Manalyze report for a2be06c9429842d60b71ec7cad109308

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2018-Apr-16 10:16:57
Detected languages	English - United States
Debug artifacts	C:\Users\Administrator\Desktop\绝地求生项目\DX11\新建文件夹 (2)\dx11.pdb

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`Reads the contents of the clipboard: GetClipboardData`
Malicious	VirusTotal score: 7/68 (Scanned on 2018-12-02 21:51:34)	`CAT-QuickHeal: Trojan.IGENERIC` `McAfee: GenericRXGL-WD!A2BE06C94298` `TrendMicro-HouseCall: TROJ_GEN.R002H06K218` `Zillya: Downloader.Agent.Win32.369661` `McAfee-GW-Edition: GenericRXGL-WD!A2BE06C94298` `Antiy-AVL: Trojan[Packed]/Win32.Blackv` `Microsoft: PUA:Win32/Presenoker`

Hashes

MD5	`a2be06c9429842d60b71ec7cad109308`
SHA1	`8bdbba585c7010cb8e4992ed68a82e3141a3f531`
SHA256	`072b297e140c04daaccaad651e979729925d708432550184774c82056e12e6f4`
SHA3	`f8d28206ba4dc077dea488446b490c4dfeffc8422562e6f691b90d35faeeff87`
SSDeep	`3072:8V3/EZ0M880HLiRuO4ocr5Zyd6PNzkAPTMAJWM9CqV1d80SwqphHyUP0/Tp3uow:8zC8r7yMTz5XA5pwuA3uiQty`
Imports Hash	`cbcb01438dd7ce5512f6bc8dfb8e18cb`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2018-Apr-16 10:16:57
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x22800`
SizeOfInitializedData	`0xba00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00022969 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x24000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x33000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ea87bc8af8de29c131a98eb6c55477e4`
SHA1	`b2fcbe76c34fd7015fe9161d78f88c5ab9f0c348`
SHA256	`44e3ae550e54ec86e8c416b7e417382ab426fc51d11ba6ced854d4add443ce14`
SHA3	`8e7583017eb361c4512e4a72d60d4e8c46326ad75402f6de8e32c166e76b79bb`
VirtualSize	`0x22638`
VirtualAddress	`0x1000`
SizeOfRawData	`0x22800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50264`

.rdata

MD5	`57f8a19bf42c3f976260eacaf939c78a`
SHA1	`6d6f7fe3d3b251eb0487896bf0248fadc6e26e91`
SHA256	`22aa82c0a494b6a26801a586642d435cfb84884c418f1d66912dee37f33b4737`
SHA3	`0bdbb5fd92b18058490d79b3007f9c51075368cdf9f65100c4b96f9dad9d80c2`
VirtualSize	`0x8e1a`
VirtualAddress	`0x24000`
SizeOfRawData	`0x9000`
PointerToRawData	`0x22c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.6258`

.data

MD5	`072148fdb5a74eec1b02a5af689c2e30`
SHA1	`5084c34ae9143987087e5274a65b3d514d392d36`
SHA256	`4e8dfe51447aaca8d10dde6d1445b137c84b2a6291418f4469e718a13f6d0025`
SHA3	`cf938fc7aec758e61c9bbb9761dae78b01e448a64edac73cb7e6c2a6ee870eec`
VirtualSize	`0xa34`
VirtualAddress	`0x2d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.19757`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.gfids

MD5	`70f7c040e78d889cf5fb22ae3e28f2d1`
SHA1	`2d0bb78a1a494fb594def060f47652d60e644d24`
SHA256	`a0782288b44f48d9e978fd5b867023967aeebf255a5cd6a2c7acf0293ab663c2`
SHA3	`ad664597b4bc5568c4b36eb53bd5afd2544608a750b7ba81b4c2d9ae8ec33210`
VirtualSize	`0x4c`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.373323`

.rsrc

MD5	`af4c8818534cc8fb1e04e8b7f731187b`
SHA1	`43e4f8a10d243f5922005168aa471d450b9d1434`
SHA256	`73fbf24d5e6b93881899dca966d4bcd0d310e03d99701ae306adf29c2f356909`
SHA3	`8fb3647db0460b77f39481488cf3de9e7bae296e785aed633d967a71a3c36803`
VirtualSize	`0x1e0`
VirtualAddress	`0x30000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.70855`

.reloc

MD5	`28412f1011e1cdaed3c902cfbdfedf4c`
SHA1	`79b94b0bebb917f7d04383a4276a18ba0fcedb9e`
SHA256	`878fcd1576c8fad45c9e34cfcf851145de9383b16a0163244e205b2c73029779`
SHA3	`a2518e5353be6361e7a4882f72ec14397e74387fd3f74479b50e8364714b5ed4`
VirtualSize	`0x1674`
VirtualAddress	`0x31000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x2c400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.55955`

Imports

d3d11.dll	`D3D11CreateDeviceAndSwapChain`
D3DCompiler_42.dll	`D3DCompile`
IMM32.dll	`ImmGetContext` `ImmSetCompositionWindow`
KERNEL32.dll	`GetCurrentProcess` `TerminateProcess` `GlobalAlloc` `GlobalLock` `GlobalUnlock` `QueryPerformanceFrequency` `QueryPerformanceCounter` `GetModuleHandleA` `MultiByteToWideChar` `WideCharToMultiByte` `DisableThreadLibraryCalls` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `IsDebuggerPresent` `IsProcessorFeaturePresent` `CloseHandle` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `SetEvent` `ResetEvent` `WaitForSingleObjectEx` `CreateEventW` `GetModuleHandleW` `GetProcAddress` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `InitializeSListHead`
USER32.dll	`SetWindowLongA` `GetWindowLongA` `CreateWindowExA` `ShowWindow` `DefWindowProcA` `UnregisterClassA` `PostQuitMessage` `RegisterClassExA` `UpdateWindow` `SetClipboardData` `GetClipboardData` `EmptyClipboard` `CloseClipboard` `OpenClipboard` `SetCursorPos` `ReleaseCapture` `GetClientRect` `GetSystemMetrics` `SetCursor` `SetCapture` `ClientToScreen` `GetKeyState` `LoadCursorA` `GetCapture`
MSVCP140.dll	`?_Xout_of_range@std@@YAXPBD@Z` `?_Xbad_alloc@std@@YAXXZ` `?_Xlength_error@std@@YAXPBD@Z`
dwmapi.dll	`DwmExtendFrameIntoClientArea`
d3dx11_42.dll	`D3DX11CreateShaderResourceViewFromMemory`
VCRUNTIME140.dll	`__std_type_info_destroy_list` `_CxxThrowException` `__std_exception_copy` `memcpy` `__CxxFrameHandler3` `_except_handler4_common` `memset` `__vcrt_InitializeCriticalSectionEx` `strstr` `__std_terminate` `memmove` `__std_exception_destroy`
api-ms-win-crt-stdio-l1-1-0.dll	`fclose` `fflush` `__acrt_iob_func` `fseek` `fwrite` `ftell` `_wfopen` `__stdio_common_vsprintf` `fread` `__stdio_common_vsscanf` `__stdio_common_vfprintf`
api-ms-win-crt-utility-l1-1-0.dll	`qsort`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `free` `malloc`
api-ms-win-crt-runtime-l1-1-0.dll	`_crt_atexit` `_cexit` `_execute_onexit_table` `_initterm` `_initterm_e` `_register_onexit_function` `_invalid_parameter_noinfo_noreturn` `terminate` `_initialize_onexit_table` `_seh_filter_dll` `_initialize_narrow_environment` `_wassert` `_configure_narrow_argv`
api-ms-win-crt-time-l1-1-0.dll	`_mktime64` `_time64` `_localtime64_s`
api-ms-win-crt-convert-l1-1-0.dll	`atoi`
api-ms-win-crt-math-l1-1-0.dll	`ceil` `_libm_sse2_cos_precise` `_CIfmod` `floor` `_except1` `_libm_sse2_sin_precise` `_libm_sse2_sqrt_precise`

Delayed Imports

_Begin@0

Ordinal	`1`
Address	`0x216a0`

_DestoryDx11@4

Ordinal	`2`
Address	`0x211d0`

_End@0

Ordinal	`3`
Address	`0x216b0`

_IniDx11@12

Ordinal	`4`
Address	`0x21720`

_NewCircle@36

Ordinal	`5`
Address	`0x21530`

_NewFilledCircle@32

Ordinal	`6`
Address	`0x215d0`

_NewFilledRect@32

Ordinal	`7`
Address	`0x21490`

_NewImage@24

Ordinal	`8`
Address	`0x21670`

_NewLine@36

Ordinal	`9`
Address	`0x21350`

_NewRect@36

Ordinal	`10`
Address	`0x213f0`

_NewText@28

Ordinal	`11`
Address	`0x212b0`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2018-Apr-16 10:16:57
Version	`0.0`
SizeofData	`108`
AddressOfRawData	`0x2b864`
PointerToRawData	`0x2a464`
Referenced File	C:\Users\Administrator\Desktop\绝地求生项目\DX11\新建文件夹 (2)\dx11.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2018-Apr-16 10:16:57
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x2b8d0`
PointerToRawData	`0x2a4d0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2018-Apr-16 10:16:57
Version	`0.0`
SizeofData	`816`
AddressOfRawData	`0x2b8e4`
PointerToRawData	`0x2a4e4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2018-Apr-16 10:16:57
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1002e000`
EndAddressOfRawData	`0x1002e008`
AddressOfIndex	`0x1002d52c`
AddressOfCallbacks	`0x10024228`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1002d00c`
SEHandlerTable	`0x1002b840`
SEHandlerCount	`9`

RICH Header

XOR Key	`0x62332dac`
Unmarked objects	`0`
ASM objects (VS2015 UPD3 build 24123)	`5`
C++ objects (VS2015 UPD3 build 24123)	`22`
C objects (VS2015 UPD3 build 24123)	`11`
Imports (VS2015 UPD3 build 24123)	`4`
Imports (65501)	`8`
Imports (VS2008 SP1 build 30729)	`23`
Total imports	`122`
265 (VS2015 UPD3.1 build 24215)	`5`
Exports (VS2015 UPD3.1 build 24215)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

a2be06c9429842d60b71ec7cad109308

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.tls

.gfids

.rsrc

.reloc

Imports

Delayed Imports

_Begin@0

_DestoryDx11@4

_End@0

_IniDx11@12

_NewCircle@36

_NewFilledCircle@32

_NewFilledRect@32

_NewImage@24

_NewLine@36

_NewRect@36

_NewText@28

2

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors