Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2014-Mar-18 21:02:35 |
Detected languages |
French - France
|
Suspicious | PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h) UPX -> www.upx.sourceforge.net UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser |
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Suspicious | The PE is packed with UPX |
Unusual section name found: UPX0
Section UPX0 is both writable and executable. Unusual section name found: UPX1 Section UPX1 is both writable and executable. |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE is possibly a dropper. |
Resource 4 is possibly compressed or encrypted.
Resource 102 is possibly compressed or encrypted. Resource 105 is possibly compressed or encrypted. Resource 106 is possibly compressed or encrypted. Resource 107 is possibly compressed or encrypted. Resource 108 is possibly compressed or encrypted. Resource 111 is possibly compressed or encrypted. Resource 112 is possibly compressed or encrypted. Resource 113 is possibly compressed or encrypted. Resource 115 is possibly compressed or encrypted. Resource 101 is possibly compressed or encrypted. Resources amount for 86.1933% of the executable. |
Malicious | VirusTotal score: 41/68 (Scanned on 2019-10-07 08:24:13) |
CAT-QuickHeal:
Hacktool.Keygen
ALYac: Misc.Keygen Malwarebytes: RiskWare.Tool.HCK Zillya: Backdoor.NanoCore.Win32.603 SUPERAntiSpyware: Hack.Tool/Gen-Crack K7AntiVirus: Trojan ( 0047838c1 ) Alibaba: HackTool:Win32/Keygen.fc3aeee0 K7GW: Trojan ( 0047838c1 ) Cybereason: malicious.455d4a TrendMicro: CRCK_ACTIVATOR Symantec: Trojan.Gen.X ESET-NOD32: a variant of Win32/Keygen.HA potentially unsafe Avast: FileRepMetagen [PUP] ClamAV: Win.Trojan.Sality-67905 NANO-Antivirus: Trojan.Win32.Kryptik.eopvgw Comodo: ApplicUnwnt@#vdgy2m5kfkzt VIPRE: Trojan.Win32.Generic!BT Invincea: heuristic McAfee-GW-Edition: BehavesLike.Win32.Backdoor.fc Trapmine: suspicious.low.ml.score FireEye: Generic.mg.015a355a7890a08d Sophos: X-Force Keymaker (PUA) Jiangmin: Trojan.Heur.hm Webroot: W32.Trojan.Gen Fortinet: Riskware/KeyGen Endgame: malicious (moderate confidence) ViRobot: Patcher.Autodesk.329216 Microsoft: HackTool:Win32/Keygen AhnLab-V3: Unwanted/Win32.KeyGen.R268532 Acronis: suspicious McAfee: HTool-Keygen.c MAX: malware (ai score=98) Cylance: Unsafe TrendMicro-HouseCall: CRCK_ACTIVATOR Yandex: PUP.Agent! SentinelOne: DFI - Malicious PE MaxSecure: Trojan.Malware.3405.susgen GData: Win32.Application.Agent.VL8PN3 AVG: FileRepMetagen [PUP] Panda: PUP/Keygen CrowdStrike: win/malicious_confidence_70% (W) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 3 |
TimeDateStamp | 2014-Mar-18 21:02:35 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x4e000 |
SizeOfInitializedData | 0x3000 |
SizeOfUninitializedData | 0xe2000 |
AddressOfEntryPoint | 0x0012FFD0 (Section: UPX1) |
BaseOfCode | 0xe3000 |
BaseOfData | 0x131000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x134000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.DLL |
LoadLibraryA
GetProcAddress VirtualProtect VirtualAlloc VirtualFree ExitProcess |
---|---|
ADVAPI32.dll |
CryptGenRandom
|
GDI32.dll |
BitBlt
|
USER32.dll |
GetDC
|
WINMM.dll |
waveOutOpen
|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x493f44 |
SEHandlerTable | 0x411f90 |
SEHandlerCount | 326 |
XOR Key | 0xce8b20f8 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2008 build 21022) | 33 |
C objects (VS2008 build 21022) | 131 |
19 (8034) | 2 |
138 (VS2008 build 21022) | 60 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 11 |
Total imports | 162 |
C++ objects (VS2008 build 21022) | 62 |
Linker (VS2008 build 21022) | 1 |
Resource objects (VS2008 build 21022) | 1 |