05a065421caa9215958deca72a5b15f3

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2013-Jan-12 11:14:48

Plugin Output

Info Matching compiler(s): Dev-C++ v5
Microsoft Visual C++ 8.0
Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • cmd.exe
Suspicious The PE contains functions most legitimate programs don't use. Possibly launches other programs:
  • CreateProcessA
Leverages the raw socket API to access the Internet:
  • WSACleanup
  • WSASocketA
  • WSAStartup
  • closesocket
  • connect
  • gethostbyname
  • htons
Malicious VirusTotal score: 50/69 (Scanned on 2019-11-18 06:22:30) MicroWorld-eScan: Trojan.Generic.8898239
CAT-QuickHeal: Trojan.Tiny
ALYac: Trojan.Generic.8898239
Cylance: Unsafe
Zillya: Trojan.Small.Win32.28348
AegisLab: Trojan.Win32.Tiny.4!c
K7AntiVirus: Trojan ( 004c87ed1 )
BitDefender: Trojan.Generic.8898239
K7GW: Trojan ( 004c87ed1 )
CrowdStrike: win/malicious_confidence_100% (W)
Arcabit: Trojan.Generic.D87C6BF
TrendMicro: TROJ_GEN.R002C0PFN19
Cyren: W32/Threat-HLLSI-based!Maximus
Symantec: ML.Attribute.HighConfidence
ESET-NOD32: a variant of Win32/Small.NIP
Kaspersky: Trojan.Win32.Tiny.ep
Alibaba: Trojan:Win32/Tiny.400609cf
NANO-Antivirus: Trojan.Win32.Crypted.cwvefr
Avast: Win32:Malware-gen
Sophos: Mal/Generic-S
Comodo: Malware@#2vfcc5kys82jz
F-Secure: Trojan.TR/Agent.5632.225
DrWeb: Trojan.Siggen7.54465
VIPRE: Trojan.Win32.Generic!BT
McAfee-GW-Edition: RDN/GenDownloader.aof
FireEye: Generic.mg.05a065421caa9215
F-Prot: W32/Threat-HLLSI-based!Maximus
Jiangmin: Trojan.Generic.gaon
Webroot: W32.Malware.Heur.Dkvt
Avira: TR/Agent.5632.225
MAX: malware (ai score=100)
Microsoft: Trojan:Win32/Occamy.C
Endgame: malicious (moderate confidence)
ZoneAlarm: Trojan.Win32.Tiny.ep
GData: Trojan.Generic.8898239
AhnLab-V3: Malware/Win32.RL_Generic.R280623
McAfee: RDN/GenDownloader.aof
TACHYON: Trojan/W32.Agent.5632.NN
VBA32: suspected of Trojan.Downloader.gen.h
TrendMicro-HouseCall: TROJ_GEN.R002C0PFN19
Rising: Trojan.Small!8.A9 (TFE:5:HRSdQCijuaG)
Yandex: Trojan.Small!THZS/aqai1o
Ikarus: Trojan.Win32.Small
MaxSecure: Trojan.Malware.2588.susgen
Fortinet: W32/Dloader.X!tr
BitDefenderTheta: Gen:NN.ZexaF.32250.auW@ayinLre
AVG: Win32:Malware-gen
Cybereason: malicious.21caa9
Panda: Trj/CI.A
Qihoo-360: Win32/Trojan.Multi.daf

Hashes

MD5 05a065421caa9215958deca72a5b15f3
SHA1 e7be3fd7f0e5f71ec6e55b014cd79c1e93cb2fd8
SHA256 13170ec31cf0920ad871b0d0603b6f575f847e523ac977e5177adaf62d569853
SHA3 eb36f06cb09bee784b93feebc0a86f4b54f2800262694156d5c9e780befcec83
SSDeep 96:S0FKCiwCRG4jynYJfcUdBOEH9LmdhPoJ4IF54:r1SRG4jynKx5yfPoJ4IFi
Imports Hash 5f43550b8c4f4f435e714b3597f257b0

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2013-Jan-12 11:14:48
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0xa00
SizeOfInitializedData 0x1200
SizeOfUninitializedData 0x200
AddressOfEntryPoint 0x00001110 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x6000
SizeOfHeaders 0x400
Checksum 0x6113
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 ae298ca45211fd54cf3b550267c6f4c1
SHA1 b7ab6b3d6b220eddd02925c95affe1c3a87ef2e5
SHA256 ac833e3b302646528de53e578dfca8de020a4bb079705785002f455376bb1d64
SHA3 6b49e21abbbe71866bcb7944890fa4f55f7568b3a8cf93380bb5a435ce3b48bf
VirtualSize 0x9e4
VirtualAddress 0x1000
SizeOfRawData 0xa00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.35009

.data

MD5 7a481d0ca4178f679fb9725628c537cf
SHA1 f5076e24a7f59e1e178d763f8a6a4ec241e56bc3
SHA256 93dadb67267780b46c1075169e7c33ffe10bd92179907bcea6531dd945ea497b
SHA3 c439a7ab9a22ef3a02e0c6251f141549bf2021a5476e21acf4c8161fdc7c0b1e
VirtualSize 0x60
VirtualAddress 0x2000
SizeOfRawData 0x200
PointerToRawData 0xe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.691024

.rdata

MD5 d486ddef7e0c9e7562e314f2bf3aac19
SHA1 2285cb41082c6cd4c22a48d24c1aba955b20cb1b
SHA256 c8b8a19df27cf6d2c99196c8f71f1f61be43e10b5d9bf62fce9f8d8a55f9d67e
SHA3 fb6c4e4560e6f09d325e0e5a2575b9c425d86d275899f21231729b3812f5fb84
VirtualSize 0x98
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.42936

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xe0
VirtualAddress 0x4000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 70704fe59c9c69f7ca182f314e7a07b7
SHA1 63a96157e826c1433b70df2d80a8fcc9c11b6853
SHA256 b32c9662b6ef1f9c77326414d4bdf1de33fdf82658544155a8d4270d50551939
SHA3 4c5aa0c561621945f6cdd9490ba858743afb6f6b29e7b05ce9b056c12a17cb7f
VirtualSize 0x38c
VirtualAddress 0x5000
SizeOfRawData 0x400
PointerToRawData 0x1200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.36302

Imports

KERNEL32.dll CloseHandle
CreateProcessA
ExitProcess
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
Sleep
WaitForSingleObject
msvcrt.dll __getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
atexit
memcpy
memset
signal
WS2_32.DLL WSACleanup
WSASocketA
WSAStartup
closesocket
connect
gethostbyname
htons

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!