Manalyze report for b589506faf68e99c99e1be14742c4a1d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2019-Aug-06 17:54:21
Detected languages	English - United States Process Default Language Russian - Russia
Debug artifacts	C:\Users\gerg\Documents\WindowsProject4\Release\WindowsProject4.pdb
CompanyName	fgdfsdfsd
FileDescription	dfsdfdsfsdfds
FileVersion	`1.0.0.1`
InternalName	WindowsP.exe
LegalCopyright	Copyright (C) 2019
OriginalFilename	WindowsP.exe
ProductName	dfsdfsdfsdfsd
ProductVersion	`1.0.0.1`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegGetValueA` `Possibly launches other programs: CreateProcessA` `Can create temporary files: GetTempPathA CreateFileW` `Has Internet access capabilities: InternetOpenW InternetCloseHandle InternetReadFile InternetConnectW URLDownloadToFileA`
Malicious	VirusTotal score: 13/69 (Scanned on 2019-08-06 18:39:38)	`Qihoo-360: HEUR/QVM20.1.076F.Malware.Gen` `Cylance: Unsafe` `Cybereason: malicious.81b41c` `Symantec: ML.Attribute.HighConfidence` `APEX: Malicious` `Rising: Trojan.Generic@ML.91 (RDML:5MD+8UL8qEDSQPsRzyZe+Q)` `FireEye: Generic.mg.b589506faf68e99c` `SentinelOne: DFI - Malicious PE` `Webroot: W32.Adware.Gen` `Endgame: malicious (high confidence)` `Acronis: suspicious` `VBA32: suspected of Trojan.Downloader.gen.h` `CrowdStrike: win/malicious_confidence_60% (D)`

Hashes

MD5	`b589506faf68e99c99e1be14742c4a1d`
SHA1	`b4b4e2c81b41c47158cb45fa0259ecffff3d208d`
SHA256	`cf1113e03566ebcf2e6f7602a73a2f642debce837494aa60b45754d74b0f3687`
SHA3	`821448428f955f61c31e8063e53c101a325d8755eee2a687747d609f23c9fd53`
SSDeep	`3072:TRUC3iECrfLslI67v52kZ0lvTSs/i+jQXoZ6ovTr07/0tiRLdkf:1UC9H7wv/icqoZ6oLr07ciRLKf`
Imports Hash	`3ffdbe1f7c3dea716962ad7bfdf2997f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2019-Aug-06 17:54:21
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xdc00`
SizeOfInitializedData	`0x2a200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002AEF (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xf000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x3b000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f7a6086256702122a95ad26df88b6071`
SHA1	`8fd18a2f500f042b67f3d2680090be81f5314fa0`
SHA256	`60c42dd86259d646484d1613bd05b9c80539b434e30f76c681e74a269569a17c`
SHA3	`c65def30060996db5b158012d46654d9ce9904a7d634ca6ed6e6f246204bf4ad`
VirtualSize	`0xdb66`
VirtualAddress	`0x1000`
SizeOfRawData	`0xdc00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.61929`

.rdata

MD5	`245b499f4c6e5df90e39508faf941646`
SHA1	`f02d64e8cf52989f71ab0b81baecc5b2e278c56c`
SHA256	`9e673b0bd63a88835d32002d131c04a9cc434824160157eed6e77b99072237a3`
SHA3	`3a8ecb1427a1fa226c55207f66d0cdc1f0515b8309b9b79b3666b15e23f1ef5f`
VirtualSize	`0x622e`
VirtualAddress	`0xf000`
SizeOfRawData	`0x6400`
PointerToRawData	`0xe000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.78975`

.data

MD5	`dd57deb900d502b62a94d6ec35beed2b`
SHA1	`d42209a523403e54603eb86cdae580c3c1145237`
SHA256	`5af396b1376186f00180ee563ab4502522d911a4633c4e9f198099820f1b534e`
SHA3	`90498b95594370a92fd0cb704b1af1b3b5a35d82e312a1c4d5ccc3eb2a12bbee`
VirtualSize	`0x14cc`
VirtualAddress	`0x16000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x14400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.52141`

.rsrc

MD5	`d38225515601b63dd60dbb40930031e5`
SHA1	`acf56fa3401c6e82eaf4910196dba2c932133cfe`
SHA256	`373ce8b1e2b99b38684f687bdb99ef3714ef27fce77e54cac46c404b96854b1f`
SHA3	`ad341f8c1e424380aa377e8668721d129a7eed749c769e89fa1920ef453c3116`
VirtualSize	`0x21650`
VirtualAddress	`0x18000`
SizeOfRawData	`0x21800`
PointerToRawData	`0x14e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.30072`

.reloc

MD5	`e2d826c3512f09b9f9627989c8197017`
SHA1	`8ae406f1005d3659fc6cb5fdbbfa3b80b93ae031`
SHA256	`a2ea10bd9388e7e2c6524ce9d0b40964d1ef3fd8c1f02f19f9a02e1ce91f1a9c`
SHA3	`2968c7d6c4ecb9caa17ea1a116539730a73adb94d4d9a89edee9b53cb0a61bde`
VirtualSize	`0xfac`
VirtualAddress	`0x3a000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x36600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47137`

Imports

KERNEL32.dll	`GetProcessHeap` `HeapFree` `GetProcAddress` `HeapAlloc` `ExitProcess` `GetTempPathA` `Sleep` `WriteConsoleW` `CreateProcessA` `CloseHandle` `CreateFileW` `SetFilePointerEx` `GetConsoleMode` `GetConsoleCP` `FlushFileBuffers` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwind` `RaiseException` `GetLastError` `SetLastError` `EncodePointer` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `GetStdHandle` `WriteFile` `GetModuleFileNameW` `GetModuleHandleExW` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `MultiByteToWideChar` `WideCharToMultiByte` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetStdHandle` `GetFileType` `GetStringTypeW` `LCMapStringW` `HeapSize` `HeapReAlloc` `DecodePointer`
ADVAPI32.dll	`RegGetValueA`
WININET.dll	`InternetOpenW` `InternetCloseHandle` `InternetReadFile` `HttpSendRequestW` `HttpOpenRequestW` `InternetConnectW`
urlmon.dll	`URLDownloadToFileA`

Delayed Imports

1

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.03998`
MD5	`bf7c2027f8a09e2894d97cee83ede332`
SHA1	`79412266a941967d9e0a4a4ef4c2f8567ed418db`
SHA256	`56c5a6b8d55ba9bff50c51fb23573b9de417503aad4a7140b0061d1c7ab8afc1`
SHA3	`6d53c90915d0830872cce2408b36b17aaf2e5e3dd9e3a68053cde37c1be1c25e`

2

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.93031`
MD5	`46343f18739373eef110208d07b2aef9`
SHA1	`6d8cf6a7307e8a586be7c9996b5bbf836db0520c`
SHA256	`4fdb8f01a7d10e54f37b12bd26d25bc05bdb99493f03cce2d0a6114c835544ad`
SHA3	`df03c991deac17b7838427a742592ff8b26dc10179c12ea4e7c3405b60f6d5be`

144

Type	`RT_GROUP_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.98048`
Detected Filetype	Icon file
MD5	`38388dda6548693f4d42f2241a4218d7`
SHA1	`78bedd12a20f97e31e58742381f3d0ca1edb4715`
SHA256	`cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba`
SHA3	`9ace1e9f008d60580379cdfdcd4119706c82d52d2e5fdb9e5745fa00864cc1a8`

145

Type	`RT_GROUP_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`8f86676bbba888f4c3c4c7e3b4fdb4b2`
SHA1	`67c460a036df79419b3f280eaef622319e0504b3`
SHA256	`12598188b44d76a8828aa7a8211c4c1bfa8093f617928f5c8f3da9cd81a42d64`
SHA3	`bbaf5dace4e604745a8b36d0cee3588d2820dfb4e986fde0a080539616f15807`

1 (#2)

Type	`RT_VERSION`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x2c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32367`
MD5	`65c81c887fb96e709177f7b489935c43`
SHA1	`0be6826ecae291e12a7c813decc7ce18aaf35a42`
SHA256	`a6c9252c1ec531eb9969653dc2ee6b8052c1e7827ac944ebcec4101c535b79ce`
SHA3	`ce5c0882a24dd6bedcc9466c2c129df66409bb961909bc139c261558a62cc3ee`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	Process Default Language
CompanyName	fgdfsdfsd
FileDescription	dfsdfdsfsdfds
FileVersion (#2)	1.0.0.1
InternalName	WindowsP.exe
LegalCopyright	Copyright (C) 2019
OriginalFilename	WindowsP.exe
ProductName	dfsdfsdfsdfsd
ProductVersion (#2)	1.0.0.1

Resource LangID	Russian - Russia

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2019-Aug-06 17:54:21
Version	`0.0`
SizeofData	`92`
AddressOfRawData	`0x140b4`
PointerToRawData	`0x130b4`
Referenced File	C:\Users\gerg\Documents\WindowsProject4\Release\WindowsProject4.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2019-Aug-06 17:54:21
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x14110`
PointerToRawData	`0x13110`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2019-Aug-06 17:54:21
Version	`0.0`
SizeofData	`708`
AddressOfRawData	`0x14124`
PointerToRawData	`0x13124`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2019-Aug-06 17:54:21
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x416004`
SEHandlerTable	`0x414090`
SEHandlerCount	`9`

RICH Header

XOR Key	`0x8f21d91f`
Unmarked objects	`0`
ASM objects (26213)	`10`
C++ objects (26213)	`141`
C objects (26213)	`18`
C++ objects (VS 2015/2017 runtime 26706)	`40`
C objects (VS 2015/2017 runtime 26706)	`17`
ASM objects (VS 2015/2017 runtime 26706)	`17`
Imports (26213)	`9`
Total imports	`98`
265 (VS2017 v15.9.12-13 compiler 27031)	`2`
Resource objects (VS2017 v15.9.12-13 compiler 27031)	`1`
151	`1`
Linker (VS2017 v15.9.12-13 compiler 27031)	`1`

b589506faf68e99c99e1be14742c4a1d

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

2

144

145

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors