Manalyze report for d3dd0700e1018baa99ae9f8daafd18a6

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1992-Jun-19 22:22:17
Detected languages	English - United States Russian - Russia
Comments
CompanyName	Crackingpatching.com Team
FileDescription	Bootstrap Studio 1.0.0 Installation
FileVersion	`1.0.0`
LegalCopyright	Crackingpatching.com Team

Plugin Output

Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: FindWindowA` `Code injection capabilities (PowerLoader): GetWindowLongA FindWindowA` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegCloseKey RegSetValueExA RegQueryInfoKeyA RegEnumKeyExA RegCreateKeyExA` `Possibly launches other programs: WinExec ShellExecuteA` `Can create temporary files: GetTempPathA CreateFileA` `Functions related to the privilege level: OpenProcessToken AdjustTokenPrivileges` `Manipulates other processes: OpenProcess` `Can take screenshots: CreateCompatibleDC BitBlt GetDCEx GetDC FindWindowA` `Can shut the system down or lock the screen: ExitWindowsEx`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 2011-Dec-13 00:00:22`
Suspicious	The file contains overlay data.	`388635 bytes of data starting at offset 0x71800.` `The overlay data has an entropy of 7.99722 and is possibly compressed or encrypted.`
Malicious	VirusTotal score: 15/70 (Scanned on 2020-01-08 10:26:57)	`CAT-QuickHeal: Trojan.Presenoker` `Cylance: Unsafe` `ESET-NOD32: a variant of Win32/RiskWare.HackTool.Agent.K` `Paloalto: generic.ml` `Tencent: Malware.Win32.Gencirc.10b49844` `Invincea: heuristic` `Trapmine: suspicious.low.ml.score` `SentinelOne: DFI - Suspicious PE` `Cyren: W32/Trojan.KFUF-6195` `Webroot: W32.Hack.Tool` `Microsoft: Program:Win32/Uwasson.A!ml` `Endgame: malicious (moderate confidence)` `Ikarus: PUA.RiskWare.Hacktool` `eGambit: Unsafe.AI_Score_99%` `Fortinet: Riskware/HackTool_Agent`

Hashes

MD5	`d3dd0700e1018baa99ae9f8daafd18a6`
SHA1	`1f9b8097a92ff52b9e8572d867a1334ba03913b8`
SHA256	`aa824eb6f90bc3d8f7efb52c58202cb80dd666ff860668c8580daa09a40b5b12`
SHA3	`6aa3ba43fd48b30da02debe24d98cd7a2393a56c78eda24105270a14747286b5`
SSDeep	`12288:OANwRo+mv8QD4+0V16KWEQF2dXMhGpw5UJmQVyF8Dx0gBCcf+Prs:OAT8QE+k6EQFU+mw5UJrVyEBFss`
Imports Hash	`b28ee14bfd2d9cf0dd7828bad72ca488`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x24600`
SizeOfInitializedData	`0x4ce00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00025468 (Section: CODE)`
BaseOfCode	`0x1000`
BaseOfData	`0x26000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x78000`
SizeOfHeaders	`0x400`
Checksum	`0x7abb0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

CODE

MD5	`5e14e4ede2e2215bc7d72837b9871f8f`
SHA1	`b23023c88b9130efa688c77a0d24e6a2c423fab6`
SHA256	`75656197ad5cd8fbf10851b56fe7b1118383ce2fe69e9ba2e0eb86ee62833d3d`
SHA3	`d921e73fd7b3b6b81d0aadf66e63f2299ca3b2c191217e6c371ee64d0ba30162`
VirtualSize	`0x244cc`
VirtualAddress	`0x1000`
SizeOfRawData	`0x24600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.59443`

DATA

MD5	`abafcbfbd7f8ac0226ca496a92a0cf06`
SHA1	`e6d34e556463e08e8b1c5b5cbb9967c3c662c029`
SHA256	`1706c98e15f709d9343227787f451017d335ab86c060c7cbbb5cf12170f4e54d`
SHA3	`99ba741825583169851f5fc2106947193c1021ddc956a8bf921c453b2ee93673`
VirtualSize	`0x2894`
VirtualAddress	`0x26000`
SizeOfRawData	`0x2a00`
PointerToRawData	`0x24a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.79376`

BSS

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x10f5`
VirtualAddress	`0x29000`
SizeOfRawData	`0`
PointerToRawData	`0x27400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`a4e0ac39d5ed487ceea059fa23dfce5e`
SHA1	`57dbb9ad99992432dba6a1ca14ffddf7780ddf98`
SHA256	`1589bb39ca35524604119bfedf88a265c1790f280ec5dd58ce279b57d7b38d37`
SHA3	`bf789146bda84ea8224c271684b7f3b296b735439a77559febe69cd7d78171f9`
VirtualSize	`0x1798`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x27400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.88555`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8`
VirtualAddress	`0x2d000`
SizeOfRawData	`0`
PointerToRawData	`0x28c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`c4fdd0c5c9efb616fcc85d66056ca490`
SHA1	`7d9ccb6391020266050c96487449a1aadfbe589d`
SHA256	`47fb5182ffc61caf80b51da5ccc9690af4db7850e9606940aa64090eebb0561f`
SHA3	`e73ffc12e5d80d115e474806fa706823f53afebd7eb00e88f4d4c7917059f51e`
VirtualSize	`0x18`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x28c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`0.204488`

.reloc

MD5	`867a1120317d51734587a74f6ee70016`
SHA1	`4d98e9a5cd438d32008aa2db9c2af8f5714c89fd`
SHA256	`4bfa53f467e9ba6e24b464f4752e9b753fe097cfafc81796a450acc5bf3a8bd2`
SHA3	`739b765ee273d2e256360c45444e6e24c2c66a9164e4d6d331eae0dd622a393e`
VirtualSize	`0x1884`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x28e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`6.58665`

.rsrc

MD5	`66dac8038bf0c920f3f4cee976b65f24`
SHA1	`39f8505636da12668eb1d969e6b91a79a16ea3c8`
SHA256	`4494cf5d6567d43ccaff085fee1284707a52f22f82890f34ffb009169b97ef97`
SHA3	`5291b35ffa43b815e08b61421f1ef263a3016f63cb0f4d65244b3c9b07b53382`
VirtualSize	`0x46f60`
VirtualAddress	`0x31000`
SizeOfRawData	`0x47000`
PointerToRawData	`0x2a800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`4.14043`

Imports

kernel32.dll	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `WideCharToMultiByte` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
user32.dll	`GetKeyboardType` `MessageBoxA`
advapi32.dll	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
oleaut32.dll	`SysFreeString` `SysReAllocStringLen`
kernel32.dll (#2)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `WideCharToMultiByte` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
advapi32.dll (#2)	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
kernel32.dll (#3)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `WideCharToMultiByte` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
gdi32.dll	`StretchDIBits` `StretchBlt` `SetWindowOrgEx` `SetTextColor` `SetStretchBltMode` `SetRectRgn` `SetROP2` `SetPixel` `SetDIBits` `SetBrushOrgEx` `SetBkMode` `SetBkColor` `SelectObject` `SaveDC` `RestoreDC` `OffsetRgn` `MoveToEx` `IntersectClipRect` `GetStockObject` `GetPixel` `GetDIBits` `ExtSelectClipRgn` `ExcludeClipRect` `DeleteObject` `DeleteDC` `CreateSolidBrush` `CreateRectRgn` `CreateDIBitmap` `CreateDIBSection` `CreateCompatibleDC` `CreateCompatibleBitmap` `CreateBrushIndirect` `CreateBitmap` `CombineRgn` `BitBlt`
user32.dll (#2)	`GetKeyboardType` `MessageBoxA`
winmm.dll	`timeKillEvent` `timeSetEvent`
oleaut32.dll (#2)	`SysFreeString` `SysReAllocStringLen`
ole32.dll	`OleInitialize`
comctl32.dll	`ImageList_Draw` `ImageList_SetBkColor` `ImageList_Create` `InitCommonControls`
shell32.dll	`SHGetFileInfoA`
user32.dll (#3)	`GetKeyboardType` `MessageBoxA`
gdi32.dll (#2)	`StretchDIBits` `StretchBlt` `SetWindowOrgEx` `SetTextColor` `SetStretchBltMode` `SetRectRgn` `SetROP2` `SetPixel` `SetDIBits` `SetBrushOrgEx` `SetBkMode` `SetBkColor` `SelectObject` `SaveDC` `RestoreDC` `OffsetRgn` `MoveToEx` `IntersectClipRect` `GetStockObject` `GetPixel` `GetDIBits` `ExtSelectClipRgn` `ExcludeClipRect` `DeleteObject` `DeleteDC` `CreateSolidBrush` `CreateRectRgn` `CreateDIBitmap` `CreateDIBSection` `CreateCompatibleDC` `CreateCompatibleBitmap` `CreateBrushIndirect` `CreateBitmap` `CombineRgn` `BitBlt`
kernel32.dll (#4)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `WideCharToMultiByte` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
advapi32.dll (#3)	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
shell32.dll (#2)	`SHGetFileInfoA`
cabinet.dll	`FDIDestroy` `FDICopy` `FDICreate`
ole32.dll (#2)	`OleInitialize`
shell32.dll (#3)	`SHGetFileInfoA`

Delayed Imports

50

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.24025`
MD5	`e2034173095893bb12293baf9f4f7be9`
SHA1	`cd9196218c3381466428e315929bafafff885b71`
SHA256	`36dfbd0ed6c0aef76434f85ce890bb40596a746c18cb587de71b581c0773d270`
SHA3	`ddc4ea062486fa4674de73a7d1fb600fb64563a649f993f750a499dc60136d80`

51

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.94231`
MD5	`297187a1827a762195061b41ede849ea`
SHA1	`f8c75d2f2f7257b0ccb99d488c0c86bdd1ea8048`
SHA256	`72380bafb061c71db6bef7a4f6069068e379e7306a9ad764b60f920e9096d72b`
SHA3	`3122587aeb87b1b2c8ea6721e7c2e4414ed987ccb5f738d7ba8aab521b529c22`

52

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.73718`
MD5	`e6134d243ffc34be054e64d0872494ec`
SHA1	`e89dd6a8c49285b27631ba4509577d299151bf55`
SHA256	`37325c0acd2c9cb962eadbe95725198698e6d12c59458cfdad606e9ed1626bd0`
SHA3	`ebf6b81a4857a4adb1d84ed9e2f5f3163c1c277690afff728082c8d86784b56c`

53

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.51902`
MD5	`55f3b0c54140a1a78c351f5e61dd7ebc`
SHA1	`51ca177e3b8ed607d505f90a7aa234d7cf56a47f`
SHA256	`07da4c992b79e6d27f67e4974120d486442d45f2124147614ae11d43a9c18132`
SHA3	`ffcfceb1735e02ac92eff3dec972fa97710bfb7de754b03a1d5a8db7c8b20e2b`

54

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.05378`
MD5	`d654e1f645344c19a81996c553367e85`
SHA1	`a8dcace91152bcfd90cd2f58cb52a32f09b98d4c`
SHA256	`09b0b0ec3d1bd447f7e0a80db728fd71623dd2a580bc34156bb7ab9a26669201`
SHA3	`edee7bee1c31790a9e922e0734940bf2b37c39dbff0d51322fe9f405ad5d3164`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2011-Dec-13 00:00:22
Entropy	`4`
MD5	`d8090aba7197fbf9c7e2631c750965a8`
SHA1	`04f73efb0801b18f6984b14cd057fb56519cd31b`
SHA256	`88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610`
SHA3	`a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x110`
TimeDateStamp	2011-Dec-13 00:00:22
Entropy	`5.28362`
MD5	`fbba41fa21bdd3ce99d0268d577f352a`
SHA1	`5a87423f2d852d431478881c160c6c7f6262d5df`
SHA256	`0d9a7ca2193a69f7048c46748a3e98e7e101bda4e5bbe903858539e20ffed78d`
SHA3	`9bfadc055ec99191e78759bd6ce0a3f29cfed82fb137210895ec1c38eb38402b`

MAINICON

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.75922`
Detected Filetype	Icon file
MD5	`b44bd874d4c9f7ab3fbb3ce0f9bd2224`
SHA1	`4e75c05c9ae303836f19def2a62212a69b88ec48`
SHA256	`956a9528d0fe75126c1628391a8f48d38b15048fd1d817b29635b2a5eea5e1c2`
SHA3	`4482e891ccb1d77de4d827adc1ce7da8ba87615d21396d63aa670518824f3845`

1

Type	`RT_VERSION`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x374`
TimeDateStamp	2011-Dec-13 00:00:22
Entropy	`2.85355`
MD5	`be0640351359a73f09b58bfc3dd4b332`
SHA1	`244467a501950b69dae110c04080286887d55b28`
SHA256	`ac3e6dbc4f3861e8215d039da8b8128ac79fcab8135e7005da197e4c7fea11da`
SHA3	`d0ce296a5182328d63d3054f40b6af58a5e5709d4ee6fdd600923f2045a5d743`

1 (#2)

Type	`RT_MANIFEST`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x376`
TimeDateStamp	2011-Dec-13 00:00:22
Entropy	`4.93923`
MD5	`609957cfd6c1674f59c260b2da0a2a72`
SHA1	`2949d33d30c03887a101ebefca1db917f1d2bac7`
SHA256	`1e9cffb6544cb40c042cf9413e0481026699ef5f8e74613293bd60ae098f3c09`
SHA3	`413f25170a49ac4d961ec8a798af1da7800fb4d2db8734d4172695e4a2ebc823`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments
CompanyName	Crackingpatching.com Team
FileDescription	Bootstrap Studio 1.0.0 Installation
FileVersion (#2)	1.0.0
LegalCopyright	Crackingpatching.com Team

Resource LangID	Russian - Russia

TLS Callbacks

StartAddressOfRawData	`0x42d000`
EndAddressOfRawData	`0x42d008`
AddressOfIndex	`0x42608c`
AddressOfCallbacks	`0x42e010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0!
[*] Warning: Section .tls has a size of 0!