Manalyze report for c0890431b3a4d4dfafea44ba2eb217fac9e791976a6546d8b8b557e9fab5483d

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2011-Apr-18 04:42:45
Detected languages	Japanese - Japan

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.` Contains domain names: Output.xyz blogspot.com cameraPosition.xyz charge1.soft-denchi.jp chilliant.blogspot.com color.xyz denchi.jp diffuseColor.xyz emissive.xyz http://charge1.soft-denchi.jp http://charge1.soft-denchi.jp/redirect/Lgi01.htm http://charge1.soft-denchi.jp/redirect/runtime.htm http://charge1.soft-denchi.jp/redirect/sdrt.htm http://chilliant.blogspot.com http://chilliant.blogspot.com/2012/08/srgb-approximations-for-hlsl.html http://schemas.microsoft.com http://schemas.microsoft.com/SMI/2005/WindowsSettings https://charge1.soft-denchi.jp https://charge1.soft-denchi.jp/DenchiSystem/denchiController https://charge1.soft-denchi.jp/DenchiSystem/satxControler lightAmbientColor.xyz lightColor.xyz lightDirection.xyz microsoft.com schemas.microsoft.com soft-denchi.jp
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses known Mersenne Twister constants`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowA` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegSetValueExA RegCreateKeyExA RegCloseKey` `Possibly launches other programs: CreateProcessA ShellExecuteA` `Can create temporary files: GetTempPathA CreateFileA` `Manipulates other processes: OpenProcess ReadProcessMemory WriteProcessMemory`
Suspicious	The file contains overlay data.	`4879872 bytes of data starting at offset 0xc000.` `Overlay data amounts for 99.0028% of the executable.`
Malicious	VirusTotal score: 14/70 (Scanned on 2026-04-01 03:26:38)	`APEX: Malicious` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Fortinet: W32/PossibleThreat` `Google: Detected` `Gridinsoft: Trojan.Win32.Wacatac.cl` `Ikarus: Trojan.Crypt` `Jiangmin: Trojan.Inject.bugj` `Microsoft: Trojan:Win32/Wacatac.B!ml` `Paloalto: generic.ml` `Trapmine: malicious.high.ml.score` `TrellixENS: Artemis!224872DEBA4A` `VBA32: Trojan.Wacatac` `Zillya: Trojan.Sdum.Win32.10542`

Hashes

MD5	`224872deba4a1e977d70ab0d8f988fd6`
SHA1	`e978abc8749f108aa7f1e89c788398a29292ae04`
SHA256	`c0890431b3a4d4dfafea44ba2eb217fac9e791976a6546d8b8b557e9fab5483d`
SHA3	`541543ad22c3b8edfe8f80de9a9fbe063b734e6571c4b34781d679e10d882aaa`
SSDeep	`49152:9yLwTxsBGNCa7gwRJG4Yf6JBO5Xkd7PdR4+QB5b5QiFAn6gQmLsoXi7FhWHn/eh:9mYk8gwRJAonNi7FID6`
Imports Hash	`b005614e66f5482b53c33148b5d977c2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2011-Apr-18 04:42:45
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x6000`
SizeOfInitializedData	`0x5000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00006550 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x48000`
SizeOfHeaders	`0x1000`
Checksum	`0xe1185250`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`02c1b2d80bce7ba2e74dd8057f9a73b6`
SHA1	`9eeb6ddb70ca659676c0c331b1ca7e6d9d6e031c`
SHA256	`9c62af5e607f4268f2c3a9cbe7ba1bdaa4015f00dfa7aed27dd4e585c905a307`
SHA3	`2cfadeb134f3a856da764376a5bae876b2f8c146ac62e0ba714512e0b863c24f`
VirtualSize	`0x57a2`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.93193`

.rdata

MD5	`04974dfb5720b3c6309543845f1d57bc`
SHA1	`0cf5b079187e1920e1115ce7bafda6a640fe4008`
SHA256	`9a81ff011aea8bf55bdeb014fab14e3702930c7647cddf4eaea03bb722eedca8`
SHA3	`474c6f0940ad2015918974234052511e6292c5fd90785358c27d8fd2ff625395`
VirtualSize	`0x13a2`
VirtualAddress	`0x7000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.85967`

.data

MD5	`3d008b35f2450fc5238c4e5002020640`
SHA1	`0c354fef48963aaeb49a3be553ba2263dd872d2b`
SHA256	`3e84c42f293aa2d7a57a01130313aee25a33ffe533adfe2e976bec1d4b422d4c`
SHA3	`227d28c76128a227112ba9cf9195a3c32b86859e3d95d0ddf7a1cc9a44e15e0d`
VirtualSize	`0x3ce48`
VirtualAddress	`0x9000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.35505`

.rsrc

MD5	`ba09161b8c3236c7632934815751e89a`
SHA1	`087dddd1b97d002606fc3586c60fb8bd50d8dad9`
SHA256	`8ec6481aca858007cc454644e066e779ed588fd89298f1dbb2422eeb7077112e`
SHA3	`2ec65a5674536edee6a2bc211deba1eb9226ea3565368adc7d09344055a8bb28`
VirtualSize	`0x142c`
VirtualAddress	`0x46000`
SizeOfRawData	`0x2000`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.85887`

Imports

KERNEL32.dll	`Sleep` `lstrcpyA` `OpenProcess` `WaitForSingleObject` `TerminateProcess` `CloseHandle` `GetCurrentDirectoryA` `SetCurrentDirectoryA` `LoadLibraryA` `GetProcAddress` `FreeLibrary` `ReadFile` `SetFilePointer` `GetStartupInfoA` `ConnectNamedPipe` `DisconnectNamedPipe` `TerminateThread` `CreateNamedPipeA` `CreateThread` `GetTempPathA` `GetCurrentProcessId` `ReadProcessMemory` `VirtualQueryEx` `VirtualProtectEx` `WriteProcessMemory` `GetFileTime` `SetFileTime` `DeleteFileA` `RemoveDirectoryA` `LockFile` `SetFileAttributesA` `GetFileSize` `CreateFileA` `WriteFile` `lstrcatA` `GetShortPathNameA` `CreateProcessA` `GetLastError` `ResumeThread` `GetModuleHandleA` `GetModuleFileNameA` `lstrlenA` `lstrcpynA` `UnmapViewOfFile` `MapViewOfFile` `CreateFileMappingA` `WideCharToMultiByte` `lstrlenW` `MultiByteToWideChar` `CreateDirectoryA` `GetTempFileNameA`
USER32.dll	`EnumWindows` `EnableWindow` `GetWindowThreadProcessId` `ShowWindow` `EndDialog` `DestroyWindow` `BeginPaint` `EndPaint` `KillTimer` `PostQuitMessage` `DialogBoxParamA` `DefWindowProcA` `SetTimer` `CreateWindowExA` `UpdateWindow` `PostMessageA` `LoadIconA` `RegisterWindowMessageA` `LoadCursorA` `RegisterClassExA` `LoadStringA` `FindWindowA` `LoadAcceleratorsA` `GetMessageA` `TranslateAcceleratorA` `TranslateMessage` `DispatchMessageA` `ChangeDisplaySettingsA` `EnumDisplaySettingsA` `GetForegroundWindow` `SetForegroundWindow` `MessageBoxA` `wsprintfA` `IsWindowVisible` `IsWindowEnabled`
SHELL32.dll	`ShellExecuteA`
MSVCRT.dll	`exit` `_acmdln` `__getmainargs` `_initterm` `__setusermatherr` `_XcptFilter` `__p__commode` `__p__fmode` `__set_app_type` `_except_handler3` `_controlfp` `_adjust_fdiv` `_exit` `_onexit` `__dllonexit` `vsprintf` `_mbsnbcpy` `_mbsinc` `_strdup` `strstr` `strchr` `_splitpath` `_makepath` `_beginthread` `memmove` `??2@YAPAXI@Z` `??3@YAXPAX@Z` `time` `strtoul` `strncmp` `__CxxFrameHandler` `malloc` `free` `realloc`
MFC42.DLL	`#1200`
VERSION.dll	`GetFileVersionInfoA` `GetFileVersionInfoSizeA` `VerQueryValueA`
ADVAPI32.dll	`RegQueryValueExA` `RegOpenKeyExA` `RegSetValueExA` `RegCreateKeyExA` `RegCloseKey` `GetUserNameA`
ole32.dll	`CoCreateInstance` `CoInitialize` `CoUninitialize` `CoTaskMemFree` `StringFromCLSID`
OLEAUT32.dll	`SysAllocStringLen` `SysFreeString`

Delayed Imports

1

Type	`RT_ICON`
Language	Japanese - Japan
Codepage	Latin 1 / Western European
Size	`0x1078`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.64655`
MD5	`9f1f7c9d900522405162714f7203dee4`
SHA1	`abc2420dc9cbcc3ad10349b6bd203190b17734d8`
SHA256	`91361814cd435e31dd84e6b9e449a332556421e9ddf0bbbd3d2104c7a7acac19`
SHA3	`6aa5d86198cf98316ddc52db815154d450d9c952c1b86f05931db0de342e2933`

109

Type	`RT_MENU`
Language	Japanese - Japan
Codepage	Latin 1 / Western European
Size	`0xaa`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.01434`
MD5	`d232c61d060ef915aa2acfa06e33ecbc`
SHA1	`f7f2c1e1f5b7c3f588f335576f6540864e04b407`
SHA256	`ff0fccf19050201e50170c41b51ce724cdeea4596387fd7c546f3d52c2af4129`
SHA3	`7e843cb9796b06579b3b130b310ebb00561bb5191759b19eb7ff9d40da957e53`

103

Type	`RT_DIALOG`
Language	Japanese - Japan
Codepage	Latin 1 / Western European
Size	`0xf6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.54733`
MD5	`b4264dd845a9a5acbe578fe443db7157`
SHA1	`c1e72b87b3f3fbcd1bf18da09d9408aa6c306962`
SHA256	`777aa4be0bbbd6fa79f6d3ba24c1f76523127336777a805435d6871a87a7450e`
SHA3	`1afca9cb5d9a077c097c550dfa94353982bcc591323ecbb2dfd25de3d9695455`

7

Type	`RT_STRING`
Language	Japanese - Japan
Codepage	Latin 1 / Western European
Size	`0x38`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.65597`
MD5	`68a657c1863d4262bb5105e7e214103c`
SHA1	`4b6727b26ffac20135dc15b54eaf17ce2ae77cde`
SHA256	`5f289340b11dab73d7bd060ed3e211f9daba74954bae53b060e1e52e517c264e`
SHA3	`16cb8a362d249b93355f0ef2def420a9f2cd038710a5ef0b70d6dd5f642007de`

109 (#2)

Type	`RT_ACCELERATOR`
Language	Japanese - Japan
Codepage	Latin 1 / Western European
Size	`0x10`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.79879`
MD5	`3d2b1af3424dbcd504f73918619c7d99`
SHA1	`10d6ed54ea742211a14a05414883f6c00c03080a`
SHA256	`c2f0c188d6c493d7827bf83fb89c704815796445a0178bb2ae79658d96703a3c`
SHA3	`b8c5f28d2c132e5bc304e4dc1b314a3f32a2e48675c06828a2a8a014ea05e7fb`

107

Type	`RT_GROUP_ICON`
Language	Japanese - Japan
Codepage	Latin 1 / Western European
Size	`0x6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0.650022`
Detected Filetype	Icon file
MD5	`ed5a964e00f4a03ab201efe358667914`
SHA1	`d5d5370bbe3e3ce247c6f0825a9e16db2b8cd5c5`
SHA256	`025fc246f13759c192cbbae2a68f2b59b6478f21b31a05d77483a87e417906dd`
SHA3	`bcc97e80b70eddaf634913a036565c2d0373f4a5052947bab2d40de877bf1711`

String Table contents

SdWrap
SDWRAP

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x42b009c3`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`2`
Imports (VS2003 (.NET) build 4035)	`2`
Linker (VS98 SP6 build 8804)	`2`
14 (7299)	`2`
C objects (8047)	`11`
Linker (8047)	`2`
C objects (VS98 SP6 build 8804)	`1`
19 (8022)	`4`
19 (8034)	`13`
Total imports	`182`
C++ objects (VS98 SP6 build 8804)	`32`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

Leave a comment

No comments yet.