Manalyze report for e7c9d5568ed5c646c410e3928ab9a093

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2009-Feb-20 14:27:57
Detected languages	English - United States
CompanyName	Bitvise Limited
FileDescription	Bitvise SSH Server Sfs Dll
FileVersion	`8.35.0.0`
InternalName	SfsDll
LegalCopyright	Copyright (C) 2000-2019 by Bitvise Limited.
OriginalFilename	SfsDll32.dll
ProductName	Bitvise SSH Server
ProductVersion	`8.35`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to SHA256`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExW`
Malicious	VirusTotal score: 43/71 (Scanned on 2020-05-30 08:36:29)	`MicroWorld-eScan: Trojan.GenericKD.33877093` `CAT-QuickHeal: Trojan.Fsysna` `ALYac: Trojan.Agent.LodeInfo` `Cylance: Unsafe` `VIPRE: Trojan.Win32.Generic!BT` `Sangfor: Malware` `Alibaba: Trojan:Win32/Fsysna.b618792a` `K7GW: Trojan ( 005672391 )` `K7AntiVirus: Trojan ( 005672391 )` `TrendMicro: BKDR_LODEINFO.ZJHE-A` `Cyren: W32/Trojan.WUBN-8866` `Symantec: Trojan.Gen.MBT` `ESET-NOD32: a variant of Win32/Agent.ABYN` `TrendMicro-HouseCall: BKDR_LODEINFO.ZJHE-A` `Kaspersky: Trojan.Win32.Fsysna.gkyw` `BitDefender: Trojan.GenericKD.33877093` `ViRobot: Trojan.Win32.Z.Agent.180736.AGG` `APEX: Malicious` `Tencent: Win32.Trojan.Fsysna.Ammb` `Sophos: Mal/Generic-S` `F-Secure: Trojan.TR/Agent.njzho` `McAfee-GW-Edition: RDN/Generic.com` `FireEye: Trojan.GenericKD.33877093` `Emsisoft: Trojan.GenericKD.33877093 (B)` `Jiangmin: Trojan.Fsysna.lfg` `Avira: TR/Agent.njzho` `MAX: malware (ai score=85)` `Antiy-AVL: Trojan/Win32.Fsysna` `Microsoft: Program:Win32/Occamy.AA` `Arcabit: Trojan.Generic.D204EC65` `AegisLab: Trojan.Win32.Fsysna.4!c` `ZoneAlarm: Trojan.Win32.Fsysna.gkyw` `GData: Trojan.GenericKD.33877093` `McAfee: RDN/Generic.com` `Avast: Win32:Trojan-gen` `Rising: Trojan.Fsysna!8.5F2 (CLOUD)` `Ikarus: Trojan.Win32.Agent` `MaxSecure: Trojan.Malware.101574555.susgen` `Fortinet: W32/Fsysna.ABYN!tr` `Ad-Aware: Trojan.GenericKD.33877093` `AVG: Win32:Trojan-gen` `Panda: Trj/GdSda.A` `Qihoo-360: Generic/Trojan.a27`

Hashes

MD5	`e7c9d5568ed5c646c410e3928ab9a093`
SHA1	`a3558caf41bac1b3c4ad2cc80945501a3ab99859`
SHA256	`8c062fef5a04f34f4553b5db57cd1a56df8a667260d6ff741f67583aed0d4701`
SHA3	`3eeddfbc989d100d7b2f78cb323e35b6f357d78318c2ee58a9d6054db9d37720`
SSDeep	`3072:ubItK+ctcOdJ/y9jGAvj3iK74BSQJjXfsbM9Y/AnFQ86:ud+cCOryQALdwr39xf6`
Imports Hash	`e4a2f2cc98c309bc31fa68ca9c1895b6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x118`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2009-Feb-20 14:27:57
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xf800`
SizeOfInitializedData	`0x1d000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00009801 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x11000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x31000`
SizeOfHeaders	`0x400`
Checksum	`0x365a8`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b3186463b4e54cc0c255daebb82026db`
SHA1	`a51aa32c0a0058e3e032423ecb80c41d655cf79d`
SHA256	`fce801b2b49ea6f4fe2529003de684ae3d9dc8f70f506d0f38e54f9a9c2c896e`
SHA3	`d8ddcb10d2eef3dad461f0bdbdf664562c64620cd1e0522c8624bc9b555fcc45`
VirtualSize	`0xf6a6`
VirtualAddress	`0x1000`
SizeOfRawData	`0xf800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.66797`

.rdata

MD5	`ffde1594503ee47530b26981fe559ce5`
SHA1	`65a8ba3499f02f5e5abf41ed3d1286e69ddc5ca5`
SHA256	`699ed3c6c7908fdedd00a9a235887ee3f520aecaf9b4bc77ccab9f0b0af8335d`
SHA3	`4ee7ce373764948a646338ab5fb2ec85e92098ce85bb9eb927678f3ed0bbbaed`
VirtualSize	`0x608a`
VirtualAddress	`0x11000`
SizeOfRawData	`0x6200`
PointerToRawData	`0xfc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.91517`

.data

MD5	`707bd13ccd41879a3595ace39ee5ef05`
SHA1	`af106b49730ea66b855359869d3cbb6a4664da9a`
SHA256	`838e4f8e08061f60e3bce3fa31d1e487da740522f5bec701814a2e6445a633d6`
SHA3	`1e95a9fcb8a49a7717a67543a6284621d5cd045528ae560d42729f66f6dee2f5`
VirtualSize	`0x154ec`
VirtualAddress	`0x18000`
SizeOfRawData	`0x14c00`
PointerToRawData	`0x15e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.62426`

.rsrc

MD5	`dd66bb8cc0d988e7a22a0f2f87b9a259`
SHA1	`87bcc56be1199ec17240a319e2615e601d1d73cd`
SHA256	`af9d8eb8686e7137858b055226e74b9c480e0ce33d5a77b43a3974408aa1016b`
SHA3	`1b19c2b4756d0becf2c8fc1c4d86c1d62558641d68176d7b52ace214c0a366cc`
VirtualSize	`0x5b8`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x600`
PointerToRawData	`0x2aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.97548`

.reloc

MD5	`e485cf848dac788050904eba56f0d682`
SHA1	`11056de095a3ee960301119bcd1f4b14725e788c`
SHA256	`f68d29ceb380cba028adf43257661a11e5cf825b4a614a60d0b5b8beca43b9cc`
SHA3	`a1f7c5b2bf4465b1761d3629f107ac20428c780c86390c49d649c50cb6079460`
VirtualSize	`0x1050`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x2b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.265`

Imports

KERNEL32.dll	`Sleep` `LoadLibraryA` `GetProcAddress` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `GetModuleHandleW` `GetCurrentProcess` `TerminateProcess` `RtlUnwind` `RaiseException` `InterlockedFlushSList` `GetLastError` `SetLastError` `EncodePointer` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `ExitProcess` `GetModuleHandleExW` `GetModuleFileNameA` `MultiByteToWideChar` `WideCharToMultiByte` `HeapFree` `CloseHandle` `WriteFile` `GetConsoleCP` `GetConsoleMode` `HeapAlloc` `LCMapStringW` `FindClose` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetProcessHeap` `GetStdHandle` `GetFileType` `GetStringTypeW` `CreateFileW` `SetStdHandle` `FlushFileBuffers` `SetFilePointerEx` `WriteConsoleW` `HeapSize` `HeapReAlloc` `SetEndOfFile` `ReadFile` `ReadConsoleW` `DecodePointer`

Delayed Imports

DragDetect05

Ordinal	`1`
Address	`0x6dab`

DrawStateA03

Ordinal	`2`
Address	`0x9676`

EscapeCommFunction09

Ordinal	`3`
Address	`0x4292`

GetConsoleOriginalTitleA04

Ordinal	`4`
Address	`0x214e`

GetIconInfo07

Ordinal	`5`
Address	`0x9717`

MessageBoxExW08

Ordinal	`6`
Address	`0x30f2`

OffsetRect06

Ordinal	`7`
Address	`0x1ac0`

SHRegEnumUSKeyA02

Ordinal	`8`
Address	`0x1e2c`

SHStrDupW01

Ordinal	`9`
Address	`0x39d2`

SfsDllFree

Ordinal	`10`
Address	`0x9627`

SfsDllInitialize

Ordinal	`11`
Address	`0x229a`

SfsDllIssue

Ordinal	`12`
Address	`0x39f1`

SfsDllVersion

Ordinal	`13`
Address	`0x25cf`

WakeConditionVariable00

Ordinal	`14`
Address	`0x326d`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x398`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.38298`
MD5	`c9aaee6c77f478f88197ef920f5ea24b`
SHA1	`3ced6bbf315d53be13d8dd27a170a8e4ba74af2d`
SHA256	`84baebbf3868f990af5442f7108a4bd6511c354c13268f9ebb529048e7092a96`
SHA3	`3bb775cae323f32ff884a7c17c2cc11e1f900f052b1bc877f6badd1906e6cb13`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	8.35.0.0
ProductVersion	8.35.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	English - United States
CompanyName	Bitvise Limited
FileDescription	Bitvise SSH Server Sfs Dll
FileVersion (#2)	8.35.0.0
InternalName	SfsDll
LegalCopyright	Copyright (C) 2000-2019 by Bitvise Limited.
OriginalFilename	SfsDll32.dll
ProductName	Bitvise SSH Server
ProductVersion (#2)	8.35

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2009-Feb-20 14:27:57
Version	`0.0`
SizeofData	`664`
AddressOfRawData	`0x15f7c`
PointerToRawData	`0x14b7c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2020-May-18 10:11:39
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x10018014`
SEHandlerTable	`0x10015f60`
SEHandlerCount	`7`

RICH Header

XOR Key	`0x8c0deecf`
Unmarked objects	`0`
241 (40116)	`10`
243 (40116)	`129`
242 (40116)	`24`
C objects (VS 2015/2017 runtime 26706)	`15`
ASM objects (VS 2015/2017 runtime 26706)	`19`
C++ objects (VS 2015/2017 runtime 26706)	`32`
Imports (65501)	`3`
Total imports	`89`
265 (VS2017 v15.9.16-18 compiler 27034)	`1`
Exports (VS2017 v15.9.16-18 compiler 27034)	`1`
Resource objects (VS2017 v15.9.16-18 compiler 27034)	`1`
151	`1`
Linker (VS2017 v15.9.16-18 compiler 27034)	`1`

e7c9d5568ed5c646c410e3928ab9a093

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

DragDetect05

DrawStateA03

EscapeCommFunction09

GetConsoleOriginalTitleA04

GetIconInfo07

MessageBoxExW08

OffsetRect06

SHRegEnumUSKeyA02

SHStrDupW01

SfsDllFree

SfsDllInitialize

SfsDllIssue

SfsDllVersion

WakeConditionVariable00

1

2

Version Info

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors