Manalyze report for ed56a638d2c9d93196126b44ca0e320f

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Mar-26 12:34:41
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Contains another PE executable: This program cannot be run in DOS mode.`
Malicious	The PE contains functions mostly used by malware.	`Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities: CreateRemoteThread OpenProcess VirtualAllocEx WriteProcessMemory` `Manipulates other processes: OpenProcess WriteProcessMemory Process32First Process32Next`
Malicious	VirusTotal score: 42/72 (Scanned on 2025-04-03 21:49:38)	`ALYac: Trojan.GenericKD.76133979` `APEX: Malicious` `AVG: Win64:MalwareX-gen [Trj]` `AhnLab-V3: Trojan/Win.Generic.C5746068` `Antiy-AVL: GrayWare/Win32.Wacapew` `Arcabit: Trojan.Generic.D489B65B` `Avast: Win64:MalwareX-gen [Trj]` `BitDefender: Trojan.GenericKD.76133979` `Bkav: W64.AIDetectMalware` `CAT-QuickHeal: Trojan.Sabsik` `CTX: exe.trojan.generic` `CrowdStrike: win/malicious_confidence_70% (W)` `Cylance: Unsafe` `Cynet: Malicious (score: 100)` `DeepInstinct: MALICIOUS` `Elastic: malicious (high confidence)` `Emsisoft: Trojan.GenericKD.76133979 (B)` `FireEye: Generic.mg.ed56a638d2c9d931` `Fortinet: W32/PossibleThreat` `GData: Trojan.GenericKD.76133979` `Google: Detected` `Gridinsoft: Trojan.Win64.Gen.cl` `Lionic: Trojan.Win32.Generic.4!c` `Malwarebytes: Malware.AI.4289580894` `MaxSecure: Trojan.Malware.8426628.susgen` `McAfee: Artemis!ED56A638D2C9` `MicroWorld-eScan: Trojan.GenericKD.76133979` `Microsoft: Program:Win32/Wacapew.C!ml` `Paloalto: generic.ml` `Panda: Trj/Chgt.AD` `Rising: Trojan.Kryptik@AI.85 (RDML:xfLFBWescE864PnD1Id4jw)` `Sangfor: Trojan.Win32.Save.a` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: BehavesLike.Win64.Injector.rc` `Sophos: Mal/Generic-S` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.moderate.ml.score` `TrendMicro-HouseCall: Trojan.Win32.VSX.PE04C9V` `VIPRE: Trojan.GenericKD.76133979` `Varist: W64/ABApplication.DHSF-4348` `Xcitium: ApplicUnwnt@#1oyj4562kwslj` `alibabacloud: Trojan:Win/Wacatac.B9nj`

Hashes

MD5	`ed56a638d2c9d93196126b44ca0e320f`
SHA1	`82dd4322058efe892ecdbd7e94e387a841ba2272`
SHA256	`1e7f590e87caa539489db3b229ae47f690bca3f72413ba9b2688bd9150163ebe`
SHA3	`16417bbfe34e29ffb9dd28a0d22bb757abf2cb3a306d498688c7773acc7d60f2`
SSDeep	`98304:LGvrnSdtzJtZBaTMRAl9seqgwkeQFzaS3FZukRzgSAB63:LkrSdtzJtZNqpqTkeazaSnRc1B`
Imports Hash	`cecd85fbe1c18ffc48218116e25318b1`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2025-Mar-26 12:34:41
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x5a00`
SizeOfInitializedData	`0x462200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000005A34 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x46d000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1a2f1f514dd700f062370df98085d04e`
SHA1	`052fa60e226ebae093a55ec2382a50812c09dd51`
SHA256	`4619e22f8d97bd46c85fb4e2005650dd7328ccd0781f39862b41256957415781`
SHA3	`171e1f0eb48c3863e1ab9d33d5439948772a952b80e78003a09e704e5837e980`
VirtualSize	`0x59d7`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.1411`

.rdata

MD5	`ea44bd8438250ff652666a95b8ea862d`
SHA1	`31215485681ad8c0167a5189c2355c6fde178f1b`
SHA256	`424a5b0daa90baf90e55f831a3d97702418d45aaa3fd1816cd22f500e68d29e1`
SHA3	`86c98dc4d757722b91d9a54caa4a52197802f9cf7bbbe5a757f173549f333b66`
VirtualSize	`0x62e8`
VirtualAddress	`0x7000`
SizeOfRawData	`0x6400`
PointerToRawData	`0x5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.23365`

.data

MD5	`6df843733203898630a541e5686fa93f`
SHA1	`0464bc878504495f87bb92ba1aa1b73b136390bf`
SHA256	`19003e89e2c5da39844617d9e0e8479d1e566eba2ca213dd79ca81e4c35dd334`
SHA3	`e96ef12534c09822208ce600234d154a2a44908799e4eccbde7f3cb5df0d094b`
VirtualSize	`0x45b0a0`
VirtualAddress	`0xe000`
SizeOfRawData	`0x45ac00`
PointerToRawData	`0xc200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.95086`

.pdata

MD5	`567f4711a04239e6c937a3c5c4d1b761`
SHA1	`71050c7dd807792a21f4328af398606d10f10628`
SHA256	`bf5930f72008e84b46e6817dda0ee9276a303484d16fa8a11978c7a24e965408`
SHA3	`93c20e15409390cf185a8d8623e5c41dc918d9ccfddbdcd76cfdfbf37bf4fd38`
VirtualSize	`0x648`
VirtualAddress	`0x46a000`
SizeOfRawData	`0x800`
PointerToRawData	`0x466e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.58484`

.rsrc

MD5	`32b9ea11628e331c3da441f8a9e6585e`
SHA1	`989df8ae131ddf05516d065107bbb5445bcdacd2`
SHA256	`d1f80bbc35bfc3f8f8d11ab14637909db04fae5c827ab0952717df16d4f97560`
SHA3	`c6b67745b056e253c9b3d521d67fe596e7fd77c4b4a0f4c5f210b9e591da4001`
VirtualSize	`0x1e8`
VirtualAddress	`0x46b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x467600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.76813`

.reloc

MD5	`2533b26fbedcb1b0ed12b7533dd96574`
SHA1	`f103dac6fe629852948ff05c74b993c063aa96be`
SHA256	`d7f556cfb4205f5e199d785377f89793608a1db78cb0245f149ed2444c678d2e`
SHA3	`48e32b8efe890754ce9bacaf0fd705006555093b473eb092349bfd1026d50d19`
VirtualSize	`0xc0`
VirtualAddress	`0x46c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x467800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.50212`

Imports

KERNEL32.dll	`CloseHandle` `WaitForSingleObject` `Sleep` `CreateRemoteThread` `OpenProcess` `VirtualAllocEx` `WriteProcessMemory` `VirtualFreeEx` `GetModuleHandleA` `GetProcAddress` `CreateToolhelp32Snapshot` `Process32First` `Process32Next` `GetStdHandle` `GetModuleFileNameA` `GetConsoleMode` `SetConsoleMode` `IsDebuggerPresent` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetModuleHandleW`
MSVCP140.dll	`?good@ios_base@std@@QEBA_NXZ` `?flags@ios_base@std@@QEBAHXZ` `?width@ios_base@std@@QEBA_JXZ` `?width@ios_base@std@@QEAA_J_J@Z` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z` `?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z` `?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z` `?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ` `?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ` `?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ` `?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ` `?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ` `?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z` `?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ` `?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `?_Id_cnt@id@locale@std@@0HA` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?always_noconv@codecvt_base@std@@QEBA_NXZ` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?uncaught_exceptions@std@@YAHXZ` `??1_Lockit@std@@QEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `?_Xbad_function_call@std@@YAXXZ` `?_Xlength_error@std@@YAXPEBD@Z` `?_Xbad_alloc@std@@YAXXZ` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z`
VCRUNTIME140.dll	`__current_exception_context` `__current_exception` `memset` `memmove` `__C_specific_handler` `__std_terminate` `memcpy` `_CxxThrowException` `__std_exception_destroy` `__std_exception_copy` `memcmp`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
api-ms-win-crt-runtime-l1-1-0.dll	`_initterm_e` `exit` `_exit` `_set_app_type` `__p___argc` `__p___argv` `_seh_filter_exe` `_get_initial_narrow_environment` `_register_thread_local_exe_atexit_callback` `_initialize_narrow_environment` `terminate` `_configure_narrow_argv` `_initialize_onexit_table` `_register_onexit_function` `_crt_atexit` `_initterm` `_c_exit` `_invalid_parameter_noinfo_noreturn` `_cexit`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `_callnewh` `_set_new_mode` `free`
api-ms-win-crt-stdio-l1-1-0.dll	`setvbuf` `fwrite` `_fseeki64` `fsetpos` `fread` `fputc` `fgetpos` `fgetc` `fclose` `_get_stream_buffer_pointers` `__acrt_iob_func` `_set_fmode` `__stdio_common_vfprintf` `ungetc` `__p__commode` `fflush`
api-ms-win-crt-filesystem-l1-1-0.dll	`_unlock_file` `_lock_file`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x188`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.89623`
MD5	`b8e76ddb52d0eb41e972599ff3ca431b`
SHA1	`fc12d7ad112ddabfcd8f82f290d84e637a4d62f8`
SHA256	`165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8`
SHA3	`37f83338b28cb102b1b14f27280ba1aa3fffb17f7bf165cb7b675b7e8eb7cddd`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2025-Mar-26 12:34:41
Version	`0.0`
SizeofData	`780`
AddressOfRawData	`0xabcc`
PointerToRawData	`0x99cc`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140468600`

RICH Header

XOR Key	`0x6acd211a`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`12`
ASM objects (34321)	`3`
C objects (34321)	`10`
C++ objects (34321)	`30`
Imports (34321)	`6`
Imports (30795)	`3`
Total imports	`151`
C++ objects (34809)	`2`
Resource objects (34809)	`1`
Linker (34809)	`1`

ed56a638d2c9d93196126b44ca0e320f

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors