Manalyze report for a3453c73321e5d6c834f47a6ac4c45c8fe92e3ad0eec75df83a3b4b4da228824

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1992-Jun-19 22:22:17
Detected languages	English - United States Russian - Russia

Plugin Output

Suspicious	PEiD Signature:	`UPX -> www.upx.sourceforge.net`
Suspicious	The PE is possibly packed.	`Unusual section name found:` `Section is both writable and executable.` `Section .rdata is both writable and executable.` `The PE only has 6 import(s).`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegCloseKey`
Suspicious	The PE header may have been manually modified.	`Resource 103 is possibly compressed or encrypted.` `Resource 100 is possibly compressed or encrypted.` `Resource 4094 is possibly compressed or encrypted.` `Resource 4095 is possibly compressed or encrypted.` `Resource 4096 is possibly compressed or encrypted.` `The resource timestamps differ from the PE header: 2004-Apr-05 17:41:30`
Malicious	VirusTotal score: 48/70 (Scanned on 2023-01-27 01:35:24)	`ALYac: Trojan.Generic.3284756` `APEX: Malicious` `Antiy-AVL: Trojan/Win32.SGeneric` `Arcabit: Trojan.Generic.D321F14` `Avira: TR/Agent.34816.I` `BitDefender: Trojan.Generic.3284756` `BitDefenderTheta: Gen:NN.ZelphiF.36212.cmGfamlu8dgk` `Cybereason: malicious.7090b8` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `ESET-NOD32: a variant of Win32/Keygen.DZ potentially unsafe` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.Generic.3284756 (B)` `F-Secure: Trojan.TR/Agent.34816.I` `FireEye: Trojan.Generic.3284756` `Fortinet: W32/KeyGen.C` `GData: Trojan.Generic.3284756` `Google: Detected` `Gridinsoft: Malware.Win32.Gen.bot!se62747` `Ikarus: Trojan-Spy.Win32.Banker.JU` `K7AntiVirus: Trojan ( 0001140e1 )` `K7GW: Trojan ( 0001140e1 )` `Kingsoft: Win32.Troj.Generic.(kcloud)` `Lionic: Trojan.Win32.QQRob.lxu1` `MAX: malware (ai score=94)` `Malwarebytes: Malware.AI.3269388303` `MaxSecure: Trojan.Malware.300983.susgen` `McAfee: Generic.bnk` `McAfee-GW-Edition: BehavesLike.Win32.Dropper.nc` `MicroWorld-eScan: Trojan.Generic.3284756` `Microsoft: Worm:Win32/Stormser` `NANO-Antivirus: Trojan.Win32.Agent.coxsny` `Panda: Trj/CI.A` `Rising: Trojan.Occamy!8.F1CD (CLOUD)` `SUPERAntiSpyware: Hack.Tool/Gen-Keygen` `Sangfor: Suspicious.Win32.Save.a` `SentinelOne: Static AI - Suspicious PE` `Sophos: Keygen (PUA)` `Symantec: SMG.Heur!gen` `TACHYON: Trojan/W32.Agent.34816.NI` `Trapmine: malicious.high.ml.score` `TrendMicro: TROJ_GEN.R002C0OEE22` `TrendMicro-HouseCall: TROJ_GEN.R002C0OEE22` `VIPRE: Trojan.Generic.3284756` `VirIT: Trojan.Win32.Agent3.YXR` `Webroot: W32.Malware.Gen` `Yandex: Trojan.Agent!BhxrI97gh0Y` `Zillya: Trojan.Agent.Win32.159939`

Hashes

MD5	`37d0ed97090b8e2f1756e62d91b41271`
SHA1	`fd00df7e5680d8df4aa777450b7430b197ca90c6`
SHA256	`a3453c73321e5d6c834f47a6ac4c45c8fe92e3ad0eec75df83a3b4b4da228824`
SHA3	`8fe5ceee72761fd650d4b651fb5a6ed591c477d397ecace8bdaeffb82dc491a9`
SSDeep	`768:RPHf4/CnqQu1giRwZQ7SAklA6RrIxricT6Xe9iCv1d2uc:RvqnHwS72ljRET6uICv1Af`
Imports Hash	`469c6f8451134670fcfa36c1039050a3`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x8000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0x10000`
AddressOfEntryPoint	`0x00018B10 (Section: .rdata)`
BaseOfCode	`0x11000`
BaseOfData	`0x19000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x1a000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

Section_1

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x10000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`fdfa6225493762370a90e73f8849fcac`
SHA1	`b07f5451fcd9b93da51740927f081e02c600db25`
SHA256	`7fae4f0d77fd102bd4046e01c3c71170e8cc173fcba0febada11a956679feba7`
SHA3	`a0639bcce53bee4c074c1011be4a3cf0151abd543b768deaa67d2b339bd653ec`
VirtualSize	`0x8000`
VirtualAddress	`0x11000`
SizeOfRawData	`0x7e00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.87675`

.rsrc

MD5	`2c19fd5853bc3725b7c4d6be2bd192bf`
SHA1	`9ca7a02fe36d238fff6881f4be16597cc9b5ea2b`
SHA256	`4617b5d7eb8bfe673721b5f9aa973604b891d7b960b828726ad8b2ebe61491b4`
SHA3	`3cf5fffad227dcdf61e61b3ce283c7772e81eea1629cfdac61be1dcc96473de5`
VirtualSize	`0x1000`
VirtualAddress	`0x19000`
SizeOfRawData	`0x800`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.50158`

Imports

KERNEL32.DLL	`LoadLibraryA` `GetProcAddress` `ExitProcess`
advapi32.dll	`RegCloseKey`
oleaut32.dll	`SysFreeString`
user32.dll	`LoadIconA`

Delayed Imports

103

Type	`RT_BITMAP`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x4500`
TimeDateStamp	2004-Apr-05 17:41:30
Entropy	`7.89727`
MD5	`04f6ce482fd215028eb1709bb0ff767e`
SHA1	`958f2f46bd97188c0bf1e7839c4abda1f98cc8aa`
SHA256	`560369cb8742d6527b6cbe91f2e503dd341b8216252d8b22f7b33f6811770c93`
SHA3	`9e4b6ec8e423b4d8998051dfe9f7c89d9cd86346692de0dc890abb6bef397038`
Preview

1

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2004-Apr-05 17:41:30
Entropy	`3.27894`
MD5	`d2008b797eb3a19866a16c92e2415415`
SHA1	`2ef6097eec07660880e8454ffe2ef0f94fbf1ac2`
SHA256	`e56bef4e591d04b66e02421667fcdf21e80043e87eb8a6109be7e9c89c9d50f3`
SHA3	`dc9861ad1aeedc809d6daef92a012424c3654a0fe0b9579bae8ee6a53dc1924e`

100

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1b0`
TimeDateStamp	2004-Apr-05 17:41:30
Entropy	`7.06291`
MD5	`2bcb6cdcbf7c001414546719ebf78e2f`
SHA1	`93da9ce2e5e54945e904f77842b6d6eb44e35efb`
SHA256	`c481bcc08794bf3e87e8e2302c5f2e51e9f61a265be03068917d2a2b13e8e9a2`
SHA3	`1874269c679f55dad88a3aeb2d26349058814f94c34e6dc637aa6607125d5eda`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x34`
TimeDateStamp	2004-Apr-05 17:41:30
Entropy	`5.2389`
MD5	`777de367a36c5235f92f75ad828bb341`
SHA1	`c5bad2ee857b38375aebed828bd2f0a71e447a54`
SHA256	`491c6a17c25945d14e198ec0eb06d34640ffd48400c1cf18071f86f56b794911`
SHA3	`1ee3d79e042541ab30f7244d4cc7578886459659c9e81182c31ae43e5fd11331`

4092

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xec`
TimeDateStamp	2004-Apr-05 17:41:30
Entropy	`6.85257`
MD5	`b94e17a613d11ca202512777ce09c7fd`
SHA1	`75020c6729fb57ae1cb09bb7ddc9d70b79526d17`
SHA256	`a7350d0aa4b13d103f80bb9efbcf1d1fe5e056abe9b7bc90c06829aba4f31e4f`
SHA3	`584c178fd86c7c9d157766e73990f72faa4751004767fd74806fc1c4f92ffaa8`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd0`
TimeDateStamp	2004-Apr-05 17:41:30
Entropy	`6.58057`
MD5	`8f28bee30321e95ff1e7743338a96863`
SHA1	`0ee6314b047c6cab619c5c6898d25ec9ee799d66`
SHA256	`b0ff6019ce4c16c9b92fab27fed6f600c15b47d264ebe5ff1279d51cf893554d`
SHA3	`ff7f16251e5b5bbfddfb3afc4918052a1ad0b3032c47bb73e568198ec41df5e7`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2ac`
TimeDateStamp	2004-Apr-05 17:41:30
Entropy	`7.45992`
MD5	`bbd5c7637d8299e6628a82c7999ff645`
SHA1	`b6c5d63220cf0c122c29d206481bfcbbb5fc0341`
SHA256	`19a005a5de72a8d3dcb36bbb8fb0de919f60a228f25d00ae421353becd21e487`
SHA3	`9f2554d1555797195aaf18a194ac4a214e09537a059d39615ae412b6edaa8056`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x358`
TimeDateStamp	2004-Apr-05 17:41:30
Entropy	`7.51363`
MD5	`2f57f8a32eb45987034753e818ac2f30`
SHA1	`c4a405dd621144bed27ec9129df26eda879cd850`
SHA256	`d5fe83e6778959b0fdd10da5512e096dd42173208ea4fb516b7647384b3d8fac`
SHA3	`02810907cf3cd63de3e1c4ef1d729119ca1da31c3f52bad738d6ba87f4ec676a`

4096

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2b4`
TimeDateStamp	2004-Apr-05 17:41:30
Entropy	`7.51858`
MD5	`6573d77d3b0cdfdf6d5d2a336dc8a4f2`
SHA1	`e009c7546d36705a1bbc8da8f4270495baf00ff6`
SHA256	`e4e7a10d2e43796c0edd12c4cd3371a71612f2715c3d0d28c1c53773ed9b2857`
SHA3	`6e1eb3c256ca31c64cfaeba4e29968d3f44953d1af2021ce984a4cb47d5c77c7`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2004-Apr-05 17:41:30
Entropy	`4`
MD5	`c01dce7c59fa5ea7c6b05c8bf686c896`
SHA1	`bd57717a6e6faf8cee91b66f2c1eb4a61fb19b1b`
SHA256	`07f2b34693cbd581bb3d1f6d5e72e8b1d3bdb9386f182507395acdb5208234d5`
SHA3	`c55d3092ea9c2da32519cd003168fb4a64956ce5fec43ae55351edb5075ad63a`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x60`
TimeDateStamp	2004-Apr-05 17:41:30
Entropy	`6.2308`
MD5	`cd737362b81cc37b12d4720ecb241266`
SHA1	`3bcb74920c63d81cc30c7129688fc4ef35b7a147`
SHA256	`78ac2917bef1736dd88a6ddfca561a64dfc207dbb4a462bbadb621c2d3e1dd2b`
SHA3	`21beb6221ec737dd65c1bd629b35ac3b7fce0b837a9b21b112c77c8511654fb9`

MAINICON

Type	`RT_GROUP_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2004-Apr-05 17:41:30
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`42cf62b780813706e75fb9f2b2e8c258`
SHA1	`a022d5c1cfdd8aace0089f3e72f2eedd41bda464`
SHA256	`a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf`
SHA3	`0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section  has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!

Leave a comment

No comments yet.