Manalyze report for e8035960b9188d5f591a981e59928248c64e5f20de14c4e1cf303992b5f4ddeb

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2006-Aug-08 14:20:16
Detected languages	Czech - Czech Republic English - United States
FileDescription	Dialer MFC Application
FileVersion	`1, 0, 0, 1`
InternalName	Dialer
LegalCopyright	Copyright (C) 2000
OriginalFilename	Dialer.EXE
ProductName	Dialer Application
ProductVersion	`1, 0, 0, 1`

Plugin Output

Suspicious	PEiD Signature:	`UPX -> www.upx.sourceforge.net`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `The PE only has 8 import(s).`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress`
Malicious	VirusTotal score: 14/31 (Scanned on 2006-11-26 22:49:16)	`AVG: Potentially harmful program Dialer.CXG` `AntiVir: DIAL/16384.A.16` `Avast: Win32:Dialer-gen.` `Ewido: Heuristic.Win32.Dialer` `Fortinet: suspicious` `Kaspersky: not-a-virus:Porn-Dialer.Win32.FreeFoto` `McAfee: potentially unwanted program Dialer-gen` `NOD32v2: a variant of Win32/Dialer.PornDial.FreeFoto` `Norman: W32/Dialer.AKOO` `Panda: Suspicious file` `TheHacker: Dialer/Generico` `VBA32: Porn-Dialer.Win32.FreeFoto` `VirusBuster: Dialer.Freefoto.Gen` `eSafe: suspicious Trojan/Worm`

Hashes

MD5	`731e22bd4f7474d8e7617f6ca8250eee`
SHA1	`9c3dc785d8667de8eeeca4a8a071af3ab28d6225`
SHA256	`e8035960b9188d5f591a981e59928248c64e5f20de14c4e1cf303992b5f4ddeb`
SHA3	`5b6dc95fcdb2b0a7c7c8742c80f72465b8ce9d08d1792508bfcfcf45aa2ad56e`
SSDeep	`384:DpJaO2OC6Yiye9FLLbLKPej8GKTDdImUq:DpUO2OysfA0KH97`
Imports Hash	`e48b82f1faf22e1217187f8544000745`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2006-Aug-08 14:20:16
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x3000`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0x7000`
AddressOfEntryPoint	`0x0000A680 (Section: UPX1)`
BaseOfCode	`0x8000`
BaseOfData	`0xb000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xd000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x7000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`51b5656159e64140606331f33c81f243`
SHA1	`f7683fe6ebacaddff3d895848ce8a996c0086ba5`
SHA256	`2194f8a65f64295166a8d6cd4c295b9b986000c6ecb11d5781ca6d64e729067f`
SHA3	`42c58186e685429175b7dd93087445a4e24ed72027faddc2811f91ca706c35d7`
VirtualSize	`0x3000`
VirtualAddress	`0x8000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.8449`

.rsrc

MD5	`9d1a8dd4b8f3af4b30321102e0b7df7d`
SHA1	`0903a1f68077e0e779b4c33176f3867dee55d0c4`
SHA256	`6ec9270ac04e17900d430de018757177922035ff56ad1133c50f54dd7082680a`
SHA3	`1ab299cb786e0f52da3d93d66bd9d438e291da5c3aa234c82a7d2283adfb308c`
VirtualSize	`0x2000`
VirtualAddress	`0xb000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x2c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.19178`

Imports

KERNEL32.DLL	`LoadLibraryA` `GetProcAddress` `ExitProcess`
MFC42.DLL	`#2863`
MSVCRT.dll	`free`
RASAPI32.dll	`RasDialA`
SHELL32.dll	`Shell_NotifyIconA`
USER32.dll	`IsIconic`

Delayed Imports

1

Type	`RT_ICON`
Language	Czech - Czech Republic
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.35553`
MD5	`1260ab68164abca0cbe9d99e268f1c95`
SHA1	`4e42dd7015bf026ad18442c1096ca77c1518726d`
SHA256	`9373f750ad4b596483fdfce5adf952addc1cf380fc491d87953a20de869a720e`
SHA3	`00e7e6c1827c6b6b16ff13bd3bbe0db0364dda9ebcebdaaf499f75c2676225ee`

129

Type	`RT_MENU`
Language	Czech - Czech Republic
Codepage	UNKNOWN
Size	`0x8a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

131

Type	`RT_DIALOG`
Language	Czech - Czech Republic
Codepage	UNKNOWN
Size	`0x28c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

132

Type	`RT_DIALOG`
Language	Czech - Czech Republic
Codepage	UNKNOWN
Size	`0x1ae`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

134

Type	`RT_DIALOG`
Language	Czech - Czech Republic
Codepage	UNKNOWN
Size	`0xe8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`0`
MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`

7

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x40`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.8125`
MD5	`fe8d0c9270018a5244c972ac7de0cd72`
SHA1	`307b8c028ad4faaf884aaa23f721dc6c9afded58`
SHA256	`f7a6753962f8b72924f34271c383ad67182e11da27e87c2f322dbbd49c008f5d`
SHA3	`6640cc6e6238a780b1c5f8f56ae69d051933e144550e2de610fb037b60b24263`

140

Type	`RT_GROUP_ICON`
Language	Czech - Czech Republic
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.91924`
Detected Filetype	Icon file
MD5	`6f191f45d2ea96b2d22e9eafa1a55bd7`
SHA1	`aa9a0930cb6ae38dd9645dbd2e85cf3796ed2977`
SHA256	`f01c223e6cf0e0f5c1d990ad720488af398180adb1b92e61c2144cf11d3130f8`
SHA3	`ab7f66f51b1cb5a30df00c2674a3a04e8323578947f36708e2e82dd5d04f0416`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2f4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.29007`
MD5	`4d1d9998205201b603d0c4241c9a70a3`
SHA1	`ceeda2ecaaaa705ff4b5695ec640cf75307f2927`
SHA256	`5942407b2ec70950b7407706b1b03c0e9837b8e9732fc106d9859f5d7e0d1287`
SHA3	`5138e36fc2e348acc3f5e58d1f8fc4970f8fbd881e9f33ac3d931c94513cd54d`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
FileDescription	Dialer MFC Application
FileVersion (#2)	1, 0, 0, 1
InternalName	Dialer
LegalCopyright	Copyright (C) 2000
OriginalFilename	Dialer.EXE
ProductName	Dialer Application
ProductVersion (#2)	1, 0, 0, 1

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x5920b65f`
Unmarked objects	`0`
14 (7299)	`2`
C objects (8047)	`11`
Linker (8047)	`2`
Linker (VS98 SP6 build 8804)	`2`
Total imports	`180`
19 (8034)	`9`
C++ objects (VS98 SP6 build 8804)	`11`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Section UPX0 has a size of 0!
[!] Error: Resource 129 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 129 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 129 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 131 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 131 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 131 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 132 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 132 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 132 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 134 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 134 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 134 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 129 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 129 is bigger than the PE. Not trying to load it in memory.
[*] Warning: Resource  is empty!
[!] Error: Resource 131 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 131 is bigger than the PE. Not trying to load it in memory.
[*] Warning: Resource  is empty!
[!] Error: Resource 132 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 132 is bigger than the PE. Not trying to load it in memory.
[*] Warning: Resource  is empty!
[!] Error: Resource 134 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 134 is bigger than the PE. Not trying to load it in memory.
[*] Warning: Resource  is empty!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[!] Error: Resource 129 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 129 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 131 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 131 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 132 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 132 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 134 is bigger than the PE. Not trying to load it in memory.
[!] Error: Resource 134 is bigger than the PE. Not trying to load it in memory.

Leave a comment

No comments yet.