05a065421caa9215958deca72a5b15f3

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2013-Jan-12 11:14:48

Plugin Output

Info Matching compiler(s): Dev-C++ v5
Microsoft Visual C++ 8.0
Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • cmd.exe
Suspicious The PE contains functions most legitimate programs don't use. Possibly launches other programs:
  • CreateProcessA
Leverages the raw socket API to access the Internet:
  • WSACleanup
  • WSASocketA
  • WSAStartup
  • closesocket
  • connect
  • gethostbyname
  • htons
Info The following exploit mitigation techniques have been detected Stack Canary: disabled
SafeSEH: disabled
ASLR: disabled
DEP: disabled
Malicious VirusTotal score: 43/56 (Scanned on 2017-01-27 22:42:20) Bkav: W32.Clod6cc.Trojan.efbb
MicroWorld-eScan: Trojan.Generic.8898239
McAfee: RDN/Generic Downloader.x
Malwarebytes: Trojan.Agent
VIPRE: Trojan.Win32.Generic!BT
K7GW: Trojan ( 0010ed981 )
K7AntiVirus: Trojan ( 0010ed981 )
TheHacker: Trojan/Small.nip
TrendMicro: TROJ_GEN.R01BC0FJS16
Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9952
F-Prot: W32/Threat-HLLSI-based!Maximus
Symantec: Downloader
ESET-NOD32: a variant of Win32/Small.NIP
TrendMicro-HouseCall: TROJ_GEN.R01BC0FJS16
Avast: Win32:Malware-gen
GData: Trojan.Generic.8898239
Kaspersky: UDS:DangerousObject.Multi.Generic
BitDefender: Trojan.Generic.8898239
NANO-Antivirus: Trojan.Win32.XPACK.cwvefr
Tencent: Win32.Trojan.Agent.Frs
Ad-Aware: Trojan.Generic.8898239
Sophos: Mal/Generic-S
Comodo: UnclassifiedMalware
F-Secure: Trojan.Generic.8898239
Zillya: Trojan.Small.Win32.28348
McAfee-GW-Edition: RDN/Generic Downloader.x
Cyren: W32/Threat-HLLSI-based!Maximus
Jiangmin: Trojan.Generic.gaon
Avira: TR/Agent.5632.225
Antiy-AVL: Trojan/Win32.Tgenic
Kingsoft: Win32.Troj.Generic.a.(kcloud)
Arcabit: Trojan.Generic.D87C6BF
AegisLab: Uds.Dangerousobject.Multi!c
AhnLab-V3: Trojan/Win32.Agent.C948372
ALYac: Trojan.Generic.8898239
AVware: Trojan.Win32.Generic!BT
VBA32: suspected of Trojan.Downloader.gen.h
Rising: Trojan.Generic-EOjciZZblYH (cloud)
Yandex: Trojan.Small!THZS/aqai1o
Ikarus: Trojan.Win32.Small
AVG: Small.FIL
Panda: Trj/CI.A
Qihoo-360: Win32/Trojan.Multi.daf

Hashes

MD5 05a065421caa9215958deca72a5b15f3
SHA1 e7be3fd7f0e5f71ec6e55b014cd79c1e93cb2fd8
SHA256 13170ec31cf0920ad871b0d0603b6f575f847e523ac977e5177adaf62d569853
SHA3 b9090bf84f7559304d852201765da4fa4e51aa202bb7933e33b81836c0497516
SSDeep 96:S0FKCiwCRG4jynYJfcUdBOEH9LmdhPoJ4IF54:r1SRG4jynKx5yfPoJ4IFi
Imports Hash 5f43550b8c4f4f435e714b3597f257b0

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2013-Jan-12 11:14:48
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0xa00
SizeOfInitializedData 0x1200
SizeOfUninitializedData 0x200
AddressOfEntryPoint 0x1110 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x6000
SizeOfHeaders 0x400
Checksum 0x6113
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics (EMPTY)
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 ae298ca45211fd54cf3b550267c6f4c1
SHA1 b7ab6b3d6b220eddd02925c95affe1c3a87ef2e5
SHA256 ac833e3b302646528de53e578dfca8de020a4bb079705785002f455376bb1d64
SHA3 fbf25a06b9f0b93d867356761f99f74ad731a01e34ef025acd734e36877f72c4
VirtualSize 0x9e4
VirtualAddress 0x1000
SizeOfRawData 0xa00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.35009

.data

MD5 7a481d0ca4178f679fb9725628c537cf
SHA1 f5076e24a7f59e1e178d763f8a6a4ec241e56bc3
SHA256 93dadb67267780b46c1075169e7c33ffe10bd92179907bcea6531dd945ea497b
SHA3 a72cbf861e86106a4fa076b90b57a1dc42993ee6de47ed67f0d14fae32b74663
VirtualSize 0x60
VirtualAddress 0x2000
SizeOfRawData 0x200
PointerToRawData 0xe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.691024

.rdata

MD5 d486ddef7e0c9e7562e314f2bf3aac19
SHA1 2285cb41082c6cd4c22a48d24c1aba955b20cb1b
SHA256 c8b8a19df27cf6d2c99196c8f71f1f61be43e10b5d9bf62fce9f8d8a55f9d67e
SHA3 fe7ef3bcf95902d3ece4e9297b28338294953c4b344d78c4de9c1ce6207218e2
VirtualSize 0x98
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.42936

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470
VirtualSize 0xe0
VirtualAddress 0x4000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.idata

MD5 70704fe59c9c69f7ca182f314e7a07b7
SHA1 63a96157e826c1433b70df2d80a8fcc9c11b6853
SHA256 b32c9662b6ef1f9c77326414d4bdf1de33fdf82658544155a8d4270d50551939
SHA3 150475a69498f8e670d83d188022ca902c74619a104c5f11217d5a020bbb945d
VirtualSize 0x38c
VirtualAddress 0x5000
SizeOfRawData 0x400
PointerToRawData 0x1200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.36302

Imports

KERNEL32.dll CloseHandle
CreateProcessA
ExitProcess
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
Sleep
WaitForSingleObject
msvcrt.dll __getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
atexit
memcpy
memset
signal
WS2_32.DLL WSACleanup
WSASocketA
WSAStartup
closesocket
connect
gethostbyname
htons

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0! [*] Warning: Section .bss has a size of 0!