Manalyze report for e36d245dfdbd17b9608d74dca39105c0

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .symtab` `The PE only has 0 import(s).`
Malicious	VirusTotal score: 7/72 (Scanned on 2020-05-15 10:00:07)	`CrowdStrike: win/malicious_confidence_90% (W)` `F-Prot: W32/Damaged_File.B.gen!Eldorado` `APEX: Malicious` `Comodo: Heur.Corrupt.PE@1z141z3` `DrWeb: Trojan.Siggen9.44911` `McAfee-GW-Edition: Artemis` `AhnLab-V3: Trojan/Win32.SnakeRansom.R335473`

Hashes

MD5	`e36d245dfdbd17b9608d74dca39105c0`
SHA1	`480d8924a82c6afb0513a2605b1926c734b1ba8f`
SHA256	`03e07c3724e972e15188a2dfc5ad67dcbe3193ccb9948a97785b79602f022091`
SHA3	`77499b7af286a8b131ba76bea20fa56b3eaeb93ddf845feb9d99c0044ad542b0`
SSDeep	`3072:M2tBBLt/cmqIdyAntlr2OBTG2/YcOhWz1QTlab:Vcm/yazFb8hMukb`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0x4`
e_cparhdr	`0`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x3b8400`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`3.0`
SizeOfCode	`0x3a2000`
SizeOfInitializedData	`0x15c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0004B760 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3a3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x3d0000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x3a1fb1`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3a2000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2a728`
VirtualAddress	`0x3a3000`
SizeOfRawData	`0x15c00`
PointerToRawData	`0x3a2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.idata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x372`
VirtualAddress	`0x3ce000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3b8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.symtab

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4`
VirtualAddress	`0x3cf000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3b8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read the IMAGE_IMPORT_DESCRIPTOR.
[*] Warning: Section .text is larger than the executable!
[*] Warning: Section .text is larger than the executable!
[*] Warning: Section .data is larger than the executable!
[*] Warning: Section .data is larger than the executable!
[*] Warning: Section .idata is larger than the executable!
[*] Warning: Section .idata is larger than the executable!
[*] Warning: Section .symtab is larger than the executable!
[*] Warning: Section .symtab is larger than the executable!
[*] Warning: Section .text is larger than the executable!
[*] Warning: Section .data is larger than the executable!
[*] Warning: Section .idata is larger than the executable!
[*] Warning: Section .symtab is larger than the executable!