Manalyze report for e09b6ff743dbb1b1ba383f4e200191f5

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2022-Dec-07 10:58:36
Detected languages	English - United States
FileVersion	`1.1.36.02`
ProductVersion	`1.1.36.02`

Plugin Output

Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegCloseKey` `Has Internet access capabilities: InternetOpenW` `Can take screenshots: BitBlt GetDC`
Info	The PE's resources present abnormal characteristics.	`Resource 211 is possibly compressed or encrypted.` `Resource 205 is possibly compressed or encrypted.`
Malicious	VirusTotal score: 9/71 (Scanned on 2024-11-07 16:06:14)	`CrowdStrike: win/malicious_confidence_70% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `Fortinet: W32/PossibleThreat` `Gridinsoft: Trojan.Win64.Gen.cl` `Jiangmin: Trojan.Hotkeychick.au` `McAfee: Artemis!E09B6FF743DB` `McAfeeD: ti!8A1B006157E6` `Paloalto: generic.ml`

Hashes

MD5	`e09b6ff743dbb1b1ba383f4e200191f5`
SHA1	`0595af4b75fbb4f59e8588ddfd52858ad3a35ace`
SHA256	`8a1b006157e67ada793cffbb4032cc88907b4f4364c7ae9c3a84991995b0f400`
SHA3	`6f5dfe71b830330546fbfe5a987fd21715330c38dd464b07b9b73e32567f63ac`
SSDeep	`196608:aa23O8FN+WuWC3BkPsVjMoNgnKI6omTxk1lYx:z1whCkWMoVosWl`
Imports Hash	`096c12658c5e4a55e69a5d9070c24030`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`3`
TimeDateStamp	2022-Dec-07 10:58:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`10.0`
SizeOfCode	`0x7ca000`
SizeOfInitializedData	`0x30000`
SizeOfUninitializedData	`0x418000`
AddressOfEntryPoint	`0x0000000000BE1B70 (Section: UPX1)`
BaseOfCode	`0x419000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xc13000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x418000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`c069bf79ba30baf145989de1e060e373`
SHA1	`a715a4317f3204555284908ef3b4494969c64b90`
SHA256	`e65e134e2f51897836357a8f71939849941c58142394a209e3c0b3e2d202ee16`
SHA3	`02ea0cbcb9ddf208b4fc4f91929cd76ec6be97f35bb306e88ea44c73545b0654`
VirtualSize	`0x7ca000`
VirtualAddress	`0x419000`
SizeOfRawData	`0x7c9800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99998`

.rsrc

MD5	`d23ccf8264aa48d6cab9f20dbe65a1a6`
SHA1	`7fee4e570c497ee478a3057ce8fd6cf35772ae2b`
SHA256	`6abdc1a8cbda0edbf937e4b7e391f4c9c9c50b763963d090c0424643054df4f8`
SHA3	`679c347619cd784f983e131f5be88f31a88d7f6aedcdcec96d03e4bd9c5568e2`
VirtualSize	`0x30000`
VirtualAddress	`0xbe3000`
SizeOfRawData	`0x2fc00`
PointerToRawData	`0x7c9c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.51739`

Imports

ADVAPI32.dll	`RegCloseKey`
COMCTL32.dll	`ImageList_Create`
COMDLG32.dll	`GetSaveFileNameW`
GDI32.dll	`BitBlt`
KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`
ole32.dll	`CoGetObject`
OLEAUT32.dll	`SysFreeString`
PSAPI.DLL	`GetModuleBaseNameW`
SHELL32.dll	`DragFinish`
USER32.dll	`GetDC`
VERSION.dll	`VerQueryValueW`
WININET.dll	`InternetOpenW`
WINMM.dll	`mixerOpen`
WSOCK32.dll	`WSAStartup`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x1730b`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99533`
Detected Filetype	PNG graphic file
MD5	`181d1bbe440450f836395efd16892522`
SHA1	`0aebf6c81b02b61b93b58fbec6dda6072beb104c`
SHA256	`d38905f49635dc97bb9fb9cbdd778ab0ee369463b87fdbc75ae96fadfffbbe53`
SHA3	`1b4eeb959e02a2cd9b8570e995bfbc6b30bbd32f253dbcf06ecf1f32afae0f32`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.99317`
MD5	`24b117f3a035b19b8f91847963cdd533`
SHA1	`5b39247e5bc1b5ec9fe60cdd964e88dc88b522f5`
SHA256	`619f57f9e717dc02b7ad814de32e417dd7f88f733bd8debaaabec0ccbe5473d3`
SHA3	`2c6f011c9ea4c3ca6b1401cac809a337e9027a80437297034fe8415667c49bfa`

3

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.247`
MD5	`9bb7bd2fd926d95620cb683352e795ba`
SHA1	`5d3b150589a2ddfe5dfc614eaa3e6c7ea97eabbf`
SHA256	`ed8bf2b08c54bf4e26543ea5a36be322856a2b73a64e9f4f21909717b5182178`
SHA3	`37509aebe83f63887104b9fe97cde06cd72d3f034313959833edebce37ac1a2e`

4

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.84157`
MD5	`1c93a14c5a485c11350ef568f5e423c1`
SHA1	`bead6553859c4ec6e647551a19b224dc2357fc5f`
SHA256	`ae6b56a4aabbeb5d22f508ed6d1522ba6e5b668d1ffb05e4d9cee348a14197cd`
SHA3	`5719b4dc9bcc5a323c95d760317d4a5b737343f709eee16eddf819e8054ee6dd`

5

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3349`
MD5	`266626c8655c67b9530c361ca939f01d`
SHA1	`4f799d89f7255ef58628605cc0f37a3420925a3d`
SHA256	`1bfebd87e8f7129fe598c91a87ff03e7962b95af723ea024faf9549e6442aa84`
SHA3	`85b69f2f4e1bfa507c52634afc60ad29f41321a0a4526654693b1dd7a6f516d9`

6

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.46964`
MD5	`fbbd1dfd9481f55d0e9ebc890ce09c3c`
SHA1	`cbfd96b3e1c556af63424b3a153def765077b8fb`
SHA256	`5ef6e7b16676575434a274b3654dcc6c4934adcb5c86ee31939720568578d2c0`
SHA3	`108eb4ba2bc3e913cec2e0d5cd215901fb0f4ebffc7fbd7679673ea2c735a609`

7

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.56056`
MD5	`9104d9f5acc220ac5a9a1c29a283e42d`
SHA1	`7e274a143071c4d7801c07669074cd8fa2972047`
SHA256	`e773c795d1dbb9bf8cd8f73f12c4f02c047f58dc516be4a629fe807610476917`
SHA3	`8cd4a3f7555bedc4ecddbcb83b34780f450c902a91ddda511b41f9b6f1c21103`

32

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.31703`
MD5	`0eda7d8bc8a32a167fe65cc85fa2039e`
SHA1	`892d363967eb9c3eb7bdf3c9033bb04c7968aa8e`
SHA256	`807b765fd30f5aaa9b554d4bcdbb74151ac22f5bc5b8ce10391d6e0fb5ed9084`
SHA3	`60b7dccd3aac9e925941a5bb26b9c3460412155287bfe4a2a90da93508bb6af0`

33

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.67039`
MD5	`9987af86d2d21edff07b0f8454811558`
SHA1	`c3e2ca9abcbd2026ab207f1e64d6dbf68660d61a`
SHA256	`15d0f3946eed96a9107146193b9df412d543d7a71a597c55652570b6c12a74f9`
SHA3	`e8948ac40d8907576d3b7e71f8b11c48fbcf66e3396817512aab5cc50c8e4bcc`

34

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.83659`
MD5	`4164c287ea317d556ba235fa91771114`
SHA1	`4b0341680f042a5d873ba1d2d4ffe56200c7682f`
SHA256	`a9252599cfbe2d556e42f8a108f9871402b8c12774bfcd837c3e6d7ec7fe1a21`
SHA3	`8779c48b4eb5fde3390a17f58c863d7c33f0db2a2b61a0d1b5b5452d4103b881`

211

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.77003`
MD5	`faf7082619757fc156c5771b46f8dd7c`
SHA1	`8984304805866174e65405ea517ffa4debd6d255`
SHA256	`f396cf76c5770084c8bc4fd2fda2bfa21ef35bb653b387c2f71a0408aebec328`
SHA3	`d8bb1418433a6dbc29164defa5e238f6bdabaecc97e3b451f0ac748cbca7fc5b`

205

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.13096`
MD5	`abfb2bb4187566929d82b222ad3f0c2e`
SHA1	`00a8ad4d55671daa99009d7c7496b47594599054`
SHA256	`414a9e9c68661a09e603076701e1376239fcd65ad387352659a93a90278dbe16`
SHA3	`c61c6fd3ba2c280bd78cd2ac08f6cd4eb9b9531361a8575435f8edf8d1d75a8d`

212

Type	`RT_ACCELERATOR`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x48`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.9477`
MD5	`853cd845e4585c63aeac1fea3ea0bb52`
SHA1	`2287f9e06612b3445e7e08df7d8985e02000df8b`
SHA256	`6682ec7b17d1ae3013af6d4d6b0c56a30373b1bb0f40c6bc63dc402e69b1a08f`
SHA3	`6efd87f31907dd7e19b62303138276542767bff17aab693cb0a7aceda6a31881`

159

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.84088`
Detected Filetype	Icon file
MD5	`129c8c03e09a04ae58f957757aa7d879`
SHA1	`c731e592b3d271cd4a1db311482c82a4d7a1024f`
SHA256	`acbcf13e7dafeb10197b78003ba37146095ebd93708891ba9369e8ba62ea43b2`
SHA3	`5a8dcef1bf7281f36afca5b363192df3ec12eda488f7cbd2ad2e8cdfb141a2fb`

160

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.02322`
Detected Filetype	Icon file
MD5	`6a368971d47678239d334269be28300e`
SHA1	`9fcfe92b319b372d6d59c9096cf13e9662e8299f`
SHA256	`45de95e2bc9da2d99016c89cba3816940f7ddb7f044c6d34b5f5c168c3b638ff`
SHA3	`10b30bfdab83169af38b453132bc26884230b58321aab1e2ebd88135cfae8457`

206

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.9815`
Detected Filetype	Icon file
MD5	`40c1414025bcc34e7ba97fd22bc9f5a4`
SHA1	`b53a6a13513b5205cef6fc6d7556ad80d8b62173`
SHA256	`d6659139f55adad2497df8d1a11fcd68324a00ccdadbc133ddd49fb79e9ccc1c`
SHA3	`88c00f73975983695c16e34c6a1750573250999152f5399a198b799e76349720`

207

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`9b2193af49fdb53892356f594e9f18b9`
SHA1	`448aa28721dd65475b37505de8140d88d5aa1501`
SHA256	`9b8ca9c6a330d0d17d1108ab5442d60ea574817a65caa860cceb24313cc4f0e4`
SHA3	`46527c3333b02958fd025cfdaa12d481f8505aa77c1cd0b5f15348e870530116`

208

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.0815`
Detected Filetype	Icon file
MD5	`5f51cbb6145d3a4c36cffa3b028b0199`
SHA1	`b2bbd2afcfa1c44725bf90df8948792d3bc7fb97`
SHA256	`fbb52a958caa73dce023ce27649d69f8886e86b5706e767153c41dde7b5eebf9`
SHA3	`93f253b05e0e42147b5a9000d421c3e105df42f9fafae5147c4e9a09958e3f79`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x21c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.26532`
MD5	`a325f9bfb8d426aa75ed38bc4211e5b6`
SHA1	`9c2b103906cf98009e1e39c0b3f925444bb26181`
SHA256	`e073b52af77ea03bdefcdfdb8ff8d47c2ac9f906cd4959cacbdb54421694b3bd`
SHA3	`70a3135ab050bb3195ec5dd7d84c7eee28536d6d05c767ef55f81aa4a894aca1`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x4f4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.34908`
MD5	`fd97ad678377c9966ba3f8697c4e0aec`
SHA1	`a219c82a72b1a932c555f7b8ca0180f5b909d8ca`
SHA256	`0ca571f6485ac59097ce1d665a6c65086b8bc9f639715beb28666cb367f12f8a`
SHA3	`cf4561c34a35064efaa478d33745f6e1bb002dbf220524c3fe547d68cc0337ef`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1.36.2
ProductVersion	1.1.36.2
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileVersion (#2)	1.1.36.02
ProductVersion (#2)	1.1.36.02

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x17a34758`
Unmarked objects	`0`
C++ objects (VS2010 SP1 build 40219)	`53`
C objects (VS2010 SP1 build 40219)	`144`
C objects (VS2008 SP1 build 30729)	`6`
135 (VS2008 SP1 build 30729)	`1`
Imports (VS2008 SP1 build 30729)	`29`
Total imports	`467`
ASM objects (VS2010 SP1 build 40219)	`23`
175 (VS2010 SP1 build 40219)	`43`
Resource objects (VS2010 SP1 build 40219)	`1`
Linker (VS2010 SP1 build 40219)	`1`

Errors

[*] Warning: Ignored an invalid IMAGE_RESOURCE_DATA_ENTRY
[*] Warning: Section UPX0 has a size of 0!