Manalyze report for bfde02a2c7b20dd8448c2f21c11aa25b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2026-Jan-07 08:12:17
Detected languages	Chinese - PRC English - United States

Plugin Output

Suspicious	The PE is packed with UPX	`Unusual section name found: .fptable` `Unusual section name found: .upx0` `Unusual section name found: .upx1` `Unusual section name found: .upx2`
Suspicious	The PE contains functions most legitimate programs don't use.	`Leverages the raw socket API to access the Internet: closesocket`
Malicious	VirusTotal score: 44/68 (Scanned on 2026-01-31 19:33:27)	`ALYac: Trojan.GenericKD.78262623` `APEX: Malicious` `AVG: Win64:MalwareX-gen [Misc]` `AhnLab-V3: Trojan/Win.Generic.R755406` `Alibaba: Packed:Win64/VMProtect.59cad396` `Antiy-AVL: Trojan/Win64.Convagent` `Arcabit: Trojan.Generic.D4AA315F` `Avast: Win64:MalwareX-gen [Misc]` `BitDefender: Trojan.GenericKD.78262623` `Bkav: W64.AIDetectMalware` `CAT-QuickHeal: Trojan.Multi` `CTX: exe.trojan.vmprotect` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/Packed.VMProtect.AC suspicious application` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.GenericKD.78262623 (B)` `Fortinet: Riskware/Application` `GData: Trojan.GenericKD.78262623` `Google: Detected` `Gridinsoft: Trojan.Heur!.022120AB` `K7AntiVirus: Unwanted-Program ( 005ce12a1 )` `K7GW: Unwanted-Program ( 005ce12a1 )` `Kaspersky: UDS:DangerousObject.Multi.Generic` `Lionic: Trojan.Win32.VMProtect.4!c` `Malwarebytes: Malware.AI.3781105472` `McAfeeD: Real Protect-LS!BFDE02A2C7B2` `MicroWorld-eScan: Trojan.GenericKD.78262623` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Paloalto: generic.ml` `Rising: Trojan.Convagent!8.12323 (TFE:5:2ODcCwluZ2N)` `Sangfor: Trojan.Win64.Packed.Vxnf` `SentinelOne: Static AI - Suspicious PE` `Sophos: Mal/Generic-S` `Trapmine: malicious.high.ml.score` `TrellixENS: Artemis!BFDE02A2C7B2` `TrendMicro-HouseCall: TROJ_GEN.R002H09A926` `VIPRE: Trojan.GenericKD.78262623` `Varist: W64/ABApplication.WALA-3618` `Zillya: Trojan.VMProtect.Win64.26611` `alibabacloud: Trojan:Win/Wacatac.B9nj` `tehtris: Generic.Malware`

Hashes

MD5	`bfde02a2c7b20dd8448c2f21c11aa25b`
SHA1	`2adc67bfd6246fa03f94b212c1fb9273468a506a`
SHA256	`6372261bfdc4506357647caabf48020ff8af659b8e059f57bfa28203930ce5c0`
SHA3	`4b8c73194a594d083e13fe68b9e2d9989af577878f062ec31ce47fe3569d1289`
SSDeep	`196608:VvKo5i5vzD2eW0O4QcorHst+jpjsGycdB0Oi84S:vi5vzCePorMt+Vt5DtM`
Imports Hash	`6b37282d60262d7b3ad69fd51a6741de`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2026-Jan-07 08:12:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x31a00`
SizeOfInitializedData	`0xd1000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000079E5C8 (Section: .upx2)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xdfb000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x318f7`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x9a49a`
VirtualAddress	`0x33000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2d34`
VirtualAddress	`0xce000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.pdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x252c`
VirtualAddress	`0xd1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`

.fptable

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x100`
VirtualAddress	`0xd4000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.upx0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x5a5468`
VirtualAddress	`0xd5000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`

.upx1

MD5	`05de66b62673a2ebf67130eed5878e75`
SHA1	`332a1d5527948db951df886bcf643aa289c59740`
SHA256	`20aefb38a950b6de99597cbb85bb3e051a641bf5156cacfbc88739df3f1bbedd`
SHA3	`3f220845349ea59322dc7ee47abbf8034931d2ba8ecf7d47b8054d28c6d4ebd0`
VirtualSize	`0xf0`
VirtualAddress	`0x67b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.693306`

.upx2

MD5	`3a5299caf5c716ef1a6ec1bd9ea52d43`
SHA1	`58830b34b599a5ca71072424e128f973d97c90f0`
SHA256	`63d3c74b4c356fe8a767ace8dc1a90b9937ce16fd90d3dd70f68473dc6186aaa`
SHA3	`a01e5882b646e6148372be891156903e9b32a01edbb62a674a7c526cb7be0165`
VirtualSize	`0x74c198`
VirtualAddress	`0x67c000`
SizeOfRawData	`0x74c200`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_NOT_PAGED` `IMAGE_SCN_MEM_READ`
Entropy	`7.97806`

.rsrc

MD5	`20443593ed0064d575a85f8c2f6e0a42`
SHA1	`2977b54822b109421b1b8aa675bb0d07b56a968f`
SHA256	`03327355869380f0a11785be0ca0d5f3a2d19761debab9e83c79075f97e8bad0`
SHA3	`faad5b069c84e1c18ccf9d4b6955098f9af509d23dbabd3b991a79faf8a913a3`
VirtualSize	`0x30829`
VirtualAddress	`0xdc9000`
SizeOfRawData	`0x30a00`
PointerToRawData	`0x74c800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.85962`

.reloc

MD5	`9e92295c599db21cb3e2310cd6a19368`
SHA1	`e465efcb5db7c4dbe4868673fc65f131147a365a`
SHA256	`d7a91f57334032be97e4e154660acd791937d52c3ceae03ab22e9486abffd82d`
SHA3	`3cc7b5a6bc2c1b60e2ace5dcc56da02ea7e64f9aa6924d5da5286cbc98519868`
VirtualSize	`0x50`
VirtualAddress	`0xdfa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x77d200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.915403`

Imports

KERNEL32.dll	`GetModuleHandleW`
USER32.dll	`PostQuitMessage`
GDI32.dll	`CreateFontW`
SHELL32.dll	`SHGetKnownFolderPath`
ole32.dll	`CoTaskMemFree`
dxgi.dll	`CreateDXGIFactory1`
d3d11.dll	`D3D11CreateDevice`
d2d1.dll	`#1`
DWrite.dll	`DWriteCreateFactory`
dcomp.dll	`DCompositionCreateDevice`
WS2_32.dll	`closesocket`

Delayed Imports

1

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.9431`
MD5	`8133eb8025e0db2269653c7594db8417`
SHA1	`869fa3105b18e97facc4299a98ef1f03fe92ad1c`
SHA256	`000f95bdc14db3abedc0cb85211dfe09ab19d7431539851799877e60c0d8edcd`
SHA3	`2e53c7989b88d38ed00225cebaaa9afcae0c8c53cc8368efa22790b607568655`

2

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x1ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.66279`
MD5	`1b2e2098f1ef4fef7389c400fb480f48`
SHA1	`e0078898262d6b2682adb891979cc19cec502fc8`
SHA256	`a7fbe27300b9bd46dc4a9cf6d2de4bfd833258b4b6ec0178325c81d9fd3eb6f6`
SHA3	`b91f0780927e909f25a093faee7c6a2ee198a5a692278c0a3b4b2fdb028acab2`

3

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.76078`
MD5	`141f6a80181035e4c463a4540d955d59`
SHA1	`7baeb4ccc0e9849923175b830b52189cb52d066d`
SHA256	`9faff32802df9aa21aa4322b1cc6c20900568512d04edcf5ba377ebb1d95f1ef`
SHA3	`155f891f0a706f650ce03c525eb219fb03631ce626f50a1075cfca2b63e6b440`

4

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x748`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.87437`
MD5	`ca27609adcad7df1f6315feb12af9ee1`
SHA1	`d90a4750bf7ef2f57f67e74a44c1cd13cd682fad`
SHA256	`83c530cd4d0bd7b6fe313fb551b0028af4d60889a227ab28c002f0b996f6c0b4`
SHA3	`994c987c4cc1c8186c39235241b215b91045d03055344b4301896c66dbeb5a4a`

5

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x182db`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99273`
Detected Filetype	PNG graphic file
MD5	`47dca730fb54fffc462803d0f3252f4f`
SHA1	`42a7e420770630bd7ca6900c13aa6efb2f36a0e5`
SHA256	`c65009d1d1dfdeee99c718eebe223318556de468a382fe07c1ce3f95f1461989`
SHA3	`1e0e1de5ae9d045ee161e4e8c8dc8398235731ddea6b403a5e0a65a67ef1b935`

6

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.70269`
MD5	`72491f5e31d634620550403a5fb14cda`
SHA1	`7c03465ae38682d5c88209f8b701756ac0acb2b5`
SHA256	`bbb1cad60181501d9c10bfba4a6b29d232d1955b497221f62db01b98e8e7ec12`
SHA3	`f69aba998a78d885a511c564f4d7fbce51c9a293d9d18ce11292a3ced200e9b1`

7

Type	`RT_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.70558`
MD5	`08a5b37620b955f6465a73a3b442afa1`
SHA1	`a10b170b5c8895209cc3ef1bb269b4fa51ac5bdd`
SHA256	`349354dde030dca9a80b21b93fe5cdd89fa8dea97588722adf03f7fc1edd9f63`
SHA3	`bec9a2de38cd7918be336f7647d4a1d36a7b0c5ff327254cf5e55d13a115a0ef`

102

Type	`RT_GROUP_ICON`
Language	Chinese - PRC
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.99267`
Detected Filetype	Icon file
MD5	`a26c840c7f6852758fb2cdad28ec7f18`
SHA1	`b22c82c585f2244d328db4bf693bd4facf4a36ff`
SHA256	`0432947b504e65fca15cc659686e4cf7a745632d5401410beb933a3745109920`
SHA3	`bc95fd8c11bff6365e6440774bd17cf5fb80f78fa9efa958384cbaf8c894e61c`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x289`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.05508`
MD5	`d28dfc8159f57a557fd3ac5ff8010b47`
SHA1	`269e00eb41eb2a102fdc24763539f758c4370a5f`
SHA256	`c687fd0335259d5149882376f6e7eb501aa1ccf5b4057c44e07760e1b1b799b9`
SHA3	`68f173ef697908b29e1cfeb47c9769a334914e4047c34fd9529fd2854aaeacf2`

Version Info

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400ce080`

RICH Header

Errors

[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .pdata has a size of 0!
[*] Warning: Section .fptable has a size of 0!
[*] Warning: Section .upx0 has a size of 0!