Manalyze report for b6c9fdb500ab54d53f5c59990d1a2297

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Jan-18 02:18:34

Plugin Output

Malicious	The file headers were tampered with.	`Unusual section name found: CRT` `The PE only has 2 import(s).` `The RICH header checksum is invalid.`
Malicious	VirusTotal score: 48/66 (Scanned on 2017-11-17 21:11:46)	`MicroWorld-eScan: Trojan.Generic.7703560` `CMC: Trojan.Win64.Pakes!O` `McAfee: Artemis!B6C9FDB500AB` `Cylance: Unsafe` `Zillya: Trojan.Kryptik.Win64.108` `K7GW: Trojan ( 0046a4201 )` `K7AntiVirus: Trojan ( 0046a4201 )` `Invincea: heuristic` `Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9928` `Symantec: Trojan.Gen` `ESET-NOD32: a variant of Win64/Kryptik.B` `TrendMicro-HouseCall: TROJ_GEN.R047C0DGL17` `Paloalto: generic.ml` `Kaspersky: Trojan.Win64.Pakes.e` `BitDefender: Trojan.Generic.7703560` `NANO-Antivirus: Trojan.Win64.Rodricter.vccnn` `AegisLab: Troj.Win64.Pakes.e!c` `Avast: FileRepMetagen [Malware]` `Tencent: Win64.Trojan.Pakes.Phgj` `Ad-Aware: Trojan.Generic.7703560` `Sophos: Mal/Generic-S` `Comodo: UnclassifiedMalware` `F-Secure: Trojan.Generic.7703560` `DrWeb: Trojan.Rodricter.17` `VIPRE: Trojan.Win32.Generic!BT` `TrendMicro: TROJ_GEN.R047C0DGL17` `McAfee-GW-Edition: BehavesLike.Win64.Downloader.ph` `Emsisoft: Trojan.Generic.7703560 (B)` `Jiangmin: Trojan.Pakes.asx` `Webroot: W32.Trojan.Gen` `Avira: TR/Crypt.XPACK.Gen` `Microsoft: Trojan:Win64/Simda.A` `Endgame: malicious (high confidence)` `Arcabit: Trojan.Generic.D758C08` `ZoneAlarm: Trojan.Win64.Pakes.e` `GData: Trojan.Generic.7703560` `ALYac: Trojan.Generic.7703560` `AVware: Trojan.Win32.Generic!BT` `MAX: malware (ai score=87)` `VBA32: Trojan.Win64.Pakes` `Yandex: Trojan.Pakes!My4XUxIhDIQ` `Ikarus: Trojan.Win64` `Fortinet: W64/Simda.BD!tr` `AVG: FileRepMetagen [Malware]` `Cybereason: malicious.1b8fb7` `Panda: Trj/CI.A` `CrowdStrike: malicious_confidence_100% (D)` `Qihoo-360: Malware.Radar01.Gen`

Hashes

MD5	`b6c9fdb500ab54d53f5c59990d1a2297`
SHA1	`100f0f77315c772fe4e2654ca95e6f79e4220059`
SHA256	`bad817ee87e1ed7ac1318a47f723a7f502938aba6f111f1cb0223a0952dd4474`
SHA3	`9b2908b0795b72a7318e1bb3def134585087977039485f02c252ef5ec0666844`
SSDeep	`768:YM7rXMlVPra1PmfB07M8qAuYemulB6oUIRA9KunJBxAu2K7MVQpfJ8Z/9XspyOu:Y2MHW1PmfB0dkkKunJXXbORsp27NO6a`
Imports Hash	`c53e284ff3433e78e77eadc5a2e641bf`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`5`
TimeDateStamp	2010-Jan-18 02:18:34
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`6.0`
SizeOfCode	`0x1000`
SizeOfInitializedData	`0x2e000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000002E078 (Section: .text)`
BaseOfCode	`0x2e000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`3.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x30000`
SizeOfHeaders	`0x400`
Checksum	`0x10998`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.bss

MD5	`58ae786d70f93081ce94bfb5118e204a`
SHA1	`0132b5dc4bf4c6d4d191ba84c073b86a8521cdba`
SHA256	`4fc8f60c4ac5a409356ea949063c1951bdd5523b8a62b652d56b223074e7540b`
SHA3	`11a5a03b92058da1349abb218aafad20db8d44cd06202a8fc8f9cee7495609eb`
VirtualSize	`0x123d6`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.89768`

CRT

MD5	`a116994eecf5c3d2d988e98baeace201`
SHA1	`d45f9b10aa2a565501097290098a6bca60687d84`
SHA256	`9fc80aa8821320969b703fea72ee70841162c9478f3d9ecf9df285257b89a4ee`
SHA3	`dd686f3d993077c5f796ccaa67c855559bf1e6cc6f57a1fece068822243e6fd4`
VirtualSize	`0x116dd`
VirtualAddress	`0x14000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x5a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.08312`

INIT

MD5	`eab6d18294a3aef3f46eca7ab63127d4`
SHA1	`6436b6b3d71af35bc3bcdda821d052e511333428`
SHA256	`d2693b1a80e84c5e6916321429c608c4e42aa3b2ef16bf08f37fde012b5b4914`
SHA3	`b8319c5f4192bbb1794b5838bf7b3467b1ec3886ec0b324bd351af43f07aea89`
VirtualSize	`0x7dbf`
VirtualAddress	`0x26000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x8800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.10833`

.text

MD5	`2a5c7de23393b05850d4ace77bcb0efc`
SHA1	`833364f3361a0188b8269573d8797f027c159d1e`
SHA256	`6a8d8b2ce8f24f82091effbfdabf496b53fd7d7f2ece79f91d9d54927d29a24a`
SHA3	`6d2a52c86b84554f329ee7ab672f4c6919006e87b731ea82a982df916efe90b9`
VirtualSize	`0xb18`
VirtualAddress	`0x2e000`
SizeOfRawData	`0xc00`
PointerToRawData	`0xb200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43813`

.reloc

MD5	`2c38765194d27b75f56d0565088a53ee`
SHA1	`217125fcb30e489e2ecc55be03157344f4a06db8`
SHA256	`0d01674048d0a4f06e1830aa68b772aa3b354de89fb53ed3f26fb9d65a32661e`
SHA3	`2a83f3c802992fc8d08a2c57442e6e8ad873376df2e5345cb656e41655f0d443`
VirtualSize	`0x8`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x200`
PointerToRawData	`0xbe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.0203931`

Imports

GDI32.dll	`GetArcDirection`
KERNEL32.dll	`VirtualAlloc`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x69ae5966`
Unmarked objects	`0`
177 (13181)	`185`
ASM objects (13181)	`185`
24 (13181)	`185`

b6c9fdb500ab54d53f5c59990d1a2297

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.bss

CRT

INIT

.text

.reloc

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors