Manalyzer :: e3870bdd69f7dec28041edd69aef5618

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2007-Sep-12 15:08:17

Plugin Output

Info	Matching compiler(s):	`Installer VISE Custom` `Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Malicious	VirusTotal score: 5/66 (Scanned on 2018-05-15 08:26:16)	`McAfee: Artemis!E3870BDD69F7` `Cylance: Unsafe` `TrendMicro-HouseCall: Suspicious_GEN.F47V0510` `McAfee-GW-Edition: Artemis!Trojan` `Jiangmin: Trojan.Generic.drng`

Hashes

MD5	`e3870bdd69f7dec28041edd69aef5618`
SHA1	`c4ffd1da58fc370cacb453044da7704821f0d67c`
SHA256	`33ae8ae0635afcfe1aa76d1fe41781fa50abe6f8bcdcd8af5dd4be170091aeb3`
SHA3	`4fab2544a3895cdc2a06f982472581fb31c2a871d12c7b63b9ccfd404cf9f2be`
SSDeep	`192:qKFjvtFizwKAoShweJANLWrQXi5B1hUmZBdZDRTuwhgozdirGM94a9pOyymfG7n:qCIw9hJUml3txtnyymerh6oZ`
Imports Hash	`88468a2aad02cc7597aabe5e483f5202`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2007-Sep-12 15:08:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x3000`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000101D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x6000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7c6b95642c33f402b4f2608b1d4afd17`
SHA1	`4b8c396bcffe06a1aa0afbbfb5035ae440365e3f`
SHA256	`e91b96735704a151f4b13c6a219b46fd4de660451c0bec1e2dea24e62c72f9c5`
SHA3	`2f2d99446da0ec43382133ca74d7a3a84d2bfd9f3233f8beae1b96218ed75f5f`
VirtualSize	`0x289e`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.91786`

.rdata

MD5	`ae6a937d336954f8cdc02509b2645a55`
SHA1	`f45fad47a985563a08c88889168b9698c35ada82`
SHA256	`63c0f238567a99c122e82f11c0ddf9de04c6892c6ce49c73f7df00d913d5fdc8`
SHA3	`50f766cd4763833143663ff80927c72eda39c7b2dd77c79d88c2fbf2c47d00e8`
VirtualSize	`0x774`
VirtualAddress	`0x4000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.07397`

.data

MD5	`78f59be21639ecbed325f811aae8300a`
SHA1	`1c1e1c0c5bcbac90f409e64106a5919a31c4ab6e`
SHA256	`78a607ee0b7b3d07101187ffdd72711aa89794c9cfefd8d510477830457a53c2`
SHA3	`04e2a5662cc98d2908249e5f52e3ebd5a4d974f2b5890aad219144a739e9ab4a`
VirtualSize	`0x9dc`
VirtualAddress	`0x5000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.985097`

Imports

USER32.dll	`MessageBoxA`
KERNEL32.dll	`HeapCreate` `GetStringTypeW` `GetModuleHandleA` `GetStartupInfoA` `GetCommandLineA` `GetVersion` `ExitProcess` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `GetModuleFileNameA` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStrings` `GetEnvironmentStringsW` `SetHandleCount` `GetStdHandle` `GetFileType` `HeapDestroy` `VirtualFree` `HeapFree` `RtlUnwind` `WriteFile` `GetCPInfo` `GetACP` `GetOEMCP` `HeapAlloc` `VirtualAlloc` `HeapReAlloc` `GetProcAddress` `LoadLibraryA` `MultiByteToWideChar` `LCMapStringA` `LCMapStringW` `GetStringTypeA`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xa158a888`
Unmarked objects	`0`
C objects (VS98 build 8168)	`22`
14 (7299)	`9`
Total imports	`38`
19 (8034)	`5`
C++ objects (VS98 build 8168)	`2`

Errors

<-- -->