Manalyze report for fad6501d34d4e0fd7befe87b13db23bf

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-Dec-02 23:39:58
Detected languages	English - United States

Plugin Output

Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `The PE only has 9 import(s).`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegLoadKeyW` `Queries user information on remote machines: NetWkstaGetInfo`
Info	The PE's resources present abnormal characteristics.	`Resource 4081 is possibly compressed or encrypted.` `Resource 4084 is possibly compressed or encrypted.` `Resource 4085 is possibly compressed or encrypted.` `Resource 4086 is possibly compressed or encrypted.` `Resource 4087 is possibly compressed or encrypted.` `Resource 4088 is possibly compressed or encrypted.` `Resource 4089 is possibly compressed or encrypted.` `Resource PACKAGEINFO is possibly compressed or encrypted.` `The binary may have been compiled on a machine in the UTC+1 timezone.`
Malicious	VirusTotal score: 4/66 (Scanned on 2021-11-25 00:55:41)	`McAfee-GW-Edition: BehavesLike.Win64.Generic.gc` `MaxSecure: Trojan.Malware.300983.susgen` `Antiy-AVL: Trojan/Generic.ASBOL.C5E3` `APEX: Malicious`

Hashes

MD5	`fad6501d34d4e0fd7befe87b13db23bf`
SHA1	`15626dc498f5a92b4a0f2862560b93e04a4203a5`
SHA256	`483122115113d6083eb5f633b36be2f0065e779e600c9c541c4a3b6dec29ec9f`
SHA3	`b480eee2fef53d399f9aff76f376bad23194d8117f1d4b18ffe0d1470622170c`
SSDeep	`12288:6UDv4x7c5Addx6PtMaPAE/aHRJwy6kbgs80Q:6sv4lklXPhgRckbM0Q`
Imports Hash	`304c965ac22a66c271e5a7e1749a8e2e`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`3`
TimeDateStamp	2019-Dec-02 23:39:58
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`8.2`
SizeOfCode	`0x6b000`
SizeOfInitializedData	`0x1000`
SizeOfUninitializedData	`0x189000`
AddressOfEntryPoint	`0x00000000001F4070 (Section: UPX1)`
BaseOfCode	`0x18a000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`5.2`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x1f6000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x189000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`4f34db9deb46f6f5d851fa5a49e3dec6`
SHA1	`191bc7ab98d5295f7ea9b60679ce3532bbba440d`
SHA256	`373cb5016f9d0e59225a8b28e04521b9edf53c6d0849ebdf77502241485455e3`
SHA3	`d8f06f4afaf3745fc54d77b2b11fd8fcbb971bbc875cf1e720f35d2e9d78bee2`
VirtualSize	`0x6b000`
VirtualAddress	`0x18a000`
SizeOfRawData	`0x6a600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.896`

.rsrc

MD5	`760a1e01c657e7d5e35aeb1003f40cc9`
SHA1	`6fe283c3c6ee77247cf6aaa8e65d7326f8939eb6`
SHA256	`9b2c7416781591a0342d2df583db5f81467c882f98676b1d628dc952b9de9a84`
SHA3	`603f8e3653471545195e24a6a4809e9401954b0671ad05cc6995f95716cfa6f8`
VirtualSize	`0x1000`
VirtualAddress	`0x1f5000`
SizeOfRawData	`0x800`
PointerToRawData	`0x6aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.78256`

Imports

advapi32.dll	`RegLoadKeyW`
KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`
netapi32.dll	`NetWkstaGetInfo`
oleaut32.dll	`VariantCopy`
user32.dll	`CharNextW`
version.dll	`VerQueryValueW`

Delayed Imports

4080

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x21c`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`6.9162`
MD5	`ee4d8c4da5979063c1c60348fa664d06`
SHA1	`8b98f651c094c51add56d2aacf4f35b1b6e1c818`
SHA256	`7f22ece29a6e1a60a3f2cb8d50f92d301f6f2b95d12ca0d212e984d597b0af69`
SHA3	`bbec31bc47863cc2d56f34654c22de47656bdbcb6786c461047bb001e0f85a49`

4081

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x358`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`7.00729`
MD5	`6f106fdd7ef7f17ff01b5c80f1a3f17c`
SHA1	`6b4332bc4331fe224f19added0458c9b42c5ed00`
SHA256	`96580a3cab8422c1b82a96065f71a8374b288a82f4fca513900183af4c070360`
SHA3	`8207db2a4007b21bfcab9eef1165639bbd04ef17de5f9d27b930fe0551c6a018`

4082

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x394`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`6.99803`
MD5	`0aaa1156fb2a7c9ca5ebf8db52fcfe88`
SHA1	`4d5ff047012648214e609b6da10e721f939d5307`
SHA256	`12696dc5493ca5dc66e8f021ad966ab8204868fcedbbfd3b1318f311af894223`
SHA3	`ac61c49fb562534a8d493f7ae487bdc7dfd60366fd5d09f21bb7ea3d77d894a1`

4083

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x388`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`6.95682`
MD5	`ed6a670589d44e72bcc3cc9ebf4cf8ca`
SHA1	`3e5d67792d7feb9509b36cd18344c21e7a9c15cf`
SHA256	`da3e61d75927e4086a9a5bbdb1df570ec1fbd87dff1affa90c2ef11607f4886f`
SHA3	`8fb39c717e84f779bf2c65e19cf8e58e73c8682b666d2f7ce9ad352625609150`

4084

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x40c`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`7.0249`
MD5	`0775169ba20619ce1175917c458c02b0`
SHA1	`0dfe014c1f60b2a0c8ddcb7da873ee203c19f118`
SHA256	`deb949f50eb95fea253c658e80cff2a4ce5075e8ae793d9ca2303b4ba52ab07c`
SHA3	`fbad21d0864b6c0be5512b1ed486a690082f17c6642481bfa61657d6978b165a`

4085

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x378`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`7.07191`
MD5	`b48ce2c1a0d2b462cd74f2fe61a2d8bd`
SHA1	`75cb17d16dc3f934532808c37161b6f2a17cae7a`
SHA256	`5262def54d5fc60f460be4759fdc00d02c97ebcd4c444a8f0c7ac6a480d4b79f`
SHA3	`a0e1a1b903a64eb2a74e6af0a9649bca0095adf285c1419d25921c19f22d4f1c`

4086

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x460`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`7.0324`
MD5	`f5ddf71fac234979768848361bd2fc74`
SHA1	`4cb2a6265caaf5bb01c1f4624664fd7f4b9b8a59`
SHA256	`2b976dcf5ce9c1e59d89a1293404aee19fd04769d37a5c322d24d83f78cda5b2`
SHA3	`765e6ed3980d01c08c138628a5e0914652d0b161fa9f7d657086bc01f6e61e95`

4087

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4b4`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`7.09608`
MD5	`07db92b8c9a8b649a4307aede38bb1dc`
SHA1	`ef7ec8e0de6492379263f217ac31c3912a4cc599`
SHA256	`3df4d56807987f89d4587d5fe01d11465065371ffd938e26681b640854abd121`
SHA3	`fad1a85a787e6272647cee3d1e639da6bdef3712c8bca3304f0d7291df6fcd19`

4088

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x378`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`7.1191`
MD5	`9e99e91af1c340a2d2ea34b9b3cecb06`
SHA1	`a38ae079bb4b941b682691fc64239b802523086b`
SHA256	`71b4eb66d9a2fd8019a565eb9b46fddd6807b0734cfebed7b6a267fc86ff5309`
SHA3	`c6936deec6d38c41595ab0787da02ded03913608154d3f33b40d00c8858abfd2`

4089

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x440`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`7.02771`
MD5	`8e2aa2cfffe3376a2dc8fafe82107b1a`
SHA1	`1edb6fe1b22d7978577910d709304b9c3df2301b`
SHA256	`15eba31adcdc8eaa3873291afd67892bd2c75adc0a4114e345ec0c676d06ed5c`
SHA3	`3ce5390eb979e2b2137ff3985e1fe8e1b3b4dfa550753d2345b5206f9a7bc88f`

4090

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1d0`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`6.68075`
MD5	`4ec01285659379e58f797b7208fb439d`
SHA1	`9e47545bb9b15c438bc9a6471e221760d0798624`
SHA256	`17a5c1605b435ba6c3f0d334da5c7fb8f9a1a2e9b5d65b76ea18dfbddfa7f189`
SHA3	`e4749e38e9fc98e1d54b62f0c36ee621e455ea8c57bb81fbccedd9a7b4f098d0`

4091

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xcc`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`6.47443`
MD5	`f273d460224feb3f4ef1cd4a97f98009`
SHA1	`3c118b5b620e63318b7addf45b40083017587b51`
SHA256	`5810a11f9661b8d2523db6eb8b04634b819108bb39bcabab1bda6027e75a36b7`
SHA3	`5cc8eede2a427606225cb5120710bb467f9b7f931e280e2568d3e5030537bc44`

4092

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x17c`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`6.70938`
MD5	`0baaaee1ae51dfa54ae77c88aac2b034`
SHA1	`1ca387c5b6e0d69f064a9d467c8ef63bd3160633`
SHA256	`d07ff5a899adf04e499ecedc3e9d650c6aa82136bffad4f6dfc0131f35e3624d`
SHA3	`1da7c9485c49117fd1fa7e2cebe1e06a9a23a9b9805a3ef2bb78bcbb0b04ba70`

4093

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x384`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`6.96793`
MD5	`e66506cea8441b7a25e210967dbd38f3`
SHA1	`bfaff25de3bff29ad55f2bb93cdf15dac1de88a2`
SHA256	`127e2487bbe92030642a6423af1e652679846b9f76b323d1827c1e2fd9f9e889`
SHA3	`c945d55435f4783c4fba2ad66d83dba888cc99d805ccdcd9bdfbeefa9b0d790f`

4094

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3e0`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`6.93944`
MD5	`11817f775977e035e665c82fb81008ff`
SHA1	`82b79481f935fd8ab4d5da8055ecd8a9b9b80243`
SHA256	`1e9cedcf1071159d9c620af520f61a90f9b7d53c9f1236b94b27cee5aed6dbc7`
SHA3	`0e58bad7267e35d4d6db3807683a97f7a70d73fcfebee214a7445ba275903749`

4095

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x368`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`6.92687`
MD5	`4826d164b8d25eef74de8918d189077c`
SHA1	`74eaead3f35aacd45ac9c7ed55ed46310f86e402`
SHA256	`acdd0fe4416d848db4a38ede0cd72ad28f65bdfb533d5be2917d954a030ed0d4`
SHA3	`41a515d997fddd08ee65d3bb34153280e0d521a71c36d1ce9ee623f65cf0d039`

4096

Type	`RT_STRING`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x294`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`6.79214`
MD5	`f977d3de84d9de3f4b0334c124a0e0f2`
SHA1	`d93e0ecdcb3692b8eeda25d6fb2423a2baa66bce`
SHA256	`b270370745da61a6cbbb66add1b82467ae7953abab15634cc73b8c4a13062788`
SHA3	`1059dacc324833f56db21ffa8ca79fa5de50653765b424bdd40ae7d55ff9fd96`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`3.625`
MD5	`43afaaf17fb531ed761f02d4324bf08a`
SHA1	`91134faafe57a738909d3de7bc2d68943b911edc`
SHA256	`03a112268ba89c1bb616d5731d85097a215deb82c4d89d92da6a78d39da731ed`
SHA3	`32f30dc1b53b0da75f5aa7137acfa9d8159ae1994a184b81c559fdccd80b8f29`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x420`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`7.0322`
MD5	`2f7df09f2d9b2902a890075533ac4137`
SHA1	`3112355b1446fd8442558ce952da91df94419c74`
SHA256	`c23f888ccf29c6e3ec3f416001a8b814cb5478f71d3113c75fd2374980dab4d9`
SHA3	`7248c835adc5570320258337a68127f2ba8de926cb7d030bc00aa9638c716e5f`

PLATFORMTARGETS

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	2019-Dec-03 00:40:00
Entropy	`1`
MD5	`d4d35b36c71cb59a527f085492a11e84`
SHA1	`b9f72d8bbe175c66ba22f772c9cfcf7e88e9aca1`
SHA256	`ec015eba2a8b7eb1b54494efff0bd58265c8fc7e355c3a0126fbec3489ea2922`
SHA3	`8c3c903324b2beac5354ce8c3a9db9bed0107905d62a56125a07c2efbca82598`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Could not read the name of the DLL to be delay-loaded!
[*] Warning: IMAGE_EXPORT_DIRECTORY field Characteristics is reserved and should be 0!
[!] Error: Could not read the exported DLL name.
[!] Error: Could not reach the TLS callback table.
[*] Warning: Section UPX0 has a size of 0!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!
[*] Warning: Couldn't convert a string from a RT_STRING resource to UTF-8!