Manalyze report for e88dc150d4e79efd2186355036b9548ac29a8063d04c7a83457e1b0a9c398d29

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2025-Nov-11 19:12:09
Detected languages	English - United States

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: example.com https://api.prestigeclient.vip https://curl.se`
Info	Cryptographic algorithms detected in the binary:	`Uses known Mersenne Twister constants` `Microsoft's Cryptography API`
Suspicious	The PE is possibly packed.	`Unusual section name found: .fptable`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExW` `Uses Microsoft's cryptographic API: CryptQueryObject CryptDecodeObjectEx CryptStringToBinaryA CryptHashData CryptEncrypt CryptImportKey CryptDestroyKey CryptDestroyHash CryptCreateHash CryptGetHashParam CryptReleaseContext CryptAcquireContextA` `Can create temporary files: GetTempPathA CreateFileA CreateFileW` `Leverages the raw socket API to access the Internet: freeaddrinfo send WSACloseEvent gethostname ioctlsocket sendto recvfrom getsockopt getaddrinfo listen htonl accept select __WSAFDIsSet WSAIoctl socket setsockopt recv htons getsockname getpeername connect bind WSACleanup WSAStartup ntohs WSAGetLastError WSASetLastError closesocket WSAWaitForMultipleEvents WSAResetEvent WSAEventSelect WSAEnumNetworkEvents WSACreateEvent` `Enumerates local disk drives: GetDriveTypeW` `Interacts with the certificate store: CertAddCertificateContextToStore CertOpenStore`
Malicious	VirusTotal score: 43/71 (Scanned on 2026-03-26 15:20:14)	`APEX: Malicious` `AVG: Win64:MalwareX-gen [Cryp]` `Antiy-AVL: Trojan/Win64.GenKryptik` `Arcabit: Trojan.Tedy.DD1B6F` `Avast: Win64:MalwareX-gen [Cryp]` `BitDefender: Gen:Variant.Tedy.858991` `Bkav: W64.AIDetectMalware` `CAT-QuickHeal: Hacktool.Injector` `CTX: exe.trojan.genkryptik` `CrowdStrike: win/malicious_confidence_90% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/GenKryptik.HOSX trojan` `Elastic: malicious (high confidence)` `Emsisoft: Gen:Variant.Tedy.858991 (B)` `Fortinet: W64/GenKryptik.HOSX!tr` `GData: Gen:Variant.Tedy.858991` `Google: Detected` `Gridinsoft: PUP.Win64.Puwaders.cl` `Ikarus: Trojan.Win64.Krypt` `K7AntiVirus: Trojan ( 006d91201 )` `K7GW: Trojan ( 006d91201 )` `Lionic: Trojan.Win32.Generic.4!c` `Malwarebytes: Malware.AI.4249831387` `MaxSecure: Trojan.Malware.584370077.susgen` `McAfeeD: ti!E88DC150D4E7` `MicroWorld-eScan: Gen:Variant.Tedy.858991` `Microsoft: HackTool:Win32/Injector!MTB` `Paloalto: generic.ml` `Rising: Trojan.Kryptik!8.8 (CLOUD)` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: BehavesLike.Win64.Infected.ch` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Tencent: Malware.Win32.Gencirc.14a8de06` `TrellixENS: Artemis!D203EAD9237E` `TrendMicro-HouseCall: TROJ_GEN.R014H09AJ26` `VIPRE: Gen:Variant.Tedy.858991` `Varist: W64/ABTrojan.DJMR-0223` `Yandex: Trojan.GenKryptik!7Y1MX/vH628` `Zillya: Trojan.GenKryptik.Win64.64819` `alibabacloud: Trojan:Win/Injector.Gen`

Hashes

MD5	`d203ead9237ef2547310613b6e6963b3`
SHA1	`c83c76eb6be90032d2cfc317570e40fcc2faffd0`
SHA256	`e88dc150d4e79efd2186355036b9548ac29a8063d04c7a83457e1b0a9c398d29`
SHA3	`95e5ac779a10bf5c7a16b5ba4b842885e6127a21af436d87f0b07f6e196dfcb6`
SSDeep	`24576:ciiTU2PayBc80HZ4GvvQszgTSv3sm2b43NQms2VZ:ciiTU2PVOPHZ4vszgTSv3sm2b43a`
Imports Hash	`b634eed43465867b8c1a26de4d2faa17`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2025-Nov-11 19:12:09
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa0600`
SizeOfInitializedData	`0x36400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000006E990 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xdd000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`89d1c0f442d19d179b0b368f15dbf9aa`
SHA1	`a53a639fae214345f7c424fb0b5ab506cbab2db2`
SHA256	`05509db79374c668ae59fad4bffb1440ec7adceb20bbee654f315ceb1f18edd9`
SHA3	`2308809894c5a9305fbc58d3cf3143582eefcd50b4ff587955bdf8188e6064a5`
VirtualSize	`0xa0410`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa0600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.42906`

.rdata

MD5	`408b7e3cc9afe23fa43cb6272b21f41c`
SHA1	`92e0d6ae48c90d625acd7910b52f4e2a229b76cc`
SHA256	`8b722335c430513da3bc30aa81c8cb23b908bc1a888ad88d9dc059cea3abdce3`
SHA3	`6c5c9f48e1c56031149838041787d43184a8788f672d7adf16eeeb150b9d53d8`
VirtualSize	`0x291e2`
VirtualAddress	`0xa2000`
SizeOfRawData	`0x29200`
PointerToRawData	`0xa0a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.43819`

.data

MD5	`63d2ba733350861e2efc67f4de649d08`
SHA1	`ca400ff1ea02163c24f000605bce6a092acbf427`
SHA256	`67e5354fb728c7b4bccd5f659c38a3d3fe7962d7cfb01147e67652899fd7f660`
SHA3	`8bfb18126ed020bd37353bf42eff98a919ab89085f9f7729ce2e4d0ff26c8fdc`
VirtualSize	`0x361c`
VirtualAddress	`0xcc000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0xc9c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.15561`

.pdata

MD5	`3d1b36baa38ff6091be9f58d3e3a557a`
SHA1	`53ad88aeec95eb205149791dc0e5cb2d3fc20dd4`
SHA256	`946f6212028b016801bf4ce221b18fdb0374be1cd1bd5dcbf4a5d7d632b1ffc1`
SHA3	`f9730bd1e561b796db61a6e62dbd3a00d07733c04721873a636ee851575740fe`
VirtualSize	`0x7f2c`
VirtualAddress	`0xd0000`
SizeOfRawData	`0x8000`
PointerToRawData	`0xcba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.9099`

_RDATA

MD5	`84320424f5a262135a0526646cc35ea6`
SHA1	`5199cbaebeb65fb0db3d706590dab1eca843f4d0`
SHA256	`4b682d9835a56627b8b96123fe8fda1cddcf44eff11d78e8d1d11db914ff4fb2`
SHA3	`9ba494e8267e551d66c575e44816e328a4f316d406b81256b511b32d009f968f`
VirtualSize	`0x1f4`
VirtualAddress	`0xd8000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd3a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.24276`

.fptable

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x100`
VirtualAddress	`0xd9000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`8aa5ba62951437da331cf05b9c705234`
SHA1	`35832c30b84df41466478fe8fdb93118865f33fb`
SHA256	`2c341c5e2b2ff23e759aa54a45f2a5b1dedcc055f50736a67a2656ab4b2b9c00`
SHA3	`da731f1583ccadd119494e731b241c0260ab9396262287c72c8ddc6b3c7512d7`
VirtualSize	`0x1e8`
VirtualAddress	`0xda000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd3e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7561`

.reloc

MD5	`5cbb108d14412e3d44b4cc3750518c59`
SHA1	`28d4fa2fc6df5e9e1cf5cf9994e3759788f0d587`
SHA256	`1d7ba39107daa63c57547ca7e019795ba8f02bdc2b2ce28a06b2efc9fd1fd5a1`
SHA3	`d77ef8780dcddd61947b51397baf4152d29985167453da1e0b3b2fd22ca76186`
VirtualSize	`0x1218`
VirtualAddress	`0xdb000`
SizeOfRawData	`0x1400`
PointerToRawData	`0xd4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.23656`

Imports

WS2_32.dll	`freeaddrinfo` `send` `WSACloseEvent` `gethostname` `ioctlsocket` `sendto` `recvfrom` `getsockopt` `getaddrinfo` `listen` `htonl` `accept` `select` `__WSAFDIsSet` `WSAIoctl` `socket` `setsockopt` `recv` `htons` `getsockname` `getpeername` `connect` `bind` `WSACleanup` `WSAStartup` `ntohs` `WSAGetLastError` `WSASetLastError` `closesocket` `WSAWaitForMultipleEvents` `WSAResetEvent` `WSAEventSelect` `WSAEnumNetworkEvents` `WSACreateEvent`
WLDAP32.dll	`#217` `#33` `#46` `#301` `#200` `#30` `#79` `#35` `#143` `#32` `#27` `#26` `#22` `#41` `#50` `#45` `#60` `#211`
CRYPT32.dll	`CertFreeCertificateChain` `CertGetCertificateChain` `CertFreeCertificateChainEngine` `CertCreateCertificateChainEngine` `CryptQueryObject` `CertGetNameStringA` `CertFindExtension` `CertAddCertificateContextToStore` `CryptDecodeObjectEx` `PFXImportCertStore` `CryptStringToBinaryA` `CertFreeCertificateContext` `CertFindCertificateInStore` `CertEnumCertificatesInStore` `CertCloseStore` `CertOpenStore`
Normaliz.dll	`IdnToUnicode` `IdnToAscii`
KERNEL32.dll	`CompareStringW` `GetTimeFormatW` `GetDateFormatW` `VirtualProtect` `FlsFree` `FlsSetValue` `FlsGetValue` `FlsAlloc` `HeapReAlloc` `HeapFree` `HeapAlloc` `GetConsoleOutputCP` `ReadConsoleW` `GetConsoleMode` `GetCommandLineW` `GetCommandLineA` `WriteFile` `GetModuleFileNameW` `ExitProcess` `SetFilePointerEx` `GetModuleHandleExW` `FreeLibraryAndExitThread` `ExitThread` `CreateThread` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `FlushFileBuffers` `SetStdHandle` `SetEndOfFile` `GetCurrentDirectoryW` `GetFullPathNameW` `GetTimeZoneInformation` `FindClose` `FindFirstFileExW` `FindNextFileW` `IsValidCodePage` `LCMapStringW` `FileTimeToSystemTime` `SystemTimeToTzSpecificLocalTime` `GetFileInformationByHandle` `GetTempPathA` `GetLastError` `LoadLibraryA` `DeleteFileA` `GetProcAddress` `FreeLibrary` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `SetLastError` `FormatMessageW` `QueryPerformanceCounter` `GetTickCount` `CloseHandle` `EnterCriticalSection` `LeaveCriticalSection` `InitializeCriticalSectionEx` `DeleteCriticalSection` `SetEvent` `WaitForSingleObject` `CreateEventA` `MultiByteToWideChar` `QueryPerformanceFrequency` `GetCurrentThread` `GetSystemDirectoryA` `GetModuleHandleA` `SleepEx` `Sleep` `WideCharToMultiByte` `MoveFileExA` `WaitForSingleObjectEx` `GetEnvironmentVariableA` `GetStdHandle` `GetFileType` `ReadFile` `PeekNamedPipe` `WaitForMultipleObjects` `GetCurrentProcessId` `RtlUnwind` `VerifyVersionInfoW` `CreateFileA` `GetFileSizeEx` `GetDriveTypeW` `GetACP` `GetOEMCP` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `SetEnvironmentVariableW` `GetProcessHeap` `DeleteFileW` `HeapSize` `WriteConsoleW` `VerSetConditionMask` `CreateFileW` `LoadLibraryExW` `EncodePointer` `DecodePointer` `LCMapStringEx` `GetStringTypeW` `GetCPInfo` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree`
ADVAPI32.dll	`CryptHashData` `CryptEncrypt` `CryptImportKey` `CryptDestroyKey` `CryptDestroyHash` `OpenThreadToken` `CryptCreateHash` `CryptGetHashParam` `CryptReleaseContext` `CryptAcquireContextA`
bcrypt.dll	`BCryptGenRandom`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x184`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91862`
MD5	`3250787fdcd75aa2587529b89c7738b2`
SHA1	`622b5627941ecee9cfe6179c3017bbf7b43fffaa`
SHA256	`8b0de2e560d8476fb0013b44f1e10c2789ae71e0353866890dc5f9c57fb1f44a`
SHA3	`6bf4f0eaf6795c219d4d808caa895dcb53f7fe9c81e92ce03da1db7841bfcd3d`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Nov-11 19:12:09
Version	`0.0`
SizeofData	`956`
AddressOfRawData	`0xc0aa0`
PointerToRawData	`0xbf4a0`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2025-Nov-11 19:12:09
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400cc880`

RICH Header

XOR Key	`0xabf1716c`
Unmarked objects	`0`
C++ objects (33140)	`193`
C objects (33140)	`18`
ASM objects (33140)	`8`
Unmarked objects (#2)	`2`
253 (VS 2015-2022 runtime 33030)	`7`
C objects (VS 2015-2022 runtime 33030)	`18`
ASM objects (VS 2015-2022 runtime 33030)	`18`
C++ objects (VS 2015-2022 runtime 33030)	`83`
Total imports	`217`
Imports (33140)	`15`
C objects (33523)	`126`
C++ objects (LTCG) (33145)	`2`
Resource objects (33145)	`1`
Linker (33145)	`1`

Errors

Leave a comment

No comments yet.