Manalyze report for b4440eea7367c3fb04a89225df4022a6

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2054-Nov-16 06:26:21
Comments
CompanyName
FileDescription	Pdfixers
FileVersion	`1.0.0.0`
InternalName	Pdfixers.exe
LegalCopyright	Copyright © 2023
LegalTrademarks
OriginalFilename	Pdfixers.exe
ProductName	Pdfixers
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Info	The PE is digitally signed.	`Signer: ADSMARKETO LLC` `Issuer: GlobalSign GCC R45 EV CodeSigning CA 2020`
Malicious	VirusTotal score: 45/72 (Scanned on 2024-11-07 21:12:50)	`ALYac: Application.Deceptor.BLK` `AVG: Win64:PUP-gen [PUP]` `AhnLab-V3: PUP/Win.Agent.C5629529` `Antiy-AVL: RiskWare[Downloader]/Win32.Agent` `Arcabit: Application.Deceptor.BLK` `Avast: Win64:PUP-gen [PUP]` `Avira: PUA/Pdfixers.ajzky` `BitDefender: Application.Deceptor.BLK` `Bkav: W32.Common.DEA3A836` `CAT-QuickHeal: Trojan.Agent` `CTX: exe.trojan.pdfixers` `CrowdStrike: win/grayware_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of MSIL/Pdfixers.A potentially unwanted` `Elastic: malicious (moderate confidence)` `F-Secure: PotentialRisk.PUA/Pdfixers.ajzky` `FireEye: Application.Deceptor.BLK` `Fortinet: Riskware/Pdfixers` `GData: Application.Deceptor.BLK` `Google: Detected` `Gridinsoft: PUP.Win64.MediaArena.dd!c` `Ikarus: PUA.MSIL.Pdfixers` `K7AntiVirus: Riskware ( dec006f31 )` `K7GW: Riskware ( dec006f31 )` `Kaspersky: not-a-virus:Downloader.Win32.Agent.niyj` `Kingsoft: Win32.Troj.Generic.v` `Lionic: Riskware.Win32.Deceptor.1!c` `Malwarebytes: PUP.Optional.MediaArena` `MaxSecure: Trojan.Malware.240990967.susgen` `McAfeeD: ti!A024A18E2770` `MicroWorld-eScan: Application.Deceptor.BLK` `Microsoft: Misleading:Win32/Lodi` `Paloalto: generic.ml` `Panda: PUP/TechUtilities` `Sophos: Mal/Generic-R` `Symantec: PUA.Superfluss` `TrendMicro: PUA.MSIL.PDFFixers.A` `TrendMicro-HouseCall: PUA.MSIL.PDFFixers.A` `VBA32: Downloader.Agent` `VIPRE: Application.Deceptor.BLK` `Varist: W64/ABDeceptor.ITQR-7049` `ViRobot: Adware.Pdfixers.8507584` `VirIT: Deceptor.PDFFixers.EGB` `ZoneAlarm: not-a-virus:Downloader.Win32.Agent.niyj`

Hashes

MD5	`b4440eea7367c3fb04a89225df4022a6`
SHA1	`5a6c01f821f10f6ed1f1283ecba36c5bacfb5838`
SHA256	`a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0`
SHA3	`c0fb6fd356837dcd469f951b59023735c0b1476536c740bdae41a77f361c83c8`
SSDeep	`196608:qn1PLvFtljMRfLjjL4/Y8261NG9HTta83vm:qnZFtlIP4/Y7pO8/m`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`2`
TimeDateStamp	2054-Nov-16 06:26:21
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`80.0`
SizeOfCode	`0x7fea00`
SizeOfInitializedData	`0x1b600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000000000 (Section: ?)`
BaseOfCode	`0x2000`
ImageBase	`0x140000000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x81e000`
SizeOfHeaders	`0x200`
Checksum	`0x81f2be`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`829ae0eee9a26946b0cb8f6cae5194d8`
SHA1	`dc39c2e18d0815b9ab91abfacc06f4419d90d344`
SHA256	`3be90f8da7874122705e061cdd321df22629cb1cce77858f194b313ec4e74883`
SHA3	`220c77877654704ac56830711a248061174ce2d6aef30ed38b86a62107eb0b76`
VirtualSize	`0x7fe87c`
VirtualAddress	`0x2000`
SizeOfRawData	`0x7fea00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99245`

.rsrc

MD5	`88250d9b576ea4b56b614ec4fe007258`
SHA1	`e5b946a87315a2c4049dd4611b02cea870c768be`
SHA256	`f82fd84148ecdc2207b910276f1ddb6822ea255ba2f4587ea9fa733f01569dd6`
SHA3	`3198ed769108b792057244abac1258a775eb68a4232a4cd5d1a65463c8a006dd`
VirtualSize	`0x1b4bc`
VirtualAddress	`0x802000`
SizeOfRawData	`0x1b600`
PointerToRawData	`0x7fec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.43031`

Imports

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x282c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92496`
Detected Filetype	PNG graphic file
MD5	`7a00aa9bce7391cdad596bee13e9493b`
SHA1	`c70de54cb55620e4f581128c6fb2fab813bb03f7`
SHA256	`7718733dcd79ba950ee70083c88a3cbb333ea152889e289540fa5b9f655ff15f`
SHA3	`2cd8e86f9c7cb063368e196b50bcd4c874a59f6a383976ef1a4ed6dab379273e`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.47684`
MD5	`c6d327785789292c000f3f971ebee8ca`
SHA1	`b5964e02c24bdaeda4661356c3c8ade16d7f0894`
SHA256	`e432a400250945138f3dee9edeb9f8ef6bea1651e0dc8247241fea5e70e94f87`
SHA3	`e4300fc6ea1fad1c37cc6681cab8e3945d3571338520522339fd50dd2a2b8f0d`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67455`
MD5	`72401d9d2cc8d63069d7334b8cf9c62f`
SHA1	`26a70bbed4337990838580ee15c532ba87f62625`
SHA256	`c44796943db21f8f7fe90020d0d0550cfb90603c4878a08357705240cc4c6071`
SHA3	`3a929d0e8099cd8743699e5454c0481a879ba594507f5c12eab7984e63270894`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.80987`
MD5	`865df85a34cf3ae756e4c7b7bb898b50`
SHA1	`8835febbc6d9aba8f77daf097703bfc08626b056`
SHA256	`d74c390743362c11642363c2ede95e3e37bd92c73bc741fa8da83b19c7291942`
SHA3	`f12b3e6f92094f98fad5ab3a23450c1eefb70ef2d60471d90422b96e038df432`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.05713`
MD5	`692a9baedf1216ad29139737892f88af`
SHA1	`f541473fac430965b3a4d2c8f57947a553a26ce6`
SHA256	`2a05fb1a66713bb6f2813e8e28d9ad6f3280f32a4d9df9e56a73837ae73026d8`
SHA3	`17fdf9909a7ceb47e0482d382213cf3680a0563db439857031fe94ba576f28af`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48064`
MD5	`8662d69cc784b6ce493af47303b4f666`
SHA1	`84bcd7061c6ac38dd0d6c1925b8034ba068dee12`
SHA256	`7f3bea1896c5f0598c4f0fffe8cc0868eea45d6c813cd778e25f4fa7494db7a1`
SHA3	`7933ba6d1f83afca7c5638b76e3593f7c6b8bc2185f3bb8b9e5cf857eba10bb1`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76847`
Detected Filetype	Icon file
MD5	`857efedebe81d3a1eebd5fb8117417ac`
SHA1	`c5d6257a29c43c56392002af23963c280f30536e`
SHA256	`f610767686d3786867d3b19dd97a2c009f07bea1a86e13e793f2c58fecc75fe3`
SHA3	`6029b4bedec07bbb51f830d05f776507e77c61a7cd560c29958a3bd4b5c33855`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x31c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.25709`
MD5	`f8d7d4ca7a2fa11a5239a31dde2cbd6c`
SHA1	`933edd74e727bf79dbd4a2f56d807c74c6de9d4d`
SHA256	`0983ebf30b76bc1602db0430ad317e9dc8c1e79f77a5fa08102c08d3716a7587`
SHA3	`2982e77b5e68046dd629288948904e1181f3d2af1228d66d9587eb2227563ee7`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`b7db84991f23a680df8e95af8946f9c9`
SHA1	`cac699787884fb993ced8d7dc47b7c522c7bc734`
SHA256	`539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a`
SHA3	`4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	Pdfixers
FileVersion (#2)	1.0.0.0
InternalName	Pdfixers.exe
LegalCopyright	Copyright © 2023
LegalTrademarks
OriginalFilename	Pdfixers.exe
ProductName	Pdfixers
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

UNKNOWN

Characteristics	`0`
TimeDateStamp	1970-Jan-01 00:00:00
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

b4440eea7367c3fb04a89225df4022a6

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

Imports

Delayed Imports

1

2

3

4

5

6

32512

1 (#2)

1 (#3)

Version Info

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors