a5562ca6408898d35f9b6a553cd73dbe8152cb7b1c20a2dc50fff97ab9f84806
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 1992-Jun-19 22:22:17 |
| Detected languages |
English - United States
|
Plugin Output
| Suspicious | PEiD Signature: | PECompact v2.xx |
| Suspicious | The PE is possibly packed. |
Section .text is both writable and executable.
Section .rsrc is both writable and executable. The PE only has 4 import(s). |
| Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
| Suspicious | The PE header may have been manually modified. |
The resource timestamps differ from the PE header:
|
| Malicious | VirusTotal score: 38/72 (Scanned on 2025-11-03 07:16:55) |
APEX:
Malicious
Antiy-AVL: Trojan/Win32.Agent Bkav: W32.AIDetectMalware CAT-QuickHeal: Trojan.Ghanarava.1713390083deec1a ClamAV: Win.Trojan.Agent-480293 CrowdStrike: win/grayware_confidence_60% (W) Cylance: Unsafe Cynet: Malicious (score: 100) DeepInstinct: MALICIOUS ESET-NOD32: Win32/HackTool.Patcher.AR potentially unsafe Fortinet: Riskware/Generic_PUA_PF.AR K7AntiVirus: Unwanted-Program ( 004d46cd1 ) K7GW: Unwanted-Program ( 004d46cd1 ) Kingsoft: Win32.HackTool.Patcher.AR Lionic: Trojan.Win32.Banload.ldg4 Malwarebytes: Malware.Heuristic.2014 MaxSecure: Trojan.Malware.300983.susgen McAfeeD: ti!A5562CA64088 Microsoft: Program:Win32/Ymacco NANO-Antivirus: Trojan.Win32.Agent.vgehs Panda: Generic Malware Rising: Trojan.Win32.Generic.1568E975 (C64:YzY0OpLuZSu1487C) SUPERAntiSpyware: Hack.Tool/Gen-Patcher Sangfor: PUP.Win32.Agent.V7lh SentinelOne: Static AI - Malicious PE Skyhigh: BehavesLike.Win32.Generic.cc Sophos: Generic Reputation PUA (PUA) Symantec: ML.Attribute.HighConfidence Trapmine: malicious.high.ml.score TrellixENS: GenericRXAA-AA!CEF35B285ADA TrendMicro: TROJ_GEN.R014C0OJM25 TrendMicro-HouseCall: TROJ_GEN.R014C0OJM25 VirIT: Trojan.Win32.Delf.CMF Xcitium: Malware@#2d2wabmocsuz6 Yandex: Trojan.Agent!8kMp6aiwl/U Zillya: Tool.Patcher.Win32.16193 alibabacloud: HackTool:Win/Patcher.AV tehtris: Generic.Malware |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x50 |
| e_cp | 0x2 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0xf |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0x1a |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x100 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 2 |
| TimeDateStamp | 1992-Jun-19 22:22:17 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 2.0 |
| SizeOfCode | 0x57400 |
| SizeOfInitializedData | 0x10800 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x00001000 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x59000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 4.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x73000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x36f06 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x4000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rsrc
Imports
| kernel32.dll |
LoadLibraryA
GetProcAddress VirtualAlloc VirtualFree |
|---|
Delayed Imports
1
2
3
4
5
6
7
1 (#2)
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
DVCLAL
PACKAGEINFO
TXPL
32761
32762
32763
32764
32765
32766
32767
MAINICON
Version Info
TLS Callbacks
| StartAddressOfRawData | 0x472d3c |
|---|---|
| EndAddressOfRawData | 0x472d70 |
| AddressOfIndex | 0x472d34 |
| AddressOfCallbacks | 0x472d38 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks | (EMPTY) |
Load Configuration
RICH Header
Errors
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 2 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 2 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 2 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 3 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 3 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 3 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 5 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 5 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 5 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 6 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 6 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 6 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 7 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 7 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 7 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4084 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4084 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4084 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4085 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4085 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4085 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4086 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4086 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4086 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4087 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4087 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4087 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4088 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4088 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4088 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4089 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4089 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4089 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4090 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4090 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4090 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4091 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4091 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4091 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4092 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4092 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4092 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4093 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4093 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4093 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4094 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4094 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4094 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4095 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4095 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4095 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4096 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4096 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4096 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource DVCLAL is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource DVCLAL is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource DVCLAL is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource PACKAGEINFO is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource PACKAGEINFO is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource PACKAGEINFO is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource TXPL is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource TXPL is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource TXPL is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32761 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32761 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32761 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32762 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32762 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32762 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32763 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32763 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32763 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32764 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32764 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32764 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32765 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32765 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32765 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32766 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32766 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32766 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32767 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32767 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32767 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource DVCLAL is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource DVCLAL is bigger than the PE. Not trying to load it in memory.
[*] Warning: Resource DVCLAL is empty!
[!] Error: Resource PACKAGEINFO is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource PACKAGEINFO is bigger than the PE. Not trying to load it in memory.
[*] Warning: Resource PACKAGEINFO is empty!
[!] Error: Resource TXPL is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource TXPL is bigger than the PE. Not trying to load it in memory.
[*] Warning: Resource TXPL is empty!
[*] Warning: Resource 32761 is empty!
[*] Warning: Resource 32762 is empty!
[*] Warning: Resource 32763 is empty!
[*] Warning: Resource 32764 is empty!
[*] Warning: Resource 32765 is empty!
[*] Warning: Resource 32766 is empty!
[*] Warning: Resource 32767 is empty!
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 1 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 2 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 2 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 3 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 3 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 5 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 5 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 6 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 6 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 7 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 7 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4084 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4084 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4085 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4085 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4086 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4086 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4087 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4087 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4088 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4088 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4089 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4089 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4090 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4090 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4091 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4091 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4092 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4092 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4093 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4093 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4094 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4094 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4095 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4095 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4096 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 4096 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource DVCLAL is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource DVCLAL is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource PACKAGEINFO is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource PACKAGEINFO is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource TXPL is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource TXPL is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32761 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32761 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32762 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32762 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32763 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32763 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32764 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32764 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32765 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32765 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32766 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32766 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32767 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 32767 is bigger than the PE. Not trying to load it in memory.
Leave a comment
No comments yet.