Manalyze report for afbd86a54f68c384159e51e9775630cd

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2001-Sep-07 15:52:24
Detected languages	Japanese - Japan

Plugin Output

Suspicious	PEiD Signature:	`UPX -> www.upx.sourceforge.net`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `The PE only has 7 import(s).`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegCloseKey`
Suspicious	The PE header may have been manually modified.	`Resource GETPASSWORD1 is possibly compressed or encrypted.` `Resource RENAMEDLG is possibly compressed or encrypted.` `Resource REPLACEFILEDLG is possibly compressed or encrypted.` `Resource STARTDLG is possibly compressed or encrypted.` `Resource 7 is possibly compressed or encrypted.` `Resource 8 is possibly compressed or encrypted.` `Resource 9 is possibly compressed or encrypted.` `The resource timestamps differ from the PE header: 2001-Oct-01 14:27:00`
Malicious	The file contains overlay data.	`5050676 bytes of data starting at offset 0x5a00.` `The file contains a WinRAR compressed archive file after the PE data.` `Overlay data amounts for 99.5459% of the executable.`
Suspicious	VirusTotal score: 2/68 (Scanned on 2018-09-03 07:24:19)	`Cylance: Unsafe` `Webroot: W32.Malware.Gen`

Hashes

MD5	`afbd86a54f68c384159e51e9775630cd`
SHA1	`ca1f8dda7d7e4a2233492bb8d62a78ca452b3966`
SHA256	`907788d061b8afa27f965f0698b950518c7b3cbf8220d30da20adcb0e15031ec`
SHA3	`6ff7b54f3edab215a55e0d28528e2703e3850f71edc6a85198e358a010e13212`
SSDeep	`98304:EKtiVDGm4+jQjTtXgoZhj9yswWKhg/zut+oQGIlHYKplLWHE4s:rtmp4woZhpysfmcuqVvlLUE4s`
Imports Hash	`8a25d70a2abf00ec77958fcb6fe16820`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x200`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2001-Sep-07 15:52:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`5.0`
SizeOfCode	`0x5000`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0xf000`
AddressOfEntryPoint	`0x00014120 (Section: UPX1)`
BaseOfCode	`0x10000`
BaseOfData	`0x15000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x17000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xf000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`21abaa26d539c0fdff0e73eb4f294f0a`
SHA1	`1793edbe718906032c0664330b6ea282765bb609`
SHA256	`9d124be36b33a609c36ed3a70b64e34badf58539248ff4c27dcb930efff417e8`
SHA3	`ecad543c36ed1f2677af3bca2546b022458faaaafceced4df1a1ee2ebdd3598c`
VirtualSize	`0x5000`
VirtualAddress	`0x10000`
SizeOfRawData	`0x4400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.82583`

.rsrc

MD5	`7e255401b787415d4e50f0ef6d235dc8`
SHA1	`c0cb81abb001e9826bd370daa6f1a1d2a34fa2f6`
SHA256	`21e2ebb88caec2d452006acae45a4d4c737db61e85e72fc1d485fc0779912a7b`
SHA3	`df091ebc6d84bd951ae2c88b181467b4d6576b6c123357ac38af89a963b5caa5`
VirtualSize	`0x2000`
VirtualAddress	`0x15000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.1193`

Imports

KERNEL32.DLL	`LoadLibraryA` `GetProcAddress` `ExitProcess`
ADVAPI32.DLL	`RegCloseKey`
GDI32.DLL	`DeleteObject`
SHELL32.DLL	`SHGetMalloc`
USER32.DLL	`SetFocus`

Delayed Imports

1

Type	`RT_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	2001-Oct-01 14:27:00
Entropy	`3.14704`
MD5	`000cbd77883c7d27368cffb7598927eb`
SHA1	`d67a862bbf966260db13aa07ed2c7961c52e61e0`
SHA256	`92e00e6b63f09178fcaeb0c2491acd3ee49efc5523244d56e48ebbb559c05525`
SHA3	`3497b78d4d002dee1d2474bf20167ee2293761f4e5d8c3d48e6c0b89c208d95f`

2

Type	`RT_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2001-Oct-01 14:27:00
Entropy	`3.51419`
MD5	`867182a610e99e3cb8a76cca940edfe4`
SHA1	`0aba7749242f3edd1be8325bd52befbb1a71c802`
SHA256	`7b275635bde0cc0e3622309844e5cbcaf711d108d4fce0fa159012590341ce59`
SHA3	`c5093a8c55fde258aee0b62b43c007481feb66ca5e4541f12284b9f1b43044b7`

3

Type	`RT_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	2001-Oct-01 14:27:00
Entropy	`2.01974`
MD5	`2d8880b3f87aecff6989c865354c681b`
SHA1	`36e1ddec8704fa0789863b472934534e7a8d06d7`
SHA256	`e937a25c32ae2b2164e94545e6080ee2b8d01990e377d76b6f1a9366ee8ebc80`
SHA3	`522ed02ca8274a5855dbb597f6bbeb48726048748e874137620843c0aeb74683`

GETPASSWORD1

Type	`RT_DIALOG`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x102`
TimeDateStamp	2001-Oct-01 14:27:00
Entropy	`7.05471`
MD5	`129717f58f735a0f3c8bc08bdccfefe7`
SHA1	`e824c18ddc0ae3d354872e078772a7c79061f1a3`
SHA256	`b7b0ba9b407d181b0ae56313851f1052172fc5069d2fbc08c92c137ae4400259`
SHA3	`ae9d070a3587e41c319345f555d9291620c57c6d90bd39b6913d3c8612ae1580`

LICENSEDLG

Type	`RT_DIALOG`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0xba`
TimeDateStamp	2001-Oct-01 14:27:00
Entropy	`6.86416`
MD5	`4bbf8f07b7d972c08292e8f2dd00d610`
SHA1	`ea35c379e8bc331cebdb0f90bc5ec1597a8781d9`
SHA256	`4c87e386589d022d71dc8742f1b2caba0f7661f6c77cbd619379bd7ca2f42ea7`
SHA3	`aaf2eb72fb072afe27796baacf27e27bbe7abaceb1281fb43104f951f3f560b3`

RENAMEDLG

Type	`RT_DIALOG`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x122`
TimeDateStamp	2001-Oct-01 14:27:00
Entropy	`7.20709`
MD5	`edbfa31e6b5cc9b6029e4fcf5e94168c`
SHA1	`169f722e86e28748485d11410ce98545a57e1665`
SHA256	`853a10fb04cf74d9cde10e45104dfae0d94b1cf32dd1189eb24a6d2818115e87`
SHA3	`c67858c2f51ca5a8e357d8e0fd34bc015300bb5dd3d40f5e62e012ba941b3f3f`

REPLACEFILEDLG

Type	`RT_DIALOG`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x2c0`
TimeDateStamp	2001-Oct-01 14:27:00
Entropy	`7.62764`
MD5	`a013dd8cc438099215cd927121412992`
SHA1	`4b04f91915022c13e24970c67c5ca13e5dff89a7`
SHA256	`1687b5e08b3695f013aca8654a7f86e6bdef81c4644684b76e4a429da95e5c70`
SHA3	`a48bf3f1e44bf82bd2e945014021b7bc29120d8adde122d94fafdd38c9c90a62`

STARTDLG

Type	`RT_DIALOG`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x18c`
TimeDateStamp	2001-Oct-01 14:27:00
Entropy	`7.4021`
MD5	`7a9e2c75bc08514726a163bee2c442f6`
SHA1	`5fd72e6fa17ec60235cfafc8bdacd0cf1f166417`
SHA256	`4412ed718d3e439a04f0893a6ecdc9781895d1dd9747b10bf4ac8b2369c0e1c7`
SHA3	`c1698f5d8bdb6099861c2d27824a498ed46ffba62798127338614dba04b60d22`

7

Type	`RT_STRING`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x17a`
TimeDateStamp	2001-Oct-01 14:27:00
Entropy	`7.26826`
MD5	`4a0e26dbaa51ae70b71faf1eb752f7ec`
SHA1	`dd826e8e54ef1462ac4631483238a48cbe854f74`
SHA256	`1fd9aee927f5db25c9b17b83e0f72cfa154cbab06e869148ff55473136278e38`
SHA3	`4b93aeca2c20d6cc56450bb38890191653007f35481fca91f2bccaf18474c100`

8

Type	`RT_STRING`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x24a`
TimeDateStamp	2001-Oct-01 14:27:00
Entropy	`7.572`
MD5	`56b7e31a041f19ae2f1e5c321aa12670`
SHA1	`23c34d3fdeeb7c7a2317b41d552a3698a09fc099`
SHA256	`8836358305c47fbc8d0baeafad1be6d0074e895f1ec40dce6b0df2feb34dd630`
SHA3	`d471472433638269450e916b304036a576b18631d1d5bec7eb5cfb91300b58c6`

9

Type	`RT_STRING`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x14c`
TimeDateStamp	2001-Oct-01 14:27:00
Entropy	`7.16468`
MD5	`fa121488f4d44d82629628d8637bd35d`
SHA1	`072317d63d9efdc97d0b5f57bd53f015eb039534`
SHA256	`3ae07d51223946d2a95cb57392a5872c602482bb00526f93472c5d7322429ae6`
SHA3	`2f9f46977cce134c72bcc0fe3d598bb60ed842a7933e29db7c6e08981314a5b5`

10

Type	`RT_STRING`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x112`
TimeDateStamp	2001-Oct-01 14:27:00
Entropy	`6.99783`
MD5	`efde6aae619fcd3ef71931c5b9dea428`
SHA1	`97d7fd586437e61809825d8afda108cc7fe2e4d8`
SHA256	`1a539385d1231b35fb121a774e6461dad639611b2913e7b6f33e43d9a69094ef`
SHA3	`56ca9713349417f367674e4a84703bbb3ea6fe0133f13369fd408715569a01fb`

100

Type	`RT_GROUP_ICON`
Language	Japanese - Japan
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	2001-Oct-01 14:27:00
Entropy	`2.63597`
Detected Filetype	Icon file
MD5	`db01a4a2868aa5596223a9c48fc399e7`
SHA1	`7643b77eacbc148aabd2735cbb70e2e2a0a6f283`
SHA256	`8f2ca89f638e07bc2ce06285fcf56f76c568a85fd4a459905a7670384e4d0aa1`
SHA3	`84163be57754677812cc2204158c14909a129455633018247d0c770ce768c7da`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!