Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 1992-Jun-19 22:22:17 |
Detected languages |
Farsi - Iran
German - Germany |
Suspicious | PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h) UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser UPX -> www.upx.sourceforge.net UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to MD5 |
Suspicious | The PE is packed with UPX |
Unusual section name found: UPX0
Section UPX0 is both writable and executable. Unusual section name found: UPX1 Section UPX1 is both writable and executable. The PE's resources are bigger than it is. |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE header may have been manually modified. |
Resource 101 is possibly compressed or encrypted.
Resource 4082 is possibly compressed or encrypted. Resource 4083 is possibly compressed or encrypted. Resource 4084 is possibly compressed or encrypted. Resource 4085 is possibly compressed or encrypted. Resource 4087 is possibly compressed or encrypted. Resource 4088 is possibly compressed or encrypted. Resource 4089 is possibly compressed or encrypted. Resource 4090 is possibly compressed or encrypted. Resource 4091 is possibly compressed or encrypted. Resource 4092 is possibly compressed or encrypted. Resource 4093 is possibly compressed or encrypted. Resource 4094 is possibly compressed or encrypted. Resource 4095 is possibly compressed or encrypted. Resource 4096 is possibly compressed or encrypted. Resource PACKAGEINFO is possibly compressed or encrypted. The resource timestamps differ from the PE header:
|
Malicious | VirusTotal score: 47/66 (Scanned on 2022-06-26 08:55:46) |
ClamAV:
Win.Virus.Induc-2
FireEye: Win32.Induc.A CAT-QuickHeal: W32.Induc.A McAfee: W32/Induc Malwarebytes: Malware.Heuristic.1003 K7AntiVirus: Virus ( f10009011 ) BitDefender: Win32.Induc.A K7GW: Virus ( f10009011 ) Arcabit: Win32.Induc.A Cyren: W32/Induc.A.gen!Eldorado Elastic: malicious (moderate confidence) ESET-NOD32: a variant of Win32/Induc.A APEX: Malicious Cynet: Malicious (score: 100) Kaspersky: Virus.Win32.Induc.b NANO-Antivirus: Virus.Win32.Induc.dffkeg MicroWorld-eScan: Win32.Induc.A Rising: Virus.Induc!1.9B53 (CLASSIC) Ad-Aware: Win32.Induc.A Emsisoft: Win32.Induc.A (B) Comodo: Virus.Win32.Induc.A0@1q1u4b DrWeb: Win32.Induc Zillya: Virus.Induc.Win32.1 TrendMicro: PE_INDUC.A McAfee-GW-Edition: BehavesLike.Win32.Sytro.dc Trapmine: malicious.high.ml.score Sophos: W32/Induc-A SentinelOne: Static AI - Malicious PE Jiangmin: Win32/Induc.a Avira: W32/Induc.blr MAX: malware (ai score=81) Microsoft: Virus:Win32/Induc.A ZoneAlarm: Virus.Win32.Induc.b GData: Win32.Virus.Induct.A AhnLab-V3: Win32/Induc TACHYON: Virus/W32.Induc VBA32: Virus.Win32.Induc.c Cylance: Unsafe Panda: Generic Malware TrendMicro-HouseCall: PE_INDUC.A Yandex: Win32.Induc Ikarus: W32.Induc MaxSecure: Trojan.Malware.300983.susgen Fortinet: W32/Induc.A BitDefenderTheta: AI:FileInfector.CFA710080D AVG: FileRepMalware [Trj] Avast: FileRepMalware [Trj] |
e_magic | MZ |
---|---|
e_cblp | 0x50 |
e_cp | 0x2 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0xf |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0x1a |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 3 |
TimeDateStamp | 1992-Jun-19 22:22:17 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x32000 |
SizeOfInitializedData | 0x1000 |
SizeOfUninitializedData | 0x7c000 |
AddressOfEntryPoint | 0x000AE280 (Section: UPX1) |
BaseOfCode | 0x7d000 |
BaseOfData | 0xaf000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xb0000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x4000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
advapi32.dll |
RegCloseKey
|
---|---|
comctl32.dll |
ImageList_Add
|
gdi32.dll |
SaveDC
|
KERNEL32.DLL |
LoadLibraryA
ExitProcess GetProcAddress VirtualProtect |
oleaut32.dll |
VariantCopy
|
user32.dll |
GetDC
|
version.dll |
VerQueryValueA
|
winmm.dll |
waveOutGetNumDevs
|
污湯㵥礢獥㼢ാഊ㰊獡敳扭祬砠汭獮∽牵㩮捳敨慭業牣獯景潣㩭獡ㅶ•慭楮敦瑳敖獲潩㵮ㄢ〮㸢†愼獳浥汢䥹敤瑮瑩൹ ठ祴数∽楷㍮∲††慮敭∽敄灬楨灁汰捩瑡潩≮††敶獲潩㵮ㄢ〮〮〮•†瀉潲散獳牯牁档瑩捥畴敲∽∪㸯†搼灥湥敤据㹹††搼灥湥敤瑮獁敳扭祬ാ ††㰠獡敳扭祬摉湥楴祴††††祴数∽楷㍮∲††††慮敭∽楍牣獯景楗摮睯潃浭湯䌭湯牴汯≳††††敶獲潩㵮㘢〮〮〮ഢ †††瀠扵楬䭣祥潔敫㵮㘢㤵戵㐶㐱挴晣搱≦††††慬杮慵敧∽∪††††牰捯獥潳䅲捲楨整瑣牵㵥⨢⼢ാ †㰠搯灥湥敤瑮獁敳扭祬ാ 㰠搯灥湥敤据㹹⼼獡敳扭祬ാ |