Manalyze report for cb85617125124f3fc945c7f375349de3

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2020-Apr-24 12:49:55
Detected languages	English - United States

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `The PE only has 0 import(s).`
Malicious	VirusTotal score: 35/71 (Scanned on 2023-05-28 13:42:58)	`Lionic: Trojan.Win32.Generic.4!c` `tehtris: Generic.Malware` `MicroWorld-eScan: Trojan.GenericKDZ.70043` `McAfee: GenericRXAA-FA!CB8561712512` `Cylance: unsafe` `VIPRE: Trojan.GenericKDZ.70043` `Sangfor: Trojan.Win32.Agent.Vmy3` `Cybereason: malicious.125124` `Elastic: malicious (moderate confidence)` `APEX: Malicious` `Cynet: Malicious (score: 100)` `BitDefender: Trojan.GenericKDZ.70043` `NANO-Antivirus: Trojan.Win32.DiskWriter.hvglkh` `Avast: Win32:Malware-gen` `Emsisoft: Trojan.GenericKDZ.70043 (B)` `Zillya: Trojan.Convagent.Win32.3304` `McAfee-GW-Edition: Artemis!Trojan` `Trapmine: malicious.moderate.ml.score` `FireEye: Trojan.GenericKDZ.70043` `Sophos: Mal/Generic-R` `SentinelOne: Static AI - Suspicious PE` `GData: Trojan.GenericKDZ.70043` `Webroot: W32.Trojan.GenKDZ` `Antiy-AVL: GrayWare/Win32.Wacapew` `Gridinsoft: Ransom.Win32.Wacatac.oa!s2` `Arcabit: Trojan.Generic.D1119B` `Google: Detected` `ALYac: Trojan.GenericKDZ.70043` `Malwarebytes: Malware.AI.3439378033` `TrendMicro-HouseCall: TROJ_GEN.R057H09L320` `Ikarus: Trojan.Win32.Claretore` `MaxSecure: Trojan.Malware.106546886.susgen` `Fortinet: PossibleThreat.PALLAS.H` `AVG: Win32:Malware-gen` `DeepInstinct: MALICIOUS`

Hashes

MD5	`cb85617125124f3fc945c7f375349de3`
SHA1	`fdd445057a5ce73444fc5c5ac50ac10ab0b44466`
SHA256	`e30ed00a2763403bc0040f3eb5f6b22874892d9a79bce5f4239404d6b9009b42`
SHA3	`1a29769a0ae472b8ed15d64118dda828390bc400601f21cf70c36d19af9b5093`
SSDeep	`768:ey2me3ArVXfOua4fodtgyqz+5DDZX9enaR8ltk7XaeJKfUsicWPJYcZJTvszNUPE:ey2XwrVXfj1fozgyqK5p9m4g8si1BYwY`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2020-Apr-24 12:49:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xa000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0xe000`
AddressOfEntryPoint	`0x00018760 (Section: UPX1)`
BaseOfCode	`0xf000`
BaseOfData	`0x19000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1a000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xe000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`999cc1476fd627c89c94e780e8e231fe`
SHA1	`3edcde178c086a1b7e34a5693b91cbd87a210857`
SHA256	`5f2dd6cd808973eb9ad5dde71f17862fa5f57e42d3c1dcff6ad64c73551704fb`
SHA3	`3545a8d00fb949d946be413d377d597cff105ace6ebd287e0b5bf04cd35ca848`
VirtualSize	`0xa000`
VirtualAddress	`0xf000`
SizeOfRawData	`0x9a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.87245`

.rsrc

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x1000`
VirtualAddress	`0x19000`
SizeOfRawData	`0x400`
PointerToRawData	`0x9e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

Imports

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89431`
MD5	`9ca712e73be23059b8ab2934c7fcfe1b`
SHA1	`4a350e7638fa3a0b17d5e6d95500683960dc8206`
SHA256	`991da4060dcb5b705dd5860f760c25cdd938d5379e25410a2d3ad3a74d52975e`
SHA3	`1783c5762dffbdc44879fed6deb06b6c7ba6c58f500c98a88c1e2f149e3282e9`

Version Info

TLS Callbacks

Load Configuration

Size	`0xa4`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x413004`
SEHandlerTable	`0x411bf0`
SEHandlerCount	`3`

RICH Header

XOR Key	`0x41f31910`
Unmarked objects	`0`
ASM objects (VS2017 v14.15 compiler 26715)	`10`
C++ objects (VS2017 v14.15 compiler 26715)	`138`
C objects (VS2017 v14.15 compiler 26715)	`18`
C++ objects (27521)	`37`
C objects (27521)	`17`
ASM objects (27521)	`17`
Imports (VS2017 v14.15 compiler 26715)	`5`
Total imports	`82`
C++ objects (LTCG) (VS2019 Update 1 (16.1) compiler 27702)	`1`
Resource objects (VS2019 Update 1 (16.1) compiler 27702)	`1`
Linker (VS2019 Update 1 (16.1) compiler 27702)	`1`

Errors

[!] Error: Could not read the IMAGE_IMPORT_DESCRIPTOR.
[!] Error: Could not read an IMAGE_BASE_RELOCATION!
[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Section .rsrc is larger than the executable!
[*] Warning: Section .rsrc is larger than the executable!
[*] Warning: Section .rsrc is larger than the executable!