Manalyze report for c8660d633a97ca94facb3a2613b36d28

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2010-Jan-11 09:58:57

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0` `MASM/TASM - sig1(h)`
Malicious	VirusTotal score: 4/70 (Scanned on 2019-12-05 06:02:06)	`Sangfor: Malware` `APEX: Malicious` `Trapmine: suspicious.low.ml.score` `Webroot: W32.Malware.Gen`

Hashes

MD5	`c8660d633a97ca94facb3a2613b36d28`
SHA1	`81ca77cd0419af5e89dbd7998d958bd4078857d1`
SHA256	`8a32e3f2a17fb3cfc8f64c59f25c1b6d5f7f05342591becf47c5129e876fcdc5`
SHA3	`fd88f8bd067307d5e342c090a4cc13a6f95b277e21bda728258ed7f9339f6fb2`
SSDeep	`96:J6Ks86q/AeqT1wSwaqC2bzM+cLlcaRIuc2S8abROz/SpIQI1OYUEwY8ayModSuC:Nw1qa5M9mIultqI1TJhc1CsWQN1uyn`
Imports Hash	`6ada5fb0e22a29b13118a2ba94444b7b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xb8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2010-Jan-11 09:58:57
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`5.0`
SizeOfCode	`0x400`
SizeOfInitializedData	`0x2600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001000 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`4.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x7000`
SizeOfHeaders	`0x400`
Checksum	`0x2e64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`43eea14fb6efbe39bfa659ac3cb2f712`
SHA1	`ca90f1508dbfd9d6fa5bcaa32a707aa83ddc4f3c`
SHA256	`4acc3b3c83d88ebbfd88b6be0d28d71cb1972c5fc741fc0c1a99ff6716e2849c`
SHA3	`730f0521f93e910a1f0e1e4cd04b2717c1c20c3b15fa1269c8255100b757f49d`
VirtualSize	`0x394`
VirtualAddress	`0x1000`
SizeOfRawData	`0x400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.72662`

.rdata

MD5	`8ceb6f4cf2a3c22e8ddf5b476cd2d26a`
SHA1	`a7ac6f512f68c24ac39e34c3be5aaa94ad8c106b`
SHA256	`1abb7c732e2aa156448212559987945273ed9be3d3a82a6335179d83baa9e3e5`
SHA3	`c9d007aacb2c19691df5a2de23e19c82161dd703a5a31214335cca36c060b648`
VirtualSize	`0x1d8`
VirtualAddress	`0x2000`
SizeOfRawData	`0x200`
PointerToRawData	`0x800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.92379`

.data

MD5	`f753ee5e1270b63f6d585c524d6cd351`
SHA1	`fa3477510972b14515acdf85971be36297b0d162`
SHA256	`2ab31e282fac9febb6d14166e1e4016adce3084e8f4916fef9b5314e3f34dfed`
SHA3	`d5bfd3adc48221b4cae35cc4dfbc201acd3db0c17f110c1c4bda7c3a12541c02`
VirtualSize	`0x209d`
VirtualAddress	`0x3000`
SizeOfRawData	`0x2200`
PointerToRawData	`0xa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.33357`

.rsrc

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x10`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

Imports

kernel32.dll	`GetModuleHandleA` `ReadFile` `GetFileSize` `VirtualAlloc` `WriteFile` `ExitProcess` `CreateFileA` `SetFilePointer` `CloseHandle`
user32.dll	`MessageBoxA`
comdlg32.dll	`GetOpenFileNameA`
imagehlp.dll	`MapFileAndCheckSumA`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x6bff886e`
Unmarked objects	`0`
19 (8078)	`22`
18 (8444)	`1`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

c8660d633a97ca94facb3a2613b36d28

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors