Manalyze report for fc7dd8ebeb8e764078e301e301a907b8

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2055-Apr-28 15:49:27
Comments
CompanyName
FileDescription	TestLHDllDemo
FileVersion	`1.1.9`
InternalName	AdUds.exe
LegalCopyright	Copyright © 2023
LegalTrademarks
OriginalFilename	AdUds.exe
ProductName	TestLHDllDemo
ProductVersion	`1.1.9`
Assembly Version	1.1.9.0

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: crl.symauth.com http://pki-crl.symauth.com http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07 http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crl0 http://pki-ocsp.symauth.com0 pki-crl.symauth.com symauth.com`
Suspicious	The PE is possibly packed.	`Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Section .data is both writable and executable.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCloseKey` `Possibly launches other programs: ShellExecuteA`
Malicious	VirusTotal score: 30/64 (Scanned on 2024-12-14 04:30:31)	`APEX: Malicious` `AVG: MalwareX-gen [Trj]` `Alibaba: Trojan:Win32/Enigma.98780dfe` `Antiy-AVL: Trojan[Packed]/Win64.Enigma` `Avast: MalwareX-gen [Trj]` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: Unsafe` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of Win64/Packed.Enigma.CE` `Elastic: malicious (high confidence)` `FireEye: Generic.mg.fc7dd8ebeb8e7640` `Google: Detected` `Gridinsoft: Ransom.Win32.Wacatac.sa` `Ikarus: Trojan.Win64.Enigma` `K7AntiVirus: Trojan ( 0058c50b1 )` `K7GW: Trojan ( 0058c50b1 )` `Lionic: Trojan.Win32.Generic.4!c` `Malwarebytes: Malware.Heuristic.2120` `McAfee: Artemis!FC7DD8EBEB8E` `McAfeeD: Real Protect-LS!FC7DD8EBEB8E` `MicroWorld-eScan: Trojan.GenericKD.75141895` `Paloalto: generic.ml` `Panda: Trj/Genetic.gen` `Rising: Trojan.BadProtect@XH.19A2 (CLOUD)` `Skyhigh: BehavesLike.Win32.Generic.vc` `Sophos: Generic ML PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `Trapmine: malicious.high.ml.score` `Zoner: Probably Heur.ExeHeaderL` `tehtris: Generic.Malware`

Hashes

MD5	`fc7dd8ebeb8e764078e301e301a907b8`
SHA1	`4928ae4d999700f669fe6d75eaf7d953974e4a41`
SHA256	`59826aeea0fd6aefab297d2e6c139c3739edca9196431d72955c3069d6ff3224`
SHA3	`3cd9ea804f9fd5eabb71400034617f0277ccf0ae65c5f68be6e99e36397d4e5c`
SSDeep	`49152:4m+4uqG1oHgPWyeyi6cltW5ny8qYJ//YPnRenK5OHjJUlfaZgPAGhUC:f+4/G1oHfyji668xJ//Y/RenK5ODJZZ`
Imports Hash	`2e5467cba76f44a088d39f78c5e807b6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2055-Apr-28 15:49:27
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0xbf600`
SizeOfInitializedData	`0x57a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00B2B6D4 (Section: .data)`
BaseOfCode	`0x2000`
BaseOfData	`0xc2000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xb30000`
SizeOfHeaders	`0x2000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x200000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

Section_1

MD5	`4d723c8ea7a681a6662ddf4693e80e33`
SHA1	`aa4b2a14cc10665ca25553df1b0dfb6b34a69aba`
SHA256	`c84b526b539bde58a17ac12eecd339102ed322316dde25d698f49c33e1ce2538`
SHA3	`94f2169b447cf10603a80165927691c0b6db6418d031823d0f34549329f02fef`
VirtualSize	`0xc0000`
VirtualAddress	`0x2000`
SizeOfRawData	`0x3a000`
PointerToRawData	`0x2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99922`

Section_2

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x58000`
VirtualAddress	`0xc2000`
SizeOfRawData	`0`
PointerToRawData	`0x3c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

Section_3

MD5	`2c5e866b9a2da4aaa5c532707720432b`
SHA1	`32bfc44d914917ab4f03a4a85abe9d7fd612f392`
SHA256	`bbbaaf074c3b135fc70810d5743c7f4e2eff6dc3279536783383be241130e390`
SHA3	`4cbb49cb32ecb27addc94b1890e6fe5d74a9897f7e58667c9ccf4786ff47abb3`
VirtualSize	`0x2000`
VirtualAddress	`0x11a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.284998`

.rsrc

MD5	`d66c346f11ef1ebab57df013f01a8a19`
SHA1	`f1fc05f13777b3aa14260de71d57c76a5679ed1f`
SHA256	`e0499c118774c98f901d72f54f4bada75d3887edd928ea6a6fd8927243048121`
SHA3	`08e91629104b84bd552299eec8ae30897a39c11f51cf23c364b5af92280d3d0d`
VirtualSize	`0x58000`
VirtualAddress	`0x11c000`
SizeOfRawData	`0x57800`
PointerToRawData	`0x3c200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.51778`

Section_5

MD5	`d4866fc1c56b3a5ee914f5464f5f1942`
SHA1	`aad8e7e1bd6348ebd7b5b34dc71147c887ab2280`
SHA256	`4bfe5a35f377fbf7b8561eaedfb0455baf9b3067b2244bbd708e8b7b1cb070c8`
SHA3	`49c3d480be7a69da2a23cf2adc3a8fe25c856bbc1027ca077a440479a5480b30`
VirtualSize	`0x796000`
VirtualAddress	`0x174000`
SizeOfRawData	`0x32c00`
PointerToRawData	`0x93a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99836`

.data

MD5	`f12c92ea755a6de5c807876f187d189a`
SHA1	`fc0ae4109370954b7313b6caa335e334fbaaa850`
SHA256	`000dc6c5b0f352d16c0d8d98111a26aaa855e21e783a3265e9a9c20e35baa8be`
SHA3	`1ce48389923d4c250800e09ba5c17699cdfe74447e2043433ca1e1fd8d9a7a0a`
VirtualSize	`0x226000`
VirtualAddress	`0x90a000`
SizeOfRawData	`0x224200`
PointerToRawData	`0xc6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.98597`

Imports

kernel32.dll	`GetModuleHandleA` `GetProcAddress` `ExitProcess` `LoadLibraryA`
user32.dll	`MessageBoxA`
advapi32.dll	`RegCloseKey`
oleaut32.dll	`SysFreeString`
gdi32.dll	`CreateFontA`
shell32.dll	`ShellExecuteA`
version.dll	`GetFileVersionInfoA`
mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.47813`
MD5	`08e93b39bafeb88f2117b2b349d34062`
SHA1	`e0d2f400697c3ab67a224b8cc80b22533932ab49`
SHA256	`0060ed9cd79eba2a9260567c0b96be8dde32c44c0544592260452b0d063e8bfd`
SHA3	`fd4a90f04ac5249074a0fc19827c9ccb11126f31e4f4c2cc95e8c4bd186d2980`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.30694`
MD5	`1a4147f33052b494fd012854f4b552e0`
SHA1	`e2f504af91cd9947853e2adfa0d9385c10edd203`
SHA256	`19116f23a8bfa7c6ed3e7c961678cd6d2e704c912207c949a7cfc8211c16bb8a`
SHA3	`c410396e4e8d6c59566c198302415fe7c36cf2a97b3c33bd959d3cac30d43264`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x42028`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49969`
MD5	`ddf7a3a197fd01a1df368b9bc05b478d`
SHA1	`b8defbd2bdf2195871179a90bfb265b3bb45d3b4`
SHA256	`e05960b01d9a260f9beab6af485f325cd666595fa852e22c00f86c2665995dbc`
SHA3	`67ceeb1f6f98a0c83657334386994e510cc5b722ab4dee7b32e56c0f58115f94`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43121`
MD5	`6454cd60294389d70815b8f0dd749d11`
SHA1	`d35cfc4523b66084e02239e7184bb1de7ee88899`
SHA256	`996f0abed517c478dbdacc2ddb54f1b9242183ab05ad40a3629bef716938d308`
SHA3	`bf42f48bc8dea90cb26ce3d53f5e9985e8e4c8d15bbafd9bf39f5981a1546da2`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5353`
MD5	`86c3e915be41bdddf9539b78218759a4`
SHA1	`e6253a3cee7ea843a062a0302102ae9168b5f224`
SHA256	`b7497b689134d0f4ded238be027a277fc851222b1564c7917a59a31f30e3dadf`
SHA3	`13cfc7f96c1fd6bdc36f8ae4f8da1f61fbe53d780aa22c1f5dc17ea55bd6b2bb`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.69556`
MD5	`08f845d9fd852efbd39066df4214290f`
SHA1	`88a15b513cd36420d24681eef3fc0f0e557c3a92`
SHA256	`6576665cec66b09f88208c2d8399bd642155976d29f5355df63541dd6d0df4f7`
SHA3	`48b1bf65ee103b6bcc1d643846b2e3765eb0c4cc92b427c14ac9adbaa5409e5c`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.78103`
MD5	`e998faa52977fe70ee06b1ceec202952`
SHA1	`01571f1a105ba06c00862826b5cb3fea2f6f5702`
SHA256	`49cb19116f8496f8f036fc26b8594ff8f590ec2e92f14a36d6c4f4c459a52e14`
SHA3	`b4ab968e879f71b39991567ee95b2d32898e21c37afa219466ca175a3424a9e5`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x68`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74719`
Detected Filetype	Icon file
MD5	`d67be9d6642e764689adfcd635dd0b6e`
SHA1	`4f568f231b8666deb10360611756e53cfd7f64c8`
SHA256	`bdec7b37685a71c7f761708581f6a9c93cf0e22f0037f249641fd83aeb27ba97`
SHA3	`9e958ba0ec7920a9450d78a7f0ea50c1c61e5e2ca2a23a003e777589f47e0388`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x314`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.35025`
MD5	`45d46d10549bdcd1ce1bf4020036e66f`
SHA1	`e4ac34a917a79c002dcf08f439d9450deb1f391e`
SHA256	`9616e42b8993c22e7a47118fd5c9a89fb42afb3d07908b0f72e83881bd3e318c`
SHA3	`50be080cfb72cd981d498f41866537521dbc44b9ddf4ee2dbb0ece649ab9a8dc`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.1.9.0
ProductVersion	1.1.9.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments
CompanyName
FileDescription	TestLHDllDemo
FileVersion (#2)	1.1.9
InternalName	AdUds.exe
LegalCopyright	Copyright © 2023
LegalTrademarks
OriginalFilename	AdUds.exe
ProductName	TestLHDllDemo
ProductVersion (#2)	1.1.9
Assembly Version	1.1.9.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read the exported DLL name.
[*] Warning: Section  has a size of 0!