Manalyze report for db0db4345305f72c242b9bf7433b51de

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2014-Aug-02 22:19:45
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: cmd.exe` `Contains domain names: command.com`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Possibly launches other programs: CreateProcessA` `Can create temporary files: GetTempPathA CreateFileA`
Suspicious	The file contains overlay data.	`30788784 bytes of data starting at offset 0x13000.` `Overlay data amounts for 99.7479% of the executable.`
Malicious	VirusTotal score: 6/72 (Scanned on 2020-11-21 12:40:50)	`APEX: Malicious` `F-Secure: Worm.WORM/Lodbak.Gen` `Avira: WORM/Lodbak.Gen` `Cynet: Malicious (score: 100)` `Cylance: Unsafe` `Rising: Trojan.Hatecrypt!1.A528 (CLASSIC)`

Hashes

MD5	`db0db4345305f72c242b9bf7433b51de`
SHA1	`27713cfcbe2ce92216c4a56ecf8f43280d5e6980`
SHA256	`12d2edb99c278d87d69aaf95d233825c4b71ddb089117f3c29ca7349d992317d`
SHA3	`41609bc6368e153f567df3842b54a35bbf361fd117f11d99ce14c8a3ed3e7990`
SSDeep	`393216:x0sLXyuGuoigS8pUsT6N4ZEeC+i8FjUiArHXzkMju1:SzSmhG+i8FjUiArHXzkMjA`
Imports Hash	`d247a55625cd61e3f91a266bce0cd371`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2014-Aug-02 22:19:45
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0xc000`
SizeOfInitializedData	`0x6000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00006444 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xd000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xb12000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3d664f3f72f1bfbfc0d2510699e922c8`
SHA1	`29fbe9a28d305060faa955ab52a8942273ca1ac0`
SHA256	`50c48b1207f3921ead717797d121e9cef4d79db82e6de7c6afeb242b9e161ccf`
SHA3	`3c1e09fecdefc5447c209ce6926e6a8e6132eedd9e34ab36e216069cc3580b54`
VirtualSize	`0xbff6`
VirtualAddress	`0x1000`
SizeOfRawData	`0xc000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.54069`

.rdata

MD5	`ec6ae981726c690fd83605a870e200cf`
SHA1	`1f1d94279acfced5b5c67a596bc6fd5611a5c3b6`
SHA256	`753184d825d2b96f061ea64e93f134a13399b18ead7d083c3a6b59be37fde07c`
SHA3	`beff869dfa8d7fb0deae043654f6c5832a952de57a74f8d8782694dab49cd311`
VirtualSize	`0xb60`
VirtualAddress	`0xd000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xd000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.29476`

.data

MD5	`6d9a71ccf5df4772ea0024b623938dfd`
SHA1	`7e09aed9f249659113e588daca1161a94b26503d`
SHA256	`6c4953a81b439b08812c8675748d6bb68b92a712bbcbd6858728283067ebacd3`
SHA3	`110703e717e74523a3e3431f1bcfe751e2bdf79af0605b720b54915cff8a5a30`
VirtualSize	`0xb00e98`
VirtualAddress	`0xe000`
SizeOfRawData	`0x2000`
PointerToRawData	`0xe000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.71237`

.rsrc

MD5	`99dc7042d13daf1a80519dc461934492`
SHA1	`0a5455be31a051474db2efc11f87b3a5cddc6971`
SHA256	`cdf902c0d0e038bc2b9098a208a82a6f10509e67d08eca60cd9b5c10d0a39cdb`
SHA3	`2db2e4a26cd859d32df06dd1846fbe03f60bfd4ad4d9df9d6b84cb93c01cb7d9`
VirtualSize	`0x2664`
VirtualAddress	`0xb0f000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x10000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.84557`

Imports

KERNEL32.dll	`GetTempPathA` `GetModuleFileNameA` `GetStdHandle` `Sleep` `SetConsoleCursorInfo` `SetConsoleCursorPosition` `SetConsoleTextAttribute` `GetTickCount` `GetConsoleMode` `ExitProcess` `TerminateProcess` `GetCurrentProcess` `GetCommandLineA` `GetVersion` `GetLastError` `GetFileAttributesA` `HeapFree` `CloseHandle` `SetFilePointer` `SetHandleCount` `GetFileType` `GetStartupInfoA` `WriteFile` `ReadFile` `GetProcAddress` `GetModuleHandleA` `UnhandledExceptionFilter` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStrings` `GetEnvironmentStringsW` `HeapDestroy` `HeapCreate` `VirtualFree` `RtlUnwind` `HeapAlloc` `GetExitCodeProcess` `WaitForSingleObject` `CreateProcessA` `VirtualAlloc` `HeapReAlloc` `SetStdHandle` `FlushFileBuffers` `MultiByteToWideChar` `GetStringTypeA` `GetStringTypeW` `CreateFileA` `GetCPInfo` `GetACP` `GetOEMCP` `LoadLibraryA` `CompareStringA` `CompareStringW` `SetEnvironmentVariableA` `SetEndOfFile` `LCMapStringA` `LCMapStringW` `WriteConsoleA` `ReadConsoleInputA` `SetConsoleMode`
WINMM.dll	`timeGetTime`

Delayed Imports

102

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.52788`
MD5	`5847b8a15a19f92ee116378fced2aa0a`
SHA1	`c96628b1021f5f82fab423198844de439dd6738b`
SHA256	`667702b3d63f425091cecd55bc6f916d88d5cfe686f69d1276ddb03c3c8f950e`
SHA3	`a16d39be55e17a0a580b2d43c29878e32f36f8c1c10788a73baa6143d90ad5c1`

102 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.32322`
Detected Filetype	Icon file
MD5	`67620fa1ec24a8130ce8e8575badc1f7`
SHA1	`9657cf6b83f24cf1139a3b993f48190034703291`
SHA256	`c7149ab57c42fac6c07858d0951e8580903ba471b6d091b97c569b65c3328e46`
SHA3	`ecfb4d7bd91f66d152817bd8101cc4233ea78139ce97d0089d080cbf79478cac`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x994e6f88`
Unmarked objects	`0`
12 (7291)	`2`
C++ objects (VS98 build 8168)	`1`
14 (7299)	`15`
19 (8034)	`5`
Total imports	`65`
C objects (VS98 build 8168)	`95`
Resource objects (VS98 cvtres build 1720)	`1`

db0db4345305f72c242b9bf7433b51de

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

102

102 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors