Manalyze report for f010b0b7681ede24f96c88670784fc89

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Jul-14 00:24:50
Detected languages	English - United States
CompanyName	Sun Microsystems, Inc.
FileDescription	vc_runtime
FileVersion	`5.5.75.32`
InternalName	vc_runtime
LegalCopyright	Copyright © 2004
OriginalFilename	VC_RUNTIME.DLL
ProductName	Java(TM) Platform SE 6
ProductVersion	`5.5.75.32`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryW`
Malicious	The program tries to mislead users about its origins.	`The PE pretends to be from Sun Microsystems but is not signed!`
Malicious	VirusTotal score: 10/67 (Scanned on 2019-09-15 09:08:08)	`MicroWorld-eScan: Trojan.GenericKD.32454726` `FireEye: Generic.mg.f010b0b7681ede24` `Kaspersky: UDS:DangerousObject.Multi.Generic` `BitDefender: Trojan.GenericKD.32454726` `AegisLab: Trojan.Multi.Generic.4!c` `Ad-Aware: Trojan.GenericKD.32454726` `Emsisoft: Trojan.GenericKD.32454726 (B)` `Microsoft: Trojan:Win32/Casdet!rfn` `ZoneAlarm: UDS:DangerousObject.Multi.Generic` `GData: Trojan.GenericKD.32454726`

Hashes

MD5	`f010b0b7681ede24f96c88670784fc89`
SHA1	`265fffe7811d01e9a79b3221fe5fdac8f1501104`
SHA256	`98214a8ff23135a1e92e2ab029a4806cd1501d0a190798cf37bec90b2b20729e`
SHA3	`fc3f9bfe8bf81e1c4c1df0966a8362c1dca0e6339b64f0d70d31f5850747e582`
SSDeep	`6144:3tU7KUfyg4Fo3ddNbkmcm3c5Czl3XXv3T:dUGpg4WImRNnPT`
Imports Hash	`059aa600cd649dfcfc8769050b96892d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2018-Jul-14 00:24:50
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x25800`
SizeOfInitializedData	`0x13e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0001E08C (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x27000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x3d000`
SizeOfHeaders	`0x400`
Checksum	`0x3ebb8`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7c69ddc5b64f1452722265164643b2d1`
SHA1	`e89b416c93bc18c28454fd9283a7fe80bfd8a6b8`
SHA256	`74d661104fd97341abd6d4f6ec9a4c38c7e55a66c6c3d90c464e60043c45d965`
SHA3	`36fc62928df9634d887e4f94cf5c72d823d9f9c4651585daf56cc23d10bfba2d`
VirtualSize	`0x2565a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x25800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.32819`

.rdata

MD5	`686cdf6bbdc0011caa6646f9826c2a44`
SHA1	`896787aba41cc4a4f2b6ad18739596663b1453d1`
SHA256	`acab87f598ef5efcab34737d725546b2f910a4100d6e0eabd0afe07fe6ff9edd`
SHA3	`d94dc9e428741b40e74f8a9fbed566430162936f62e757f35f77b389319c834b`
VirtualSize	`0x363f`
VirtualAddress	`0x27000`
SizeOfRawData	`0x3800`
PointerToRawData	`0x25c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.15345`

.data

MD5	`fe588901ab4a8bf1d10c82380b99e87c`
SHA1	`a82194e00a2cb9dfb79354ddecbd45df1f2ef74b`
SHA256	`a286a563ec1f35e66929eb3d1565b24e48c5ff102920b18240bb3c07460a97c3`
SHA3	`66d415437f376483f10807877ad5a366d47041f0ccbf32368b3092a9984e7cc8`
VirtualSize	`0xda5c`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x9a00`
PointerToRawData	`0x29400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.93392`

.rsrc

MD5	`795d57ec604c87d707732590dc67f9a3`
SHA1	`11bd58e85fa7623d0c8e213743ae634fd40bf8af`
SHA256	`b72be3903a49d552945b8a4e0f2c843161396a687dc86a43e57f971307e8fd7d`
SHA3	`14017bc8ac2e5835afe1771b2b0d22728cfda2e74b8af4a1f4a5d2b52faf5109`
VirtualSize	`0x4ec`
VirtualAddress	`0x39000`
SizeOfRawData	`0x600`
PointerToRawData	`0x32e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.56107`

.reloc

MD5	`fe66b459769914937e53daa679c44811`
SHA1	`15dc0c804deb32402afe1520465fcd71e2609aae`
SHA256	`e8b563d7213aaa406401f8e897bcd7e3fd8aa8c4e767a4ce41930b477a55190c`
SHA3	`94f3220ed5423c5c8d559b3bd8cfc544c6f450f465d5736cf60b0d9b6ab5b61e`
VirtualSize	`0x2342`
VirtualAddress	`0x3a000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x33400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.22483`

Imports

KERNEL32.dll	`LoadLibraryA` `GetProcAddress` `SetErrorMode` `GetCurrentProcess` `GetTickCount` `WriteFile` `Sleep` `WideCharToMultiByte` `HeapReAlloc` `DecodePointer` `GetCommandLineA` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `EncodePointer` `TerminateProcess` `GetSystemTimeAsFileTime` `HeapCreate` `HeapDestroy` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `InterlockedIncrement` `GetModuleHandleW` `SetLastError` `InterlockedDecrement` `LoadLibraryW` `GetCPInfo` `GetACP` `GetOEMCP` `IsValidCodePage` `RaiseException` `ExitProcess` `SetHandleCount` `GetStdHandle` `InitializeCriticalSectionAndSpinCount` `GetFileType` `GetStartupInfoW` `DeleteCriticalSection` `GetModuleFileNameA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `QueryPerformanceCounter` `LeaveCriticalSection` `EnterCriticalSection` `SetFilePointer` `GetConsoleCP` `GetConsoleMode` `MultiByteToWideChar` `LCMapStringW` `GetStringTypeW` `HeapSize` `RtlUnwind` `IsProcessorFeaturePresent` `SetStdHandle` `WriteConsoleW` `FlushFileBuffers` `IsBadReadPtr` `VirtualFree` `HeapFree` `HeapAlloc` `FreeLibrary` `GetNativeSystemInfo` `ExpandEnvironmentStringsW` `CloseHandle` `CreateFileW` `GetModuleFileNameW` `ReadFile` `GetFileSize` `GetCurrentProcessId` `GetVersion` `GetCurrentThreadId` `GetLastError`
SHLWAPI.dll	`PathRemoveFileSpecW` `PathFindFileNameW`
SHELL32.dll	`#680`

Delayed Imports

DllCanUnloadNow

Ordinal	`1`
Address	`0xd690`

DllGetClassObject

Ordinal	`2`
Address	`0xd4c0`

DllRegisterServer

Ordinal	`3`
Address	`0xd060`

DllUnregisterServer

Ordinal	`4`
Address	`0xd290`

ServiceMain

Ordinal	`5`
Address	`0xd7d0`

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2f0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.45985`
MD5	`adaefd1ff7cfaae96a996806dbc83731`
SHA1	`f6478600bd9f3b50d5991487938d117e539ed820`
SHA256	`9ef2b9099ab4c60a2dfa353b43fa279054e493cd1d796f39f688242ea42345d6`
SHA3	`5c047dbcabbbd77bd9539b115dca88cf3de264f66e9a94b5536fbf96f86beea5`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.5.75.32
ProductVersion	5.5.75.32
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
CompanyName	Sun Microsystems, Inc.
FileDescription	vc_runtime
FileVersion (#2)	5.5.75.32
InternalName	vc_runtime
LegalCopyright	Copyright © 2004
OriginalFilename	VC_RUNTIME.DLL
ProductName	Java(TM) Platform SE 6
ProductVersion (#2)	5.5.75.32

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1002b038`
SEHandlerTable	`0x10029690`
SEHandlerCount	`13`

RICH Header

XOR Key	`0x708668c9`
Unmarked objects	`0`
Exports (VS2012 UPD3 build 60610)	`97`
Resource objects (VS2012 UPD2 build 60315)	`110`
ASM objects (VS2012 UPD2 build 60315)	`24`
Resource objects (VS2010 SP1 build 40219)	`88`
ASM objects (VS2010 SP1 build 40219)	`77`
Total imports	`297`
Exports (VS2008 build 21022)	`53`
Imports (VS2008 SP1 build 30729)	`107`
ASM objects (VS2008 SP1 build 30729)	`64`

f010b0b7681ede24f96c88670784fc89

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

DllCanUnloadNow

DllGetClassObject

DllRegisterServer

DllUnregisterServer

ServiceMain

1

2

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors