Manalyze report for 9b6009381175f55a346bbd826f79734ab607e17790ef2822e33db63c3eb17275

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Oct-17 00:40:30
FileDescription
FileVersion	`0.0.0.0`
InternalName	AMD_INF_Patcher.exe
LegalCopyright
OriginalFilename	AMD_INF_Patcher.exe
ProductVersion	`0.0.0.0`
Assembly Version	0.0.0.0

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://schemas.microsoft.com http://schemas.microsoft.com/winfx/2006/xaml http://schemas.microsoft.com/winfx/2006/xaml/presentation https://amd.com microsoft.com schemas.microsoft.com`
Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Malicious	The program tries to mislead users about its origins.	`The PE pretends to be from AMD but is not signed!`
Malicious	VirusTotal score: 35/71 (Scanned on 2025-11-09 08:41:13)	`ALYac: Gen:Variant.Application.Jalapeno.6` `APEX: Malicious` `AVG: Win64:Malware-gen` `AhnLab-V3: Malware/Win.Generic.C5804029` `Alibaba: Trojan:Win64/Genric.fdecaf63` `Arcabit: Trojan.Application.Jalapeno.6` `Avast: Win64:Malware-gen` `Avira: HEUR/AGEN.1374728` `BitDefender: Gen:Variant.Application.Jalapeno.6` `Bkav: W64.AIDetectMalware.CS` `CAT-QuickHeal: Trojan.Generic.TRFH1162` `CTX: exe.trojan.jalapeno` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.MulDrop32.31183` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Application.Jalapeno.6 (B)` `F-Secure: Heuristic.HEUR/AGEN.1374728` `GData: Gen:Variant.Application.Jalapeno.6` `Google: Detected` `Gridinsoft: Trojan.Win64.AI.sa` `Lionic: Trojan.Win32.Generic.4!c` `Malwarebytes: Malware.AI.91974455` `MaxSecure: Trojan.Malware.510010848.susgen` `McAfeeD: ti!9B6009381175` `MicroWorld-eScan: Gen:Variant.Application.Jalapeno.6` `Paloalto: generic.ml` `Sangfor: Suspicious.Win32.Save.a` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win64.FE_Trojan_MSIL_Generic_.lm` `Symantec: ML.Attribute.HighConfidence` `TrellixENS: Artemis!904C421C3251` `VIPRE: Gen:Variant.Application.Jalapeno.6` `Varist: W64/ABApplication.PTOZ-9140` `alibabacloud: Riskware:Win/Jalapeno.Gen`

Hashes

MD5	`904c421c3251debaf2bf1cb3a76a0d9d`
SHA1	`3ca2f3d155652326a0014f50c237265c384ea62e`
SHA256	`9b6009381175f55a346bbd826f79734ab607e17790ef2822e33db63c3eb17275`
SHA3	`e5456b52bd57a4c1662854a3218d07ed69efa9950b17360dd1cc53a7888deec9`
SSDeep	`1536:80lYhtC3WqCpqjBnQWPiiGGzZaPaL/l0HLv5jcdlX1bo351:80lYhtC3rCpqjBnQWPiiGGzZaPA/l0r`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`2`
TimeDateStamp	2025-Oct-17 00:40:30
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`11.0`
SizeOfCode	`0x13000`
SizeOfInitializedData	`0x600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000000000 (Section: ?)`
BaseOfCode	`0x2000`
ImageBase	`0x140000000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x18000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`397467e072bba1b47293d0dbe7c7cbca`
SHA1	`89771b3b53c0c02fc99e81213c5ea3bdbe4c019e`
SHA256	`60fd78349b10178abd5e7b57e5ffe93561a96380bc1b722b5584d36854325a89`
SHA3	`7eeb094c864159591ee14614344ef06b8f1b90a6853e62ff6e6a77d244cad54b`
VirtualSize	`0x12eac`
VirtualAddress	`0x2000`
SizeOfRawData	`0x13000`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.84905`

.rsrc

MD5	`ae80cf55f43814bb4449f4dcf5c925f5`
SHA1	`db9de0a1254c53b6d2b7d36df2bcf7fcd6ce99b9`
SHA256	`7a3e9f630776968aec8ecfd4bdf0419e06d2b1fe559d2693b5c359c7740cb10a`
SHA3	`b0734439eed02b69eafc401b0067940639b0a0a8a8995e106c49665c81deb8bb`
VirtualSize	`0x4f8`
VirtualAddress	`0x16000`
SizeOfRawData	`0x600`
PointerToRawData	`0x13200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.78426`

Imports

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x264`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21991`
MD5	`545eb40a752045bea54c5fbf88b3fe2f`
SHA1	`57a87bd3e841b2adde443050b6c75ead2591fbc6`
SHA256	`ddec5ae036367fbf3ab2dc665a237ebae741ff7ab28fa4ab3a9fa435f0d59f45`
SHA3	`28c2865cd021b0ad5a413ad0ecca93be48a65c75c5a50c18c894fcab5029ae8b`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription
FileVersion (#2)	0.0.0.0
InternalName	AMD_INF_Patcher.exe
LegalCopyright
OriginalFilename	AMD_INF_Patcher.exe
ProductVersion (#2)	0.0.0.0
Assembly Version	0.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.