Manalyze report for dc2c11cd8ac6f6bb9862e0f1cf50b4dc

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `Unusual section name found: UPX2` `The PE only has 4 import(s).`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress`
Malicious	VirusTotal score: 29/71 (Scanned on 2023-02-19 18:25:38)	`Lionic: Trojan.Win32.Babar.4!c` `Elastic: malicious (moderate confidence)` `MicroWorld-eScan: Gen:Variant.Babar.151632` `ALYac: Gen:Variant.Babar.151632` `Cylance: Unsafe` `Sangfor: Trojan.Win32.Agent.V2cb` `BitDefender: Gen:Variant.Babar.151632` `CrowdStrike: win/malicious_confidence_60% (W)` `Symantec: ML.Attribute.HighConfidence` `APEX: Malicious` `Sophos: Generic ML PUA (PUA)` `VIPRE: Gen:Variant.Babar.151632` `McAfee-GW-Edition: BehavesLike.Win32.Generic.cc` `Trapmine: malicious.moderate.ml.score` `FireEye: Gen:Variant.Babar.151632` `Emsisoft: Gen:Variant.Babar.151632 (B)` `MAX: malware (ai score=80)` `Antiy-AVL: GrayWare/Win32.Kryptik.ffp` `Microsoft: Program:Win32/Wacapew.C!ml` `Arcabit: Trojan.Babar.D25050` `GData: Gen:Variant.Babar.151632` `Cynet: Malicious (score: 100)` `Acronis: suspicious` `McAfee: Artemis!DC2C11CD8AC6` `Malwarebytes: Malware.AI.1530563435` `TrendMicro-HouseCall: TROJ_GEN.R002H09BF23` `MaxSecure: Trojan.Malware.300983.susgen` `AVG: Win32:Malware-gen` `Avast: Win32:Malware-gen`

Hashes

MD5	`dc2c11cd8ac6f6bb9862e0f1cf50b4dc`
SHA1	`a2dbf160844de26756355f8d195d6c56be843b88`
SHA256	`fe5906962057bd7e268c5718ca7d02d7829e2d8b73594b112ee1595f5b5c4aed`
SHA3	`cade778b9ca981018985e7ba698ea4995419f005e518c5a1b93c9376699f80d0`
SSDeep	`24576:7eHWZgc4SxEd7tq4fu8aLD434uyOD15bvVlCya+:7oSynfuoIuya+O`
Imports Hash	`6ed4f5f04d62b18d96b26d6db7c18840`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0x4`
e_cparhdr	`0`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x203800`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`3.0`
SizeOfCode	`0xca000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0x171000`
AddressOfEntryPoint	`0x0023BB90 (Section: UPX1)`
BaseOfCode	`0x172000`
BaseOfData	`0x23c000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x23d000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x171000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`cd45c2b09c357c5ded433a2b5f05b025`
SHA1	`3e4e0d60cc1b565ccbbdbefb0161dc6502788651`
SHA256	`1a6d06eb46364c33a9cf21cce339411a3fdff6e7a839b40b1f96748c55f52262`
SHA3	`31049f0f0fe3b9037b60cd780c458d2a4f34192cf1f549438c360f1fbf713587`
VirtualSize	`0xca000`
VirtualAddress	`0x172000`
SizeOfRawData	`0xc9e00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.9218`

UPX2

MD5	`837e245b97fb22faa65645998ae2331b`
SHA1	`8afd702429f486f8141b2063dda55730608a7fdb`
SHA256	`586cec1e2df38f1ea57eaed887bc1254cdf3eca3a3fe94eda564a7b90cf60d14`
SHA3	`93601d2906c5908da8ed79e5e0c6a2a24fa948b948643d4e7c9fa010b59aa7b3`
VirtualSize	`0x1000`
VirtualAddress	`0x23c000`
SizeOfRawData	`0x200`
PointerToRawData	`0xca000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.47354`

Imports

KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!