Manalyze report for f9a018eae3ab56692c6772023021bfc4c5ff17916d213e3c2b806bea1b007f96

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00

Plugin Output

Suspicious	This PE is packed with Themida	`Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found:` `Unusual section name found: .imports` `Unusual section name found: .themida` `Section .themida is both writable and executable.` `Unusual section name found: .boot` `Unusual section name found: .taggant` `The PE only has 1 import(s).`
Malicious	VirusTotal score: 27/71 (Scanned on 2026-04-03 17:09:12)	`APEX: Malicious` `Antiy-AVL: Trojan/Win32.Agent` `Bkav: W64.AIDetectMalware` `CTX: exe.trojan.generic` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: Win64/Packed.Themida.AE suspicious application` `Elastic: malicious (high confidence)` `Fortinet: W32/PossibleThreat` `Google: Detected` `Gridinsoft: Trojan.Heur!.032121A3` `Lionic: Trojan.Win32.Generic.4!c` `Malwarebytes: Malware.Heuristic.2025` `MaxSecure: Trojan.Malware.8328611.susgen` `McAfeeD: ti!F9A018EAE3AB` `Paloalto: generic.ml` `Sangfor: Trojan.Win32.Agent.Vjbm` `SentinelOne: Static AI - Suspicious PE` `Skyhigh: BehavesLike.Win64.Trojan.vc` `Sophos: Generic ML PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.high.ml.score` `TrellixENS: Artemis!CB35F0BB2E47` `Varist: W64/ABTrojan.ZKQP-7083` `Zoner: Probably Heur.ExeHeaderL` `alibabacloud: VirTool:Win/Packed.Themida.AA`

Hashes

MD5	`cb35f0bb2e477eb5a9113524ae4a5622`
SHA1	`9f8f3ddb7257ee48bcf6e99333da09b8ec76430c`
SHA256	`f9a018eae3ab56692c6772023021bfc4c5ff17916d213e3c2b806bea1b007f96`
SHA3	`6304688ba2a243c802bcbe95d37b611b815d5328470031101eb7c80db89c38d3`
SSDeep	`196608:PdhEAKqG6U1H6wNcbmlAzw/ozYiQnRhotERFns1HI:/EAKXjNcqlAzw/kSoSRBs2`
Imports Hash	`a56f115ee5ef2625bd949acaeec66b76`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`12`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0x7a1e00`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`3.0`
SizeOfCode	`0x327a00`
SizeOfInitializedData	`0x65800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000010E3000 (Section: .taggant)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x10e6000`
SizeOfHeaders	`0x400`
Checksum	`0x69afa7`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

MD5	`1b1c0f4b916c7e52dab30cc49dba6e98`
SHA1	`367bd961a43b568ed3300d12c765e9f1a1329f63`
SHA256	`4ac4985a819ee56a6a89c506c0a673b00d1c26381efa5e26e841c20d28fcbc9a`
SHA3	`c32da5f24e2c74c47a7384e28acc0f8a739e021823c14596c9a3d848b5c4ea1e`
VirtualSize	`0x3279f1`
VirtualAddress	`0x1000`
SizeOfRawData	`0x14986c`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.98835`

(#2)

MD5	`ec77f30702f5b2d5a21829ccd1d351f9`
SHA1	`5197596f4936bd04c4fd7ffc239470cf018b9bf1`
SHA256	`caf053589096240526c7afb45d773a14b3c6ea0cba4818e4798d337cb56dbde8`
SHA3	`7f765832f42dbb78307d6ba35be095a7bc8cfe089289e7ee19bd866a2afddea9`
VirtualSize	`0x3f2398`
VirtualAddress	`0x329000`
SizeOfRawData	`0x1d2117`
PointerToRawData	`0x149e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.97156`

(#3)

MD5	`908c5bde420f61fa9071a9852c1a6bc2`
SHA1	`28bb82f29aaf4931ada9855ddd048572d83cff33`
SHA256	`089f8d8c603e4534602c209ce825030bcd6c0a2f845f5f912f422cfe72ce24a1`
SHA3	`e395207a3952fe30bb52c088e61b8566f1377d713d113a254a7441bd6656cb04`
VirtualSize	`0xbb7f0`
VirtualAddress	`0x71c000`
SizeOfRawData	`0x32c5f`
PointerToRawData	`0x31c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.96051`

(#4)

MD5	`44f025fb984fa52b4ae9fa950219cb10`
SHA1	`e83ee457479750fcb55998d58d05474e8102c40f`
SHA256	`5f5b11b718757fd87f33f9923b878161545bf7ee168d6cb7bd62b29339bf4113`
SHA3	`4a56e1a2d9043c65e26f49e697ecffa4618b9f6342d270c9943939d85f9346b6`
VirtualSize	`0x120f0`
VirtualAddress	`0x7d8000`
SizeOfRawData	`0x8bb0`
PointerToRawData	`0x34ee00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.6517`

(#5)

MD5	`dcffd8fbddf6cca9fe39543c10ede312`
SHA1	`ad4c286098528b0314fbbbe53193325e03f43418`
SHA256	`ab9648a7378654e6556e571b745c395cc3096f7b77bd3576a38fccca679ff50f`
SHA3	`dc1f01cc520e5cb837ca4984499b71ffd40950c0dc13aec2901e24b17a81c4de`
VirtualSize	`0xb4`
VirtualAddress	`0x7eb000`
SizeOfRawData	`0x63`
PointerToRawData	`0x357a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.16699`

(#6)

MD5	`76b0b7e2827f5966c253a862a32b5172`
SHA1	`fc2f950b4d733193bd9c180c26d1a7c3c12864dc`
SHA256	`27963e8e7d006f72b1bec40872ba81a6c3162102108f33fa4482fc01b7020fe0`
SHA3	`5e22067a405260922aa4bd4f3490aada7122af3e23fd3f771a1a4c91a55b6d9e`
VirtualSize	`0x53e`
VirtualAddress	`0x7ec000`
SizeOfRawData	`0x72`
PointerToRawData	`0x357c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.19579`

(#7)

MD5	`2a22d925515a694d47e28a4eb3f4dd50`
SHA1	`469ebc2a346c131a771cc9e2a7260424bbb27a5e`
SHA256	`e89146df224fdba93ec34be5782decdf3127be304329b98a723c2b1110d9cf7a`
SHA3	`1a0365f95db74588c1eeae61681992f60935999af08ce9ae2cabd313b95bc4f6`
VirtualSize	`0xf7b4`
VirtualAddress	`0x7ed000`
SizeOfRawData	`0x3a67`
PointerToRawData	`0x357e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`7.95853`

(#8)

MD5	`3900878efa4fb77d5993b1ab002d1caa`
SHA1	`bffc54575f53f040b141de33b1ea17feec0946a7`
SHA256	`6854efc341960b0a628897512246174f833c6bb1f8a787ae0883e66b7b887c02`
SHA3	`4a14ece99b3d1ef29f6dac8bd0edd13f0d9e7172c5102cf940627341d2600046`
VirtualSize	`0x4`
VirtualAddress	`0x7fd000`
SizeOfRawData	`0x7`
PointerToRawData	`0x35ba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.80735`

.imports

MD5	`b5b60d995256e91114c3c6f91abf757d`
SHA1	`25317353c3f38b4e069bedf73ee887c978825604`
SHA256	`221a83a980aa5e68ee61df30db4765cdb99fbbae2c13c9ed9f6aca71d83205d6`
SHA3	`0826b590dbe5eb2439c915fc852d15616c38846004ed517ab66878bc94a02d54`
VirtualSize	`0x1000`
VirtualAddress	`0x7fe000`
SizeOfRawData	`0x200`
PointerToRawData	`0x35bc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.649576`

.themida

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x5aa000`
VirtualAddress	`0x7ff000`
SizeOfRawData	`0`
PointerToRawData	`0x35be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.boot

MD5	`0e5e5d50c8fdbe3f3fb07187073db0ee`
SHA1	`64ae1b927d8b092380e29014515abb8d8bd3dfab`
SHA256	`85b849be0816ef536e67b0fc815f63fabd9fb539bd71493dc7983e70374f9b35`
SHA3	`a814178c8ddbd3e95245cb9eb52d4e4fd4602175841453f2560f85c7e2e3d22d`
VirtualSize	`0x339a00`
VirtualAddress	`0xda9000`
SizeOfRawData	`0x339a00`
PointerToRawData	`0x35be00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.96132`

.taggant

MD5	`e0cd8456265eb88a3adc315e1dd3da50`
SHA1	`cc5a02ef6fe939e24ef63aace98ad1e019dd9dfc`
SHA256	`a64bfdd16f18cf6b38a5b2592d31ec4abf29bc2f2709f718add954df7ae41dfe`
SHA3	`f6705554658f49e6774e23cbf230bd4717e8e13d9488cda4c43cbc16a0b577c4`
VirtualSize	`0x2200`
VirtualAddress	`0x10e3000`
SizeOfRawData	`0x2014`
PointerToRawData	`0x695800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`1.93079`

Imports

kernel32.dll	`GetModuleHandleA`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .themida has a size of 0!

Leave a comment

No comments yet.