Manalyze report for a9a2734d080e3ae0f5ada35e878da7c8

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2011-Nov-08 23:03:23
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Suspicious	The PE is packed or was manually edited.	`The number of imports reported in the RICH header is inconsistent.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Has Internet access capabilities: InternetOpenA InternetOpenUrlA InternetCloseHandle InternetReadFile` `Leverages the raw socket API to access the Internet: WSACleanup gethostname WSAStartup`
Malicious	VirusTotal score: 29/68 (Scanned on 2023-02-16 00:13:29)	`Lionic: Trojan.Win32.Generic.4!c` `Elastic: malicious (high confidence)` `FireEye: Generic.mg.a9a2734d080e3ae0` `Zillya: Adware.OpenCandy.Win32.1375` `Sangfor: Trojan.Win32.Agent.V3td` `Alibaba: Trojan:Win32/Generic.774eab6b` `CrowdStrike: win/malicious_confidence_100% (W)` `VirIT: Trojan.Win32.Pakes2_c.LJB` `Symantec: ML.Attribute.HighConfidence` `ESET-NOD32: a variant of Generik.HKQROYL` `Paloalto: generic.ml` `NANO-Antivirus: Trojan.Win32.Waski.fbctie` `Avast: Win32:Malware-gen` `DrWeb: Trojan.Siggen8.12456` `Trapmine: suspicious.low.ml.score` `Ikarus: Trojan.SuspectCRC` `GData: Win32.Trojan.Agent.RADOY8` `Webroot: W32.Malware.Dkvt` `Avira: TR/Dldr.Waski.32768` `Antiy-AVL: Trojan/Win32.SGeneric` `Xcitium: Malware@#3r1hyjlvxbmoy` `Google: Detected` `BitDefenderTheta: Gen:NN.ZexaF.36276.cqW@aeY4zWni` `VBA32: suspected of Trojan.Downloader.gen` `TrendMicro-HouseCall: TROJ_GEN.R002H0CEQ21` `Rising: Trojan.Occamy!8.F1CD (TFE:5:QaWfW4kmgpV)` `Fortinet: Generik.HKQROYL!tr` `AVG: Win32:Malware-gen` `Cybereason: malicious.990e9f`

Hashes

MD5	`a9a2734d080e3ae0f5ada35e878da7c8`
SHA1	`e8aacb0990e9f3a415ac7d5e24e7f7287665c110`
SHA256	`71a295247ba7419f9f9dea8098e6867182bb80f53c98eb0f59192a6557a51249`
SHA3	`f4f1dea06e980f82a3f2f3bd5403e65a76c7edf49f940e9a1e4db59d7f7155bb`
SSDeep	`384:y9LmTOjSMsXu0Pip5Na32mlRfTlyKU0qgruE1oVj:yJkOjKxoNa5DqGu6oV`
Imports Hash	`4c9c8ddd8e46e16d366b0eb88a72ae24`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2011-Nov-08 23:03:23
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x4000`
SizeOfInitializedData	`0x4000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001681 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x5000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`98b65b1fb2f5275f290bd313d2d25562`
SHA1	`b83a5e635dfbd666a21a5e49b3eb5605df2d0194`
SHA256	`eb1f03be2d47c65a6994c5ad8f81541c59c51d77edcbddc697d9cb32e1807257`
SHA3	`93dbc9417419c78f1c661cc9f577c343918a9a40deb42f0f8d3ed9d6a9c658e0`
VirtualSize	`0x3ff6`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.59871`

.rdata

MD5	`948c0c9d6524841f03010fe20d1b73ac`
SHA1	`1704b94a03d431fb10e89f968a3233a1b4e45fa2`
SHA256	`f1c44d28c50b8ed737bc767e548ef9fca1329772f7686983a6ed0beded72b092`
SHA3	`575d025eceb7133271858cee8ff0dd3df783073a3fbcfbc01ebb113dc99b93fe`
VirtualSize	`0x9d0`
VirtualAddress	`0x5000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.81957`

.data

MD5	`0ef703e24fbbc6b3f16dbc3ae1c0ff98`
SHA1	`9a58010fd6569c02f9804ea25f07bf36d7c76a70`
SHA256	`975f021a1ddd327b291dad0f51462e137c35fc70c4ec2f9d370da460b30a8cc0`
SHA3	`6750920e1c4322d0ea7203de90a211c5917ee0bf995c6a8cab8963487b955b3f`
VirtualSize	`0x1e68`
VirtualAddress	`0x6000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.5211`

.rsrc

MD5	`863d93415743c6ec8254ff0327b9f08e`
SHA1	`8f30d5ad60747622d18168544e7995f7903d040a`
SHA256	`d58cca2b93d2fac538bb84b555e0894b685af673771fbcc7032532be77883265`
SHA3	`a323aced7d7ee10aeeb8d1ea351be8a98e313b5208d827d218df04d10d320edf`
VirtualSize	`0x80`
VirtualAddress	`0x8000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.140657`

Imports

KERNEL32.dll	`LockResource` `LoadResource` `GlobalAlloc` `SizeofResource` `FindResourceA` `GetModuleHandleA` `Sleep` `GetStringTypeW` `GetStringTypeA` `LCMapStringW` `LCMapStringA` `MultiByteToWideChar` `FlushFileBuffers` `SetStdHandle` `LoadLibraryA` `GetProcAddress` `GetCommandLineA` `GetVersion` `ExitProcess` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `GetModuleFileNameA` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStrings` `GetEnvironmentStringsW` `SetHandleCount` `GetStdHandle` `GetFileType` `GetStartupInfoA` `HeapDestroy` `HeapCreate` `VirtualFree` `HeapFree` `RtlUnwind` `WriteFile` `GetLastError` `SetFilePointer` `HeapAlloc` `GetCPInfo` `GetACP` `GetOEMCP` `VirtualAlloc` `HeapReAlloc` `CloseHandle`
WS2_32.dll	`WSACleanup` `gethostname` `WSAStartup`
WININET.dll	`InternetOpenA` `InternetOpenUrlA` `InternetCloseHandle` `InternetReadFile`

Delayed Imports

101

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x20`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.65564`
MD5	`8b37145c184cd91a05a9f1be8dbc9cf9`
SHA1	`6d54c2a67753eeac8986ef0aff9de328fb3ff51f`
SHA256	`32b1177c11f0f714b162d1de807fad0f54be7b641f4fc2aabadc16af660d8faf`
SHA3	`96cba27917ad748f794663ae602be3bad566ea24e3937e5791f5563cf031e958`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x4ce50579`
Unmarked objects	`0`
C++ objects (VS98 build 8168)	`1`
C objects (VS98 build 8168)	`43`
14 (7299)	`11`
Unmarked objects (#2)	`6`
19 (8034)	`5`
Total imports	`51`
C++ objects (VS98 build 8168) (#2)	`1`
Resource objects (VS98 cvtres build 1720)	`1`

a9a2734d080e3ae0f5ada35e878da7c8

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

101

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors