| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2013-Jan-12 11:14:48
|
| Info |
Matching compiler(s): |
Dev-C++ v5
Microsoft Visual C++ 8.0
|
| Suspicious |
The PE is possibly packed. |
The PE only has 0 import(s).
|
| Suspicious |
The file contains overlay data. |
2560 bytes of data starting at offset 0x1600.
|
| Malicious |
VirusTotal score: 31/69 (Scanned on 2019-02-15 09:32:56) |
MicroWorld-eScan:
Trojan.Generic.22536348
McAfee:
RDN/Generic.grp
Cylance:
Unsafe
TrendMicro:
TROJ_GEN.R001C0PJD18
Symantec:
ML.Attribute.HighConfidence
TrendMicro-HouseCall:
TROJ_GEN.R001C0PJD18
Avast:
Win32:Malware-gen
ClamAV:
Win.Trojan.Agent-1821295
BitDefender:
Trojan.Generic.22536348
NANO-Antivirus:
Trojan.Win32.Crypted.cwvefr
Ad-Aware:
Trojan.Generic.22536348
Emsisoft:
Trojan.Generic.22536348 (B)
DrWeb:
Trojan.Siggen7.54465
Zillya:
Trojan.Small.Win32.28348
McAfee-GW-Edition:
RDN/Generic.grp
TheHacker:
Trojan/Small.nip
SentinelOne:
static engine - malicious
Jiangmin:
Trojan.Generic.gaon
Antiy-AVL:
Trojan/Win32.Tgenic
Arcabit:
Trojan.Generic.D157E09C
Microsoft:
Trojan:Win32/Zpevdo.A
VBA32:
Adware.Presenoker
ALYac:
Trojan.Generic.22536348
MAX:
malware (ai score=100)
Rising:
Trojan.Zpevdo!8.F912 (CLOUD)
GData:
Trojan.Generic.22536348
AVG:
Win32:Malware-gen
Cybereason:
malicious.77b0f9
Panda:
Generic Suspicious
CrowdStrike:
malicious_confidence_60% (D)
Qihoo-360:
HEUR/QVM02.0.Malware.Gen
|
| MD5 |
024b22477b0f9cce6cc2bf05519b5a8c
|
| SHA1 |
d66bf54a0a070c45ce8aa6bb1ad05bd183be68da
|
| SHA256 |
9a2910b24e157e6a0ef3c377c097edc0be1ce0b8a255bf331c760a6ad30a46d1
|
| SHA3 |
f5acf12e0838aea0ef5741f7573544334160606e092515e23b67925d7fe55595
|
| SSDeep |
48:6LXFGtFKCgLT3mtCPxexgG4jXf6PSqBY0jw9tcUdBOCbdpQbyn9Lm4hhPX:S0FKCiwCRG4jynYJfcUdBOEH9LmwhP
|
| Imports Hash |
d41d8cd98f00b204e9800998ecf8427e
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
5
|
| TimeDateStamp |
2013-Jan-12 11:14:48
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0xa00
|
| SizeOfInitializedData |
0x1200
|
| SizeOfUninitializedData |
0x200
|
| AddressOfEntryPoint |
0x00001110 (Section: .text)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0x2000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
1.0
|
| SubsystemVersion |
4.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x6000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x6113
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
ae298ca45211fd54cf3b550267c6f4c1
|
| SHA1 |
b7ab6b3d6b220eddd02925c95affe1c3a87ef2e5
|
| SHA256 |
ac833e3b302646528de53e578dfca8de020a4bb079705785002f455376bb1d64
|
| SHA3 |
6b49e21abbbe71866bcb7944890fa4f55f7568b3a8cf93380bb5a435ce3b48bf
|
| VirtualSize |
0x9e4
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0xa00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
5.35009
|
| MD5 |
bcb81be1c09921e3646a240fb4244aec
|
| SHA1 |
6a34b9e30d8ef5b09296282fb2d9c7e278fdba6f
|
| SHA256 |
15013e450d7df1866864a07a89c6ae1b2385080fb233a659ce5b1cf49f2a0ffa
|
| SHA3 |
d52022413fb0ba38a2b4d9145bbbf6d1246c941887ea63e814b0ecb08880f889
|
| VirtualSize |
0x60
|
| VirtualAddress |
0x2000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0xe00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.694931
|
| MD5 |
d486ddef7e0c9e7562e314f2bf3aac19
|
| SHA1 |
2285cb41082c6cd4c22a48d24c1aba955b20cb1b
|
| SHA256 |
c8b8a19df27cf6d2c99196c8f71f1f61be43e10b5d9bf62fce9f8d8a55f9d67e
|
| SHA3 |
fb6c4e4560e6f09d325e0e5a2575b9c425d86d275899f21231729b3812f5fb84
|
| VirtualSize |
0x98
|
| VirtualAddress |
0x3000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x1000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.42936
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xe0
|
| VirtualAddress |
0x4000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
0f343b0931126a20f133d67c2b018a3b
|
| SHA1 |
60cacbf3d72e1e7834203da608037b1bf83b40e8
|
| SHA256 |
5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef
|
| SHA3 |
6841b2c10aa6e5f7a384143e4de58fbc9aa28a4b742e9ad4ed14ba148a723a43
|
| VirtualSize |
0x38c
|
| VirtualAddress |
0x5000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x1200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0
|
[*] Warning: Section .bss has a size of 0!