Manalyze report for d0e8605e45516760e5754312ccda2d2a

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2065-Jan-02 17:07:18
Detected languages	English - United States
Debug artifacts	dialer.pdb
CompanyName	Microsoft Corporation
FileDescription	Microsoft Windows Phone Dialer
FileVersion	`10.0.22621.1 (WinBuild.160101.0800)`
InternalName	DIALER.EXE
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	DIALER.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.22621.1`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.`
Suspicious	The PE contains functions most legitimate programs don't use.	`Functions which can be used for anti-debugging purposes: FindWindowW` `Can access the registry: RegDeleteValueW RegOpenKeyExW RegSetValueExW RegCreateKeyExW RegCloseKey RegQueryValueExW` `Can take screenshots: GetDC FindWindowW` `Reads the contents of the clipboard: GetClipboardData`
Suspicious	The file contains overlay data.	`145052 bytes of data starting at offset 0x8200.` `Overlay data amounts for 81.3382% of the executable.`
Malicious	VirusTotal score: 44/74 (Scanned on 2024-08-29 12:30:03)	`ALYac: Gen:Variant.Cerbu.210366` `AVG: Win32:Malware-gen` `Alibaba: Trojan:JS/LummaStealer.8ed35d79` `Arcabit: Trojan.Cerbu.D335BE` `Avast: Win32:Malware-gen` `Avira: TR/AVI.Agent.fsmui` `BitDefender: Gen:Variant.Cerbu.210366` `Bkav: W32.AIDetectMalware` `CAT-QuickHeal: TrojanDropper.Agent` `CrowdStrike: win/malicious_confidence_60% (W)` `Cybereason: malicious.e45516` `Cylance: Unsafe` `Cynet: Malicious (score: 99)` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of JS/Agent.RNX` `Emsisoft: Gen:Variant.Cerbu.210366 (B)` `F-Secure: Trojan.TR/AVI.Agent.fsmui` `FireEye: Gen:Variant.Cerbu.210366` `Fortinet: W32/Agent.PWSL!tr` `GData: Gen:Variant.Cerbu.210366` `Google: Detected` `Gridinsoft: Trojan.Win32.Agent.sa` `Ikarus: Trojan.JS.Agent` `K7AntiVirus: Trojan ( 005b37251 )` `K7GW: Trojan ( 005b37251 )` `Kaspersky: UDS:DangerousObject.Multi.Generic` `Lionic: Trojan.Win32.Generic.4!c` `MAX: malware (ai score=84)` `Malwarebytes: Generic.Malware/Suspicious` `McAfee: Artemis!D0E8605E4551` `McAfeeD: ti!A2DB6394C73E` `MicroWorld-eScan: Gen:Variant.Cerbu.210366` `Microsoft: Trojan:Win32/LummaStealer.DA!MTB` `Paloalto: generic.ml` `Panda: Trj/Genetic.gen` `Rising: Dropper.Agent!8.2F (CLOUD)` `Sangfor: Trojan.Win32.Lummastealer.Viu7` `Sophos: Troj/DwnLd-ARJ` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.1417ecf7` `VIPRE: Gen:Variant.Cerbu.210366` `Varist: W32/Cerbu.CF.gen!Eldorado` `Zillya: Trojan.Agent.JS.7696` `ZoneAlarm: UDS:DangerousObject.Multi.Generic`

Hashes

MD5	`d0e8605e45516760e5754312ccda2d2a`
SHA1	`7d0b112e56dc62cedfc41cdbec5ebb36af329d57`
SHA256	`a2db6394c73eee59c749ed82e5018196cc7267c3a154e41b40751b4f29df3450`
SHA3	`8fe1f1fdcae479507fda73089bf7c3480a42843926319efc2aaa7fab1c4e1170`
SSDeep	`3072:+9HL8B1EOUWEsizz9HL8B1EOUWEsiz19HL8B1EOUWEsizP9HL8B1EOUWEsiz:+lGbiVzzlGbiVz1lGbiVzPlGbiVz`
Imports Hash	`76e0d8d65462216e7b0903bc27d606d1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2065-Jan-02 17:07:18
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x5400`
SizeOfInitializedData	`0x3800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000058F0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0xc000`
SizeOfHeaders	`0x400`
Checksum	`0x10b32`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d542cbce133e9da1b6343e2d4eb33ab4`
SHA1	`e4c74e681aab881115be2a2ac4a2cf8f3b2d5e07`
SHA256	`52680bd0f4beea52db2bef10377c457f42ca82f9d0682432ffd30785fc1d6af0`
SHA3	`2af18c4fd1387419c5f8f6871ebc0b7b1cf040e11887f72a2de86d5d1115dbb3`
VirtualSize	`0x523c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.97038`

.data

MD5	`f4692163a4d4f286ce497ed1cda94768`
SHA1	`90ff469ca1435cf4a195b75098b7e1a658259854`
SHA256	`0b453605ca884af9c588b496a62210e2a1098534e63091eee30cf5d497483a74`
SHA3	`591773f7199b529144bf2bfcd8da3fe734c0f1cf6ba92ed9240661f37b0be19c`
VirtualSize	`0xf80`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.665963`

.idata

MD5	`bf63319b2ddc100fb78f5f0cb6694db8`
SHA1	`4d9da33ba113db001d37c72bf3a375d604d25790`
SHA256	`fee59dce1deebc4c03322183af3cb2d7233c62205ea9fb1a66695b30b8c0c073`
SHA3	`fce6604a2dad9bb6bf5a4024c40113d6b38843135a6aad8a3d912e7592dd8ae0`
VirtualSize	`0xda2`
VirtualAddress	`0x8000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x5a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.20773`

.rsrc

MD5	`14de11a77d3783013c8239a9726e67b5`
SHA1	`7d8345e1b409c590a5c20987a6f84d73fd5d6531`
SHA256	`8283357a0030376bd24687e5cca5b2eb91aa37d81835fb7589676eb7808bc891`
SHA3	`f51c72c7cad28bbab46860983f432800a6ca2eaf7d761c198f59bdc79e00d859`
VirtualSize	`0x11a0`
VirtualAddress	`0x9000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.18597`

.reloc

MD5	`f3ead93120a93537ad87bb44d14f160e`
SHA1	`d937e0f78c809a9b3723a2e9805ca8ffda53b0ac`
SHA256	`d958c361b82fd56256a5343b854c62dce3835f46a0ac22b6fbf4a79bac300ed0`
SHA3	`3cc97adfab0faea0dc9404920ad11bb546b11a3ab449ed34b6c6a6209e50196f`
VirtualSize	`0x79c`
VirtualAddress	`0xb000`
SizeOfRawData	`0x800`
PointerToRawData	`0x7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.60418`

Imports

ADVAPI32.dll	`RegDeleteValueW` `RegOpenKeyExW` `RegSetValueExW` `RegCreateKeyExW` `RegCloseKey` `RegQueryValueExW`
KERNEL32.dll	`HeapSetInformation` `LocalFree` `GetModuleHandleW` `GetTickCount` `lstrcmpW` `GetCurrentThreadId` `GetLastError` `FormatMessageW` `LocalAlloc` `CreateMutexW` `lstrlenW` `CloseHandle` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `QueryPerformanceCounter` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetStartupInfoW` `Sleep`
GDI32.dll	`GetStockObject` `GetTextExtentPoint32W` `SetBkColor` `LPtoDP` `CreateFontIndirectW` `SelectObject`
USER32.dll	`DefDlgProcW` `IsDialogMessageW` `DispatchMessageW` `ShowWindow` `GetActiveWindow` `LoadStringW` `LoadAcceleratorsW` `DrawIcon` `GetSystemMetrics` `EndDialog` `SendMessageW` `FillRect` `MessageBoxW` `SetWindowPos` `GetDC` `DestroyWindow` `GetFocus` `GetWindowRect` `PostMessageW` `CreateDialogParamW` `GetMessageW` `GetWindowTextLengthW` `SetDlgItemTextW` `GetDlgItemTextW` `SendDlgItemMessageW` `GetSysColor` `WinHelpW` `SetFocus` `TranslateAcceleratorW` `TranslateMessage` `GetClipboardData` `LoadIconW` `PeekMessageW` `FindWindowW` `LoadCursorW` `GetClientRect` `GetDlgItem` `IsClipboardFormatAvailable` `CheckDlgButton` `PostQuitMessage` `GetSysColorBrush` `EnableMenuItem` `SystemParametersInfoW` `GetParent` `DialogBoxParamW` `UpdateWindow` `SetForegroundWindow` `IsIconic` `ReleaseDC` `BeginPaint` `EndPaint` `EnableWindow` `RegisterClassW`
msvcrt.dll	`_except_handler4_common` `_controlfp` `?terminate@@YAXXZ` `_acmdln` `_initterm` `__setusermatherr` `_ismbblead` `__p__fmode` `_cexit` `memset` `exit` `__set_app_type` `__getmainargs` `_amsg_exit` `__p__commode` `_XcptFilter` `wcscspn` `wcsspn` `_itow` `_wtoi` `_vsnwprintf` `_exit` `memmove`
SHELL32.dll	`ShellAboutW`
TAPI32.dll	`lineGetAppPriorityW` `lineGetDevCapsW` `lineClose` `lineGetRequestW` `lineSetAppPriorityW` `lineRegisterRequestRecipient` `lineDrop` `lineConfigDialogW` `lineDeallocateCall` `lineTranslateDialogW` `lineInitializeExW` `lineGetTranslateCapsW` `lineTranslateAddressW` `lineShutdown` `lineGetAddressCapsW` `lineMakeCallW` `lineNegotiateAPIVersion` `lineOpenW`

Delayed Imports

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.63807`
MD5	`22826e25a5f4af0a58c22d27548e0852`
SHA1	`344a07dc7b6e92a3ea7956f8eaf7cc09e4f3ff9b`
SHA256	`4922928f53f94f665fb814a1c1c5b1cb89f0af804ec93e3d59dc74e40d607d62`
SHA3	`31a948b83752d0195655173ebd44056f8f6fa4472701076c06e74c0762646026`

1 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51367`
MD5	`2b524acdb6979c8322853916dbc90347`
SHA1	`bc7a6e79ce466442209e258084c45140be504a70`
SHA256	`cfc51c6251a7673dbdf01ee372e8aaf7163c7ac9e975b7d171ca0568b3c0effc`
SHA3	`c9813ed900cb5fbbaf8185ee7062714ea3c28ef4facc4346450eb99acaa1f3a7`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.48115`
MD5	`bc1fca1d4cf1d67d795f3da17be75435`
SHA1	`51950436d5f2acf2a0e0de057779594379287ea7`
SHA256	`5acc36705bffb56159e36f52dc3b3994c512250f0662e5d55268bfc3e172406d`
SHA3	`647040a87ce25edbd7564f026b61f86c0227b84d56297beacc1ef9b383309a79`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.10957`
MD5	`9bc8b6c4b7526c890c85496d68af6e6a`
SHA1	`3dac1206e8478aa07aced576e16a33a3d37fcb8c`
SHA256	`1d9f757438ae3c559f2c1ee4969d1de99226afa2a4ceb629422ce4c4636a7bc3`
SHA3	`306bda77a5adabc628e4e04d3cae91e94c9980d26e741904c713cc9acb437a4f`

1 (#3)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

116

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32322`
Detected Filetype	Icon file
MD5	`ce9c092856a8bcd1503927da430e18e7`
SHA1	`8eecabfe2727710867c6b7223b32f490b1caf133`
SHA256	`483aa261cce96256ff045257f2834d1cc43b6194f5d30533c0f18776aa7367f2`
SHA3	`203afac5a8b0c87581e30850450c0d112d2c7172b934b0bb67b442dd0f8a918e`

1 (#4)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3ac`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46517`
MD5	`3398a48c6c967f3fae29b5a2ed46f8bc`
SHA1	`22aa8e25c41bc04c79567b51f5bb2b54d16d548e`
SHA256	`cb0d39e10d7021087ee5d748f2b58bfdedf9bf6fdbb04d4fbc337a7fae3f7f3a`
SHA3	`8325c2deabdcc3b083e42280fe731a5a986ef8a39e21a63c6d02fac99e7e5e7d`

1 (#5)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3c0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.86879`
MD5	`8ecab98790c870f9a580fd05795e6a01`
SHA1	`a883f5a34afe0868d998b8186d82fc9cb4a2b94f`
SHA256	`8b3cdb271324747bf074ccecb2919557418aca221e45ed13f7b647697bc2414e`
SHA3	`eb655071c8d38f589b089955975968099f0bc39c0539c57f3170330feeaeed66`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.22621.1
ProductVersion	10.0.22621.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Microsoft Windows Phone Dialer
FileVersion (#2)	10.0.22621.1 (WinBuild.160101.0800)
InternalName	DIALER.EXE
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	DIALER.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.22621.1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2065-Jan-02 17:07:18
Version	`0.0`
SizeofData	`35`
AddressOfRawData	`0x1678`
PointerToRawData	`0xa78`
Referenced File	dialer.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2065-Jan-02 17:07:18
Version	`0.0`
SizeofData	`512`
AddressOfRawData	`0x169c`
PointerToRawData	`0xa9c`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2065-Jan-02 17:07:18
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x189c`
PointerToRawData	`0xc9c`

TLS Callbacks

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x407004`
SEHandlerTable	`0x401600`
SEHandlerCount	`1`
GuardCFCheckFunctionPointer	`4227612`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x5a2c78b4`
Unmarked objects	`0`
C++ objects (30795)	`1`
ASM objects (30795)	`1`
C objects (30795)	`21`
Imports (30795)	`15`
Total imports	`133`
C objects (LTCG) (30795)	`2`
Resource objects (30795)	`1`
Linker (30795)	`1`

d0e8605e45516760e5754312ccda2d2a

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.data

.idata

.rsrc

.reloc

Imports

Delayed Imports

1

1 (#2)

2

3

1 (#3)

116

1 (#4)

1 (#5)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors