Manalyze report for 00ac639338ca4b997c77d266f76b9fda

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2014-Aug-27 02:27:48
TLS Callbacks	2 callback(s) detected.

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Possibly launches other programs: system` `Enumerates local disk drives: GetDriveTypeA`
Malicious	VirusTotal score: 36/57 (Scanned on 2016-04-30 23:26:10)	`MicroWorld-eScan: Gen:Variant.Razy.40473` `CAT-QuickHeal: TrojanSpy.Nivdort.WR8` `ALYac: Gen:Variant.Razy.40473` `VIPRE: Trojan.Win32.Generic!BT` `BitDefender: Gen:Variant.Razy.40473` `K7GW: Trojan ( 004e2ee21 )` `K7AntiVirus: Trojan ( 004e2ee21 )` `F-Prot: W32/Nivdort.K.gen!Eldorado` `Symantec: Trojan.Gen` `ESET-NOD32: a variant of Win32/Bayrob.BR` `TrendMicro-HouseCall: TROJ_BAYROB.SMX` `Avast: Win32:Malware-gen` `Kaspersky: HEUR:Trojan.Win32.Bayrob.gen` `Tencent: Win32.Trojan.Bayrob.Duy` `Ad-Aware: Gen:Variant.Razy.40473` `Sophos: Troj/Bayrob-CM` `Comodo: UnclassifiedMalware` `F-Secure: Gen:Variant.Razy.40473` `DrWeb: Trojan.Bayrob.58` `McAfee-GW-Edition: BehavesLike.Win32.PWSZbot.dh` `Emsisoft: Gen:Variant.Razy.40473 (B)` `Cyren: W32/Nivdort.K.gen!Eldorado` `Avira: TR/Nivdort.ceyr` `Fortinet: W32/Bayrob.BR!tr` `Arcabit: Trojan.Razy.D9E19` `AhnLab-V3: Trojan/Win32.Agent` `Microsoft: TrojanSpy:Win32/Nivdort` `McAfee: Trojan-FIIE!00AC639338CA` `AVware: Trojan.Win32.Generic!BT` `VBA32: BScope.Trojan.Diple` `Panda: Trj/Genetic.gen` `Rising: Trojan.Bayrob!8.FB-crb12Y1aWlM (Cloud)` `Ikarus: Trojan.Inject` `GData: Gen:Variant.Razy.40473` `AVG: Win32/Cryptor` `Qihoo-360: HEUR/QVM20.1.0000.Malware.Gen`

Hashes

MD5	`00ac639338ca4b997c77d266f76b9fda`
SHA1	`ed46c132eadfe9c01daade1bfe16f17636a492a4`
SHA256	`a4e6bb31de0e916de110c13b8562cf6e87721287bfaec60d629b3ee161b6c02f`
SHA3	`be9b058a781d5f2be2b6145ef16fa46800ba6a954534d868a0346c8d1da822cf`
SSDeep	`6144:I/8rRI7G0QRpjQ94QGtJkSvQLZKRSUkbK1M:PrG7RQRC94rfZQ9KsUH1M`
Imports Hash	`bee2f1112f0f68e64283b118e72f303a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2014-Aug-27 02:27:48
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x3c200`
SizeOfInitializedData	`0x44c00`
SizeOfUninitializedData	`0x7200`
AddressOfEntryPoint	`0x000014C0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3e000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x53000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f22bf6103fcf8628350774853fdf092d`
SHA1	`37b96bab96d8190fe45af95c0e84fbd43bf0fb17`
SHA256	`2b9fff97a1b5f94a7d9a37334bae537098b20954e15281744245a58294e955b3`
SHA3	`7f937c1bb9b05d4a40e88004fee376d96548ae8be4325f4a5d0daef56f4cb00b`
VirtualSize	`0x3c084`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3c200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.72896`

.data

MD5	`e7e2239761ae7b6f13ce4594453e10e4`
SHA1	`97f8fc7453bf9246b60eefcca2f2210360b0011f`
SHA256	`b66ff71349936577846a72415069c0cb15aa33ad23063fc58de56299cbf2b278`
SHA3	`6ea70bf914b5a1e57f176df9af9f935481f927d6d2045a506bf1eadb727772f5`
VirtualSize	`0x47ac`
VirtualAddress	`0x3e000`
SizeOfRawData	`0x4800`
PointerToRawData	`0x3c600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.40034`

.rdata

MD5	`49cd93159084efe36ef4852ba6523840`
SHA1	`9aa1489cede6edfe89daae1a6cfd64278d6ff577`
SHA256	`ae296a90aa469a2e258d6cd695d1cccec227e3790d738fa929044c429047950f`
SHA3	`67c178b1722e6b56b0db2e82ea77280aa2c516ace18ca3a44cb7a731a820db90`
VirtualSize	`0x103c`
VirtualAddress	`0x43000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x40e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.41865`

.eh_fram

MD5	`b93f1badbe57e289ef4fde87100a9901`
SHA1	`36bf867409ce670a7669e8d09d00cc3a9b6eee1b`
SHA256	`85447884b1e5016162892a9806ed7269dd0c045c3d2b46d9fec5b39d88223ddc`
SHA3	`1debbbfc16264bab32c3097443264d6ac990a1022b134a45dd9280016f5df1cb`
VirtualSize	`0x11b8`
VirtualAddress	`0x45000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x42000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.72042`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x71c0`
VirtualAddress	`0x47000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`be0da12d315d8acefd3dd0a04930c3ec`
SHA1	`cf0bf997c54c81815314b16c519abd833713a507`
SHA256	`863e2d5ab39d4fdff753bccc18d3637d48a1e481ffb0bca86413ef4d05fc4b69`
SHA3	`fc19a3612a9d7143bf1b6423c8ccfdacf5ea8d218266ad94159510378af33910`
VirtualSize	`0x185c`
VirtualAddress	`0x4f000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x43200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.19109`

.CRT

MD5	`3d192fe10bc7687e177b018b7d85cfd8`
SHA1	`ff7ff925ab24f82db29f725fb3b03d222108a295`
SHA256	`6527555e7afd8b42f86f7812bee5818f5b8cd665187fb5613ea1fd843cb0fef7`
SHA3	`5df16ce66024f66736874b67614ebba816b84b1e9212b15af7916609bc93b6eb`
VirtualSize	`0x34`
VirtualAddress	`0x51000`
SizeOfRawData	`0x200`
PointerToRawData	`0x44c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.263992`

.tls

MD5	`40f47d9066b83462fd32fa9e85a90cbf`
SHA1	`026683c791fc8d859ba83a780ed52fdf742e7903`
SHA256	`c507be214e802d43cca2513adca3be453b62849acfd13cdf9653bc99c5a3afde`
SHA3	`2b5f9efd2d39e39f4360c0b847948f9806d938f6564366037827a55bf0f31f3d`
VirtualSize	`0x20`
VirtualAddress	`0x52000`
SizeOfRawData	`0x200`
PointerToRawData	`0x44e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.205446`

Imports

GDI32.dll	`GetBkColor` `GetClipRgn` `GetCurrentObject` `GetDCPenColor` `GetDeviceCaps` `GetFontLanguageInfo` `GetFontUnicodeRanges` `GetGraphicsMode` `GetMapMode` `GetNearestColor` `GetNearestPaletteIndex` `GetObjectType` `GetPixelFormat` `GetRandomRgn` `GetStretchBltMode` `GetSystemPaletteUse` `GetTextCharacterExtra` `GetTextCharsetInfo` `GetTextColor` `SetPixel` `SetSystemPaletteUse` `SetTextAlign` `SetTextColor` `UpdateColors`
KERNEL32.dll	`DeleteCriticalSection` `DeleteFileA` `EnterCriticalSection` `FreeLibrary` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetDriveTypeA` `GetFileTime` `GetLastError` `GetModuleHandleA` `GetModuleHandleW` `GetProcAddress` `GetProcessHeap` `GetStartupInfoA` `GetStdHandle` `GetSystemTimeAsFileTime` `GetTickCount` `GetVersion` `GlobalAlloc` `GlobalFlags` `GlobalHandle` `GlobalSize` `InitializeCriticalSection` `IsDebuggerPresent` `IsProcessorFeaturePresent` `LeaveCriticalSection` `LoadLibraryA` `LoadResource` `LocalFlags` `LockResource` `MoveFileA` `QueryPerformanceCounter` `SetFilePointer` `SetUnhandledExceptionFilter` `SizeofResource` `Sleep` `TerminateProcess` `TlsGetValue` `UnhandledExceptionFilter` `VirtualProtect` `VirtualQuery`
msvcrt.dll	`__dllonexit` `__getmainargs` `__initenv` `__lconv_init` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_cexit` `_chgsign` `_ecvt` `_errno` `_fgetchar` `_fileno` `_fileno` `_finite` `_fmode` `_fputwchar` `_getmaxstdio` `_fcvt` `_getw` `_initterm` `_iob` `_itoa` `_lock` `_ltoa` `_makepath` `_memccpy` `_nextafter` `_onexit` `_putenv` `_rmtmp` `_rmtmp` `_scalb` `_searchenv` `_seterrormode` `_setmaxstdio` `_stat` `_strcmpi` `_strlwr` `_strnicmp` `_strnset` `_strset` `_swab` `_tempnam` `_tempnam` `_tzset` `_unlink` `_unlock` `_vsnprintf` `_wasctime` `_wcsicmp` `_wcsicoll` `_wcslwr` `_wcsnicmp` `_wcsnicoll` `_wcsset` `_wcsupr` `_wfopen` `_wctime` `_wfreopen` `_wstrdate` `_wtmpnam` `_wtol` `abort` `asctime` `atoi` `calloc` `clock` `exit` `fclose` `fflush` `fopen` `fprintf` `fputs` `fputwc` `fread` `free` `freopen` `frexp` `fseek` `fwrite` `fwscanf` `isalpha` `isleadbyte` `islower` `isprint` `ispunct` `isupper` `iswalnum` `iswcntrl` `iswdigit` `localeconv` `localtime` `iswpunct` `iswspace` `ldiv` `log10` `malloc` `mblen` `mbstowcs` `memcmp` `memmove` `memset` `mktime` `mbtowc` `memcpy` `rand` `realloc` `remove` `rename` `rewind` `signal` `sprintf` `srand` `strcat` `strcmp` `strcpy` `strerror` `strftime` `strlen` `strncat` `strncmp` `strstr` `strtok` `strtol` `system` `time` `tmpfile` `tmpnam` `toupper` `towupper` `vfprintf`
USER32.dll	`BeginPaint` `CallWindowProcA` `CheckDlgButton` `DrawTextA` `EnableWindow` `EndDialog` `EndPaint` `GetCursor` `GetDC` `GetDialogBaseUnits` `GetDlgItem` `GetDlgItemInt` `GetForegroundWindow` `GetInputState` `GetMenu` `GetMenuCheckMarkDimensions` `GetMenuContextHelpId` `GetMenuItemCount` `GetMenuItemID` `GetMenuState` `GetPropA` `GetQueueStatus` `GetScrollPos` `GetWindowContextHelpId` `GetWindowLongA` `IsWindowEnabled` `IsWindowUnicode` `MoveWindow` `PostMessageA` `RemovePropA` `SendMessageA` `SetDlgItemTextA` `SetFocus` `SetWindowTextA` `ShowWindow` `WindowFromDC`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x452000`
EndAddressOfRawData	`0x45201c`
AddressOfIndex	`0x44d690`
AddressOfCallbacks	`0x451020`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00437E50` `0x00437E00`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!