Manalyze report for b94af4a4d4af6eac81fc135abda1c40c

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2011-Oct-18 18:46:44

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegDeleteValueA RegCreateKeyExA RegSetValueExA RegOpenKeyExA RegQueryValueExA` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Leverages the raw socket API to access the Internet: #22 #115 #52 #19 #23 #9 #4 #3 #16 #116` `Interacts with services: OpenSCManagerA OpenServiceA ChangeServiceConfigA CreateServiceA DeleteService`
Malicious	VirusTotal score: 37/67 (Scanned on 2017-12-08 11:38:51)	`CAT-QuickHeal: Trojan.IGENERIC` `McAfee: RDN/Generic Downloader.x` `Cylance: Unsafe` `Zillya: Trojan.Agent.Win32.658205` `TheHacker: Trojan/Agent.qsx` `TrendMicro: TROJ_GEN.R0C1C0OFL17` `Symantec: Trojan.Gen.2` `ESET-NOD32: a variant of Win32/Agent.QSX` `TrendMicro-HouseCall: TROJ_GEN.R0C1C0OFL17` `Paloalto: generic.ml` `NANO-Antivirus: Trojan.Win32.MLW.cwjidf` `SUPERAntiSpyware: Trojan.Agent/Gen-DeepScan` `Avast: Win32:Malware-gen` `Tencent: Win32.Trojan.Downloader.Pfje` `Comodo: UnclassifiedMalware` `DrWeb: Trojan.Siggen7.6837` `VIPRE: Trojan.Win32.Generic!BT` `Invincea: heuristic` `McAfee-GW-Edition: RDN/Generic Downloader.x` `Cyren: W32/Trojan.OCXB-3800` `Webroot: W32.Malware.Heur` `Avira: TR/Downloader.Gen` `Antiy-AVL: Trojan/Win32.BTSGeneric` `Kingsoft: Win32.Troj.DeepScan.a.(kcloud)` `Endgame: malicious (high confidence)` `AegisLab: Troj.Downloader.Gen!c` `GData: Win32.Trojan.Agent.4GWFKL` `AhnLab-V3: Trojan/Win32.Downloader.C1963708` `AVware: Trojan.Win32.Generic!BT` `MAX: malware (ai score=100)` `Malwarebytes: Trojan.Agent` `Yandex: Trojan.Agent!UPg2K7fn8bU` `Ikarus: Trojan.Win32.Agent` `Fortinet: W32/Generic.AC.1B45AB!tr` `AVG: Win32:Malware-gen` `Cybereason: malicious.c6f8d2` `CrowdStrike: malicious_confidence_70% (W)`

Hashes

MD5	`b94af4a4d4af6eac81fc135abda1c40c`
SHA1	`d6356b2c6f8d29f8626062b5aefb13b7fc744d54`
SHA256	`6ac06dfa543dca43327d55a61d0aaed25f3c90cce791e0555e3e306d47107859`
SHA3	`a56fcba04ec45a638f1d2cc4347e17824634c39fc8f101421d6392322ef04148`
SSDeep	`768:ZBMB7uLhDdWaX1ZOE/XZAv39SHOIXjTpF9VM+JG4oIxBkbQDo:ZBm7uLhDdWQaP9SHlzlFPM+xIbWo`
Imports Hash	`0929d1375896fd2a50e9d0698af811d6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2011-Oct-18 18:46:44
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0xa000`
SizeOfInitializedData	`0x6000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00003896 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xb000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x11000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`4bd078cba91a86ebdf39717c8a9c8177`
SHA1	`1c0b7eeef823d9963f7c40725d04049e2850e6f2`
SHA256	`620b3195a6d2e53f2ddb0952c12cbd7810d0b82aec0369f1fedd53a1218c9525`
SHA3	`bc5a26ee68c1e31bafae2c7a5139da4304afb952c688ce72ed1cacd83149ae7f`
VirtualSize	`0x9348`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.30917`

.rdata

MD5	`8f52079de59e4862df7fc3e3907b0527`
SHA1	`c93598e618e4bdc2d48dfc05da38cd01fe07caa1`
SHA256	`22a2a7197ff3f0f67906e258b69bb5e40a76ab7ea0bbdeb34ea47ef72fee89fa`
SHA3	`ca3e96e78298343167a9b9255eb371937d6ed464b52be635fe456d249e8e78bd`
VirtualSize	`0xd70`
VirtualAddress	`0xb000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.82447`

.data

MD5	`06a207ed6941e326ca59c62b45c7c9ea`
SHA1	`6ed406f241dd458cc38f16688667a473bb3b9c15`
SHA256	`5bf5ccebb8dd5868c90527b6b9f6036fdb69ee4ab544f83f2377b462eed4e7cf`
SHA3	`c47ce0d9c88c8c76d6c0b9bfbd4c0933edaab1e23db281db54757e59f0834e12`
VirtualSize	`0x41bc`
VirtualAddress	`0xc000`
SizeOfRawData	`0x3000`
PointerToRawData	`0xc000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.807561`

Imports

KERNEL32.dll	`ExpandEnvironmentStringsA` `CopyFileA` `GetModuleFileNameA` `GetShortPathNameA` `Sleep` `WriteFile` `ReadFile` `GetLastError` `GetSystemDirectoryA` `CreateFileA` `GetFileTime` `SetFileTime` `DeleteFileA` `CloseHandle` `CompareStringW` `CompareStringA` `CreateProcessA` `GetFileAttributesA` `FlushFileBuffers` `LoadLibraryA` `GetProcAddress` `LCMapStringW` `LCMapStringA` `VirtualAlloc` `SetFilePointer` `GetStringTypeW` `ExitProcess` `TerminateProcess` `GetCurrentProcess` `GetTimeZoneInformation` `GetSystemTime` `GetLocalTime` `DuplicateHandle` `GetCommandLineA` `GetVersion` `SetStdHandle` `GetFileType` `SetHandleCount` `GetStdHandle` `GetStartupInfoA` `CreatePipe` `GetExitCodeProcess` `WaitForSingleObject` `HeapReAlloc` `HeapAlloc` `GetCPInfo` `GetACP` `GetOEMCP` `UnhandledExceptionFilter` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStrings` `GetEnvironmentStringsW` `GetModuleHandleA` `GetEnvironmentVariableA` `GetVersionExA` `HeapDestroy` `HeapCreate` `VirtualFree` `HeapFree` `RtlUnwind` `MultiByteToWideChar` `GetStringTypeA` `SetEnvironmentVariableA`
ADVAPI32.dll	`OpenSCManagerA` `OpenServiceA` `ChangeServiceConfigA` `CloseServiceHandle` `CreateServiceA` `RegDeleteValueA` `RegCreateKeyExA` `RegSetValueExA` `RegOpenKeyExA` `RegQueryValueExA` `DeleteService`
SHELL32.dll	`ShellExecuteA`
WS2_32.dll	`#22` `#115` `#52` `#19` `#23` `#9` `#4` `#3` `#16` `#116`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x4b3692b7`
Unmarked objects	`0`
C++ objects (VS98 SP6 build 8804)	`1`
14 (7299)	`17`
C objects (VS98 SP6 build 8804)	`84`
19 (8034)	`9`
Total imports	`88`
C++ objects (VS98 SP6 build 8804) (#2)	`1`

b94af4a4d4af6eac81fc135abda1c40c

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors