Manalyze report for fd2945e1984463e1022eb3827f0fdf0a

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Jul-03 08:52:47
Detected languages	English - United States
CompanyName	CYPE Ingenieros S.A.
FileDescription	CYPE 2019 (English)
FileVersion	`2019.a`
InternalName	cypemenu
LegalCopyright	Copyright CYPE Ingenieros S.A.
OriginalFilename	cypemenu
ProductName	CYPE Software
ProductVersion	`2019.a`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Malicious	VirusTotal score: 3/72 (Scanned on 2024-02-04 23:25:24)	`Bkav: W32.AIDetectMalware` `Cynet: Malicious (score: 100)` `Rising: Trojan.Generic@AI.97 (RDML:voBWD/BcxzTSJf2L2XLnwQ)`

Hashes

MD5	`fd2945e1984463e1022eb3827f0fdf0a`
SHA1	`3cbf22d710c82020ad8ef8d99d1177c9180748df`
SHA256	`e12a7bdf2301dae1f6d6b5aa1d51268d773faca3c6f6bae96a908830d02e6880`
SHA3	`a9718b9955ca23e46b5f04e43626c7838d853817abc93ec5b0d8fd9e1b7932cd`
SSDeep	`6144:dCYwwKlnDNeHr2uPGecsj+OQtugPRuGDN4fdVA+A5bvqfdfYp92cRcQ9uPRu:FPGoBQtu4LN4fdVAPufVYp9/KQA`
Imports Hash	`44ff0a852b40289ff2085cc27e8d026a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2018-Jul-03 08:52:47
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x4000`
SizeOfInitializedData	`0x40000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001000 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x5000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x45000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`b237ebec5c30e78c0ceba6f4132fe6eb`
SHA1	`56477fdea69d5163837e1d9dce4aed4e55219a92`
SHA256	`e62c6f1bc224e8c0e42373aa7f59edbe80d339f5aef7897ae613c09949bcd8ff`
SHA3	`ca32bd67ff31d7e9411d4b4f6b59e93b5c24d45c524b7806ff90462ba326246e`
VirtualSize	`0x3bc9`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.49603`

.rdata

MD5	`b523e768ad1ee73c1fb9a9247f239f52`
SHA1	`2bcde204f85ec6919916cfd9d6e3def421cba220`
SHA256	`1a413694a5582f712a895a4c54e828e07243a963e9ea845cf1bc85da9fb89920`
SHA3	`6a0c071e96011f6cf0317d89c3ece3dac1257b4cd38c5072b4afa3fcd52f3bc6`
VirtualSize	`0x115c`
VirtualAddress	`0x5000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.20039`

.data

MD5	`8905d049356536c45b07a66bec878122`
SHA1	`998d1b419492a998b6ff50219b5b373a41e9ca24`
SHA256	`655235bfba9b1e2f0cb1d5f8ecbb46b87c7f64eb1ac3a6f99642786d87869bcb`
SHA3	`70ca7c150f05c7dbed48b6e44ce72b94994a1af27c2dfc78ff5bfebc44854150`
VirtualSize	`0x34c34`
VirtualAddress	`0x7000`
SizeOfRawData	`0x35000`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.48527`

.rsrc

MD5	`4a36ab11ee8a3aeb5b3a1c005b903b85`
SHA1	`0792a7af3bd4a26638934bb97e9764d2362c86a5`
SHA256	`7fc735a884e50ab7777077ca9b1200d6fad95c8bff90781759fe5431b6fc78d9`
SHA3	`8dcf55557fed62a2d91d57d9043ada5085c7c0ac70479f0933ecb8ede72ae5a7`
VirtualSize	`0x8960`
VirtualAddress	`0x3c000`
SizeOfRawData	`0x9000`
PointerToRawData	`0x3c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.9098`

Imports

KERNEL32.dll	`ExitProcess` `GetModuleHandleW` `GetStartupInfoW` `GetCommandLineW` `SetCurrentDirectoryW` `GetModuleFileNameW` `GetProcAddress` `FreeLibrary` `LocalAlloc` `InterlockedExchange` `RaiseException` `GetLastError` `LoadLibraryA`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50804`
MD5	`fb586cee03adc9ca2a702d7475e4afc4`
SHA1	`faea0ee4ab14836ef75152e293287762dc481677`
SHA256	`f93f83f20995b5cc909f16214617de4a2abb2d0e7335a8f51b146231a37509f0`
SHA3	`369d98abcaa2a10c6c9a9af1d984a44b34843dda1a84329a98b9cad72c9972c0`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x368`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.71532`
MD5	`b348e829e9fb5ff2b68d328ce82cac7e`
SHA1	`98ea52474e66b9b054cd3a14d54a57e9e657ea05`
SHA256	`fdebde5a789dabd1e7bd55e1b7b40b4e7a7a4d9f90a30fc6bc1da6697a4b0448`
SHA3	`e49a574023e8378766311d3eaca173a79e3ae1045eeefdc7a6b6a65de546d4c8`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.9778`
MD5	`b27f4c22ea895b9ef6812c8ceac62b9b`
SHA1	`a7f5eb25c8c1f8da2d573a65421a996f524f285c`
SHA256	`19d70ebccbb84fb9d6b52b0bf8458b30f4d8a03b3a751b7c76d1c14bcc8dd544`
SHA3	`93a626abeb0d4793ff2e5b79b4efa7c6879030bcb60fdab2f7f0c92d96f7bae5`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.7765`
MD5	`6f0cefa418df792d70d1b1063c88ad48`
SHA1	`f2382beee1a4a735597667215bf408ee1d53abe9`
SHA256	`562e8d55531c2dcec093363d15bd9eeda143f9734d66a5564d4e12cf536631c7`
SHA3	`0718f98aeb0c24321658b89ee42ceed1db73fb34d783be42c2fa624f3b5e1c65`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.74578`
MD5	`7391c58731fa601619c3332e4263dbc4`
SHA1	`b5643ec56355b70fbdb55bc9a15fc7869220d75c`
SHA256	`ec824aaf66b0594887c40c01b36f18a532cb9e197a58a6fc6849456dc60870e1`
SHA3	`e086aacff8d208b54b91212a5760584346e38161f386ad8ea6d9e0532842584b`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1ca8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.94038`
MD5	`3b8639d5dbe1101c37a0bd97538ff33c`
SHA1	`f905127adee0f3c2e638f65fbcf2bc26a09325d3`
SHA256	`a6e297b4eee1905eeca5c93dd0d8ef4ed418d563c29afe71e2b352034e572fb2`
SHA3	`d1814e896b7504bc195f01e667af2b9c673a133366dad504deb86577d1887943`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.60845`
MD5	`36cefa4aa69441b31123d33989279c85`
SHA1	`df28d2cbc4ab591fcf0bfd73ce230c28d95861a5`
SHA256	`e3e27b1f7da67bcaafc8761fe87d1db49aec8934368bebef7f87ef6005caa8af`
SHA3	`1bd21fb66eddae03d9f0021d8297d8e02a4fc1c39cea42e0b0324a4a352d155e`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.81659`
MD5	`af26fc5e92b9319f8adf9491382813fe`
SHA1	`1eca1de3a03de0c2cbf673b78b5e436ab6d4d926`
SHA256	`ed39943420f94636db66a00c16859a43e27dbb37454bd5da70631ac7c334d355`
SHA3	`d2f58ce90c440c66ff792902973418467f0a1b79c54fd35f4afe2218c44aff7e`

ICON_PROG

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.81038`
Detected Filetype	Icon file
MD5	`04ac2bb3efb3f3cecbda144618f8f8af`
SHA1	`750ffa258245b8441b1213b3aef76da4ba939455`
SHA256	`c4663a42530d6911ca4a9cc9dab0c926077be53fd083a532d5799ca67d094cc9`
SHA3	`85a3953f2f2e2ea950872cb08609d0b1e74daa933e873ca5aa3969b23b8892c0`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x30c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.43962`
MD5	`8eb5fd61db83d64f533251da709857fc`
SHA1	`2709cd3d3df724b0b1dec51db4f33c22180442f0`
SHA256	`6f4891b3cd2e9c2118c4f052695fc4de448c36ebffcfe9f9bfade62c81a59160`
SHA3	`a09b4fa4f5cb66841bb7a1ed185d7edca28ce50f73b478984affb3d8347c18ba`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x376`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.06473`
MD5	`0965a86cf6aefacc70dd4d3799ad2253`
SHA1	`9046da7a0446d65818c81559025f10942880097d`
SHA256	`29e427b90e67f87bf2f9d94dee45027af6670a9acef49f441b01b842c0be24cd`
SHA3	`0af2b535c944d6eea209a07400539323ea40986a8cbed7e73617853b370f961f`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	20.19.0.0
ProductVersion	20.19.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	CYPE Ingenieros S.A.
FileDescription	CYPE 2019 (English)
FileVersion (#2)	2019.a
InternalName	cypemenu
LegalCopyright	Copyright CYPE Ingenieros S.A.
OriginalFilename	cypemenu
ProductName	CYPE Software
ProductVersion (#2)	2019.a

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x8c070e3f`
Unmarked objects	`0`
Imports (9210)	`3`
Total imports	`93`
C++ objects (VS98 build 8168)	`3`
C objects (VS98 SP6 build 8804)	`6`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

Errors

[*] Warning: Could not read the name of the DLL to be delay-loaded!