Manalyze report for aad354ea178046f0e6f1ef21494ce25c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Nov-15 08:23:18
Debug artifacts	BharatStream.pdb
Comments	www.bharatstream.com
CompanyName	Bharat Stream
FileDescription	BharatStream
FileVersion	`5.4.0.0`
InternalName	BharatStream.exe
LegalCopyright	Copyright © 2020
LegalTrademarks	Bharat Stream
OriginalFilename	BharatStream.exe
ProductName	BharatStream
ProductVersion	`5.4.0.0`
Assembly Version	5.4.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET`
Info	Interesting strings found in the binary:	`Contains domain names: bharatstream.com www.bharatstream.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Suspicious	The PE is possibly packed.	`Unusual section name found: .sdata` `The PE only has 0 import(s).`
Info	The PE is digitally signed.	`Signer: VISHVAJEET` `Issuer: Sectigo RSA Code Signing CA`
Malicious	VirusTotal score: 3/72 (Scanned on 2020-11-20 15:57:13)	`McAfee: Artemis!AAD354EA1780` `McAfee-GW-Edition: Artemis!Trojan` `Microsoft: PUA:Win32/CoinMiner`

Hashes

MD5	`aad354ea178046f0e6f1ef21494ce25c`
SHA1	`0cef732fa4031dabbf303cb1af372d83a6b29672`
SHA256	`1730cb7913577663630e32f62871ae07ab2e76c34bff0767fc2275291e87f9df`
SHA3	`9c0236412d5edcc32c8e9b92acf2ac480c7b3cd166a8ba8d8d54a313f5b1ec17`
SSDeep	`24576:dkmwB7Fkuu0R/3NFQN8S6+7IuVppbwxutdMdNzv1ZE9X5BtcZNQvta:elD3NGN87+7iutdAbEJ5nack`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`3`
TimeDateStamp	2020-Nov-15 08:23:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`6.0`
SizeOfCode	`0x143e00`
SizeOfInitializedData	`0x1d600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000000000 (Section: ?)`
BaseOfCode	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x166000`
SizeOfHeaders	`0x400`
Checksum	`0x16908c`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`15`

.text

MD5	`74f81ecc05d95e67b2d1ee5526350112`
SHA1	`1910dbcb6c560716ae51edfe262694a553f6b58e`
SHA256	`784a87b7b64bf26cebdfce43c6c86f59afa8b9a7d41cc67f2496dcf2ee8ed7f0`
SHA3	`3ee6d2866a4fe8b4217a54be03cd2ac8714f034a896f0408eaca6a56c05df916`
VirtualSize	`0x143cc4`
VirtualAddress	`0x2000`
SizeOfRawData	`0x143e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.87188`

.sdata

MD5	`317b18e5008dafe2c398110877e0e6c7`
SHA1	`8ec8d43678b793a7de73c5ac300266b3c2c85b87`
SHA256	`2961808f15f0ff77f7fdcff714e6769b4d3c9070ec5f5475a0044d0d6e0c2dc7`
SHA3	`65daf908e02fe75c775017508daa12cf3a9cc7c6d9fea7951022cdf7b6568aa9`
VirtualSize	`0x1e8`
VirtualAddress	`0x146000`
SizeOfRawData	`0x200`
PointerToRawData	`0x144200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.60488`

.rsrc

MD5	`2b5741f85e31b469e2934207e65bcaf3`
SHA1	`51a27f0dc6e8aaf8fd4f95c4a2613dea92c8f3ba`
SHA256	`d9521100d3f5ffb8e44eae7a3fdb2dddfc94d9a217c2db29f2ab0e90e7b36826`
SHA3	`920f637d247d40d744110c8414c793aebbb79f07fcd3f007ced1f9a7e97bb630`
VirtualSize	`0x1d1ec`
VirtualAddress	`0x148000`
SizeOfRawData	`0x1d200`
PointerToRawData	`0x144400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.1989`

Imports

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1094`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.5466`
Detected Filetype	PNG graphic file
MD5	`be82d2e40b6f0844de9471e7c4950dc9`
SHA1	`95718b5f57c0cc6ecf1c0706d103f424f2cba08c`
SHA256	`15665e976f0b471df82a66e3e8cbe51d8341f91cf4eaf0c60f3a2a7cbfe66176`
SHA3	`1474f58a7bac86bcc99717789ca73b8da5cbc05ae87d2d8ffd7b48e4de52513b`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.84836`
MD5	`d8c2228bd316dbc1e05512d569f2e546`
SHA1	`726094bfdb2ae9fffcf6b90e967daddbe5b9dfc5`
SHA256	`0dff7b6376ad02177f97bfd7e9e42949cc8cd229feb3b8155f50dc21a81c9b17`
SHA3	`3311ade1cb7027290a9b0d94dcf6b38cafcee88be1917a661d74728bc294a3af`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.87574`
MD5	`e68471c370ebf6f4c979228855fae2f4`
SHA1	`8f3de2668eaf7cec2bd079af68c5ea6ed92c69e5`
SHA256	`2593958f7a19b231d153e82469d9d6ca7110ee9082cfb050da7b2b3a967fa709`
SHA3	`e2f94d038721a135c474194453c08ef7f6089594b39505f9b41f9c5eb778d431`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.17773`
MD5	`53dff7d3e306bb3452ab1f8bb460b66e`
SHA1	`bf1a078ec4318719b8a686ff4d463155bb297eac`
SHA256	`dea4e7b692af18da38046c00681f5cdd8ff3c0eb3cb0345c42960d63cb51d81c`
SHA3	`e5e3cea2de73466e0993f021ac92822079121f996790d347bec2706abbd867a1`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1a68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.48664`
MD5	`ea6c40251b5e0836b8508ef1100bdef6`
SHA1	`8fce4b9b65a5c5c8b093c187e08b273915e5f2e0`
SHA256	`f50db17786ea187de0d57da63fa9284a4bb5c7c8df83f5fb314904f414d9bcde`
SHA3	`1ac22965a3cb7dca69e74e441fcce402127355616d22ca264f34dc710349f82e`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91722`
MD5	`e5b36531b396a1d93bae21743743145e`
SHA1	`f3913502d7e07ee59268519d44a314bb6ee088fa`
SHA256	`c21d390b113fe95f72a23c670c5cbac30544d44d3e336f6beb4b678c84f2f7bc`
SHA3	`1de205c99c71873a18cd04a3df7be67e377e62d02a3a3b0dddaabf71f2db1232`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.74099`
MD5	`d1f172d98c475bae80682ae14ecc7fda`
SHA1	`9e29681b259e030a5dbfc30dd3b854b3bd0c60a4`
SHA256	`71bd591f1188530368d33233ec8d7b643460707faac1dbe49622727c11eb946f`
SHA3	`6646993c93675fbc24a8f63178dd19d249966b13b131fdf927e898bed5a088e2`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6b8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.72512`
MD5	`03815fba89c9353b0c2fd364c13ff800`
SHA1	`1a6d09bade09db1321439a915bd4eb39c8be993f`
SHA256	`176fabffdebf54eed3b56dacc59b2c606bb58faba22a46b8232cd43ba9b81ff7`
SHA3	`4e57f9d25d0c9dff5cdc42b0d502fa1e7c15629c203698764b8622b01d982513`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.31527`
MD5	`f2c2e500bc196f9b8b83d42027649fc6`
SHA1	`f0f772c2a67960ce5a0d094b9e5879d6a6fe6d09`
SHA256	`8b9ac6004d954df66209ddeb749293f7485aaa1bb06639f6e0533cacc880cf5b`
SHA3	`d3ab4bd4c532ba8f1c778b1f65b4e715ad89a6853f6e52eda5d50d0f891d0900`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.98549`
Detected Filetype	Icon file
MD5	`bed46b8e91733a1bc93018a652cf447b`
SHA1	`42a0b58dc230df4aaef5c8a2d53fb0bc55f65360`
SHA256	`a2a3c05b705293a6f939250ae30aef2dc340cf9145672902031d989704548ac8`
SHA3	`da289a1687ea14869aec3d564aaea1b3534281dba509622c5680ea7a52b49484`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x394`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30965`
MD5	`44643d38211495d7c8ca04be6bdd1ebc`
SHA1	`0ae4067377a6135fc19093990e30910d5f344f37`
SHA256	`a20ff4282893f3902da6b9fb4015fd306e71983d11516a8290c5cae96e887b75`
SHA3	`7eb92f2c096c7be1d681b89debedc5524b1cf8b446293e0e3c9abc106c42bf47`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xae0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89882`
MD5	`32067a9c1a80223dd69e8900c96ab1dc`
SHA1	`36d1c9e8a97215df97b921e4c346953fef9c59d2`
SHA256	`aba293887ed5fe3dfc30a6285bd72e7a4f7ed40ebb0e2e61a2d058e4dec82abf`
SHA3	`793518e3d030ce70b29309f5b92ffca2e8e29354391b0e6237ddbdd18acb6301`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.4.0.0
ProductVersion	5.4.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	www.bharatstream.com
CompanyName	Bharat Stream
FileDescription	BharatStream
FileVersion (#2)	5.4.0.0
InternalName	BharatStream.exe
LegalCopyright	Copyright © 2020
LegalTrademarks	Bharat Stream
OriginalFilename	BharatStream.exe
ProductName	BharatStream
ProductVersion (#2)	5.4.0.0
Assembly Version	5.4.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`41`
AddressOfRawData	`0x145c39`
PointerToRawData	`0x144039`
Referenced File	BharatStream.pdb

TLS Callbacks

Load Configuration

RICH Header

aad354ea178046f0e6f1ef21494ce25c

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.sdata

.rsrc

Imports

Delayed Imports

1

2

3

4

5

6

7

8

9

32512

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors