Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2014-Jun-25 22:58:59 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. | 32 bytes of data starting at offset 0x5600. |
Malicious | VirusTotal score: 32/49 (Scanned on 2014-07-26 22:21:03) |
nProtect:
Trojan-Spy/W32.Agent.22048
McAfee: VTFlooder!101AF013BD6E K7AntiVirus: Trojan ( 0049c30b1 ) K7GW: Trojan ( 0049c30b1 ) TheHacker: Trojan/Agent.wbx NANO-Antivirus: Trojan.Win32.ATRAPS.dbpzhw F-Prot: W32/A-887abf0f!Eldorado Symantec: Trojan.Gen Avast: Win32:Trojan-gen ClamAV: Win.Trojan.Agent-748115 Kaspersky: Trojan-Spy.Win32.Agent.cpyi BitDefender: DeepScan:Generic.Malware.FP!dldPk!.A3F6BED5 SUPERAntiSpyware: Trojan.Agent/Gen-Atraps Ad-Aware: DeepScan:Generic.Malware.FP!dldPk!.A3F6BED5 Comodo: TrojWare.Win32.Agent.WBX F-Secure: DeepScan:Generic.Malware.FP!dldPk!.A3F6BED5 DrWeb: BackDoor.Spy.2465 VIPRE: Trojan.Win32.Generic!BT AntiVir: TR/ATRAPS.A.1755 McAfee-GW-Edition: VTFlooder!101AF013BD6E Emsisoft: DeepScan:Generic.Malware.FP!dldPk!.A3F6BED5 (B) Antiy-AVL: Trojan/Win32.TSGeneric Microsoft: Trojan:Win32/Vflooder.C AhnLab-V3: Trojan/Win32.Agent GData: DeepScan:Generic.Malware.FP!dldPk!.A3F6BED5 ByteHero: Trojan.Win32.Heur.Gen ESET-NOD32: a variant of Win32/Agent.WBX Ikarus: Trojan.Win32.Agent Fortinet: W32/Agent.WBX!tr AVG: Agent4.BXTX Panda: Trj/Genetic.gen Qihoo-360: Malware.QVM20.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2014-Jun-25 22:58:59 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x3800 |
SizeOfInitializedData | 0x1c00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00003960 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x5000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x8000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
CreateFileW
FindFirstFileW FindClose FindNextFileW GetWindowsDirectoryW WaitForSingleObject GetModuleHandleW GetTickCount Sleep CreateProcessA GetModuleFileNameW GetStartupInfoA ReadFile GetFileSize DeleteFileA CreateThread GetProcAddress LoadLibraryA GetCurrentProcess GetLastError GetSystemInfo GetModuleHandleA GlobalAlloc GlobalFree GetTempFileNameA CreateFileA CloseHandle GetVersionExA CreateToolhelp32Snapshot GetDiskFreeSpaceA HeapReAlloc Process32Next GetCurrentDirectoryW GetSystemDirectoryA GetFileAttributesW GetVolumeInformationA OpenProcess GetDriveTypeA GetLogicalDrives Process32First GetDriveTypeW GetComputerNameA GetProcessHeap HeapFree HeapAlloc GetTempPathA |
---|---|
USER32.dll |
GetWindowRect
GetWindowDC ReleaseDC GetDesktopWindow |
GDI32.dll |
CreateDIBSection
CreateCompatibleDC DeleteObject DeleteDC BitBlt SelectObject |
ADVAPI32.dll |
GetTokenInformation
OpenProcessToken GetUserNameA CreateWellKnownSid CheckTokenMembership DuplicateToken |
SHELL32.dll |
SHGetFolderPathW
#680 |
ole32.dll |
CreateStreamOnHGlobal
|
ntdll.dll |
_snwprintf
_wcsicmp sprintf memcpy memset |
WININET.dll |
InternetReadFile
InternetSetOptionA HttpOpenRequestA HttpSendRequestA InternetOpenA InternetCloseHandle HttpQueryInfoA InternetConnectA |
IPHLPAPI.DLL |
GetAdaptersInfo
|
gdiplus.dll |
GdipSaveImageToStream
GdipGetImageEncodersSize GdipDisposeImage GdipCreateBitmapFromHBITMAP GdipGetImageEncoders GdiplusStartup |
PSAPI.DLL |
GetModuleFileNameExA
|
MPR.dll |
WNetCloseEnum
WNetOpenEnumW WNetEnumResourceW |
XOR Key | 0x7f4c89dc |
---|---|
Unmarked objects | 0 |
Imports (VS2003 (.NET) build 4035) | 2 |
Imports (VS2008 SP1 build 30729) | 23 |
Total imports | 104 |
175 (VS2010 build 30319) | 13 |
Linker (VS2010 build 30319) | 1 |