Manalyze report for c4c27642b041bc79e25fe5e644036fba

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2012-Jul-13 22:47:16
Debug artifacts
Comments
CompanyName	17696
FileDescription	FiveM Cleanerino
FileVersion	`1.0.0.0`
InternalName	FiveM Cleanerino.exe
LegalCopyright	Copyright © 17696 2022
LegalTrademarks
OriginalFilename	FiveM Cleanerino.exe
ProductName	FiveM Cleanerino
ProductVersion	`1.0.0.0`
Assembly Version	1.0.0.0

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot`
Info	The PE's resources present abnormal characteristics.	`Resource __ is possibly compressed or encrypted.`
Malicious	VirusTotal score: 40/68 (Scanned on 2022-06-08 11:44:04)	`Lionic: Trojan.Win32.Generic.4!c` `Elastic: malicious (high confidence)` `McAfee: RDN/Generic.dx` `Cylance: Unsafe` `Sangfor: Trojan.Win32.Generic.ky` `Alibaba: Trojan:Win32/Generic.07bf5dab` `CrowdStrike: win/malicious_confidence_70% (W)` `BitDefenderTheta: Gen:NN.ZexaF.34712.lq0@a0nkLy` `Cyren: W32/ABRisk.DBTE-5619` `tehtris: Generic.Malware` `TrendMicro-HouseCall: TROJ_GEN.R002C0WCR22` `Paloalto: generic.ml` `Kaspersky: HEUR:Trojan.Win32.Generic` `BitDefender: Trojan.GenericKD.48708749` `MicroWorld-eScan: Trojan.GenericKD.48708749` `Avast: Win32:Malware-gen` `Ad-Aware: Trojan.GenericKD.48708749` `Sophos: Generic ML PUA (PUA)` `Zillya: Trojan.Generic.Win32.1651048` `TrendMicro: TROJ_GEN.R002C0WCR22` `McAfee-GW-Edition: BehavesLike.Win32.Generic.cc` `SentinelOne: Static AI - Malicious PE` `Trapmine: malicious.high.ml.score` `FireEye: Generic.mg.c4c27642b041bc79` `Emsisoft: Trojan.GenericKD.48708749 (B)` `APEX: Malicious` `Gridinsoft: Trojan.Win32.Agent.cl` `Microsoft: Backdoor:Win32/Bladabindi!ml` `GData: Trojan.GenericKD.48708749` `AhnLab-V3: Trojan/Win.Generic.C5028274` `VBA32: Trojan.MSIL.Agent` `ALYac: Trojan.GenericKD.48708749` `MAX: malware (ai score=82)` `Malwarebytes: Trojan.Spoofer` `Rising: Trojan.Generic@AI.100 (RDMK:hebY6EAbYDRuiYOCkn/4EQ)` `MaxSecure: Trojan.Malware.7164915.susgen` `Fortinet: W32/PossibleThreat` `AVG: Win32:Malware-gen` `Cybereason: malicious.750950` `Panda: Trj/CI.A`

Hashes

MD5	`c4c27642b041bc79e25fe5e644036fba`
SHA1	`55ef1667509505e7d05e0f2b047c4979136930bf`
SHA256	`7286678f12aeb16d2efa0d2131012c0395425c997debcb4528c67a1aec3fd9cd`
SHA3	`7774555f0741ff922ebed7aeafcf94156a5a66f566f9ec21d49cdef2b7350670`
SSDeep	`3072:pDKW1LgppLRHMY0TBfJvjcTp5XOkRfELLhyVqj1K2kneGGVwKfYC:pDKW1Lgbdl0TBBvjc/rfEL3oneGGVLfH`
Imports Hash	`bf5a4aa99e5b160f8521cadd6bfe73b8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2012-Jul-13 22:47:16
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x19800`
SizeOfInitializedData	`0x14c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000CD2F (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1b000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x33000`
SizeOfHeaders	`0x400`
Checksum	`0x23bfb`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1b061ef02c355319027553c1e3b819a2`
SHA1	`faa67ca7395ddc56a68441744a206a0740acf3c4`
SHA256	`3c9c64b6e6f3df36cd2b9c28fe9823d761c80f8a6da82235442de4e43bb80408`
SHA3	`3eb52db896a0521781be0088de371ca0085fb5a3bf52d9b74cdfe25e6bb1cea9`
VirtualSize	`0x19718`
VirtualAddress	`0x1000`
SizeOfRawData	`0x19800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.74857`

.rdata

MD5	`5826801f33fc1b607aa8e942aa92e9fa`
SHA1	`ac050a1809ae127615e1683adb73d87013096d10`
SHA256	`883d62172f028223b48e9799e430669bf920590072b1c6fa120cf98290af6c3f`
SHA3	`fbac6a647fe46b9b39e1d94eefe9663774fe59c7c15f8d5cabcd736f7db2fcaf`
VirtualSize	`0x6db4`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x6e00`
PointerToRawData	`0x19c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.44296`

.data

MD5	`2fe51a72ede820cd7cf55a77ba59b1f4`
SHA1	`c5c9b70d1fbe0cb0f1d48ea41ef1cd0da70d708d`
SHA256	`40feedd8e8e7c2749517280e0dcbc0723f1e57640c936a122a3371b101d1de24`
SHA3	`54f23141fe42bbada8a56b6b11bd5d2b7f387233df49d6fc9a5d1521d0dab3ad`
VirtualSize	`0x30c0`
VirtualAddress	`0x22000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x20a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.26259`

.rsrc

MD5	`698f9d6f713b42d8ff9e250564a9fa51`
SHA1	`c5967beb7ffd048ed6a564d2ab7f8ff333394163`
SHA256	`25ae8ef7bff2954656f6bb4b2993627ab752bf8ad6b54ee55f637e077c2685aa`
SHA3	`1f15fd5a8a7ae718e78b3d807efead8cdfbcfe5c66c5c11f4f120a8643b62fc7`
VirtualSize	`0xc794`
VirtualAddress	`0x26000`
SizeOfRawData	`0xc800`
PointerToRawData	`0x22000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.94817`

Imports

KERNEL32.dll	`RaiseException` `GetLastError` `MultiByteToWideChar` `lstrlenA` `InterlockedDecrement` `GetProcAddress` `LoadLibraryA` `FreeResource` `SizeofResource` `LockResource` `LoadResource` `FindResourceA` `GetModuleHandleA` `Module32Next` `CloseHandle` `Module32First` `CreateToolhelp32Snapshot` `GetCurrentProcessId` `SetEndOfFile` `GetStringTypeW` `GetStringTypeA` `LCMapStringW` `LCMapStringA` `GetLocaleInfoA` `HeapFree` `GetProcessHeap` `HeapAlloc` `GetCommandLineA` `HeapCreate` `VirtualFree` `DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `VirtualAlloc` `HeapReAlloc` `HeapSize` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `GetModuleHandleW` `Sleep` `ExitProcess` `WriteFile` `GetStdHandle` `GetModuleFileNameA` `WideCharToMultiByte` `GetConsoleCP` `GetConsoleMode` `ReadFile` `TlsGetValue` `TlsAlloc` `TlsSetValue` `TlsFree` `InterlockedIncrement` `SetLastError` `GetCurrentThreadId` `FlushFileBuffers` `SetFilePointer` `SetHandleCount` `GetFileType` `GetStartupInfoA` `RtlUnwind` `FreeEnvironmentStringsA` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `QueryPerformanceCounter` `GetTickCount` `GetSystemTimeAsFileTime` `InitializeCriticalSectionAndSpinCount` `GetCPInfo` `GetACP` `GetOEMCP` `IsValidCodePage` `CompareStringA` `CompareStringW` `SetEnvironmentVariableA` `WriteConsoleA` `GetConsoleOutputCP` `WriteConsoleW` `SetStdHandle` `CreateFileA`
ole32.dll	`OleInitialize`
OLEAUT32.dll	`SafeArrayCreate` `SafeArrayAccessData` `SafeArrayUnaccessData` `SafeArrayDestroy` `SafeArrayCreateVector` `VariantClear` `VariantInit` `SysFreeString` `SysAllocString`

Delayed Imports

__

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xb58f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99645`
MD5	`f31b75596f847eb219f1c6f780d1a43d`
SHA1	`1de36fd0de03252815bdce14e56c4370ac76b897`
SHA256	`e96924d87daaed19682143ca4486304ad2921b01d78a9778b2073a3ae4c0ae71`
SHA3	`317d0eeafcf273c1b843b7c349042927a9e0d7cfedbbf7d4000ba66c386dc447`

~

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x20`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.9375`
MD5	`d5597bf7b87a82c9f70a4304f8a3b74e`
SHA1	`b24abb68da516f877f3c5895c31fe6ec8508abbc`
SHA256	`a1d975828147e1b4989bd007e583aad01445245e27e2e22be7e69219a5f7515d`
SHA3	`545ecec5515ffd4c664ccf39bba0afbcb706bb00f4f0e3831cba1f06d008772e`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x370`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29427`
MD5	`cc136c49356d7cc628d83f90f5ab8a94`
SHA1	`6fcc18c15a485a1b421530a425b32a6a781257f8`
SHA256	`9af619f4d47864a23424b8e29a658d90384faed44acaccdebb3b1f9bd6193300`
SHA3	`7b2b2593aeaffca0516d5b18cbc0e7a1e2f7c3f7f9fd3346cfcec3d53de2a0f3`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xd4f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.02015`
MD5	`5ee58d6764f5acd1e020932b1101a229`
SHA1	`d4811dd88d03c43da247c2b364e72c708c39edd2`
SHA256	`069ca63ad5d79165bcbf1e801f75e77eedd9347965b4e650699b5423874fd935`
SHA3	`34474b3d67e692fd2c507854e4b10ae081daaf0ad13a6908c3ccd1446f73cb20`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	1.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName	17696
FileDescription	FiveM Cleanerino
FileVersion (#2)	1.0.0.0
InternalName	FiveM Cleanerino.exe
LegalCopyright	Copyright © 17696 2022
LegalTrademarks
OriginalFilename	FiveM Cleanerino.exe
ProductName	FiveM Cleanerino
ProductVersion (#2)	1.0.0.0
Assembly Version	1.0.0.0

Resource LangID	UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2012-Jul-13 22:47:16
Version	`0.0`
SizeofData	`129`
AddressOfRawData	`0x20de8`
PointerToRawData	`0x1f9e8`
Referenced File

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x422234`
SEHandlerTable	`0x420f50`
SEHandlerCount	`3`

RICH Header

XOR Key	`0x7eea712c`
Unmarked objects	`0`
ASM objects (VS2008 build 21022)	`19`
Imports (VS2012 build 50727 / VS2005 build 50727)	`7`
Total imports	`112`
C++ objects (VS2008 build 21022)	`48`
C objects (VS2008 build 21022)	`142`
Resource objects (VS2008 build 21022)	`1`

c4c27642b041bc79e25fe5e644036fba

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

__

~

1

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors