Manalyze report for a8b54533c6a84888d2db8305e5b42153

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2024-Feb-11 16:18:24
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Malicious	VirusTotal score: 29/71 (Scanned on 2024-02-11 16:24:19)	`ALYac: Gen:Trojan.FileInfector.huW@aGlbG@oi` `APEX: Malicious` `AVG: FileRepMalware [Inf]` `Arcabit: Trojan.FileInfector.EAD1218` `Avast: FileRepMalware [Inf]` `BitDefender: Gen:Trojan.FileInfector.huW@aGlbG@oi` `Cylance: unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Elastic: malicious (moderate confidence)` `Emsisoft: Gen:Trojan.FileInfector.huW@aGlbG@oi (B)` `FireEye: Gen:Trojan.FileInfector.huW@aGlbG@oi` `GData: Gen:Trojan.FileInfector.huW@aGlbG@oi` `Kaspersky: VHO:Trojan-PSW.Win32.Stealer.camw` `Lionic: Trojan.Win32.Generic.4!c` `MAX: malware (ai score=85)` `Malwarebytes: Generic.Malware/Suspicious` `MaxSecure: Trojan.Malware.300983.susgen` `McAfee: Artemis!A8B54533C6A8` `MicroWorld-eScan: Gen:Trojan.FileInfector.huW@aGlbG@oi` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Rising: Trojan.Generic@AI.100 (RDML:aX2dyUFA4+riZrOlxz/JWQ)` `Sangfor: Trojan.Win32.FileInfector.Vbqs` `Skyhigh: BehavesLike.Win32.Worm.ch` `Symantec: ML.Attribute.HighConfidence` `VBA32: Win32.Trojan.Cryptor.Heur` `VIPRE: Gen:Trojan.FileInfector.huW@aGlbG@oi` `ZoneAlarm: VHO:Trojan-PSW.Win32.Stealer.camw` `tehtris: Generic.Malware`

Hashes

MD5	`a8b54533c6a84888d2db8305e5b42153`
SHA1	`86c1fb08637325c2b3468ccabf929572c39c04ca`
SHA256	`e6d2f43622e3ecdce80939eec9fffb47e6eb7fc0b9aa036e9e4e07d7360f2b89`
SHA3	`76804fa06a3b388933027b3c70bdf67f5c63fae77223a7d1fb2343e48766d2ba`
SSDeep	`3072:GNq1rK8fb0XS2YXll2NkCy5y7je2dfRRSwjZq2/fzmULT:GNMrJ+SlXll2Ni3Kjn5z9LT`
Imports Hash	`600b2e7693a55845a37ffe2d7ccbf9dc`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2024-Feb-11 16:18:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x14e00`
SizeOfInitializedData	`0x9a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000017B0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x16000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x22000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9cc132a1a2572288d0329cc9dbe784e2`
SHA1	`093654da083c3b6346b958f2e393fab8aff268e4`
SHA256	`aa60da51ef46f431b1c90a8799f9eedf8a07a2bc99a4bcd0eacb13f1e9777794`
SHA3	`d4957138deb438ded635c73a7451a340921b60c2993821a20317ef272649901d`
VirtualSize	`0x14c6e`
VirtualAddress	`0x1000`
SizeOfRawData	`0x14e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63306`

.rdata

MD5	`0f3bc80da482e232940202dee706fbc3`
SHA1	`919981d4e56de7779ceb33fcb55a2936dcc0dc0b`
SHA256	`0338fe4dc6b3b540beea92348ca61cbbf5e5188a405b61249389e73e6ae218c2`
SHA3	`62451033bce4602bc1686b0cbf3ad98a56d73b760a8972f259e7b5cb0fda5695`
VirtualSize	`0x6e32`
VirtualAddress	`0x16000`
SizeOfRawData	`0x7000`
PointerToRawData	`0x15200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.13745`

.data

MD5	`858c99281c97a1ec9f4c3770a0d9cc73`
SHA1	`2c816a8ea8cac2709ed7be17ebccb6ddf89b7801`
SHA256	`2bd82318fcd3345d66d75efb3de8906a2ba9914cc8e7d77686fd6745cb22a69a`
SHA3	`a583adefd5bd6ce29e52d500c44bd0d314c3780b315e61ceb8bca97be522832b`
VirtualSize	`0x1468`
VirtualAddress	`0x1d000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x1c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.07377`

.rsrc

MD5	`259c6a0f3892b3cb46826c9ecfa5e3fd`
SHA1	`f528982de7060e9d2e3318f4571a7df82fce97ed`
SHA256	`fc46ed777303e6008e6911eeac4bad392620129356d9204373372e12263ab34d`
SHA3	`8365200a2e7740a2ea0d7cc8b6862b3c460f87d2324d9740f1e7d333376df911`
VirtualSize	`0x1e0`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1cc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71006`

.reloc

MD5	`884e1de5f87779850886f48b253074aa`
SHA1	`1df37eec83037936fce99a247662aef5a7ef0feb`
SHA256	`582188d4be1537eabe639a0e42326340a1978446a9165cc13a58b788133730d0`
SHA3	`8bea42054a68618569b6c2427238eb0115ff85cfaffdf5d10f9901032ee549b5`
VirtualSize	`0x1118`
VirtualAddress	`0x20000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x1ce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.39772`

Imports

KERNEL32.dll	`GetLogicalDrives` `FindFirstFileA` `FindNextFileA` `FindClose` `WaitForSingleObject` `GetCurrentThreadId` `ExitThread` `GetFileAttributesA` `FreeConsole` `CreateThread` `WriteConsoleW` `SetEndOfFile` `HeapSize` `ReadConsoleW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetCurrentProcess` `TerminateProcess` `RtlUnwind` `GetLastError` `SetLastError` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `GetProcAddress` `LoadLibraryExW` `EncodePointer` `RaiseException` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `ExitProcess` `GetModuleHandleExW` `GetCommandLineA` `GetCommandLineW` `HeapFree` `CloseHandle` `HeapReAlloc` `GetConsoleOutputCP` `GetConsoleMode` `GetFileSizeEx` `SetFilePointerEx` `HeapAlloc` `GetFileType` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `SetStdHandle` `GetStringTypeW` `CompareStringW` `LCMapStringW` `GetProcessHeap` `CreateFileW` `FlushFileBuffers` `ReadFile` `DecodePointer`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2024-Feb-11 16:18:24
Version	`0.0`
SizeofData	`752`
AddressOfRawData	`0x1bdcc`
PointerToRawData	`0x1afcc`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2024-Feb-11 16:18:24
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x41d040`
SEHandlerTable	`0x41bbdc`
SEHandlerCount	`10`

RICH Header

XOR Key	`0xabb83b9a`
Unmarked objects	`0`
ASM objects (30795)	`10`
C++ objects (30795)	`150`
C objects (30795)	`20`
253 (VS 2015-2022 runtime 33030)	`1`
C++ objects (VS 2015-2022 runtime 33030)	`38`
C objects (VS 2015-2022 runtime 33030)	`18`
ASM objects (VS 2015-2022 runtime 33030)	`20`
Imports (30795)	`5`
Total imports	`93`
C objects (LTCG) (33135)	`1`
Resource objects (33135)	`1`
Linker (33135)	`1`

a8b54533c6a84888d2db8305e5b42153

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors