Manalyze report for a84ad3a6452ced122f473e30aa485fbb

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Dec-31 00:38:51
Detected languages	English - United States
CompanyName	ALERT BLACK-AND-WHITE MONKEY
FileDescription	ALERT BLACK-AND-WHITE
FileVersion	`1.0.4.049`
InternalName	ALERTBLACK-AND-WHITE.exe
LegalCopyright	ALERT BLACK-AND-WHITE MONKEY(c). All rights reserved
OriginalFilename	ALERTBLACK-AND-WHITE.exe
ProductName	ALERT BLACK-AND-WHITE
ProductVersion	`1.0.4.049`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256` `Uses constants related to AES`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Possibly launches other programs: ShellExecuteW CreateProcessW` `Can create temporary files: CreateFileW GetTempPathW` `Functions related to the privilege level: CheckTokenMembership` `Enumerates local disk drives: GetDriveTypeW` `Can take screenshots: CreateCompatibleDC GetDC`
Info	The PE is digitally signed.	`Signer: Horace Oy` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Malicious	VirusTotal score: 8/67 (Scanned on 2022-01-14 23:20:35)	`DrWeb: Adware.Downware.20028` `Malwarebytes: Adware.SpecialSearchOffer` `Symantec: Trojan.Gen.9` `Sophos: Generic ML PUA (PUA)` `Comodo: ApplicUnwnt@#3huhrjm00mi25` `Emsisoft: Application.Updater (A)` `Ikarus: PUA.OpenSUpdater` `CrowdStrike: win/malicious_confidence_60% (D)`

Hashes

MD5	`a84ad3a6452ced122f473e30aa485fbb`
SHA1	`ecffb742f7c45c3ff1a78a0c16c7d58884d7af62`
SHA256	`595bafcac1ad3b716140c95a703cf9184c4316255e587ff8db38a8c4abe0a153`
SHA3	`220cc49277835a24497b37dd9be40875abd8770ebd77c72b2d443541bddb1ef0`
SSDeep	`24576:JXwOrRsREoFOi3aL2uWWOoWv8GdDAF5AYZedk2k55wkJNsxKGxhh:JgwRccLB6tU8dk2k55wg6KGx3`
Imports Hash	`f6baa5eaa8231d4fe8e922a2e6d240ea`

DOS Header

e_magic	`MZ`
e_cblp	`0x60`
e_cp	`0x1`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x60`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2012-Dec-31 00:38:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x18e00`
SizeOfInitializedData	`0x15c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001942F (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1a000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x35000`
SizeOfHeaders	`0x200`
Checksum	`0x14b794`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`0c04e49d78a3c453186c916e6f29540d`
SHA1	`4f92087df6ae8fb2a90642485040c703b9680555`
SHA256	`c57eba90980085ffe93ec8f0e36f163c4ec10fa793e4d26b3e10f84fed618659`
SHA3	`5c4d70d0a45b1faeaaa3c6b824be370d779a5e5cd3955d2df22f746facd7a71c`
VirtualSize	`0x18dde`
VirtualAddress	`0x1000`
SizeOfRawData	`0x18e00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.67402`

.rdata

MD5	`1eff757b36a6b7a599236ac8b1b35b4d`
SHA1	`05ade1208b50dcfd589e0220de5362996300aebd`
SHA256	`2f881c7583d06fb30f2bd1238d3d3e084c86b7024ab2ddd030f2c2432babdc7c`
SHA3	`e94591e70008956970f758724106a178d7f0676c3a78dcbff5fde743ecc09e4e`
VirtualSize	`0x3bca`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x3c00`
PointerToRawData	`0x19000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.71339`

.data

MD5	`21d5c7a8ba54658b1e07909bf1045c79`
SHA1	`8da74dc6b4904e1c52f525b6b8550d9f32d77131`
SHA256	`c7fc4f3e5c3054dcb379720c5a5a64d0ea695f7e7ad18133959d7079cafad252`
SHA3	`3651838fbf0addecbaff1bb39e49fdd08688e7055754cc2ddea26eee400a2277`
VirtualSize	`0x4dec`
VirtualAddress	`0x1e000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x1cc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.45098`

.rsrc

MD5	`41b58d62c33aa2033f062d99fbd39843`
SHA1	`f948fce4cf3c3d8de7d041ae262044d8979021e7`
SHA256	`3ef7bdceab4395f017734d5170329c4c354e44a7a32722539b465cbc0f00c97e`
SHA3	`7ae0d080dbd1d32d496200d84d7567aa3a89715535145458c3540ca96da6e15d`
VirtualSize	`0x115a8`
VirtualAddress	`0x23000`
SizeOfRawData	`0x11600`
PointerToRawData	`0x1d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.80989`

Imports

COMCTL32.dll	`#17`
SHELL32.dll	`SHGetSpecialFolderPathW` `ShellExecuteW` `SHGetMalloc` `SHGetPathFromIDListW` `SHBrowseForFolderW` `SHGetFileInfoW` `ShellExecuteExW`
GDI32.dll	`CreateCompatibleDC` `CreateFontIndirectW` `DeleteObject` `DeleteDC` `GetCurrentObject` `StretchBlt` `GetDeviceCaps` `CreateCompatibleBitmap` `SelectObject` `SetStretchBltMode` `GetObjectW`
ADVAPI32.dll	`FreeSid` `AllocateAndInitializeSid` `CheckTokenMembership`
USER32.dll	`GetWindowLongW` `GetMenu` `SetWindowPos` `GetWindowDC` `ReleaseDC` `GetDlgItem` `GetParent` `GetWindowRect` `GetClassNameA` `CreateWindowExW` `SetTimer` `GetMessageW` `DispatchMessageW` `KillTimer` `DestroyWindow` `SendMessageW` `EndDialog` `wsprintfW` `GetWindowTextW` `GetWindowTextLengthW` `GetSysColor` `wsprintfA` `SetWindowTextW` `MessageBoxA` `ScreenToClient` `GetClientRect` `SetWindowLongW` `UnhookWindowsHookEx` `SetFocus` `GetSystemMetrics` `SystemParametersInfoW` `ShowWindow` `DrawTextW` `GetDC` `ClientToScreen` `GetWindow` `DialogBoxIndirectParamW` `DrawIconEx` `CallWindowProcW` `DefWindowProcW` `CallNextHookEx` `PtInRect` `SetWindowsHookExW` `LoadImageW` `LoadIconW` `MessageBeep` `EnableWindow` `IsWindow` `EnableMenuItem` `GetSystemMenu` `CreateWindowExA` `wvsprintfW` `CharUpperW` `GetKeyState` `CopyImage`
ole32.dll	`CreateStreamOnHGlobal` `CoCreateInstance` `CoInitialize`
OLEAUT32.dll	`VariantClear` `SysFreeString` `OleLoadPicture` `SysAllocString`
KERNEL32.dll	`GetFileSize` `SetFilePointer` `ReadFile` `WaitForMultipleObjects` `GetModuleHandleA` `SetFileTime` `SetEndOfFile` `LeaveCriticalSection` `EnterCriticalSection` `DeleteCriticalSection` `FormatMessageW` `lstrcpyW` `LocalFree` `IsBadReadPtr` `GetSystemDirectoryW` `GetCurrentThreadId` `SuspendThread` `TerminateThread` `InitializeCriticalSection` `ResetEvent` `SetEvent` `CreateEventW` `GetVersionExW` `GetModuleFileNameW` `GetCurrentProcess` `SetProcessWorkingSetSize` `SetCurrentDirectoryW` `GetDriveTypeW` `CreateFileW` `GetCommandLineW` `GetStartupInfoW` `CreateProcessW` `CreateJobObjectW` `ResumeThread` `AssignProcessToJobObject` `CreateIoCompletionPort` `SetInformationJobObject` `GetQueuedCompletionStatus` `GetExitCodeProcess` `CloseHandle` `SetEnvironmentVariableW` `GetTempPathW` `GetSystemTimeAsFileTime` `lstrlenW` `CompareFileTime` `SetThreadLocale` `FindFirstFileW` `DeleteFileW` `FindNextFileW` `FindClose` `RemoveDirectoryW` `ExpandEnvironmentStringsW` `WideCharToMultiByte` `VirtualAlloc` `GlobalMemoryStatusEx` `lstrcmpW` `GetEnvironmentVariableW` `lstrcmpiW` `lstrlenA` `GetLocaleInfoW` `MultiByteToWideChar` `GetUserDefaultUILanguage` `GetSystemDefaultUILanguage` `GetSystemDefaultLCID` `lstrcmpiA` `GlobalAlloc` `GlobalFree` `MulDiv` `FindResourceExA` `SizeofResource` `LoadResource` `LockResource` `LoadLibraryA` `GetProcAddress` `GetModuleHandleW` `ExitProcess` `lstrcatW` `GetDiskFreeSpaceExW` `SetFileAttributesW` `SetLastError` `Sleep` `GetExitCodeThread` `WaitForSingleObject` `CreateThread` `GetLastError` `SystemTimeToFileTime` `GetLocalTime` `GetFileAttributesW` `CreateDirectoryW` `WriteFile` `GetStdHandle` `VirtualFree` `GetStartupInfoA`
MSVCRT.dll	`??3@YAXPAX@Z` `??2@YAPAXI@Z` `memcmp` `free` `memcpy` `_wtol` `_controlfp` `_except_handler3` `__set_app_type` `__p__fmode` `__p__commode` `_adjust_fdiv` `__setusermatherr` `_initterm` `__getmainargs` `_acmdln` `exit` `_XcptFilter` `_exit` `??1type_info@@UAE@XZ` `_onexit` `__dllonexit` `_CxxThrowException` `_beginthreadex` `_EH_prolog` `?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z` `memset` `_wcsnicmp` `strncmp` `wcsncmp` `malloc` `memmove` `_purecall`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.66571`
MD5	`ce35db66b5bd078d73370f1f15a33392`
SHA1	`5c89737bdf23904ddba135ce4adfa7d11d749d97`
SHA256	`75c4ecd6f2678a812d13120c92fff75aed137c03da709103db59b90f25ba75f6`
SHA3	`1ec8d05aa607bccdc556dea20d449adfa5eabfa6af61174b7c62136606d95e23`

500

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.09294`
MD5	`8af78cd954cddc9ab418bafca9f62e0c`
SHA1	`c6ff8bd069db0ba61c844f4560cf8dfc2f0ec6b0`
SHA256	`3520c29b9987183324e6f3ed0a5ebcab2f73b6e6f3fabe17a327e0b8eb4e5ac0`
SHA3	`f2feb2f43fbe5877993c446781f0733e49a4a780833130903146da49840a4085`

1 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.78284`
MD5	`f10a79138329e5d18b25d47f648946b3`
SHA1	`05d88947da644a07509a64dc081b8b7d498d8648`
SHA256	`5f298d1dfce9f41bd500e89e57e1da7481713c7b2a37b01825a5e6badf940b14`
SHA3	`bd8d1803273589e9ec27a29accbd6a0e63dc51f4dcbbfaaaeee0cc7ee0cdd552`

5

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x34`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.43775`
MD5	`de24c92d0a67718187168052499199cb`
SHA1	`006654de0b450d1f31c7c370a2104558dfe5b9ad`
SHA256	`7bab4b9a6b82cb5e5561b48d0136a492aee4ce78242a5c28e4baa925de511575`
SHA3	`d1e8842da978e4258bf80b8126d03c02506b26d064db7999f6b103b5afb5b50f`

1 (#3)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.98048`
Detected Filetype	Icon file
MD5	`38388dda6548693f4d42f2241a4218d7`
SHA1	`78bedd12a20f97e31e58742381f3d0ca1edb4715`
SHA256	`cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba`
SHA3	`9ace1e9f008d60580379cdfdcd4119706c82d52d2e5fdb9e5745fa00864cc1a8`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x384`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.52334`
MD5	`bf276418084e7bdaa8496205ae451255`
SHA1	`74c2b9153e12126ef928ae790e7cfe0ee38421b3`
SHA256	`efdd5739a6b630f8d7117eb681d60167ce85731e7e6e35b573ca27773d2e3ba7`
SHA3	`da726db856a9ca06a5a6427973e188933a3556bf80593074648adaff49a35cb8`

1 (#5)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x678`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01659`
MD5	`f32d3bdf4ba1ff8c8e956127eda876fd`
SHA1	`7b9b75722737bfbdd6d20258d96a2762f2db4e86`
SHA256	`3f0eabe775b73d35ba4adefdbd2f59b7ad2dfe64a339163311379a4d605bba43`
SHA3	`1e58621a7dd650e5b90e98778dc2e5c174c005b4ebdc642fb8c64ea0034bd925`

String Table contents

Extraction Failed
File is corrupt
Cannot create folder '{0}'
Extracting

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.4.49
ProductVersion	1.0.4.49
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	ALERT BLACK-AND-WHITE MONKEY
FileDescription	ALERT BLACK-AND-WHITE
FileVersion (#2)	1.0.4.049
InternalName	ALERTBLACK-AND-WHITE.exe
LegalCopyright	ALERT BLACK-AND-WHITE MONKEY(c). All rights reserved
OriginalFilename	ALERTBLACK-AND-WHITE.exe
ProductName	ALERT BLACK-AND-WHITE
ProductVersion (#2)	1.0.4.049

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

a84ad3a6452ced122f473e30aa485fbb

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

500

1 (#2)

5

1 (#3)

1 (#4)

1 (#5)

String Table contents

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors