Manalyze report for b58cefdac2c31abf127e874d5b22e5acd8e1c8b61e4e9d3c6b4621a5524dd1a7

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jun-16 17:04:42
Detected languages	English - United States
CompanyName	Borneo Flasher Indonesia
FileDescription	Borneo Schematics
FileVersion	`1.0.9659.13774`
InternalName	Borneo Schematics
LegalCopyright	Borneo Flasher
LegalTrademarks	Aztech
OriginalFilename	Borneo Schematics
ProgramID	Borneo
ProductName	Borneo Schematics
ProductVersion	`1.0.9659.13774`
Comments	Borneo Flasher Indonesia

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for Qemu presence: Qemu`
Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .itext` `Unusual section name found: .didata` Unusual section name found: .`0 Unusual section name found: .`1 Unusual section name found: .`2
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Uses Microsoft's cryptographic API: CryptUnprotectData` `Has Internet access capabilities: WinHttpGetIEProxyConfigForCurrentUser InternetQueryOptionW` `Leverages the raw socket API to access the Internet: gethostbyaddr` `Queries user information on remote machines: NetWkstaGetInfo`
Info	The PE's resources present abnormal characteristics.	`The binary may have been compiled on a machine in the UTC+7 timezone.`
Malicious	VirusTotal score: 27/70 (Scanned on 2026-06-22 07:22:34)	`AhnLab-V3: Trojan/Win.Generic.R780798` `Bkav: W32.Malware.26955B03` `CTX: exe.trojan.generic` `CrowdStrike: win/malicious_confidence_90% (D)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win32/Packed.VMProtect.BC suspicious application` `Elastic: malicious (high confidence)` `Fortinet: Riskware/Application` `GData: Win32.Trojan.Agent.IYKM92` `Google: Detected` `K7AntiVirus: Unwanted-Program ( 005ce2c11 )` `K7GW: Unwanted-Program ( 005ce2c11 )` `McAfeeD: ti!B58CEFDAC2C3` `Microsoft: Trojan:Win32/Kepavll!rfn` `Paloalto: generic.ml` `Sangfor: Trojan.Win32.Agent.Vgxb` `SentinelOne: Static AI - Malicious PE` `Skyhigh: Artemis` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.moderate.ml.score` `TrellixENS: Artemis!69905E338588` `TrendMicro-HouseCall: TROJ_GEN.R002H01FL26` `Varist: W32/ABApplication.LTUR-0596` `alibabacloud: VirTool:Win/Sabsik.ET`

Hashes

MD5	`69905e33858804c4d4e0ecc971434b2f`
SHA1	`3b398a2c281ab883dcb754bd09363cc31c09931d`
SHA256	`b58cefdac2c31abf127e874d5b22e5acd8e1c8b61e4e9d3c6b4621a5524dd1a7`
SHA3	`2ce32f780753a96d93abfcaef6266dd9f5d3b00a2e2d6e56b0f5fd69af1a46bb`
SSDeep	`393216:dWCNJREyYsqsC42wSpt+3Nz9doQee9Jb/vrQdkXspRKKYexGPNKRO+kl:RJREyYsqQ0tKoa9ZHEdBfXXRO`
Imports Hash	`61978e367ea20741d872c5a04dadef3d`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`13`
TimeDateStamp	2026-Jun-16 17:04:42
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x5e6e00`
SizeOfInitializedData	`0x1cdc00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	0x020CEE81 (Section: .`2)
BaseOfCode	`0x1000`
BaseOfData	`0x5e9000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x290c000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x5e2a88`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.itext

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x41e8`
VirtualAddress	`0x5e4000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xf9fc`
VirtualAddress	`0x5e9000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1b2a8`
VirtualAddress	`0x5f9000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4816`
VirtualAddress	`0x615000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.didata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x6e52`
VirtualAddress	`0x61a000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.edata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x71`
VirtualAddress	`0x621000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x5c`
VirtualAddress	`0x622000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x5d`
VirtualAddress	`0x623000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.`0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xc6e97b`
VirtualAddress	`0x624000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.`1

MD5	`b231abbd103ac82b2603e34bcfb21476`
SHA1	`8fc6c37490ee3abb8659d0e172c30299ddc133c6`
SHA256	`989729911dfdd4762b579ec79b6b35646b72183a1f469f7503850ba1d3205201`
SHA3	`9a0c0dfe0a1bb5078247286f8d2bccbb3cc7c9e5f80af4568229db711db57257`
VirtualSize	`0xe80`
VirtualAddress	`0x1293000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.361458`

.`2

MD5	`5ff80ff01c5cd67667049f61fe0a2242`
SHA1	`5660154d2596e0b7f53a3ccc817795694348b9e1`
SHA256	`665d2b36b92bb7a7ea30ce94fa36e79df5359ecb2da85dd3db0be6dad4fa46f7`
SHA3	`0fd360d1a797100a24a2d8fcdb7596db3608e056807cabf5ed784ac6c34db336`
VirtualSize	`0x1675f70`
VirtualAddress	`0x1294000`
SizeOfRawData	`0x1676000`
PointerToRawData	`0x1400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.87937`

.rsrc

MD5	`9805508fb96ab90df94e9769c7b2d3be`
SHA1	`1cf5ec0d58ffe6d444957f3787340115864acac7`
SHA256	`90243ab8de28b3c4c394e731675d313eed13298a5a0da4c4436887d72ad6f306`
SHA3	`3d265ef6129060d0ae499df117277beb99909cf9b3345409a6a3e07a9c14413f`
VirtualSize	`0x1bdd`
VirtualAddress	`0x290a000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x1677400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.12085`

Imports

shlwapi.dll	`SHCreateStreamOnFileW`
ws2_32.dll	`gethostbyaddr`
version.dll	`GetFileVersionInfoSizeW`
user32.dll	`MoveWindow`
PSAPI.dll	`GetProcessImageFileNameW`
oleaut32.dll	`SafeArrayPutElement`
advapi32.dll	`CloseServiceHandle`
msvcrt.dll	`memcpy`
netapi32.dll	`NetWkstaGetInfo`
winhttp.dll	`WinHttpGetIEProxyConfigForCurrentUser`
kernel32.dll	`GetVersion` `GetVersionExW`
SHFolder.dll	`SHGetFolderPathW`
wsock32.dll	`htons`
crypt32.dll	`CryptUnprotectData`
gdi32.dll	`Pie`
wininet.dll	`InternetQueryOptionW`
winspool.drv	`DocumentPropertiesW`
comdlg32.dll	`ChooseColorW`
comctl32.dll	`ImageList_GetImageInfo`
shell32.dll	`SHGetFileInfoW`
ExImage.dll	`GetRegionImage`
ole32.dll	`OleRegEnumVerbs`
iphlpapi.dll	`GetAdaptersInfo`
kernel32.dll (#2)	`GetVersion` `GetVersionExW`
kernel32.dll (#3)	`GetVersion` `GetVersionExW`
kernel32.dll (delay-loaded)	`GetVersion` `GetVersionExW`

Delayed Imports

Attributes	`0x1`
Name	`kernel32.dll`
ModuleHandle	`0x61a280`
DelayImportAddressTable	`0x61a2d0`
DelayImportNameTable	`0x1ea91fc`
BoundDelayImportTable	`0x61b830`
UnloadDelayImportTable	`0x61c294`
TimeStamp	`1970-Jan-01 00:00:00`

dbkFCallWrapperAddr

Ordinal	`1`
Address	`0x5fc648`

__dbk_fcall_wrapper

Ordinal	`2`
Address	`0x12e84`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	2026-Jun-17 00:04:42
Entropy	`6.18738`
MD5	`e295f1237677ff9a57c1e047fe9ee485`
SHA1	`3451879e9674027cb541e6d58050d53b59bd6b31`
SHA256	`543393f66d16a99dcc89299481b7980bd5f8216cb7049b13f50cf14da8364066`
SHA3	`62cd91316173687c511be1b42f8c341a4eae2c21a66e3fff09967d44b6f1d73d`

MAINICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2026-Jun-17 00:04:42
Entropy	`1.7815`
Detected Filetype	Icon file
MD5	`3c68f77c35c26ff079a1c410ee44fa62`
SHA1	`0b40150c95fc2c6414c90d44ee78b8d8814b3393`
SHA256	`a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0`
SHA3	`590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3c8`
TimeDateStamp	2026-Jun-17 00:04:42
Entropy	`3.3914`
MD5	`4fd43f034aabd2d03d5917374637874d`
SHA1	`09fd26f13319ea3bbf473cde45b452a8d72272e6`
SHA256	`c9355b5d698d590246758369f140894e6b1dd4d1b0dfdc83f4e6d78068e55dd2`
SHA3	`f58c446ab6b12c96fe0fe0f6a0e824947695dcf9cfa6c71c1b78de1defbaf971`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x615`
TimeDateStamp	2026-Jun-17 00:04:42
Entropy	`5.01553`
MD5	`7a00ebef832afd1e47a2d1578e3264eb`
SHA1	`17e936ad0eced28a7025db246da3f7e2b01196e7`
SHA256	`6d4646df44cfb46d01a4084d0a0365aaa52dd9653f6acceb990f3525138d52bf`
SHA3	`e534b61e11da7d6ea7b50b6cf73981e358971512ef52e741db5616808d764c8b`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.9659.13774
ProductVersion	1.0.9659.13774
FileFlags	`VS_FF_PRERELEASE`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Borneo Flasher Indonesia
FileDescription	Borneo Schematics
FileVersion (#2)	1.0.9659.13774
InternalName	Borneo Schematics
LegalCopyright	Borneo Flasher
LegalTrademarks	Aztech
OriginalFilename	Borneo Schematics
ProgramID	Borneo
ProductName	Borneo Schematics
ProductVersion (#2)	1.0.9659.13774
Comments	Borneo Flasher Indonesia

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .itext has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .bss has a size of 0!
[*] Warning: Section .idata has a size of 0!
[*] Warning: Section .didata has a size of 0!
[*] Warning: Section .edata has a size of 0!
[*] Warning: Section .tls has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .`0 has a size of 0!

Leave a comment

No comments yet.