Manalyze report for b59195b7d7ed433353a3c54627cea6d3

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2022-Jun-01 13:20:37
Detected languages	English - United States

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .pexe` `Section .reloc is both writable and executable.` `The PE only has 4 import(s).`
Info	The PE contains common functions which appear in legitimate applications.	`Can access the registry: RegOpenKeyExW`
Info	The PE's resources present abnormal characteristics.	`Resource 6959 is possibly compressed or encrypted.`
Suspicious	The file contains overlay data.	`411136 bytes of data starting at offset 0x1ba00.` `The overlay data has an entropy of 7.9995 and is possibly compressed or encrypted.` `Overlay data amounts for 78.418% of the executable.`
Malicious	VirusTotal score: 14/71 (Scanned on 2022-08-05 13:27:51)	`Cynet: Malicious (score: 100)` `Sangfor: Suspicious.Win32.Save.a` `Cybereason: malicious.de55e7` `Elastic: malicious (moderate confidence)` `APEX: Malicious` `Avast: FileRepMalware [Misc]` `Sophos: Generic ML PUA (PUA)` `Trapmine: malicious.high.ml.score` `FireEye: Generic.mg.b59195b7d7ed4333` `Gridinsoft: Trojan.Heur!.032100A3` `AhnLab-V3: Malware/Win.Generic.C5140170` `Zoner: Probably Heur.ExeHeaderL` `AVG: FileRepMalware [Misc]` `CrowdStrike: win/malicious_confidence_70% (D)`

Hashes

MD5	`b59195b7d7ed433353a3c54627cea6d3`
SHA1	`27195fbde55e796a66810a77ea85fc94ff398975`
SHA256	`1a6636b13dc04d752b547e8c500942e33cb8237dfdc3de3fb27a1dcfa07d488d`
SHA3	`d349e6521b28665c45338f38bf32dc93cd0a7c46c560771a16eb39c91b114382`
SSDeep	`12288:xnSeC6e95osuNQ19aijPyYyAH/DxwNFhwh9zRyovW+:xnSeC6e9GsuW1U9LAH/ONFCxvW+`
Imports Hash	`352de7e63f0ab637efe4d7a840beedff`

DOS Header

e_magic	`MZ`
e_cblp	`0x42dd`
e_cp	`0x4ba6`
e_crlc	`0xc85`
e_cparhdr	`0xef3c`
e_minalloc	`0x649a`
e_maxalloc	`0xa9f7`
e_ss	`0x7647`
e_sp	`0xdc4d`
e_csum	`0xb6ef`
e_ip	`0xfb88`
e_cs	`0x595c`
e_ovno	`0xf5d3`
e_oemid	`0x3272`
e_oeminfo	`0x149a`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2022-Jun-01 13:20:37
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x93b0c`
SizeOfInitializedData	`0x43bd6`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000A6550 (Section: .reloc)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xc1000`
SizeOfHeaders	`0x400`
Checksum	`0x85552`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.pexe

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x789fc`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.reloc

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x242ba`
VirtualAddress	`0x7a000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.pdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x44c0`
VirtualAddress	`0x9f000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`389d4f5a7dec14230ddcce4576fe0b41`
SHA1	`b8c473caa900cbc7966c8be0e0490241f9d4cfff`
SHA256	`cd97e4c9b2005e72bc6e1e1e851ca19f1a3f5beeff43dedb608582254cd7e6d5`
SHA3	`2b2827298c5f95f083a2852d7fd0a38b434888ca77a8a10822f3d0992a80dd66`
VirtualSize	`0x34c`
VirtualAddress	`0xa4000`
SizeOfRawData	`0x400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.51939`

.reloc (#2)

MD5	`450ff85d20f3e6914bba34b3590f7dde`
SHA1	`048e5abfbaca0fed37c6211b130a37a7bd509db2`
SHA256	`c9ef8a42c9e3b8495a8d4f58fb0a07fd99810894dd579de7e0634362a995a232`
SHA3	`9f688bc00f647c184db721e5be9dd610282c629b42152cd01c4f6b52b9b36cc4`
VirtualSize	`0x1b110`
VirtualAddress	`0xa5000`
SizeOfRawData	`0x1b200`
PointerToRawData	`0x800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.8622`

Imports

shell32.dll	`DragFinish`
user32.dll	`EndDialog`
kernel32.dll	`GetModuleHandleA`
advapi32.dll	`RegOpenKeyExW`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

6959

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x121`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.23329`
MD5	`4518958ff3e8423cc624b93a88783357`
SHA1	`5641ffdd0504fa00e53dabb1ef82b8fff591ec11`
SHA256	`535f34d2358e00197a7917487f3db565cbbe229fe696c684fd5cce6460ca0007`
SHA3	`85a2b70e391cba7b83f586865bf6209dec78dbf09d95c672ddae53bc860f6623`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .pexe has a size of 0!
[*] Warning: Section .reloc has a size of 0!
[*] Warning: Section .pdata has a size of 0!