016169ebebf1cec2aad6c7f0d0ee9026

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2010-Mar-01 05:52:35

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .stub
Malicious VirusTotal score: 61/68 (Scanned on 2019-11-16 00:11:03) Bkav: W32.StuxnetDll238NA.Trojan
MicroWorld-eScan: Gen:Variant.Graftor.Elzob.599
CMC: Generic.Win32.016169ebeb!CMCRadar
CAT-QuickHeal: TrojanDropper.Stuxnet.A
McAfee: Stuxnet
Cylance: Unsafe
K7AntiVirus: Trojan ( 0017fd821 )
BitDefender: Gen:Variant.Graftor.Elzob.599
K7GW: Trojan ( 0017fd821 )
CrowdStrike: win/malicious_confidence_70% (D)
TrendMicro: WORM_STUXNET.SM
Baidu: Win32.Worm.Stuxnet.b
Cyren: W32/Stuxnet.WKAU-7295
Symantec: Trojan.Gen.6
ESET-NOD32: Win32/Stuxnet.A
APEX: Malicious
Paloalto: generic.ml
ClamAV: Win.Worm.Stuxnet-11
Kaspersky: Worm.Win32.Stuxnet.m
Alibaba: Worm:Win32/Stuxnet.59a9606f
NANO-Antivirus: Trojan.Win32.Stuxnet.yqyt
ViRobot: Worm.Win32.A.Stuxnet.517632
SUPERAntiSpyware: Trojan.Agent/Gen-Stuxnet
Avast: Win32:Duqu-F [Rtk]
Ad-Aware: Gen:Variant.Graftor.Elzob.599
Sophos: Troj/Stuxnet-A
Comodo: Worm.Win32.Stuxnet.a@222np3
F-Secure: Trojan.TR/Drop.Stuxnet.A
DrWeb: Trojan.Stuxnet.1
VIPRE: Trojan-Dropper.Win32.Stuxnet.A (v)
Invincea: heuristic
McAfee-GW-Edition: Stuxnet
FireEye: Generic.mg.016169ebebf1cec2
Emsisoft: Gen:Variant.Graftor.Elzob.599 (B)
SentinelOne: DFI - Malicious PE
F-Prot: W32/Stuxnet.A
Jiangmin: TrojanDropper.Stuxnet.a
Webroot: W32.Worm.Stuxnet
Avira: TR/Drop.Stuxnet.A
Kingsoft: Win32.Troj.LmAgentT.ar.517632
Microsoft: Trojan:Win32/Stuxnet.E
Endgame: malicious (high confidence)
Arcabit: Trojan.Graftor.Elzob.599
AegisLab: Worm.Win32.Stuxnet.lv3n
ZoneAlarm: Worm.Win32.Stuxnet.m
GData: Gen:Variant.Graftor.Elzob.599
TACHYON: Trojan-Dropper/W32.Stuxnet.513536
BitDefenderTheta: Gen:NN.ZedlaF.32250.Fu4@ai@lkLh
ALYac: Trojan.Dropper.Stuxnet.A
MAX: malware (ai score=100)
VBA32: Malware-Cryptor.Inject.gen.2
Malwarebytes: Trojan.Stuxnet
TrendMicro-HouseCall: WORM_STUXNET.SM
Rising: Worm.Win32.Stuxnet.a (CLASSIC)
Yandex: Trojan.DR.Stuxnet!MNR4qbCb7bg
Ikarus: Trojan-Dropper.Win32.Stuxnet
MaxSecure: Trojan.Malware.7177504.susgen
Fortinet: W32/Stuxnet.A!tr
AVG: Win32:Duqu-F [Rtk]
Panda: W32/Stuxnet.A.worm
Qihoo-360: Worm.Win32.Stuxnet.B

Hashes

MD5 016169ebebf1cec2aad6c7f0d0ee9026
SHA1 0931fd4e05e6ea81c75f8488ecc1db9e66f22cbb
SHA256 9c891edb5da763398969b6aaa86a5d46971bd28a455b20c2067cb512c9f9a0f8
SHA3 aced8ce553bc7e8c348a8cfd8e7e4e9c8f3118b1e6b83ea3fdcea3cd83fb34e4
SSDeep 12288:K0kBuHsZfYLyB9SqoKumDXh1al+hte5+tAL7LwOJ50UWpGtJxK:/HnqoKpXLaUygKPwob
Imports Hash 0021f47781268b6caaf314d0b686997c

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2010-Mar-01 05:52:35
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x1800
SizeOfInitializedData 0x7ba00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000101B (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x3000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x81000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NO_SEH
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 17e2270d82d774b7f06902fa7d630c74
SHA1 da588d478e5cda44c3238da3bf0f96fd4867de09
SHA256 f787b35e7ca738dc974d5eac17a4108b2baf4bfde88cdce48f55ac6403302637
SHA3 481eaa7ee8e6b93517966bb4d75e752043a1416def5d1f4707a6578c4122cb3b
VirtualSize 0x16ad
VirtualAddress 0x1000
SizeOfRawData 0x1800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.97408

.rdata

MD5 06bc6e1b74763c69868f7c7156c98c10
SHA1 a3c019e8c95630eab6f68c8b4a492229a1abbe3d
SHA256 fb16872c847f9e8be2629f0768e2620ddec4ad2feee44d2bd83ab5e505d8da7a
SHA3 4e04a61e00793bbf6ff33a0ca2204aed695e33bd80dde3291f6599f5649b8d91
VirtualSize 0x54a
VirtualAddress 0x3000
SizeOfRawData 0x600
PointerToRawData 0x1c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.56072

.data

MD5 9475a59226943a3ad422e18169989f66
SHA1 4174927c59854c80d33c69e7a43856b2b6c6af84
SHA256 d839a3521723b8a55d09d8eed9848940b284828e4d09218202c3ee11046bc16d
SHA3 6a93cc87909571d767d237e39dc48f437ee4242cf646fe335698b2b191003d4e
VirtualSize 0x20
VirtualAddress 0x4000
SizeOfRawData 0x200
PointerToRawData 0x2200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0203931

.reloc

MD5 805900ca02d0550f9587e2566d923ca8
SHA1 afa3c6d8586ae41c3aa352edb9fbf32e42ab6f20
SHA256 15626b0c5b469600f6f92fb84d18beb5a8d3a464d22945f17e6150527f77f890
SHA3 692ae1fc13bc61409e6791f5bf377f7a5ba0e8aae62e52616761e50e2d7a1dc0
VirtualSize 0x146
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x2400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.55942

.stub

MD5 6c59aa544f45b5fd5509e77ebefb538d
SHA1 eb196212ef92b475158967ac9e9390485697b3c3
SHA256 882449323acd3f8de57a61569c60a76e549588ceb62264f0a6eafe34d9e1ab9c
SHA3 796fc1f6a574db2dc4b1d748527314b416e8a4ba4dbac8859af768a5e3650b05
VirtualSize 0x7b000
VirtualAddress 0x6000
SizeOfRawData 0x7b000
PointerToRawData 0x2600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99802

Imports

KERNEL32.dll ExitProcess
FreeLibrary
GetModuleHandleW
GetVersionExW
lstrcmpiA
GetProcAddress
DeleteFileA
VirtualProtect
GetCurrentProcess
GetCurrentThreadId
GetTickCount
lstrcpyW
lstrlenW
USER32.dll wsprintfW

Delayed Imports

CPlApplet

Ordinal 1
Address 0x1070

DllCanUnloadNow

Ordinal 2
Address 0x103d

DllRegisterServer

Ordinal 3
Address 0x105b

DllUnregisterServer

Ordinal 4
Address 0x1064

DllRegisterServerEx

Ordinal 5
Address 0x1064

DllUnregisterServerEx

Ordinal 6
Address 0x101b

DllGetClassObject

Ordinal 7
Address 0x105b

DllGetClassObjectEx

Ordinal 8
Address 0x1090

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xa06a15ed
Unmarked objects 0
ASM objects (VS2008 SP1 build 30729) 1
C objects (VS2008 SP1 build 30729) 2
Imports (VS2012 build 50727 / VS2005 build 50727) 5
Total imports 21
ASM objects (VS2012 build 50727 / VS2005 build 50727) 1
137 (VS2008 SP1 build 30729) 2
Exports (VS2008 SP1 build 30729) 1
Resource objects (VS2008 SP1 build 30729) 1

Errors

<-- -->