDi+LzlDirUJ`
Imports Hash	`d472166fe3d664955d83688be218bbb2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2018-Mar-08 01:19:43
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x5ca00`
SizeOfInitializedData	`0xa4400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00057BE0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x5e000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x105000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`acc5f9a0565509708cf74a233147a484`
SHA1	`9bbf4349205bd7aeac7583e57549d8802fc0a99f`
SHA256	`9439b5ec583a84eac76bffe8395ec67c59d78932636390c54d4c292a8de55e4b`
SHA3	`0d80f889c9f0ae2875529b5ec9cdf617b09457a6d632947eb045e77e22b0a286`
VirtualSize	`0x5c9a9`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5ca00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.24387`

.rdata

MD5	`cf8eea248a0b374d5a0fc26aecc86b46`
SHA1	`7d6ac27c48f2c45092e2a78e3d90fc5c85d3f9ac`
SHA256	`4cf890be81557ad606757b44b138768e6cbf7034a26fc922b13f90ad660d52de`
SHA3	`236e912f639ab71157f047bb20910841ac3b5d4b3c342e86c83b27d3887b9229`
VirtualSize	`0x622a6`
VirtualAddress	`0x5e000`
SizeOfRawData	`0x62400`
PointerToRawData	`0x5ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.1315`

.data

MD5	`255fb9aff84139a76046f43f4487268c`
SHA1	`59c340617d74950c61886af8c8ad055142026f19`
SHA256	`fa7efd33f0e8df411fefbe0cae7e2cd47424ab89230b7e92f7518631ddaa040c`
SHA3	`77b092f78cee0acfcd87a58ed69eb6a3f79acb6b0e7d5d0e36b314c70fc740a3`
VirtualSize	`0x3c78c`
VirtualAddress	`0xc1000`
SizeOfRawData	`0x2a400`
PointerToRawData	`0xbf200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.29653`

.rsrc

MD5	`fc652cd6350e5b9060521338bdff9d3a`
SHA1	`7eff97c29c5ee725818cd2ddf23f2a815a9e9cf6`
SHA256	`9819b06f1bb47961f0aa6ece2d8d92f76f4c7730aa4c92d199f04ad8f4edd937`
SHA3	`022074719615ff805e03690170232e39627303b3a731943da41c9ed3db593c4f`
VirtualSize	`0x1e0`
VirtualAddress	`0xfe000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe9600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72473`

.reloc

MD5	`0cdaf5645b3d5bce4296a0d5d37fb6c3`
SHA1	`5777af17c57dcdd7c4ddd99315efc44cb888e4d7`
SHA256	`0de61c9ebfbe63801d77f6a9c1ed38dc1f2cb8c6c5991813a9a3ac46ce28ac84`
SHA3	`f612c2411a3d04b15f69aa895f9bcc876ec20283bc4097f295bf09a59ec7dcfc`
VirtualSize	`0x5564`
VirtualAddress	`0xff000`
SizeOfRawData	`0x5600`
PointerToRawData	`0xe9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.71887`

Imports

KERNEL32.dll	`Sleep` `CreateThread` `FreeLibraryAndExitThread` `Beep` `GetTickCount` `GetModuleHandleW` `GetProcAddress` `GetModuleHandleA` `VirtualProtect` `GetCurrentProcess` `K32GetModuleInformation` `GetStdHandle` `IsBadCodePtr` `SetConsoleTextAttribute` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsDebuggerPresent` `IsProcessorFeaturePresent` `TerminateProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `CreateEventW` `WaitForSingleObjectEx` `ResetEvent` `SetEvent` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `CloseHandle` `InitializeSListHead`
USER32.dll	`MessageBoxA` `GetForegroundWindow` `GetKeyNameTextA` `GetCursorPos` `GetAsyncKeyState` `ScreenToClient`
MSVCP140.dll	`?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z` `?good@ios_base@std@@QBE_NXZ` `?flags@ios_base@std@@QBEHXZ` `?width@ios_base@std@@QBE_JXZ` `?width@ios_base@std@@QAE_J_J@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z` `?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ` `?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ` `?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ` `?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ` `?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z` `?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ` `?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ` `?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z` `?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ` `?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ` `?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ` `?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z` `?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z` `?_BADOFF@std@@3_JB` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z` `?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A` `?_Xbad_alloc@std@@YAXXZ` `?always_noconv@codecvt_base@std@@QBE_NXZ` `?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ` `?_Xlength_error@std@@YAXPBD@Z` `?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z` `?_Xout_of_range@std@@YAXPBD@Z` `??0_Lockit@std@@QAE@H@Z` `??1_Lockit@std@@QAE@XZ` `?uncaught_exception@std@@YA_NXZ` `?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z` `??Bid@locale@std@@QAEIXZ`
WINMM.dll	`PlaySoundA`
VCRUNTIME140.dll	`_CxxThrowException` `_purecall` `__std_exception_destroy` `memcmp` `__CxxFrameHandler3` `memmove` `__std_type_info_destroy_list` `_except_handler4_common` `__std_exception_copy` `__vcrt_InitializeCriticalSectionEx` `strchr` `strstr` `memchr` `memcpy` `memset`
api-ms-win-crt-runtime-l1-1-0.dll	`_errno` `_invalid_parameter_noinfo` `_invalid_parameter_noinfo_noreturn` `_configure_narrow_argv` `_initterm_e` `_initterm` `terminate` `_cexit` `_crt_atexit` `_execute_onexit_table` `_register_onexit_function` `_initialize_onexit_table` `_seh_filter_dll` `_initialize_narrow_environment`
api-ms-win-crt-math-l1-1-0.dll	`floor` `_CIatan2` `_libm_sse2_cos_precise` `_except1` `_libm_sse2_sin_precise` `ceil` `fmaxf` `_libm_sse2_pow_precise` `_libm_sse2_sqrt_precise` `_CIfmod` `_libm_sse2_acos_precise` `_libm_sse2_atan_precise` `copysignf`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `free` `malloc`
api-ms-win-crt-stdio-l1-1-0.dll	`setvbuf` `ungetc` `__stdio_common_vsprintf_s` `ftell` `fseek` `fwrite` `fread` `ferror` `fopen_s` `puts` `_fseeki64` `__acrt_iob_func` `fsetpos` `__stdio_common_vfprintf` `__stdio_common_vsprintf` `_get_stream_buffer_pointers` `fputc` `fgetpos` `fgetc` `fflush` `fclose` `__stdio_common_vsnprintf_s`
api-ms-win-crt-convert-l1-1-0.dll	`atoi` `strtoul` `atof` `mbstowcs_s`
api-ms-win-crt-utility-l1-1-0.dll	`rand`
api-ms-win-crt-string-l1-1-0.dll	`isdigit` `isalpha` `strncmp` `strcpy_s` `isspace`
api-ms-win-crt-time-l1-1-0.dll	`clock` `_time64` `strftime` `_localtime64`
api-ms-win-crt-filesystem-l1-1-0.dll	`_lock_file` `_unlock_file`

Delayed Imports

?ReflectiveLoader@@YGKXZ

Ordinal	`1`
Address	`0x26030`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2018-Mar-08 01:19:43
Version	`0.0`
SizeofData	`80`
AddressOfRawData	`0xb97a0`
PointerToRawData	`0xb85a0`
Referenced File	C:\Users\kyle\Desktop\trash\corruption.vip-master\2.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2018-Mar-08 01:19:43
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xb97f0`
PointerToRawData	`0xb85f0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2018-Mar-08 01:19:43
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0xb9804`
PointerToRawData	`0xb8604`

TLS Callbacks

StartAddressOfRawData	`0x100b9b44`
EndAddressOfRawData	`0x100b9b4c`
AddressOfIndex	`0x100fd428`
AddressOfCallbacks	`0x1005e48c`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x98`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x100eabe8`
SEHandlerTable	`0x100b93e0`
SEHandlerCount	`240`

RICH Header

XOR Key	`0xfa0696fa`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`18`
ASM objects (25305)	`5`
C objects (25305)	`11`
Imports (25305)	`4`
C++ objects (25305)	`22`
Imports (24610)	`7`
Total imports	`186`
C++ objects (25508)	`32`
Exports (25508)	`1`
Resource objects (25508)	`1`
Linker (25508)	`1`

9a325943f05811008d6aa02f9a77db71

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

?ReflectiveLoader@@YGKXZ

2

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors