Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2017-May-11 11:57:16 |
Detected languages |
English - United States
|
Info | Matching compiler(s): |
Nullsoft Install System v2.0
Borland Delphi v6.0 - v7.0 Microsoft Visual C++ 7.1 Watcom C/C++ Microsoft Visual Basic 5.0 Nullsoft Install System 2.0b4 Nullsoft Install System 2.06 Metrowerks CodeWarrior (DLL) v2.0 Free Pascal 0.99.10 FreePascal 1.0.4 Win32 DLL -> (Berczi Gabor, Pierre Muller & Peter Vreman) Silicon Realms Install Stub Inno Setup Module v3.0.4-beta/v3.0.6/v3.0.7 Metrowerks CodeWarrior v2.0 (Console) Microsoft Visual C++ v6.0 DLL Setup Factory v6.0.0.3 Setup Launcher Patch Creation Wizard v1.2 Memory Patch Inno Setup Module Nullsoft Install System 2.0 Borland C++ DLL Borland Delphi 3 -> Portions Copyright (c) 1983,97 Borland (h) Microsoft Visual C++ 6.0 DLL (Debug) Microsoft Visual C++ v7.0 (64 Bit) FreePascal 1.0.4 Win32 -> (Berczi Gabor, Pierre Muller & Peter Vreman) Dev-C++ v5 CreateInstall v2003.3.5 Microsoft Visual C++ 6.0 - 8.0 Dev-C++ v4 MS Visual C++ v.8 (h-good sig, but is it MSVC?) Microsoft Windows Update CAB SFX module MinGW 3.2.x (Dll_main) Microsoft Visual C# v7.0 / Basic .NET Microsoft Visual C++ 6.0 DLL Microsoft Visual C++ 7.0 DLL Microsoft Visual C++ 8.0 Nullsoft Install System v2.0b4 Borland Delphi 5 -> Portions Copyright (c) 1983,99 Borland (h) Microsoft Visual C++ 5.0 - 7.1 MASM/TASM - sig2(h) Nullsoft Install System 2.0 RC2 Nullsoft Install System v2.0 RC2 MASM / TASM Wise Installer Stub Borland C / Borland Builder .NET DLL -> Microsoft Setup2Go Installer Stub Nullsoft Install System 1.xx Microsoft Visual Basic v5.0 - v6.0 Microsoft Visual C 5.0 Metrowerks CodeWarrior v2.0 (GUI) MASM/TASM - sig1(h) Nullsoft Install System 2.0a0 Microsoft Visual C++ Microsoft Visual C++ v6.0 Borland Delphi 3 -> Portions Copyright (c) 1983,96 Borland (h) .NET executable -> Microsoft Borland C++ for Win32 1999 MinGW 3.2.x (WinMain) CreateInstall 2003.3.5 Microsoft Visual Basic v6.0 PerlApp 6.0.2 -> ActiveState Nullsoft PiMP Install System 1.x Microsoft (R) Incremental Linker Version 5.12.8078 (MASM/TASM) Free Pascal v1.0.10 (win32 console) Microsoft Visual C++ v7.0 DLL MinGW 3.2.x (main) MSVC++ v.8 (procedure 1 recognized - h) |
Suspicious | PEiD Signature: |
ACProtect/UltraProtect 1.0X-2.0X -> RiSco
Morphine v1.2 - v1.3 ST Protector V1.5 -> Silent Software PESpin 0.3 -> Cyberbob (h) SafeDisc v4 Free Pascal v1.0.10 (win32 GUI) MEW 11 SE 1.0 -> Northfox WinKript 1.0 -> Mr. Crimson (h) EXECryptor 2.0/2.1 -> www.strongbit.com * Sign.By.haggar RLPack v0.7.3beta -> ap0x (h) PolyBox D -> Anskya XWD graphics format UPX Inliner v1.0 by GPcH ASProtect 1.23 RC4 build 08.07 (dll) -> Alexey Solodovnikov (h) ExeSplitter 1.2 -> Bill Prisoner / TPOC MSLRH 0.32a (fake nSPack 1.3) -> emadicius nBinder v3.6.1 Sun Icon Graphics format Inno Installer v5.1.2 PEBundle v3.10 VMProtect V1.X -> PolyTech WinUpack v0.30 beta -> By Dwing (h) RAR Configuration file UPX V1.94 -> Markus Oberhumer & Laszlo Molnar & John Reiser Unnamed Scrambler 2.0 -> p0ke PECompact v2.xx PUNiSHER V1.5 -> FEUERRADER DiskDupe (c) MSD Users file MSLRH 0.32a (fake WWPack32 1.x) -> emadicius EXECryptor 2.2.4 -> Strongbit/SoftComplete Development Obsidium 1.3.0.4 -> Obsidium Software (h) MSLRH v0.32a -> emadicius (h) PE Spin v0.4x EXE Shield V0.6 -> SMoKE Private exe Protector V2.0 -> SetiSoft Team ! Sign by fly NsPack v2.3 -> North Star (h) BamBam v0.01 eXPressor v1.2 -> CGSoftLabs UPack 0.11 eXPressor v1.3 -> CGSoftLabs Patch Creation Wizard 1.2 Memory Patch PolyCrypt PE - 2.1.4b/2.1.5 -> JLab Software Creations (h-oep) yoda's Protector 1.01 -> Ashkbiz Danehkar (h) Alex Protector 1.0 beta 2 by Alex Armadillo 3.01, 3.05 D1NS1G -> D1N PESpin 1.3beta -> Cyberbob (h) VProtector 1.3X -> vcasm Hying's PE-Armor 0.75.exe -> Hying [CCG] MSLRH 0.32a (fake PC-Guard 4.xx) -> emadicius NsPack 1.4 by North Star (Liu Xing Ping) RLP v0.7.3beta -> ap0x (h) dUP 2.x Patcher --> www.diablo2oo2.cjb.net EXECryptor V2.2X -> softcomplete.com PE-Protect 0.9 by Cristoph Gabler 1998 RatPacker (Glue) stub R!SC's Process Patcher v1.5.1 PEQuake 0.06-> forgat Thinstall 2.403 -> Jitit nSpack V2.x -> LiuXingPing Upack 0.38 beta -> Dwing PESpin 0.7 -> Cyberbob (h) Encapsulated Postscript graphics file v3.0 EPSF-3.0 Upack v0.32 Beta -> Sign by hot_UNP Pe123 2006.4.4 Enigma protector 1.10/1.11 -> Vladimir Sukhov Armadillo v4.30 - 4.40 -> Silicon Realms Toolworks LY_WGKX -> www.szleyu.com TheHyper's protector -> TheHyper (h) Pelles C 4.50 DLL (X86 CRT-LIB) FreeCryptor 0.1 (build 002) -> GlOFF aPack v0.98b (DS & ES not saved) mkfpack -> llydd MSLRH 0.32a (fake PEtite 2.1) -> emadicius VIRUS - I-Worm.KLEZ [MSLRH] v0.1 -> emadicius eXPressor v1.4 -> CGSoftLabs FSG v2.0 SimplePack 1.21.build.09.09 (Method2) -> bagie MarjinZ EXE-Scrambler SE - by MarjinZ Unnamed Scrambler 2.5A -> p0ke Packman 0.0.0.1 -> Bubbasoft (h) SimplePack V1.1X (Method2) -> bagie ! Sign by fly EXECryptor 2.1.17 -> Strongbit/SoftComplete Development (h) Morphine v2.7 -> Holy_Father & Ratter/29A (h) BGI Stroked Font v.1.1 PCIENC Cryptor EXEStealth 2.76 Unregistered -> WebtoolMaster North Star PE Shrinker v1.3 by Liuxingping Crunch/PE v5.0 BeRoEXEPacker V1.00 -> BeRo SDProtect(Èí¼þ±£»¤Éñ) -> Randy Li IMP-Packer 1.0 -> Mahdi Hezavehi [IMPOSTER] NTkrnl Secure Suite -> NTkrnl Team (Blue) MSLRH [MSLRH] v0.32a -> emadicius (h) EncryptPE V2.2006.1.15 -> WFS FreeBASIC 0.16b PE Protect 0.9 PrincessSandy v1.0 eMiNENCE Process Patcher Patch EXECryptor 2.xx (max. compressed resources) -> www.strongbit.com * Sign.By.haggar PECompact 2.x -> Bitsum Technologies PeCompact2 2.53-2.76 --> BitSum Technologies NoodleCrypt 2.00 (Eng) -> NoodleSpa USSR V0.31 -> SpiritST PEZip 1.0 by BaGIE Histogram graphics file eXPressor v1.2.0b nPack 1.1.250.2006.Beta -> NEOx/[uinC] Trainer Creation Kit 5 Trainer MSLRH v0.32a -> emadicius Themida 1.2.0.1 -> Oreans Technologies (h) MSLRH 0.32a (fake PEBundle 2.0x - 2.4x) -> emadicius Armadillo v4.20 -> Silicon Realms Toolworks LamCrypt 1.0 -> LaZaRuS Apex 3.0 alpha -> 500mhz R!SC's Process Patcher 1.4 FreeJoiner 1.5.3 (Stub engine 1.7.1) -> GlOFF MSLRH 0.32a (fake PECompact 1.4x) -> emadicius [MSLRH] v0.31a MSLRH 0.32a (fake PE Lock NT 2.04) -> emadicius ACProtect 1.4x -> RISCO soft FSG 1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0) Unnamed Scrambler 1.1C -> p0ke RosAsm 2050a -> Betov FASM 1.5x UPolyX V0.1 -> Delikon VIRUS - I-Worm.Hybris Wise Installer Stub 1.10.1029.1 Private EXE v2.0a Shrinker 3.4 Shrinker 3.3 Shrinker 3.2 Alex Protector 0.4 beta 1 by Alex Private EXE Protector 1.8 NTkrnl Secure Suite V0.1 DLL -> NTkrnl Software PESpin 1.1 -> Cyberbob (h) RLP 0.7.3beta -> ap0x (h) RCryptor v1.1 --> Vaska tElock 0.98 -> tHE EGOiSTE (h) Minke V1.0.1 -> Codius ! Sign by fly AsCrypt v0.1 -> SToRM - #3 SimplePack 1.X (Method2) -> bagie PolyCrypt PE - 2.1.4b/2.1.5 -> JLab Software Creations (h-signed) ChinaProtect -> dummy * Sign.By.fly Crunch 5 Fusion 4 Code Virtualizer V1.3.1.0 -> Oreans Technologies ! Sign by fly AntiDote V1.2 -> SIS-Team ! Sign by fly Crypto-Lock 2.02 (Eng) -> Ryan Thian Turbo Profiler Areas file aPack v0.98b (DS&ES not saved) Sentinel SuperPro (Automatic Protection) 6.4.0 -> Safenet ZipWorxSecureEXE 2.5 -> ZipWORX Technologies LLC (h) Private EXE Protector 1.8 -> SetiSoft NsPack v2.3 -> North Star ASProtect SKE 2.3 -> Alexey Solodovnikov (h) Gleam 1.00 eXPressor 1.4.5.1 -> CGSoftLabs (h) Trainer Creation Kit v5 Trainer ARM Protector v0.1 by SMoKE FSG 1.20 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++) GHF Protector (pack only) -> GPcH Hying's PE-Armor 0.76 -> Hying [CCG Unnamed Scrambler 1.2C / 1.2D -> p0ke NTPacker V2.X -> ErazerZ ! Sign by fly [MSLRH] v0.32a -> emadicius PeStubOEP v1.x PE Protect v0.9 ACE Archive EXECryptor v1.5.3 FreeCryptor 0.2 (build 002) -> GlOFF DMark Database file PC-Guard 5.00d EXECryptor 2.x -> SoftComplete Developement ASProtect 2.0 PS-AdobeFont v.1.0 yP 1.0b by Ashkbiz Danehkar iPBProtect v0.1.3 HQR data file Armadillo v4.00.0053 -> Silicon Realms Toolworks VMProtect 0.7x - 0.8 -> PolyTech Morphine V3.3 -> Holy_Father & Ratter/29A UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser SafeDisc 4 Enigma Protector 1.X -> Sukhov Vladimir & Serge N. Markin RLPack FullEdition V1.1X -> ap0x * Sign.By.fly Petite 2.1 NTkrnl Secure Suite V0.1 -> NTkrnl Software UPX v2.0 -> Markus, Laszlo & Reiser (h) Encapsulated Postscript graphics file v2.0 EPSF-1.2 Armadillo 4.10 -> Silicon Realms Toolworks ENIGMA Protector -> Sukhov Vladimir NTkrnl Secure Suite -> NTkrnl team (h) Crunch 4.0 MSLRH 0.32a (fake MSVC++ 6.0 DLL) -> emadicius FSG 1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0) Hying's PE-Armor 0.75.exe -> Hying [CCG] (h) EXECryptor 2.3.9 (minimum protection) -> www.strongbit.com PackItBitch V1.0-> archphase ! Sign by fly SVK Protector 1.3x (Eng) -> Pavol Cerven CICompress 1.0 ActiveMARK 5.x -> Trymedia Systems,Inc. (h) SPLayer v0.08 NoodleCrypt v2.0 VProtector 0.X-1.2X -> vcasm CipherWall Self-Extrator/Decryptor (Console) 1.5 MSLRH 0.32a (fake Neolite 2.0) -> emadicius MSLRH 0.32a (fake EXE32Pack 1.3x) -> emadicius yoda's Protector 1.02 (.exe,.scr,.com) -> Ashkbiz Danehkar (h) GP-Install v5.0.3.32 iPBProtect 0.1.3 UPack v0.11 Anti007 V2.6 -> LiuXingPing ! Sign by fly Armadillo 4.20 -> Silicon Realms Toolworks LaunchAnywhere 4.0.0.1 MSLRH 0.32a (fake MSVC++ 7.0 DLL Method 3) -> emadicius aPack v0.98b -> Jibz ARM Protector 0.3 - by SMoKE UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser PC Guard for Win32 5.00 -> SofPro/Blagoje Ceklic (h) PackItBitch 1.0 -> archphase Sentinel SuperPro (Automatic Protection) 6.4.1 -> Safenet * VMProtect v1.25 --> PolyTech tElock 0.99 Special Build -> heXer & forgot PeX 0.99 (Eng) -> bart/CrackPl SDProtector Pro Edition 1.16 -> Randy Li Private EXE Protector 2.0 -> SetiSoft ENIGMA Protector V1.X-> Sukhov Vladimir ORiEN 2.11 (DEMO) ENIGMA Protector V1.X -> Sukhov Vladimir Werus Crypter 1.0 -> Kas SLVc0deProtector v1.1 -> SLV (h) NakedPacker 1.0 - by BigBoote UPX Inliner 1.0 by GPcH Themida 1.0.x.x - 1.8.x.x (no compression) -> Oreans Technologies (h) ASPack v2.12 SLVc0deProtector 0.60 -> SLV / ICU ASDPack 2.0 -> asd UPX V1.94 -> Markus Oberhumer & Laszlo Molnar & John Reiser DotFix Nice Protect V2.1 -> GPcH Soft * Sign.By.haggar BeRoEXEPacker V1.00 -> BeRo ! Sign by fly NTKrnlPacker -> Ashkbiz Danehkar PEStubOEP v1.x AVP Antiviral Database BeRoEXEPacker v1.00 -> BeRo / Farbrausch WinUpack v0.30 beta -> By Dwing Armadillo 4.40 -> Silicon Realms Toolworks (h) NTkrnl Secure Suite V0.1 DLL -> NTkrnl Software ! Sign by fly VMProtect v1.25 -> PolyTech PolyEnE 0.01+ by Lennart Hedlund AsCrypt v0.1 -> SToRM - needs to be added SVK Protector 1.32 (Eng) -> Pavol Cerven Dropper Creator V0.1 -> Conflict Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-DLL) EXECryptor 2.2.6 DLL (minimum protection) -> www.strongbit.com PeCompact2 2.53-2.76 -> BitSum Technologies Trilobyte's JPEG graphics Library kkrunchy v0.17 -> F. Giesen FixupPak 1.20 Pe123 2006.4.12 SVK-Protector v1.43 -> www.anticracking.sk MSLRH 0.32a (fake PEX 0.99) -> emadicius MSLRH 0.32a (fake PESHiELD 0.25) -> emadicius Morphine v3.3 -> Silent Software & Silent Shield (c)2005 Themida/WinLicense V1.X NoCompression SecureEngine -> Oreans Technologies KBys Packer 0.28 Beta -> Shoooo R!SC's Process Patcher 1.5.1 Upack 0.22 - 0.23 beta -> Dwing eXPressor.Protection 1.5.0.X -> CGSoftLabs Symantec WinFax PRO 8.3 Coverpage Quick CoverPage Fish PE Shield 1.12/1.16 -> HellFish X-Pack v1.4.2 D1S1G v1.1 Beta ++ Scrambled EXE -> D1N Protect Shareware V1.1 -> eCompserv CMS EXECryptor 2.2/2.3 (compressed code) -> www.strongbit.com NsPack V2.X -> LiuXingPing MSLRH 0.32a (fake .BJFNT 1.3) -> emadicius eXPressor.Protection V1.5.0.X -> CGSoftLabs ! Sign by fly Exe Shield 2.7b Upack 0.399 -> Dwing NSPack -> Nort Star Software - http://www.nsdsn.com/ Alex Protector v0.4 beta 1 by Alex aPack v0.98b (com) ASProtect v1.2 -> Alexey Solodovnikov (h1) FSG 1.31 (Eng) -> dulek/xt UPX -> www.upx.sourceforge.net Private exe Protector V2.0 -> SetiSoft Team AntiDote 1.0.Demo -> SIS-Team Patch Creation Wizard v1.2 Seek and Destroy Patch EXE Stealth v2.5 Nullsoft PiMP Install System v1.x AZProtect 0001 - by AlexZ aka AZCRC Escargot 0.1 - by ueMeat PECompact v1.4x+ EXECryptor 2.2.4 -> Strongbit/SoftComplete Development (h3) UPX Protector v1.0x (2) EXE Stealth 2.5 SafeDisc/SafeCast 2.xx - 3.xx -> Macrovision Protect Shareware 1.1 -> eCompserv CMS Patch Creation Wizard v1.2 Byte Patch hmimys protect 0.1 -> hmimys FreeJoiner Small (build 017) -> GlOFF DzA Patcher v1.3 Loader Pelles C 2.90 EXE (X86 CRT-LIB) SLVc0deProtector 1.1 -> SLV (h) Private EXE Protector 1.9.7 -> SetiSoft (h) RLPack 1.16 (aPLib compression) -> ap0x (h) Encrypted by? RSCC/286 v1.02 Encrypted by? RSCC/286 v1.01 yoda's Protector 1.0b -> Ashkbiz Danehkar Morphine 2.7 -> Holy_Father & Ratter/29A (h) FSG v1.3 ASDPack v1.0 -> asd Armadillo 4.30a -> Silicon Realms Toolworks (h) DEF 1.00 (Eng) -> bart/xt Xtreme-Protector 1.06 SoftComp 1.x -> BG Soft PT RCryptor v1.1 -> Vaska ExeSplitter 1.3 (Split+Crypt Method) -> Bill Prisoner / TPOC RLPack 1.16 (LZMA compression) -> ap0x (h) MaskPE V2.0 -> yzkzero INCrypter 0.3 (INinY) - by z3e_NiFe MSLRH 0.32a (fake SVKP 1.11) -> emadicius IMP-Packer 1.0 -> Mahdi Hezavehi [IMPOSTER] (h) PE-Armor 0.460-0.759 -> hying tElock 0.99 ACProtect v1.35 -> risco software Inc. & Anticrack Software (h) MinGW 3.2.x (Dll_WinMain) Utah RLE Graphics format ExeSafeguard v1.0 -> simonzh (h) PE-PaCK 1.0 -> (C) Copyright 1998 by ANAKiN (h) Kbys Packer 0.28 Beta-> shoooo314 WinUpack v0.39 final -> By Dwing (c)2005 (h1) DotFix Nice Protect 2.1 -> GPcH Soft Armadillo 4.44a public build -> Silicon Realms Toolworks (h) PESpin 0.1 -> Cyberbob (h) ExeSafeguard 1.0 -> simonzh (h) Upack v0.35 alpha -> Sign by hot_UNP Inno Setup Module v2.0.18 FSG 1.20 (Eng) -> dulek/xt -> (Borland C++) PE-PaCK v1.0 -> (C) Copyright 1998 by ANAKiN (h) PE Crypt v1.02 FakeNinja v2.8 -> Spirit PUNiSHER V1.5-> FEUERRADER VProtector 1.1A-1.2 -> vcasm UPX-Scrambler by Guru.eXe North Star PE Shrinker 1.3 by Liuxingping Patch Creation Wizard 1.2 Byte Patch Launcher Generator 1.03 EXE Stealth v2.73 EXE Stealth v2.74 Pi Cryptor 1.0 - by Scofield nSpack V2.3 -> LiuXingPing UPolyX v0.5 Hying's PE-Armor 0.75.exe -> Hying dUP 2.x Patcher -> www.diablo2oo2.cjb.net AntiDote 1.0 Demo / 1.2 -> SIS-Team Crunch/PE 4.0 codeCrypter 0.31 Upack_Patch -> Sign by hot_UNP Nullsoft Install System v2.0a0 NsPacK .Net -> LiuXingPing ! Sign by fly Hying's PE-Armor 0.75.exe -> Hying [CCG MSLRH 0.32a (fake Microsoft Visual C++) -> emadicius Upack 0.37 beta -> Dwing ARM Protector 0.2-> SMoKE EXECryptor 2.3.9 (compressed resources) -> www.strongbit.com Crunch/PE v4.0 ASProtect SKE 2.1/2.2 (exe) -> Alexey Solodovnikov (h) EXECryptor 2.1.17 -> Strongbit / SoftComplete Development (h) PE Spin 0.b ASProtect v1.23 RC4 build 08.07 (exe) -> Alexey Solodovnikov (h) FreeCryptor 0.1 (build 001)-> GlOFF Soft Defender v1.12 Fish PE Shield 1.01 -> HellFish EXE Shield 0.5 -> Smoke Enigma protector 1.10 (unregistered) ExeStealth -> WebToolMaster yC 1.3 by Ashkbiz Danehkar EXECryptor 2.3.9 DLL (compressed resources) -> www.strongbit.com Armadillo 3.10 D1S1G v1.1 beta --> D1N PESpin 1.0 -> Cyberbob (h) MEW 11 SE v1.2 Obsidium 1.3.0.0 -> Obsidium Software (h) MSLRH v0.31a FASM v1.5x UPX$HiT v0.0.1 EXECryptor V2.1X -> softcomplete.com yP v1.0b by Ashkbiz Danehkar DEF v1.0 UPXFreak 0.1 (Borland Delphi) -> HMX0101 MSLRH 0.32a (fake ASPack 2.12) -> emadicius Unnamed Scrambler 1.2B -> p0ke FreePascal 2.0.0 Win32 -> (Berczi Gabor, Pierre Muller & Peter Vreman) MPEG movie file ASProtect v?.? -> If you know this version, post on PEiD board (h2) NsPack 3.1 -> Liu Xing Ping FSG 1.20 (Eng) -> dulek/xt -> (MASM32 / TASM32) RLP V0.7.3.beta -> ap0x UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser UPX$HiT 0.0.1 -> sibaway7@yahoo.com EXECryptor 2.2.x -> SoftComplete Developement Armadillo v4.10 -> Silicon Realms Toolworks MoleBox v2.0 Armadillo 4.00.0053 -> Silicon Realms Toolworks VIRUS - I-Worm.Bagle VBOX v4.3 - v4.6 Private EXE Protector 1.8 -> SetiSoft (h) yoda's Protector 1.0b -> Ashkbiz Danehkar (h) VProtector -> vcasm PEZip v1.0 by BaGIE MSLRH v0.1 -> emadicius Morphine 3.3 -> Silent Software & Silent Shield (c)2005 (h) NsPack 3.1 -> North Star (h) EP 1.0 aPack v0.98b [exe] FreeJoiner Small (build 014/015) -> GlOFF PAV.Cryptor (Pawning AntiVirus Cryptor) -> masha_dev Crunch 5 -> Bit-Arts Elicense System V4.0.0.0 -> ViaTech Inc X-Hider 1.0 -> GlobaL Pelles C 2.90, 3.00, 4.00 DLL (X86 CRT-LIB) Upack v0.36 alpha -> Sign by hot_UNP MEW 11 SE 1.2 Morphine 2.7 -> Holy_Father & Ratter/29A Celsius Crypt 2.1 -> Z3r0 Upack 0.36 beta -> Dwing Armadillo 4.30 - 4.40 -> Silicon Realms Toolworks Private exe Protector V1.8X-V1.9X -> SetiSoft Team PESpin 1.304 -> Cyberbob (h) MSLRH 0.32a (fake MSVC++ DLL Method 4) -> emadicius aPack v0.98 -m EncryptPE V2.2006.7.10 -> WFS ASProtect SKE 2.1/2.2 (dll) -> Alexey Solodovnikov (h) MSLRH 0.32a (fake ASPack 2.11d) -> emadicius MSLRH 0.32a (fake PE Crypt 1.02) -> emadicius ChinaProtect -> dummy ! Sign by fly PECompact v2.00 alpha 38 CALS Raster graphics format UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser MSLRH v32a -> emadicius nMacro recorder 1.0 PDS graphics file format MSLRH 0.32a (fake UPX 0.89.6 - 1.02 / 1.05 - 1.24) -> emadicius Upack v0.37 ~ v0.38 Beta (Strip base relocation table Option)-> Sign by hot_UNP MSLRH 0.32a (fake PEBundle 0.2 - 3.x) -> emadicius IMP-Packer 1.0 -> Mahdi Hezavehi [IMPOSTER CipherWall Self-Extrator/Decryptor (GUI) 1.5 PUNiSHER 1.5 (DEMO) -> FEUERRADER/AHTeam BamBam 0.01 Fuck'n'Joy 1.0c -> UsAr PECompact 2.00 alpha 38 MEW 10 by Northfox yoda's Protector v1.03.2 by Ashkbiz Danehkar HASP HL Protection 1.X -> Aladdin Exe Guarder 1.8 -> Exeicon.com (h) EXECryptor 2.3.9 DLL (minimum protection) -> www.strongbit.com Morphine v2.7 -> Holy_Father & Ratter/29A PE-Armor 0.760-0.765 -> hying Patch Creation Wizard 1.2 Seek and Destroy Patch EXECryptor 2.xx (compressed resources) -> www.strongbit.com * Sign.By.haggar Upack v0.39 final -> Sign by hot_UNP R!SC's Process Patcher v1.4 EXE Stealth 2.74 EXE Stealth 2.73 DiskDupe (c) MSD Configuration file PESPin 1.3 -> Cyberbob (h) EXECryptor 2.2.6 (minimum protection) -> www.strongbit.com FSG 1.20 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++) hmimys-Packer 1.0 -> hmimys Petite 1.3 Petite 1.4 EXEÎļþºÏ²¢Æ÷ -> Liuli Upack v0.29 Beta ~ v0.31 Beta -> Sign by hot_UNP Amiga AIFF 8SFX Audio file ASProtect v2.0 Crunch 4 ORiEN 2.11 - 2.12 -> Fisun Alexander PEQuake 0.06 by fORGAT MaskPE 1.6 -> yzkzero CorelDraw 8 CDR Graphics format eXPressor 1.2 -> CGSoftLabs (h) MoleBox v2.5.4 -> Teggo ASProtect 2.3 SKE build 04.26 Beta nBinder v4.0 FSG 1.00 (Eng) -> dulek/xt NTkrnl Secure Suite V0.1 -> NTkrnl Software ! Sign by fly eXPressor 1.2.0b VProtector V1.3X -> vcasm vprotector 1.2 -> vcasm PEQuake v0.06 by fORGAT PECompact 2.0beta/student version -> Jeremy Collake Unnamed Scrambler 2.1(Beta) / 2.1.1 -> p0ke Erdas LAN/GIS Image graphics format PKLITE32 v1.1 ORiEN V1.X-V2.X -> Fisun A.V. ! Sign by fly Upack v0.37 ~ v0.38 Beta (Strip base relocation table Option) -> Sign by hot_UNP SimplePack 1.2.build.30.09 (Method2) -> bagie ExeSplitter 1.3 (Split Method) -> Bill Prisoner / TPOC Morphine 3.3 -> Holy_Father & Ratter/29A PrincessSandy 1.0 eMiNENCE Process Patcher Patch FSG 1.3 ASProtect 1.23 RC4 build 08.07 (exe) -> Alexey Solodovnikov (h) EmbedPE V1.00-V1.24 -> cyclotron ! Sign by fly Unnamed Scrambler 1.0 -> p0ke Upack v0.32 Beta (Patch) -> Sign by hot_UNP TPPpack-> clane EXECryptor 2.0/2.1 (protected IAT) -> www.strongbit.com * Sign.By.haggar ASProtect SKE 2.1x (exe) -> Alexey Solodovnikov (h) VPacker -> ttui ! Sign by fly USSR V0.31 -> SpiritST ! Sign by fly MEW 11 SE v1.1 Launcher Generator v1.03 eXpressor v1.0 -> CGSoftLabs PESpin v1.1 by cyberbob MoleBox v2.3.0 -> Teggo yC v1.3 by Ashkbiz Danehkar MSLRH 0.32a (fake yoda's cryptor 1.2) -> emadicius Morphine v3.3 -> Silent Software & Silent Shield (c)2005 (h) Upack 0.28 - 0.399 (relocated image base - Delphi, .NET, DLL or something else -> Dwing (h) Setup Factory 6.0.0.3 Setup Launcher Matrix Dongle -> TDi GmbH ARM Protector 0.1 by SMoKE Safe 2.0 RLP V0.7.3.beta -> ap0x ! Sign by fly eXcalibur v1.03 -> forgot/us (h) Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-LIB) SimplePack V1.1X (Method2) -> bagie NsPack 2.3 -> Liu Xing Ping Fly-Crypter 1.0 -> ut1lz DzA Patcher 1.3 Loader FakeNinja v2.8 (Anti-Debug) -> Spirit |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
Contains references to mining pools:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to SHA1
Uses constants related to RC5 or RC6 Uses constants related to TEA |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 33/61 (Scanned on 2017-05-27 19:51:50) |
MicroWorld-eScan:
Trojan.GenericKD.5098512
nProtect: Trojan-Exploit/W32.BypassUAC.2008064 McAfee: Artemis!0DC736990899 VIPRE: Trojan.Win32.Generic!BT K7GW: Riskware ( 0040eff71 ) K7AntiVirus: Riskware ( 0040eff71 ) Arcabit: Trojan.Generic.D4DCC10 TrendMicro: JOKE_CYBERAVI Baidu: Win32.Backdoor.KewS.a Symantec: Trojan.Gen.8!cloud TrendMicro-HouseCall: TROJ_GEN.R047H09EN17 Paloalto: generic.ml ClamAV: Win.Trojan.Merong-1 GData: Trojan.GenericKD.5098512 Kaspersky: Exploit.Win32.BypassUAC.brg BitDefender: Trojan.GenericKD.5098512 Avast: Krile-5880 Ad-Aware: Trojan.GenericKD.5098512 F-Secure: Trojan.GenericKD.5098512 Zillya: Exploit.BypassUAC.Win32.314 McAfee-GW-Edition: Artemis!Trojan Emsisoft: Trojan.GenericKD.5098512 (B) Cyren: W64/Trojan.MHUX-6302 AegisLab: Exploit.W32.Bypassuac!c ZoneAlarm: Exploit.Win32.BypassUAC.brg AhnLab-V3: Trojan/Win32.BypassUAC.C1947260 ALYac: Trojan.Agent.BypassUAC AVware: Trojan.Win32.Generic!BT Tencent: Win32.Virus.Sality.Jml Ikarus: Exploit.Win32.BypassUAC Fortinet: W32/BypassUAC.BRG!exploit Panda: Trj/CI.A CrowdStrike: malicious_confidence_88% (D) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x110 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 9 |
TimeDateStamp | 2017-May-11 11:57:16 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x5ba00 |
SizeOfInitializedData | 0x190600 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000001B27 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x1f2000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
ExpandEnvironmentStringsW
CreateFileW WriteFile CloseHandle LoadResource LockResource SizeofResource FindResourceA FlushFileBuffers SetFilePointerEx GetConsoleMode GetConsoleCP IsDebuggerPresent RaiseException MultiByteToWideChar WideCharToMultiByte RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead GetStartupInfoW GetModuleHandleW GetLastError HeapAlloc HeapFree GetProcessHeap VirtualQuery FreeLibrary GetProcAddress RtlUnwindEx InterlockedPushEntrySList InterlockedFlushSList GetModuleFileNameW LoadLibraryExW SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree GetStdHandle GetModuleFileNameA ExitProcess GetModuleHandleExW GetACP GetCurrentThread OutputDebugStringA OutputDebugStringW WaitForSingleObjectEx CreateThread FindClose FindFirstFileExA FindFirstFileExW FindNextFileA FindNextFileW IsValidCodePage GetOEMCP GetCPInfo GetCommandLineA GetCommandLineW GetEnvironmentStringsW FreeEnvironmentStringsW SetEnvironmentVariableA SetEnvironmentVariableW GetDateFormatW GetTimeFormatW CompareStringW LCMapStringW GetLocaleInfoW IsValidLocale GetUserDefaultLCID EnumSystemLocalesW SetStdHandle GetFileType GetStringTypeW SetConsoleCtrlHandler HeapSize HeapReAlloc WriteConsoleW |
---|---|
ole32.dll |
CoCreateInstance
CoUninitialize CoInitialize |
Size | 0x94 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140078000 |
XOR Key | 0xc00f8072 |
---|---|
Unmarked objects | 0 |
241 (40116) | 4 |
243 (40116) | 120 |
242 (40116) | 13 |
ASM objects (VS2015 UPD3 build 24123) | 7 |
C++ objects (VS2015 UPD3 build 24123) | 34 |
C objects (VS2015 UPD3 build 24123) | 18 |
208 (65501) | 1 |
Imports (65501) | 5 |
Total imports | 94 |
C++ objects (VS2015 UPD3.1 build 24215) | 1 |
Resource objects (VS2015 UPD3 build 24210) | 1 |
151 | 1 |
Linker (VS2015 UPD3.1 build 24215) | 1 |