Manalyze report for bcb21f1b4b14892370d2e935bcdb20feae7ff36d8d7eab8bf24a72ef43b01f89

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1992-Jun-19 22:22:17
Detected languages	English - United States

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX v2.0 -> Markus, Laszlo & Reiser (h)` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	The PE is possibly packed.	`Unusual section name found: .dosx` `Section .dosx is both writable and executable.` `Unusual section name found: .fish` `Section .fish is both writable and executable.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegCloseKey` `Possibly launches other programs: ShellExecuteW`
Suspicious	The PE header may have been manually modified.	`Resource BATCLEN is possibly compressed or encrypted.` `Resource CLEAN is possibly compressed or encrypted.` `Resource EXTRATYPE is possibly compressed or encrypted.` `Resource HEAD is possibly compressed or encrypted.` `Resource IDMSPD is possibly compressed or encrypted.` `Resource MASAIO is possibly compressed or encrypted.` `Resource UPDT is possibly compressed or encrypted.` `Resource WININF is possibly compressed or encrypted.` `The resource timestamps differ from the PE header: 2026-Feb-22 16:30:08`
Malicious	VirusTotal score: 49/70 (Scanned on 2026-05-07 15:32:20)	`ALYac: Gen:Variant.Application.Keygen-Crack-Patcher.3` `APEX: Malicious` `AVG: Win32:UnwantedX-gen [PUP]` `AhnLab-V3: Unwanted/Win.Crack.C5610628` `Antiy-AVL: HackTool/Win32.Crack` `Arcabit: Trojan.Application.Keygen-Crack-Patcher.3` `Avast: Win32:UnwantedX-gen [PUP]` `Avira: TR/Crypt.ULPM.Gen` `BitDefender: Gen:Variant.Application.Keygen-Crack-Patcher.3` `Bkav: W32.Malware.CF702B7C` `CTX: exe.trojan.crack` `CrowdStrike: win/grayware_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.MulDrop36.2467` `ESET-NOD32: Win32/HackTool.Crack.FO potentially unsafe application` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Application.Keygen-Crack-Patcher.3 (B)` `F-Secure: Trojan.TR/Crypt.ULPM.Gen` `Fortinet: W32/Agent.EXH!tr` `GData: Gen:Variant.Application.Keygen-Crack-Patcher.3` `Gridinsoft: Trojan.Heur!.032125E1` `Ikarus: PUA.HackTool.Crack` `K7AntiVirus: Trojan ( 0051918e1 )` `K7GW: Trojan ( 0051918e1 )` `Kingsoft: Win32.Troj.Unknown.a` `Lionic: Trojan.Win32.CodecPack.lpcy` `Malwarebytes: HackTool.Crack` `MaxSecure: Trojan.Malware.509485587.susgen` `MicroWorld-eScan: Gen:Variant.Application.Keygen-Crack-Patcher.3` `Microsoft: HackTool:Win32/Crack.AVN!MTB` `Paloalto: generic.ml` `Panda: PUP/Crack` `Sangfor: Suspicious.Win32.Save.a` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: BehavesLike.Win32.Dropper.kc` `Sophos: Generic Reputation PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.moderate.ml.score` `TrellixENS: Artemis!99E93F400964` `VBA32: Trojan.Hide.Heur` `VIPRE: Gen:Variant.Application.Keygen-Crack-Patcher.3` `Varist: W32/ABApplication.LZGZ-4366` `Webroot: Win.Trojan.Gen` `Xcitium: Packed.Win32.MUPX.Gen@24tbus` `Yandex: PUP.Crack!nKg+nMahp4M` `Zillya: Tool.Crack.Win32.6494` `alibabacloud: HackTool:Win/Crack.FP`

Hashes

MD5	`99e93f400964b6c8bab5a18e0e216500`
SHA1	`2cfa756887ba67240c73791782386bd389a83454`
SHA256	`bcb21f1b4b14892370d2e935bcdb20feae7ff36d8d7eab8bf24a72ef43b01f89`
SHA3	`dd4d54a18395b334f7920584bb73d528597fc03e869eaec7376efd9cdfb1ae98`
SSDeep	`1536:/RGKmid3B3HHF49xGwwjE/kzOhB0a4oPkcTLa:/AhC3tHHF4kjYkzOB0a4Ncfa`
Imports Hash	`f61e41cf3facdd888749fa56b3f50ede`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x10000`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0x2f000`
AddressOfEntryPoint	`0x0003EE70 (Section: .fish)`
BaseOfCode	`0x30000`
BaseOfData	`0x40000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x42000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.dosx

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2f000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.fish

MD5	`1cacb41caf01f53b320da388f14c1a0e`
SHA1	`ca1c65b40251aa70c4f4b1cadf9a0dc51870acd1`
SHA256	`b4f32645a75666b2e35b93c89a78d39bfff9afe6060078f72dfd876349a855cd`
SHA3	`d5e102b904b84d160b719966e5fa4232d3469521d52b7fd6713d1aba536992cb`
VirtualSize	`0x10000`
VirtualAddress	`0x30000`
SizeOfRawData	`0xf200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.8974`

.rsrc

MD5	`0d711d2a4bc3dd62ca9ab6fed06d6108`
SHA1	`96373665819c96618b9088c586eeea04695ffbf4`
SHA256	`ebfc936dd4b02fdb3a9a5edf4a5d62999e6456fedd24cfc40c0fbda7ff3333ed`
SHA3	`53443b60e79f8b8d2f9783cd5885864e9aed4b739435ba15bc0e99adf6b0ba6a`
VirtualSize	`0x2000`
VirtualAddress	`0x40000`
SizeOfRawData	`0x1200`
PointerToRawData	`0xf600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.53984`

Imports

advapi32.dll	`RegCloseKey`
gdi32.dll	`SetBkColor`
IMAGEHLP.DLL	`ImageRemoveCertificate`
KERNEL32.DLL	`LoadLibraryA` `CopyContext` `GetProcAddress` `VirtualProtect`
oleaut32.dll	`SysFreeString`
shell32.dll	`ShellExecuteW`
user32.dll	`SetFocus`
version.dll	`VerQueryValueW`
winmm.dll	`waveOutOpen`

Delayed Imports

BATCLEN

Type	`BINRES`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4f56`
TimeDateStamp	2026-Feb-22 16:30:08
Entropy	`7.91438`
MD5	`2d6155b51bc1508726fd07fa1c075f20`
SHA1	`967f39cc4ba63e97afda945b56136d21ebe57b2d`
SHA256	`d68c9ad28d24b38f0f7b48ab653ff07594be7b0f9440c7d0b92200d5889d7196`
SHA3	`603b7d65e5913fd18f5c830686f4b243131ebc6cb67fe1461885ffd0ec160e5d`

CLEAN

Type	`BINRES`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1754`
TimeDateStamp	2026-Feb-22 16:30:08
Entropy	`7.85686`
MD5	`b5e99862a11c87244de7acc305938bde`
SHA1	`9b48a9047131c71d4e347ad4162034794fa65fc9`
SHA256	`c4f5ed872416f895a8f28ec16ad444e1174a492f9e8c472c66272c44d93da0e8`
SHA3	`2288ee640b71975d645dae8c7ad496b52fb861646744cb482a78b8a470f2ab40`

EXTRATYPE

Type	`BINRES`
Language	English - United States
Codepage	UNKNOWN
Size	`0x23ab`
TimeDateStamp	2026-Feb-22 16:30:08
Entropy	`7.80495`
MD5	`a444d93fe535ad9df66c35683031ca22`
SHA1	`2216fbf2dd90bd2de59352b0a79b0d9652b9e6c8`
SHA256	`cdd688c60f1f99743a38e7f6096b57b5109ccc5a51a9e5ab352d35b6fe96507f`
SHA3	`81bc378e8458e4f893112a73d7a7b69475e7bec5b72f501dbcb806bb547364f9`

HEAD

Type	`BINRES`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x340`
TimeDateStamp	2026-Feb-22 16:30:08
Entropy	`7.53475`
MD5	`9b79fdbe4fde580b1b527dd996185f20`
SHA1	`1a9cfba807a11e48d52e11137fe8df9ed7490d37`
SHA256	`1977b48e1e62b6a598c0b350f93faf041a807500db6464f30e8ef5d9de06c24f`
SHA3	`881135280403fd81b49b126624f707e3f3faa58e0cc4b182e04b48d58c49b77a`

IDMREG

Type	`BINRES`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x282`
TimeDateStamp	2026-Feb-22 16:30:08
Entropy	`6.95006`
MD5	`08be5f3145c5ccef7e654edd37d67dd3`
SHA1	`db0b1ad320d3e4428e82cb84a16667af41a43811`
SHA256	`3f2d070727bb74fe14814947ab66acdae08126689a626fb8295a3cec98e6003c`
SHA3	`a446e3743e0ee5df3f251093512b872a155531cb16e6fd65b90bd37f8d19f161`

IDMSPD

Type	`BINRES`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x424`
TimeDateStamp	2026-Feb-22 16:30:08
Entropy	`7.50624`
MD5	`ea0c87719b41b27284f5062adf344877`
SHA1	`df253bb0140562d912a25e32e75d4d60bc62cd2a`
SHA256	`3bfeb21a850427e9c254edcc1696642d262406454691e4dbfc1dc20ffa96093b`
SHA3	`657db9e6da7c1ab09066da2d210b8a62eec18a0013d728499571d059e712f8a9`

MASAIO

Type	`BINRES`
Language	English - United States
Codepage	UNKNOWN
Size	`0x346`
TimeDateStamp	2026-Feb-22 16:30:08
Entropy	`7.44329`
MD5	`beb774f425f4ed072ef92e9994b48b5b`
SHA1	`568c898d237f9734be6559da8c5a036fffdd4a72`
SHA256	`a00efe75d120b3f2830d02e6aa0bce093fbeb85db27439da2a7e10b6e3f9652e`
SHA3	`ea15f1ce9c1ee40678c6b26ce88428d5c20161d49664ed217b2f1dd001ad7662`

SELFDEL

Type	`BINRES`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x39`
TimeDateStamp	2026-Feb-22 16:30:08
Entropy	`5.26684`
MD5	`24e236a63b43a1f677d0716e6128bd25`
SHA1	`cf38a851c1c96dc623e03c191e3be80361fb4a85`
SHA256	`c05932c3454b1cdbc05e450db81027a8aa6193bab0a6928786f830bb3a5916c1`
SHA3	`c113d81810926d330e3a6f1bcd7dbe8c4473eddc93b45d022644f9471f40deeb`

UPDT

Type	`BINRES`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xae6`
TimeDateStamp	2026-Feb-22 16:30:08
Entropy	`7.71833`
MD5	`a4e50d86a9d5971c9e6c99fbd75f916a`
SHA1	`7307cd6274c42d9306800ba6d76a769cca704ad1`
SHA256	`f38575cdf3ef240292baf344af0a15e4255614cc4d56656c1a16e847494871a5`
SHA3	`46ffc42c4e14db3929c4a1fde7c1b067aa6ca9ddd090e1057d3ecfcd9ed49fa4`

WININF

Type	`BINRES`
Language	English - United States
Codepage	UNKNOWN
Size	`0x916`
TimeDateStamp	2026-Feb-22 16:30:08
Entropy	`7.75933`
MD5	`fe916d5a886af8ec44b7891534ffc9ef`
SHA1	`f88c28d920b99be5f25d03876491f5852e2a82a2`
SHA256	`2bcda95c07a13e52edce68dbebb17c968b9f1bc37cf232722db5a64c9606270a`
SHA3	`786b1feced03857b13746ceb75100c5f46bf0e4567368eb2fb039c09eef85b30`

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2026-Feb-22 16:30:08
Entropy	`1.96237`
MD5	`40fdaec38f1a963cc6cc516d07d0fc75`
SHA1	`3125f7180443836a3dc965bbf21d76217b88f9a0`
SHA256	`c7895ea64e2cae0a1abc529deb762a477a41461a38d20c85362b59c0208eadcf`
SHA3	`34be37c0b64f1945d2f0380110504e6df36b0f7fdba1619f234b72726f006f76`

101

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1b2`
TimeDateStamp	2026-Feb-22 16:30:08
Entropy	`6.78567`
MD5	`a1d06525d1342834b347b61b29cd9d0c`
SHA1	`f13b617add8a0a7758bf07c060bfeab298da88f2`
SHA256	`f03fb597089cc9f29aca1aaf8dda1fd4c9aa82a30e11a6d663183776a7ac2422`
SHA3	`fa80ec22f974c9dfdcf0c10c843b617a45504dffef45d2fd6a4817ae6af2bd9d`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2026-Feb-22 16:30:08
Entropy	`3.75`
MD5	`32d449e6c373d447b9e609e34181eaa0`
SHA1	`069631229dbce2c9234bd8d4da45c2084c07fb44`
SHA256	`ecb69e2066c1bc65a03dbd6d9d18f8d6b0c317bd8ecb1401b0f4724a8b2fe769`
SHA3	`f726c698a433a801b3f7cb2c96ff0cbb969d588d25d43fa786fe5e6c0bf9972c`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xc8`
TimeDateStamp	2026-Feb-22 16:30:08
Entropy	`6.43064`
MD5	`2d1a4922e758cb8b6aa7b30e427994db`
SHA1	`6bdd1bebb29f28025e8347ae81b0f5c768072da9`
SHA256	`5bb4347f7b38b58e3784aaa4257c6f8443841bac447c75c2d78e8577fe419cad`
SHA3	`da806d215617ab17b6f1645f70cdf22f5582aca0dac27600d33b4ff87e6ae4da`

MAINICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	2026-Feb-22 16:30:08
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`42cf62b780813706e75fb9f2b2e8c258`
SHA1	`a022d5c1cfdd8aace0089f3e72f2eedd41bda464`
SHA256	`a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf`
SHA3	`0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x691`
TimeDateStamp	2026-Feb-22 16:30:08
Entropy	`5.03338`
MD5	`2ebe1c914cf3138e976c055b0c43c6ed`
SHA1	`22da9fee8d777d847960dd950ec359914d73350b`
SHA256	`d7010fc52189c7b15cd40a415859e0c54ddb9e1c135e6ca6ec09412f263ed0b1`
SHA3	`d97ee33a79ee49d17e03871645d2215acb219dd52a6ff6e448d6199b8837f271`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .dosx has a size of 0!

Leave a comment

No comments yet.