Manalyze report for b07499a9e157bff01b592f373400fe1c

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2017-Jul-26 17:31:29
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256` `Uses constants related to SHA512` `Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryExW GetProcAddress` `Possibly launches other programs: CreateProcessA` `Uses Microsoft's cryptographic API: CryptReleaseContext CryptAcquireContextW CryptGenRandom` `Can create temporary files: GetTempPathW CreateFileW` `Has Internet access capabilities: WinHttpQueryHeaders WinHttpReceiveResponse WinHttpWriteData WinHttpSendRequest WinHttpAddRequestHeaders WinHttpQueryDataAvailable WinHttpSetOption WinHttpOpenRequest WinHttpConnect WinHttpOpen WinHttpGetIEProxyConfigForCurrentUser WinHttpCloseHandle WinHttpReadData WinHttpQueryOption` `Leverages the raw socket API to access the Internet: #19 #16 #4 #11 #9 #23 #111 #115` `Enumerates local disk drives: GetDriveTypeW` `Manipulates other processes: OpenProcess`
Malicious	VirusTotal score: 4/65 (Scanned on 2018-08-09 08:38:28)	`Kaspersky: UDS:DangerousObject.Multi.Generic` `Endgame: malicious (moderate confidence)` `ZoneAlarm: UDS:DangerousObject.Multi.Generic` `AhnLab-V3: Malware/Gen.Generic.C2441817`

Hashes

MD5	`b07499a9e157bff01b592f373400fe1c`
SHA1	`3b8454151e03c24d4dd9e7d95ac812e8b5a481e4`
SHA256	`bd92ce8ef31cd40894b68338d9b71d371936b432b5347d944fad7d9381459761`
SHA3	`a6e66ede54e61ffaa6c593aa11f84d5862a11c4fee6002cec192834f3c6915a3`
SSDeep	`1536:S9IPXUNEpM6pqTG3wOiuGW3dzoeiowuxYBv1WGn9XLQf3zcsULsWjcdXfVkZJHA:ZMNTIwGdloswOYBv1p+f3HXyZe`
Imports Hash	`23f6861d5db5fb96254dc6f7febfbdeb`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2017-Jul-26 17:31:29
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`12.0`
SizeOfCode	`0x1a800`
SizeOfInitializedData	`0x10000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000906A (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1c000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x2e000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1ece7ca02ac12fe8dd2e03d37c0068db`
SHA1	`c9cc086b732c05ec7244de912c892f8831f3f339`
SHA256	`a096dcaa012b00d04560682a63cf776175570c948b004b7bd89521d84373a30e`
SHA3	`0dad0c48e21dc9ae446a5d5e90c4c4c510117198c23555eb69756e5f0ee71d8a`
VirtualSize	`0x1a653`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1a800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.63327`

.rdata

MD5	`3d3416e38c7dfa098ba6339608b20461`
SHA1	`f0408d9a1efc9038cc7c1e7c676d0acb8d69e38c`
SHA256	`25148b9c9787e864613d482ebcee175f7f88da1823d9c95b7676fccc1c4c0d4b`
SHA3	`eed235f5eee200643d99dc043afef85258a418a9de9ac2476502c4570c263426`
VirtualSize	`0x6d7c`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x6e00`
PointerToRawData	`0x1ac00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.18671`

.data

MD5	`3a733b36ecbd4af550a2baac549db440`
SHA1	`0eac18e14c366d8273c1b6a6317bb080faf5ac98`
SHA256	`da0060d386fc5e8c406f48969b76f8b2ad25590496e81a82f9660af3039061a4`
SHA3	`1af01d35b967c7775c426f34ae2cbdf8ad4dcebbf8c9275345952af734ac3ed5`
VirtualSize	`0x7624`
VirtualAddress	`0x23000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x21a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.3462`

.rsrc

MD5	`8ec89d4b60516043011e1465be9419d1`
SHA1	`ab7001811df4b08ff4fa926a9a984adf8f690f73`
SHA256	`045735a0f679ae2c3b935c0ffb0dcd77928cdde1a437492a8463aa6836080f80`
SHA3	`66551a13c9a6c686c1325b8e6bfe357427a5c3bbb00a36a8dda9c57fc9ff36ba`
VirtualSize	`0x1e0`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x23600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71768`

.reloc

MD5	`b78d932d59c92935880094a730076fec`
SHA1	`08384cc75852a625389777e4ad88602ab56fa740`
SHA256	`9db991cf3d32e59b74fad15bb27ac29d22ec3ddfe1da635cbe579c6ebd3200f4`
SHA3	`a48eb67eaff6f924445e9aac217ee42f6154bf212ac3a532ee3f153d78ef29ff`
VirtualSize	`0x1724`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x23800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.59667`

Imports

KERNEL32.dll	`GetPrivateProfileStringW` `GetTempPathW` `WideCharToMultiByte` `CreatePipe` `GetStartupInfoA` `CreateProcessA` `TerminateThread` `TerminateProcess` `CloseHandle` `WriteFile` `ReadFile` `QueryPerformanceCounter` `CreateThread` `GetLastError` `OpenProcess` `Sleep` `GetTimeZoneInformation` `SetEndOfFile` `GetCurrentDirectoryW` `GetFullPathNameW` `PeekNamedPipe` `GetFileInformationByHandle` `FileTimeToLocalFileTime` `CreateFileW` `OutputDebugStringW` `WriteConsoleW` `LCMapStringW` `CompareStringW` `GetStringTypeW` `FlushFileBuffers` `SetStdHandle` `HeapReAlloc` `LoadLibraryExW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `GetModuleHandleW` `TlsFree` `EncodePointer` `DecodePointer` `HeapFree` `HeapAlloc` `IsDebuggerPresent` `IsProcessorFeaturePresent` `GetCommandLineW` `ExitProcess` `GetModuleHandleExW` `GetProcAddress` `AreFileApisANSI` `MultiByteToWideChar` `HeapSize` `EnterCriticalSection` `LeaveCriticalSection` `RtlUnwind` `SetFilePointerEx` `GetConsoleMode` `ReadConsoleW` `GetProcessHeap` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `SetLastError` `GetCurrentThreadId` `GetFileAttributesExW` `GetConsoleCP` `GetStdHandle` `GetModuleFileNameW` `RaiseException` `FindClose` `FindFirstFileExW` `GetDriveTypeW` `SystemTimeToTzSpecificLocalTime` `FileTimeToSystemTime` `GetFileType` `DeleteCriticalSection` `GetStartupInfoW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `InitializeCriticalSectionAndSpinCount` `GetCurrentProcess` `TlsAlloc` `TlsGetValue` `TlsSetValue` `SetEnvironmentVariableA`
ADVAPI32.dll	`CryptReleaseContext` `CryptAcquireContextW` `CryptGenRandom`
SHELL32.dll	`SHGetSpecialFolderPathW`
WS2_32.dll	`#19` `#16` `#4` `#11` `#9` `#23` `#111` `#115`
WINHTTP.dll	`WinHttpQueryHeaders` `WinHttpReceiveResponse` `WinHttpWriteData` `WinHttpSendRequest` `WinHttpAddRequestHeaders` `WinHttpQueryDataAvailable` `WinHttpSetOption` `WinHttpOpenRequest` `WinHttpConnect` `WinHttpOpen` `WinHttpGetIEProxyConfigForCurrentUser` `WinHttpCloseHandle` `WinHttpReadData` `WinHttpQueryOption`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x423000`
SEHandlerTable	`0x421c50`
SEHandlerCount	`3`

RICH Header

XOR Key	`0x80ed8d18`
Unmarked objects	`0`
C++ objects (VS2013 build 21005)	`49`
ASM objects (VS2013 build 21005)	`20`
C objects (VS2013 build 21005)	`168`
Imports (VS2008 SP1 build 30729)	`11`
Total imports	`138`
229 (VS2013 UPD3 build 30723)	`13`
Resource objects (VS2013 build 21005)	`1`
151	`1`
Linker (VS2013 UPD3 build 30723)	`1`

b07499a9e157bff01b592f373400fe1c

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors