Manalyze report for dc5141d5fc441c922985dbb8d7be39d1

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00
TLS Callbacks	2 callback(s) detected.

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: MinGW.org`
Suspicious	The PE is possibly packed.	`Unusual section name found: /4`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Suspicious	The file contains overlay data.	`14 bytes of data starting at offset 0x4e00.`
Malicious	VirusTotal score: 5/71 (Scanned on 2025-02-08 23:48:05)	`Cylance: Unsafe` `Google: Detected` `Ikarus: Trojan.Win32` `MaxSecure: Trojan.Malware.300983.susgen` `Microsoft: Program:Win32/Wacapew.C!ml`

Hashes

MD5	`dc5141d5fc441c922985dbb8d7be39d1`
SHA1	`66ead69e266e25ea00498d036aeea14b508f711b`
SHA256	`6071fafcc731f18c59f26231cca9a13f1b9b3671c56d242f8f3cc484202437e4`
SHA3	`888a5f90a15d7e5b87fc4083d4bf38e50fa5968be1397115b6f49b1f3ec813a5`
SSDeep	`384:DpqEvKO1YzwI4GSddI82kgPnwyJ6BgxIr:VqEvygd6PJfY`
Imports Hash	`351dac3e3ee47cbac9133924ae9eb22b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x4e00`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x2e00`
SizeOfInitializedData	`0x4a00`
SizeOfUninitializedData	`0x200`
AddressOfEntryPoint	`0x000012E0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xb000`
SizeOfHeaders	`0x400`
Checksum	`0x9e61`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c811c341d1640bccba8623c6b45e8d0e`
SHA1	`5c78c7a4d59cd7160162485560aa1ca0baacd6b7`
SHA256	`68cfe8ef9b21ba9051026c7837bfb6b4c2460eb4025566231eb5d39744dd485f`
SHA3	`bf2dfc36eb6d08a4020faf7b8b75fcd36728731e916cf6328f68ae2c4ba63bb4`
VirtualSize	`0x2da4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.20209`

.data

MD5	`2fce1afd0087147b9cacea5c459c8699`
SHA1	`00b6c25723c5bb17f07a97543669a8a078115ba1`
SHA256	`4aa176331f221a260c6acd3e4ece68f0aa6a912f5a1821bea721342903b0b0d9`
SHA3	`963126ff2d4a7bfd3a6f6be0eaad3e20aeeca0a48516de3236c81d9ffaf88216`
VirtualSize	`0x1c`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.222389`

.rdata

MD5	`4007ddae041ae8ac83bbc0a243352b59`
SHA1	`f0d6789de48ef65a3ee90598bf3445e4b012aeff`
SHA256	`4f81e4311963c184f155f3c251b3d94578268b1407daa500b76145ca56b3b197`
SHA3	`4b1165a6d9295666a080ef6f26f6faa39eb79214284f2d30f1108ce287c02ef2`
VirtualSize	`0x2e8`
VirtualAddress	`0x5000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.01765`

/4

MD5	`3b18ae5085d22cb6ba9673b915c8abc0`
SHA1	`2737545f59fcece36062709dfcbd9846be6fe2cf`
SHA256	`196cd0fd7249710a0eb634aa2704a6156b653df5ee2500166c2ef23558f5b51a`
SHA3	`06f44df102093afeadec1d8302dd384f4d037232e775e7482abeee6452617dde`
VirtualSize	`0xa44`
VirtualAddress	`0x6000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.38609`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x70`
VirtualAddress	`0x7000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`5aaf37430887997334477b7c2406267b`
SHA1	`470717cb353bae27e815951637910919cccc6422`
SHA256	`b98fb8315c13157a4f01faf69463589898ac8504540bca6ae0319b1eb4758b04`
SHA3	`eeeaa1c99c9d2906c332cfe533574ece66c17b02f83336dd7996a060b0a29723`
VirtualSize	`0x5e4`
VirtualAddress	`0x8000`
SizeOfRawData	`0x600`
PointerToRawData	`0x4400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.64044`

.CRT

MD5	`24ca9c6cacbd249b5263b456b5bb8ca0`
SHA1	`060a4ce0a3fe8374031db85c07147951f7031e5b`
SHA256	`34fe5edc2bc7f41e50b21a85ebc1e5994071d72147e58b3a4afe193e613bde99`
SHA3	`a7b5713dffe865153e2d5fbf21856b93041d0650c6b77afafc00d6838dbf741a`
VirtualSize	`0x18`
VirtualAddress	`0x9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.11837`

.tls

MD5	`f7a419142b47f1a6560b6d595ae80d75`
SHA1	`6e811c964e19734fa81eeecf11002c5e1e7d466f`
SHA256	`60626fa4ba4abd1a4e17a76c5229ff706bb10e1c180f0210b0d25fda0883e360`
SHA3	`1ed0a6f6db06b7f538950138bd99969a5db5133ff26c1db26efa59825dd3a44d`
VirtualSize	`0x20`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.22482`

Imports

KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `ExitProcess` `FindClose` `FindFirstFileA` `FindNextFileA` `FreeLibrary` `GetCommandLineA` `GetLastError` `GetModuleHandleA` `GetProcAddress` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryA` `SetUnhandledExceptionFilter` `TlsGetValue` `VirtualProtect` `VirtualQuery`
msvcrt.dll	`_strdup` `_stricoll`
msvcrt.dll (#2)	`_strdup` `_stricoll`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x40a001`
EndAddressOfRawData	`0x40a01c`
AddressOfIndex	`0x407038`
AddressOfCallbacks	`0x409004`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00401C20` `0x00401BD0`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Section .bss has a size of 0!