Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2006-Mar-02 17:50:37 |
Suspicious | PEiD Signature: | Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-LIB) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to security software:
|
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
908597 bytes of data starting at offset 0x14e00.
The overlay data has an entropy of 7.88045 and is possibly compressed or encrypted. Overlay data amounts for 91.3989% of the executable. |
Malicious | VirusTotal score: 64/72 (Scanned on 2019-10-31 12:13:28) |
Bkav:
W32.PasistA.Worm
MicroWorld-eScan: Trojan.GenericKD.40360503 FireEye: Generic.mg.0711fed81877b9b6 CAT-QuickHeal: Worm.Sfone.A3 McAfee: W32/Generic.worm.f Cylance: Unsafe Zillya: Worm.Agent.Win32.9 CrowdStrike: win/malicious_confidence_100% (D) K7GW: Trojan ( 00008f2e1 ) K7AntiVirus: Trojan ( 00008f2e1 ) Arcabit: Trojan.Generic.D267DA37 Invincea: heuristic BitDefenderTheta: Gen:NN.ZexaO.31176.8mZ@aiU8KBe Cyren: W32/Worm.KOKR-0749 Symantec: W32.SillyWNSE TotalDefense: Win32/Sfone.A Baidu: Win32.Worm.Agent.fj APEX: Malicious ClamAV: Win.Malware.Sfone-6763601-0 Kaspersky: Worm.Win32.Agent.cp BitDefender: Trojan.GenericKD.40360503 NANO-Antivirus: Trojan.Win32.Agent.hakuu Tencent: Worm.Win32.Agent.b Ad-Aware: Trojan.GenericKD.40360503 Emsisoft: Trojan.GenericKD.40360503 (B) Comodo: Worm.Win32.Agent.CP@42tt F-Secure: Trojan.TR/Spy.Gen DrWeb: Win32.HLLW.Siggen.1607 VIPRE: Worm.Win32.Agent.cp (v) TrendMicro: WORM_AGENT.JM McAfee-GW-Edition: BehavesLike.Win32.PWSZbot.dc Fortinet: W32/Agent.CP!worm Trapmine: malicious.high.ml.score CMC: Worm.Win32.Agent!O Sophos: Troj/Agent-AGQR Ikarus: Worm.Win32.Agent.cp F-Prot: W32/Worm.BLGI Jiangmin: Worm/Agent.te Webroot: W32.Worm.Gen Avira: TR/Spy.Gen MAX: malware (ai score=82) Antiy-AVL: Worm/Win32.Agent.cp Endgame: malicious (high confidence) Microsoft: Worm:Win32/Sfone.A ViRobot: Worm.Win32.A.Agent.61440 ZoneAlarm: Worm.Win32.Agent.cp AhnLab-V3: Worm/Win32.Agent.R233959 Acronis: suspicious VBA32: Worm.Agent ALYac: Trojan.GenericKD.40360503 Malwarebytes: Worm.Sform Panda: Trj/Genetic.gen ESET-NOD32: Win32/Agent.CP TrendMicro-HouseCall: WORM_AGENT.JM Rising: Worm.Agent!1.BDD2 (CLASSIC) Yandex: Worm.Sfone.A SentinelOne: DFI - Malicious PE eGambit: Unsafe.AI_Score_99% GData: Trojan.GenericKD.40360503 MaxSecure: Poly.Worm.Agent.CP AVG: Win32:Agent-URR [Trj] Cybereason: malicious.81877b Avast: Win32:Agent-URR [Trj] Qihoo-360: HEUR/QVM20.1.E9B3.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 3 |
TimeDateStamp | 2006-Mar-02 17:50:37 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0xa600 |
SizeOfInitializedData | 0xa800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00004C20 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0xc000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x18000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.DLL |
GetDriveTypeA
GetWindowsDirectoryA GetComputerNameA GetLastError Sleep GetModuleFileNameA GetLocalTime CreateThread OpenMutexA ReleaseMutex CreateMutexA CloseHandle GetVersionExA CreateFileA CreateFileMappingA MapViewOfFile WriteFile SetFilePointer FindFirstFileA FindNextFileA FindClose OpenProcess TerminateProcess CreateToolhelp32Snapshot Process32First Process32Next LoadLibraryA GetProcAddress FreeLibrary GetSystemTimeAsFileTime SetConsoleCtrlHandler GetStartupInfoA GetModuleHandleA VirtualAlloc VirtualQuery HeapCreate HeapDestroy HeapAlloc HeapReAlloc HeapFree HeapSize HeapValidate ExitProcess RtlUnwind GetFileType GetStdHandle GetCurrentProcess DuplicateHandle SetHandleCount GetCommandLineA GetEnvironmentStrings FreeEnvironmentStringsA UnhandledExceptionFilter GetTimeZoneInformation SetStdHandle DeleteFileA ReadFile SetEndOfFile |
---|---|
ADVAPI32.dll |
RegOpenKeyExA
RegQueryValueExA RegCloseKey RegSetValueExA RegConnectRegistryA OpenSCManagerA LockServiceDatabase OpenServiceA ChangeServiceConfigA StartServiceA CloseServiceHandle UnlockServiceDatabase EnumServicesStatusA ControlService DeleteService |
MPR.dll |
WNetAddConnection2A
WNetCancelConnection2A WNetOpenEnumA WNetEnumResourceA WNetCloseEnum WNetGetConnectionA |
SHELL32.dll |
FindExecutableA
ShellExecuteA |
USER32.dll |
GetWindowTextA
GetWindowThreadProcessId EnumWindows |
WS2_32.dll |
#23
#8 #9 #2 #17 #20 #115 #116 #11 #52 #51 |