Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2010-Mar-01 05:52:35 |
Suspicious | The PE is possibly packed. | Unusual section name found: .stub |
Malicious | VirusTotal score: 61/68 (Scanned on 2019-11-16 00:11:03) |
Bkav:
W32.StuxnetDll238NA.Trojan
MicroWorld-eScan: Gen:Variant.Graftor.Elzob.599 CMC: Generic.Win32.016169ebeb!CMCRadar CAT-QuickHeal: TrojanDropper.Stuxnet.A McAfee: Stuxnet Cylance: Unsafe K7AntiVirus: Trojan ( 0017fd821 ) BitDefender: Gen:Variant.Graftor.Elzob.599 K7GW: Trojan ( 0017fd821 ) CrowdStrike: win/malicious_confidence_70% (D) TrendMicro: WORM_STUXNET.SM Baidu: Win32.Worm.Stuxnet.b Cyren: W32/Stuxnet.WKAU-7295 Symantec: Trojan.Gen.6 ESET-NOD32: Win32/Stuxnet.A APEX: Malicious Paloalto: generic.ml ClamAV: Win.Worm.Stuxnet-11 Kaspersky: Worm.Win32.Stuxnet.m Alibaba: Worm:Win32/Stuxnet.59a9606f NANO-Antivirus: Trojan.Win32.Stuxnet.yqyt ViRobot: Worm.Win32.A.Stuxnet.517632 SUPERAntiSpyware: Trojan.Agent/Gen-Stuxnet Avast: Win32:Duqu-F [Rtk] Ad-Aware: Gen:Variant.Graftor.Elzob.599 Sophos: Troj/Stuxnet-A Comodo: Worm.Win32.Stuxnet.a@222np3 F-Secure: Trojan.TR/Drop.Stuxnet.A DrWeb: Trojan.Stuxnet.1 VIPRE: Trojan-Dropper.Win32.Stuxnet.A (v) Invincea: heuristic McAfee-GW-Edition: Stuxnet FireEye: Generic.mg.016169ebebf1cec2 Emsisoft: Gen:Variant.Graftor.Elzob.599 (B) SentinelOne: DFI - Malicious PE F-Prot: W32/Stuxnet.A Jiangmin: TrojanDropper.Stuxnet.a Webroot: W32.Worm.Stuxnet Avira: TR/Drop.Stuxnet.A Kingsoft: Win32.Troj.LmAgentT.ar.517632 Microsoft: Trojan:Win32/Stuxnet.E Endgame: malicious (high confidence) Arcabit: Trojan.Graftor.Elzob.599 AegisLab: Worm.Win32.Stuxnet.lv3n ZoneAlarm: Worm.Win32.Stuxnet.m GData: Gen:Variant.Graftor.Elzob.599 TACHYON: Trojan-Dropper/W32.Stuxnet.513536 BitDefenderTheta: Gen:NN.ZedlaF.32250.Fu4@ai@lkLh ALYac: Trojan.Dropper.Stuxnet.A MAX: malware (ai score=100) VBA32: Malware-Cryptor.Inject.gen.2 Malwarebytes: Trojan.Stuxnet TrendMicro-HouseCall: WORM_STUXNET.SM Rising: Worm.Win32.Stuxnet.a (CLASSIC) Yandex: Trojan.DR.Stuxnet!MNR4qbCb7bg Ikarus: Trojan-Dropper.Win32.Stuxnet MaxSecure: Trojan.Malware.7177504.susgen Fortinet: W32/Stuxnet.A!tr AVG: Win32:Duqu-F [Rtk] Panda: W32/Stuxnet.A.worm Qihoo-360: Worm.Win32.Stuxnet.B |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2010-Mar-01 05:52:35 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x1800 |
SizeOfInitializedData | 0x7ba00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000101B (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x3000 |
ImageBase | 0x10000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x81000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NO_SEH
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
ExitProcess
FreeLibrary GetModuleHandleW GetVersionExW lstrcmpiA GetProcAddress DeleteFileA VirtualProtect GetCurrentProcess GetCurrentThreadId GetTickCount lstrcpyW lstrlenW |
---|---|
USER32.dll |
wsprintfW
|
Ordinal | 1 |
---|---|
Address | 0x1070 |
Ordinal | 2 |
---|---|
Address | 0x103d |
Ordinal | 3 |
---|---|
Address | 0x105b |
Ordinal | 4 |
---|---|
Address | 0x1064 |
Ordinal | 5 |
---|---|
Address | 0x1064 |
Ordinal | 6 |
---|---|
Address | 0x101b |
Ordinal | 7 |
---|---|
Address | 0x105b |
Ordinal | 8 |
---|---|
Address | 0x1090 |
XOR Key | 0xa06a15ed |
---|---|
Unmarked objects | 0 |
ASM objects (VS2008 SP1 build 30729) | 1 |
C objects (VS2008 SP1 build 30729) | 2 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 5 |
Total imports | 21 |
ASM objects (VS2012 build 50727 / VS2005 build 50727) | 1 |
137 (VS2008 SP1 build 30729) | 2 |
Exports (VS2008 SP1 build 30729) | 1 |
Resource objects (VS2008 SP1 build 30729) | 1 |