Manalyze report for bb97b436d1228b690ae475a8bcfe2cc5

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2106-Feb-07 06:28:15
Detected languages	English - United States

Plugin Output

Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryA` `Can create temporary files: CreateFileW GetTempPathA CreateFileA GetTempPathW` `Leverages the raw socket API to access the Internet: WSASend`
Malicious	The PE's digital signature is invalid.	`Signer: Symantec Corporation` `Issuer: VeriSign Class 3 Code Signing 2004 CA` `The file was modified after it was signed.`
Malicious	VirusTotal score: 47/68 (Scanned on 2021-11-03 05:35:52)	`Lionic: Trojan.Win32.Razy.4!c` `Elastic: malicious (high confidence)` `MicroWorld-eScan: Gen:Variant.Razy.980431` `FireEye: Generic.mg.bb97b436d1228b69` `McAfee: Artemis!BB97B436D122` `Cylance: Unsafe` `Sangfor: Trojan.Win32.Save.a` `K7AntiVirus: Trojan ( 00589a9c1 )` `Alibaba: Ransom:Win32/generic.ali2000010` `K7GW: Trojan ( 00589a9c1 )` `Cybereason: malicious.064414` `Symantec: ML.Attribute.HighConfidence` `ESET-NOD32: a variant of Win32/GenKryptik.FMWD` `APEX: Malicious` `Paloalto: generic.ml` `Kaspersky: Trojan-Downloader.Win32.Cridex.oil` `BitDefender: Gen:Variant.Razy.980431` `Avast: Win32:Trojan-gen` `Ad-Aware: Gen:Variant.Razy.980431` `DrWeb: Trojan.Encoder.34408` `TrendMicro: Ransom.Win32.CONTI.YXBJ3` `McAfee-GW-Edition: Artemis!Trojan` `Emsisoft: Gen:Variant.Razy.980431 (B)` `SentinelOne: Static AI - Malicious PE` `GData: Gen:Variant.Razy.980431` `Jiangmin: TrojanDownloader.Cridex.akl` `eGambit: PE.Heur.InvalidSig` `Avira: TR/Kryptik.elxbs` `Kingsoft: Win32.TrojDownloader.Cridex.o.(kcloud)` `Gridinsoft: Ransom.Win32.Sabsik.sa` `Arcabit: Trojan.Razy.DEF5CF` `Microsoft: Trojan:Win32/Mamson.A!ac` `Cynet: Malicious (score: 100)` `AhnLab-V3: Ransomware/Win.NEWCD.C4744241` `BitDefenderTheta: Gen:NN.ZexaF.34236.yu1@ai1aP8di` `ALYac: Trojan.Ransom.Conti` `MAX: malware (ai score=87)` `VBA32: TrojanDownloader.Cridex` `Malwarebytes: Trojan.Crypt` `TrendMicro-HouseCall: Ransom.Win32.NEWCD.YXBJ3` `Rising: Trojan.Generic@ML.89 (RDMK:38oKwW6pRkMvgpPhlJHlZQ)` `Yandex: Trojan.Agent!MxAltOW1cTg` `Ikarus: Trojan.Win32.Krypt` `Fortinet: W32/GenKryptik.FMSS!tr` `AVG: Win32:Trojan-gen` `Panda: Trj/GdSda.A` `CrowdStrike: win/malicious_confidence_100% (W)`

Hashes

MD5	`bb97b436d1228b690ae475a8bcfe2cc5`
SHA1	`37ba5ec064414a74ecf86afba89fc57e627b0193`
SHA256	`b2d3143d0778a10d5d03bb9e4d2712a980e2a8ec12d47958a8ab4b3192f4bf6a`
SHA3	`6138cc784f99bdb770086a7ef73f8837e110f00cf1ee4cf9a6666bf321b57474`
SSDeep	`6144:XcBqHRF6AYfkVXRn8TrOaaJNJpUNhHeZJJCCXdXmS+LxU6droR:sEHf6zfkVXRn1RtpQhHeZ/X5Oq`
Imports Hash	`8d9c58fff14c5d5b2fe59152d65812dd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2106-Feb-07 06:28:15
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`5.0`
SizeOfCode	`0xffffffff`
SizeOfInitializedData	`0x5ec00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000E4FB (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x6d000`
SizeOfHeaders	`0x1000`
Checksum	`0x65649`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`45c297e605479f73e35a6e549e6b07bc`
SHA1	`05f2dd67ad068de262e5f5c25e75a361e1ca1dc5`
SHA256	`8c6a00151ced530b4582f5521fa7d04da70714838ccc2714acaf65188a7bd4cc`
SHA3	`55260bb581fb6f6cd1d19946241b6a3740f0d8bd5c9cf1bf7ec3b65af2a32f3a`
VirtualSize	`0x17f60`
VirtualAddress	`0x1000`
SizeOfRawData	`0x18000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.13243`

.rdata

MD5	`886e321cf98a9c27f04cadb5a7f5b5de`
SHA1	`8b1bd902772e2cebeeac0ff5cd89db810edad252`
SHA256	`b8e3ef390af3a4144fc30fb2454e717e43b05f26967c7f83b634c70b7061a5b1`
SHA3	`807e4a105a9acf715bd90e551f72bb703eb4825df5855cf2b16c9e83e1280e23`
VirtualSize	`0x614`
VirtualAddress	`0x19000`
SizeOfRawData	`0x800`
PointerToRawData	`0x19000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.26254`

.data

MD5	`bddc8bb56277c59d0eb05ea864396594`
SHA1	`ba2a61a69528e43d144ddb914a64f7779b2a857a`
SHA256	`fb1a4425b38bfc6afe61ee482ea8b70101bfa57df1fb885796749d773cb9ffa6`
SHA3	`c9e8c9f842997715c5fae8a25fcff8e3713ac5373c8afabaac3875f8607b3a34`
VirtualSize	`0x4aac1`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x3ea00`
PointerToRawData	`0x19800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.56801`

.rsrc

MD5	`c3201a966f2472bf7d2d94c93cdd697a`
SHA1	`2f7956a37389e8d9d26975438651c7cb1f3e0e48`
SHA256	`ade2861bda8f7f5d479b6734ad60fb100158aee9772d98b2471ea14906d90627`
SHA3	`1b0df4df4427d1dc649fb49e6dbec466985b5544b9b41a1d400c363bf1c9ddd9`
VirtualSize	`0x5aa3`
VirtualAddress	`0x65000`
SizeOfRawData	`0x5c00`
PointerToRawData	`0x58200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.93052`

.reloc

MD5	`149af8d9644f29fc30401394a32d1852`
SHA1	`f54af173ccb8d53e72927b0e2a84b25e5811ac79`
SHA256	`b91bc035ed8e7a8f97246d4f51c1baf2b26c8231dce6e812631d90a3af78a7d5`
SHA3	`2a31f83604553838bea2af20f707bebdb51e6b5c1e7ae041dd6ef51c82b2bf08`
VirtualSize	`0x1d14`
VirtualAddress	`0x6b000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x5de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.69534`

Imports

advapi32.dll	`SetSecurityDescriptorDacl` `InitializeSecurityDescriptor`
gdi32.dll	`GetObjectType`
kernel32.dll	`WriteFile` `SetConsoleCtrlHandler` `DeleteFileA` `FreeLibrary` `MultiByteToWideChar` `OpenMutexW` `IsDebuggerPresent` `GetModuleHandleA` `CloseHandle` `VirtualProtect` `GetLastError` `CreateFileW` `GetProcAddress` `LoadLibraryW` `CreateThread` `AreFileApisANSI` `CreateEventW` `SetFilePointer` `GetFileAttributesA` `ReadFile` `LockFile` `GetFullPathNameA` `GetTickCount` `TlsAlloc` `WideCharToMultiByte` `GetSystemTime` `LockFileEx` `GetCurrentProcessId` `IsProcessorFeaturePresent` `WaitForSingleObject` `UnlockFile` `FlushFileBuffers` `SetEndOfFile` `GetTempPathA` `GetFullPathNameW` `GetFileSize` `GetVersionExW` `ResetEvent` `CreateMutexW` `Sleep` `GetFileAttributesW` `GetCurrentThreadId` `TlsGetValue` `DeleteFileW` `OutputDebugStringA` `LoadLibraryA` `TlsSetValue` `QueryPerformanceCounter` `CreateFileA` `GetTempPathW`
ws2_32.dll	`WSASend`

Delayed Imports

1

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x6e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26791`
MD5	`d66cdc356431ad0d6ce990f6477b934e`
SHA1	`546c729ba1dff604d3570f75a5b9e409c82c8171`
SHA256	`5d3f2dcb8ac83f52b8ad1876933e09403aff22f6e48db3cfbd1d279d2be2b493`
SHA3	`d4a4542c2eb3fe5e5342d3e0f937174bb1de9fea61e0bd3d4a6854bb4a861218`
Preview

1 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.58729`
MD5	`a01c5244937ccc680e46844279cb4b60`
SHA1	`3e6d4c78af65e2dc111a60c83172343d69458eb0`
SHA256	`6e6e6d30842570d41ae27a9f381fac94ebc5b3c25367ce34ad3fc5c3b6dc24ae`
SHA3	`c1616c1fe9b7993ac5be138183bb846da07570e19ef86506454387ea40525d07`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.67412`
MD5	`3b48e6a6946f8b2ee9749d66b56d13d2`
SHA1	`ecd3fca946ea34cd77cbafd60462677395a08669`
SHA256	`6ebd60d2fb8578fbc7e0a078fc6060d914b39e1893f8cd55be9b2bb165022611`
SHA3	`8c6818c6d79275c59626ca282e3bdc82d3334043aeaf370767f350578a8168b9`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.00025`
MD5	`3fa77262138db46e42951bce9ea4504c`
SHA1	`818f1b6b7790791468f4a076681b6dc0e2a33572`
SHA256	`426575beb4e212ff7878407bb4521011e20e35661c6193c0ecbd2412f25b7ff1`
SHA3	`0d8b1323daaf7874d269a9869564cd0d61602f8f813998b32915a02d84408c5c`

1 (#3)

Type	`RT_STRING`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.15369`
MD5	`a0a81798b1cab1b5982af0cb87f056b8`
SHA1	`847b26096fe278a3b957514108de723db0180fd1`
SHA256	`f439ef347d41a65512bf1839024066e444997dcb23c91bea26e612657a2844b7`
SHA3	`a766490d70306e0d2b3259c3d56cec0a6fb582e9261e4228081ee33417415644`

1 (#4)

Type	`RT_MESSAGETABLE`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3b18`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.40998`
MD5	`63c630af8b2cc95947f278b1e47f7520`
SHA1	`1faf3d022bff9b73e5ccd7014de93d34c524737e`
SHA256	`5fd047ce7b3494b3d05cc879328aee2b5d5f1aa56ddc347267d26fda0ad9ca99`
SHA3	`9290f2abc2efac948a2b73d6ae92152ce91d2a59edccde9e40d9196e06486b76`

1 (#5)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.5789`
Detected Filetype	Icon file
MD5	`0ff22963979a69ff909f1ce95a705681`
SHA1	`ed9c287aa8d5d049a6e6841ce03cd4cfbd640d74`
SHA256	`5229ebc9de78c7349a3eace7cdc13219d7da7d66bd1006e5fc494ff29b48f6e2`
SHA3	`e095232b59feedbc19f3f0ab50ce0cc03df1016330a748208b07445b53eaf031`

2 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.87095`
Detected Filetype	Icon file
MD5	`54a9b7bc379f28408052646ef7075350`
SHA1	`e5208e9ccf0c962118b3b3a61dcb484f41e4ad45`
SHA256	`600818e39296e85805bb061feb3b52fc1da27bc02ce0d16b0b620b6a50bef03c`
SHA3	`f97d6e1a03bf5dfb3ea5cab1c867290f5993aea2961a7f3fef96c0fcead62273`

3 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.97095`
Detected Filetype	Icon file
MD5	`5ef6256b2511c8ba5fbbe45d4f1ae19d`
SHA1	`fcccac350c6673f811e88b02b42faa0136eb6579`
SHA256	`ede327539249bea8c63e4f5974a8cc5dfff6af378cc7a9ba97238ef12b3d6ce6`
SHA3	`3b7fc614f01a862d867eb282d5266ef181bff8e8ed4693de6c71eb893ab72a73`

1 (#6)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.31109`
MD5	`286ddaac80f8a61b301f56282cf1af65`
SHA1	`b40be7958e3fd4f195ee25601d50d9405bf9661b`
SHA256	`c5877d0913084aa6ecc88f39c4abe65d89a23fa9741b16c8df2a53925c5a8ac5`
SHA3	`8cba117ddc7eab4a58a2a2d4bc85a7c115445835b3d1ca2057e5603d6a251e77`

1 (#7)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.81604`
MD5	`6b57c64e1d0a1415d952bebde8b7a232`
SHA1	`b8230899ebd9a2e8ee7f3b78b02abdb6dbb527d5`
SHA256	`9eae5017c42682debd9dec71f576fa07837e002f15ba6a3825df91dbcaaecccf`
SHA3	`66ba43d4526b40d007147d2719326d41f094653362c99b3f4bf7597bf1cb7a4d`

String Table contents

Complus Library Manager

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read a VS_FIXED_FILE_INFO!
[!] Error: Could not read a VS_FIXED_FILE_INFO!
[*] Warning: Could not parse a VERSION_INFO resource!