Manalyze report for ad974134fb1f70d5db8db48782fd18c99f4a8db2c02aa44bbadf33d66170974c

Summary

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `Unusual section name found: UPX2` `The PE only has 4 import(s).`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

MD5	`9d02bf732c1d63df237aefd643884cd6`
SHA1	`5d692071d717a05fc9f277144b43508f37c1756e`
SHA256	`ad974134fb1f70d5db8db48782fd18c99f4a8db2c02aa44bbadf33d66170974c`
SHA3	`b91a4867c87c79572917a93c3202b21df3d496cc7f7d7eab49781005762a070c`
SSDeep	`98304:wYI1UxfLiJQiZZqx3x1aCoaCWOqL9RDbbpr:wUxLiJTshx1PuA5bb`
Imports Hash	`6ed4f5f04d62b18d96b26d6db7c18840`

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0xbfce00`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Magic	`PE32`
LinkerVersion	`3.0`
SizeOfCode	`0x36c000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0x8e7000`
AddressOfEntryPoint	`0x00C52CD0 (Section: UPX1)`
BaseOfCode	`0x8e8000`
BaseOfData	`0xc54000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0xc55000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8e7000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

MD5	`d9ceb086ffb9daafc1d4e2aef1565f27`
SHA1	`5e52534a8618f80df41f2f94cbbd7401bb6778d0`
SHA256	`42e490236e211cc1e8c835a758a99248ed62741d5e2e46b2608adc0fefb86a3a`
SHA3	`d06b2aabd787ddf69f2eecba88c41519ff98c1407d744ec464edd13179fb0a7b`
VirtualSize	`0x36c000`
VirtualAddress	`0x8e8000`
SizeOfRawData	`0x36ba00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99994`

MD5	`7ffd5254abf5a3b8698f2bd55c1884a8`
SHA1	`c7cf04eb4dd98eb749bf92517e5872fa9af0cb98`
SHA256	`517d17a9128383cbca4708624afdf1e24a9899293ed00bc9e14ce1efcdce025d`
SHA3	`0a05117498ddc599c82dba4874432493c772a30c12adf53aad76129d320af0d5`
VirtualSize	`0x1000`
VirtualAddress	`0xc54000`
SizeOfRawData	`0x200`
PointerToRawData	`0x36bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.46963`

KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`

[*] Warning: Section UPX0 has a size of 0!

Leave a comment

No comments yet.