Manalyze report for cbc7504b6f3d555618ad2757b570a9026d76fc8488853068103a47fdfed51dca

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Jun-12 06:01:32
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0`
Suspicious	The PE is possibly packed.	`Unusual section name found: .data3` `Unusual section name found: .data2`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress`
Malicious	VirusTotal score: 58/72 (Scanned on 2023-11-14 07:03:13)	`ALYac: Gen:Variant.Razy.599948` `APEX: Malicious` `AVG: Win32:Cridex-N [Trj]` `AhnLab-V3: Trojan/Win32.Zbot.R79702` `Alibaba: Ransom:Win32/Blocker.096d9d44` `Antiy-AVL: Trojan[Packed]/Win32.Krap` `Arcabit: Trojan.Razy.D9278C` `Avast: Win32:Cridex-N [Trj]` `Avira: TR/Crypt.XPACK.Gen` `BitDefender: Gen:Variant.Razy.599948` `BitDefenderTheta: AI:Packer.00B2B79B1F` `Bkav: W32.AIDetectMalware` `ClamAV: Win.Trojan.Agent-1236425` `CrowdStrike: win/malicious_confidence_100% (W)` `Cybereason: malicious.310442` `Cylance: unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `DrWeb: Trojan.DownLoader15.17379` `ESET-NOD32: Win32/AutoRun.Spy.Banker.P` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Razy.599948 (B)` `F-Secure: Trojan.TR/Crypt.XPACK.Gen` `FireEye: Generic.mg.d494fb7e14ce5bc4` `Fortinet: W32/Lockscreen.LOA!tr` `GData: Gen:Variant.Razy.599948` `Google: Detected` `Gridinsoft: Malware.Win32.Gen.bot!se58553` `Ikarus: Worm.Win32.Cridex` `Jiangmin: TrojanDropper.Dapato.hxn` `K7AntiVirus: Spyware ( 0040ae601 )` `K7GW: Spyware ( 0040ae601 )` `Kaspersky: Trojan-Ransom.Win32.Blocker.hmnq` `Lionic: Trojan.Win32.Blocker.4!c` `MAX: malware (ai score=94)` `Malwarebytes: Generic.Malware/Suspicious` `MaxSecure: Trojan.Packed.Krap.iu` `McAfee: PWS-Zbot.gen.bex` `MicroWorld-eScan: Gen:Variant.Razy.599948` `Microsoft: Worm:Win32/Cridex.E` `NANO-Antivirus: Trojan.Win32.Dwn.stlir` `Panda: Bck/Qbot.AO` `Rising: Ransom.Reveton!8.F2 (TFE:2:D4ITAqlNGCM)` `Sangfor: Trojan.Win32.Agent.updb` `SentinelOne: Static AI - Malicious PE` `Skyhigh: BehavesLike.Win32.Mytob.ch` `Sophos: Troj/Zbot-DHN` `Symantec: Packed.Generic.459` `Tencent: Win32.Trojan.Blocker.Kcnw` `Trapmine: malicious.high.ml.score` `VBA32: BScope.Malware-Cryptor.SB.01798` `VIPRE: Gen:Variant.Razy.599948` `Varist: W32/Zbot.DQ.gen!Eldorado` `Webroot: W32.Trojan.Gen` `Xcitium: TrojWare.Win32.Kryptik.UHZ@4qh07d` `ZoneAlarm: Trojan-Ransom.Win32.Blocker.hmnq` `Zoner: Trojan.Win32.6680` `tehtris: Generic.Malware`

Hashes

MD5	`d494fb7e14ce5bc4cbb5ab01ad0123c5`
SHA1	`294f2923104420a0fc6f0262a4a0be6bfdfa3fbc`
SHA256	`cbc7504b6f3d555618ad2757b570a9026d76fc8488853068103a47fdfed51dca`
SHA3	`f98fb41ef532b224bb21c82ab6d4c51bcbf534a6c221d3e2d9845e5e2b10b4b3`
SSDeep	`1536:vTraAg6weVtDASIUh5gOH3u17bZP16DwpyLJrnlIsy:vvX6Y5jMbzByBIz`
Imports Hash	`5cc5f65225f24f0f8c6c7c1da0c021f1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2012-Jun-12 06:01:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x5a00`
SizeOfInitializedData	`0x15600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000015E0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x21000`
SizeOfHeaders	`0x400`
Checksum	`0x1d4ab`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`76dd68419ebf8c7f7455416ee7755242`
SHA1	`387ed076402667901deee34abec56fb3d0b9fd01`
SHA256	`89be8515a21f80b6bf3ed80523fa3ebd79833283c3a3e61ee3825dbd6c917f96`
SHA3	`fae49d891795208b5c1074fb3a441ce99c726a8b79a2d19b3d20b713fadbf336`
VirtualSize	`0x58a0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`1.67418`

.data

MD5	`92898a996322f2f317a19b10b50b35a0`
SHA1	`bf79feea83c24d2c9377861f64cd43cbacc6ff6b`
SHA256	`880ffa3e5d7d3ca92706e07f2684366a114802dc50b9af9c8f0deec541e216c6`
SHA3	`e9c8ba3854aa0fc7fd988b29dcf3018bafe160821495b6605d48ef33dcb01468`
VirtualSize	`0x13ea0`
VirtualAddress	`0x7000`
SizeOfRawData	`0x13e00`
PointerToRawData	`0x5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.27964`

.data3

MD5	`0f343b0931126a20f133d67c2b018a3b`
SHA1	`60cacbf3d72e1e7834203da608037b1bf83b40e8`
SHA256	`5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef`
SHA3	`6841b2c10aa6e5f7a384143e4de58fbc9aa28a4b742e9ad4ed14ba148a723a43`
VirtualSize	`0x3e8`
VirtualAddress	`0x1b000`
SizeOfRawData	`0x400`
PointerToRawData	`0x19c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.data2

MD5	`0f343b0931126a20f133d67c2b018a3b`
SHA1	`60cacbf3d72e1e7834203da608037b1bf83b40e8`
SHA256	`5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef`
SHA3	`6841b2c10aa6e5f7a384143e4de58fbc9aa28a4b742e9ad4ed14ba148a723a43`
VirtualSize	`0x3e8`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`ad17a01a4b9ae2aed668f42012a42262`
SHA1	`d6e251ae382942dbdbf110367bbb8d3abe2caad2`
SHA256	`bed7fd500930a6d0bc86ab13b10a3e5fae3303818eb7b996cf7b654b38c7b0ac`
SHA3	`19bda5757dd8a08b382023c56f40013d601492ecc396a03a02c69e89041b6450`
VirtualSize	`0xaa4`
VirtualAddress	`0x1d000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x1a400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.35025`

.reloc

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x2128`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

Imports

KERNEL32.dll	`LoadLibraryW` `GetProcAddress` `GetWindowsDirectoryW` `lstrcatW` `CreateFileW` `GetCommandLineA` `ReadFile`
USER32.dll	`GetDC` `ReleaseDC` `PostQuitMessage` `InvalidateRect` `BeginPaint` `DefWindowProcA` `LoadIconA` `LoadCursorA` `RegisterClassExA` `CreateWindowExA` `ShowWindow` `UpdateWindow` `GetMessageA` `TranslateMessage` `DispatchMessageA`
GDI32.dll	`GetStockObject` `SelectObject` `GetTextMetricsA` `SetBkMode` `TextOutA`
msvcrt.dll	`memcpy`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	2012-Jun-12 06:01:32
Entropy	`2.53357`
MD5	`eab2e4286dca096aa07a14ce9e1dadc2`
SHA1	`1c02cebe64dee7115e0b599b2af608d549ab68e1`
SHA256	`ee92251419f7153c22da83e63f055ffa65c129d6ccca4bd7e990ac7f3cb21034`
SHA3	`aee04231c8e31945fff6c54cf64ec2714108c7fff5f1d30728a30c755c864a9d`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2012-Jun-12 06:01:32
Entropy	`3.02107`
MD5	`9a48efdd7cc7292311e35c6696eb098b`
SHA1	`6bbd6b3300820fc87adf2b33e9153b38054a88b0`
SHA256	`bd342509712972b10d51c446d14e0ed57046a48e5bf1f856d98d4337023c1c18`
SHA3	`3aa1b76160c135a4c2d953496a99862ac27eaa5313fcf1c323420f639ca0ea75`

1 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x210`
TimeDateStamp	2012-Jun-12 06:01:32
Entropy	`3.45204`
MD5	`9350e1fdd6762dd14aa8566c9b740196`
SHA1	`f4a95ee89be3be84f183618e19b43f3d57a492ed`
SHA256	`afc5e5a3eb0b7b43e7421597e78d231669d563356d028b72699516a9584c91b9`
SHA3	`e10ac7f03256a9dd816c333c410365040a5c6d9803cccc282acc61498dedaceb`

2 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1d6`
TimeDateStamp	2012-Jun-12 06:01:32
Entropy	`3.43027`
MD5	`9808463f05324dd66a9d4431d52c34c4`
SHA1	`3e254810b6897bd50e2d909ff2961324bf1a9c78`
SHA256	`bcc602dcbac0ef0c92bb475b71b9957da41e507a4cb91eed920824a15c01bb94`
SHA3	`81e8bf3bb3b1c370969ce13d3cbee80f4abcd46f10d162d77037c9d8c33e219e`

3

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x106`
TimeDateStamp	2012-Jun-12 06:01:32
Entropy	`3.12397`
MD5	`f2f6e13c7fd3bbd39e48a0066886c6bf`
SHA1	`eac01c22aaa99e927c7a27d85658dd710e9efc0d`
SHA256	`4f488131634447c2e2c7a36cd4a92996ac05cbdb285f1dc0412d7a88639cbb46`
SHA3	`f245cca4134aea3c28c7beb1b635bc5a63b98e6658242fd8d85566fe1c792f69`

0

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	2012-Jun-12 06:01:32
Entropy	`2.22208`
Detected Filetype	Icon file
MD5	`efce932c08b6928812b3eaba73bb20ba`
SHA1	`e62298daab207bc26edeac2ab72a878cc549d7f9`
SHA256	`e523d62cb7b381744d272253bd6b4e9c665cdce665e1a910f1099acad093dc22`
SHA3	`4517d529a0605da754dc6a0647091e1e325a4dc434e080a775ee2ca5de263bdb`

String Table contents

ActiveMovie Control
ActiveMovie File Types
Accessories
Multimedia
Software\Microsoft\Multimedia\DirectXMedia
Extensions
.Prog
CLSID
Content Type
DefaultIcon
Extension.MediaType.bak
Extension.MIME
Extension.MIME.bak
MediaType.Description
MediaType.Description.bak
MediaType.Icon
MediaType.Icon.bak
MediaType.MediaType
MediaType.MediaType.bak
MediaType.Open.bak
MediaType.Play.bak
MediaType.Verb.bak
MIME.CLSID.bak
MIME\Database\Content Type\
OCX.clsid
OCX.ocx
Open
Play
RunDll.NT
RunDll.Win9x
Shell
Shell.Open
Shell.Play
Software\Microsoft\Multimedia\ActiveMovie\File Extensions
ActiveMovie Control
Shortcut.Parameters

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: The WIN_CERTIFICATE appears to be invalid.

Leave a comment

No comments yet.