Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2016-Jul-20 19:20:25 |
Detected languages |
English - United States
|
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 45/69 (Scanned on 2019-10-06 23:27:17) |
MicroWorld-eScan:
Trojan.Agent.CNUW
FireEye: Trojan.Agent.CNUW McAfee: RDN/Generic BackDoor.lm Zillya: Backdoor.Agent.Win64.319 Alibaba: Backdoor:Win64/Tarply.52e24f1c K7GW: Riskware ( 0040eff71 ) K7AntiVirus: Riskware ( 0040eff71 ) Symantec: Backdoor.Trojan APEX: Malicious Avast: Win64:Malware-gen Kaspersky: HEUR:Backdoor.Multi.RGDoor.gen BitDefender: Trojan.Agent.CNUW NANO-Antivirus: Trojan.Win64.Generic.euotfy Paloalto: generic.ml AegisLab: Trojan.Multi.RGDoor.4!c Tencent: Win32.Backdoor.Rgdoor.Jcv Endgame: malicious (high confidence) Emsisoft: Trojan.Agent.CNUW (B) F-Secure: Backdoor.BDS/Agent.xdjbk DrWeb: BackDoor.Siggen2.2328 VIPRE: Trojan.Win32.Generic!BT TrendMicro: BKDR64_RGDOOR.ZIFB-A McAfee-GW-Edition: RDN/Generic BackDoor.lm Fortinet: W64/Agent.MW!tr.bdr Sophos: Troj/Agent-AYHV Jiangmin: Backdoor.Agent.bdb Avira: BDS/Agent.xdjbk MAX: malware (ai score=100) Antiy-AVL: Trojan[Backdoor]/Win64.Agent Arcabit: Trojan.Agent.CNUW ZoneAlarm: HEUR:Backdoor.Multi.RGDoor.gen Microsoft: Backdoor:Win64/Tarply.A!dha AhnLab-V3: Backdoor/Win64.Agent.C2338465 ALYac: Trojan.Agent.CNUW VBA32: Backdoor.Win64.Agent Cylance: Unsafe ESET-NOD32: Win64/Agent.DO TrendMicro-HouseCall: BKDR64_RGDOOR.ZIFB-A Yandex: Backdoor.Agent!/5uwqBoxk50 Ikarus: Backdoor.Win64.Agent MaxSecure: Trojan.Malware.11994605.susgen GData: Trojan.Agent.CNUW Ad-Aware: Trojan.Agent.CNUW AVG: Win64:Malware-gen Qihoo-360: Win32/Trojan.a36 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 6 |
TimeDateStamp | 2016-Jul-20 19:20:25 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 12.0 |
SizeOfCode | 0x1fe00 |
SizeOfInitializedData | 0x16e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000000A474 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x180000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.2 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x3a000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
OutputDebugStringA
DebugBreak EncodePointer DecodePointer EnterCriticalSection LeaveCriticalSection DeleteCriticalSection WideCharToMultiByte MultiByteToWideChar GetStringTypeW GetLastError HeapFree CloseHandle DuplicateHandle GetCurrentProcess CreateProcessA IsDebuggerPresent IsProcessorFeaturePresent GetCommandLineA GetCurrentThreadId RtlPcToFileHeader RaiseException RtlLookupFunctionEntry RtlUnwindEx HeapAlloc GetCPInfo RtlCaptureContext RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter SetLastError InitializeCriticalSectionAndSpinCount Sleep TerminateProcess TlsAlloc TlsGetValue TlsSetValue TlsFree GetStartupInfoW GetModuleHandleW GetProcAddress CompareStringW LCMapStringW GetLocaleInfoW IsValidLocale GetUserDefaultLCID EnumSystemLocalesW GetStdHandle GetFileType GetProcessHeap ExitProcess GetModuleHandleExW AreFileApisANSI WaitForSingleObject GetExitCodeProcess CreatePipe ReadFile SetFilePointerEx FlushFileBuffers WriteFile GetConsoleCP GetConsoleMode IsValidCodePage GetACP GetOEMCP HeapSize GetModuleFileNameA QueryPerformanceCounter GetCurrentProcessId GetSystemTimeAsFileTime GetEnvironmentStringsW FreeEnvironmentStringsW GetModuleFileNameW HeapReAlloc LoadLibraryExW GetFileAttributesExW SetStdHandle ReadConsoleW WriteConsoleW OutputDebugStringW CreateFileW SetEnvironmentVariableA SetEndOfFile |
---|
Ordinal | 1 |
---|---|
Address | 0x3320 |
Size | 0x70 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x1800318a8 |
XOR Key | 0xf6a15252 |
---|---|
Unmarked objects | 0 |
ASM objects (20806) | 12 |
C++ objects (20806) | 69 |
C objects (20806) | 214 |
Imports (VS2008 SP1 build 30729) | 3 |
Total imports | 93 |
229 (VS2013 UPD4 build 31101) | 1 |
Exports (VS2013 UPD4 build 31101) | 1 |
Resource objects (VS2013 build 21005) | 1 |
Linker (VS2013 UPD4 build 31101) | 1 |