11f6614a6e34926e3daf1bb9baab4027

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2008-Jan-06 14:51:31

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentVersion\Run
Suspicious The PE is possibly packed. The PE only has 1 import(s).
Malicious VirusTotal score: 61/66 (Scanned on 2018-05-24 08:02:37) Bkav: W32.OnlineGameXIUB.Trojan
MicroWorld-eScan: Generic.PoisonIvy.2008F8C6
nProtect: Backdoor/W32.PoisonIvy.9728
CMC: Backdoor.Win32.Poison!O
CAT-QuickHeal: TrojanAPT.Poisonivy.D3
McAfee: BackDoor-DKI.gen
Cylance: Unsafe
VIPRE: Backdoor.Win32.Poison.Pg (v)
SUPERAntiSpyware: Trojan.Agent/Gen-Poison
TheHacker: W32/Ivy.gen
K7GW: Backdoor ( 00199f611 )
K7AntiVirus: Backdoor ( 00199f611 )
Invincea: heuristic
Baidu: Win32.Backdoor.Poison.a
F-Prot: W32/Agent.G.gen!Eldorado
Symantec: Trojan!gm
TotalDefense: Win32/SillyDl.DQU
TrendMicro-HouseCall: BKDR_POISON.DS
Avast: Win32:Agent-AAGI [Trj]
ClamAV: Win.Downloader.24568-1
Kaspersky: Backdoor.Win32.Poison.aec
BitDefender: Generic.PoisonIvy.2008F8C6
NANO-Antivirus: Trojan.Win32.Poison.dmikon
ViRobot: Backdoor.Win32.Poison.6144.B
Tencent: Backdoor.Win32.Poison.b
Ad-Aware: Generic.PoisonIvy.2008F8C6
Emsisoft: Generic.PoisonIvy.2008F8C6 (B)
Comodo: Backdoor.Win32.Poison.NAE
F-Secure: Backdoor:W32/PoisonIvy.GI
DrWeb: BackDoor.Poison.686
Zillya: Backdoor.Poison.Win32.42544
TrendMicro: BKDR_POISON.DS
McAfee-GW-Edition: BackDoor-DSS.gen.a
Sophos: Troj/Keylog-JV
SentinelOne: static engine - malicious
Cyren: W32/Agent.G.gen!Eldorado
Jiangmin: Backdoor/PoisonIvy.jh
Webroot: W32.Backdoor.Poisonivy
Avira: TR/Dropper.Gen
Fortinet: W32/Pincav.DS!tr
Antiy-AVL: Trojan[Backdoor]/Win32.Poison
Kingsoft: Win32.Hack.Poison.pg.5844
Endgame: malicious (high confidence)
Microsoft: Backdoor:Win32/Poison.CD
AegisLab: Backdoor.W32.Poison.aec!c
ZoneAlarm: Backdoor.Win32.Poison.aec
AhnLab-V3: Trojan/Win32.Poison.R2018
ALYac: Generic.PoisonIvy.2008F8C6
AVware: Backdoor.Win32.Poison.Pg (v)
MAX: malware (ai score=100)
VBA32: Backdoor.Win32.Hupigon.dguz
Malwarebytes: Backdoor.Poison
Zoner: Trojan.Poison.NAE
ESET-NOD32: Win32/Poison.NAE
Rising: Hack.Win32.Agent.fb (CLASSIC)
Yandex: Trojan.DL.CKSPost.Gen
Ikarus: Backdoor.Poisonivy
GData: Generic.PoisonIvy.2008F8C6
AVG: Win32:Agent-AAGI [Trj]
Panda: Bck/Poison.E
Qihoo-360: Backdoor.Win32.PIvy.A

Hashes

MD5 11f6614a6e34926e3daf1bb9baab4027
SHA1 83c257f6ee26a2c58dae730bbf64f58cdfdd372d
SHA256 31f0a725cb462164fa07be5665dea8a705158592e85c68e7ed910bb2022a7c1d
SHA3 b300eb6278676ba038148d1f2fb288cdcd275300b843d9027e3c55f714df5a41
SSDeep 192:8JGc1Zl2+VAfNxl1THs6xgzgVGjPlRuooL76InQAlKhFo22Xs:8JGcMJxDTHfRm6Xc
Imports Hash f9ade0aa18f660a34a4fa23392e21838

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xb0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 2
TimeDateStamp 2008-Jan-06 14:51:31
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 5.0
SizeOfCode 0x200
SizeOfInitializedData 0x2200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000208 (Section: .text)
BaseOfCode 0x200
BaseOfData 0x400
ImageBase 0x400000
SectionAlignment 0x200
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 4.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x2600
SizeOfHeaders 0x200
Checksum 0x116f4
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 9e5912d9f35aa91102fcdd5f4740ef0a
SHA1 6f3f04bde3817992a3fcb1fa9e22f1a472c0005b
SHA256 6b85472307dee17ba961a68d9791a529fee61b33ba2d727475c1d349c98e3641
SHA3 a1fb4fce9601a9dac612ea4d5592c8150a3b58f19580063b6a98e3cb023a3f72
VirtualSize 0x68
VirtualAddress 0x200
SizeOfRawData 0x200
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 0.823535

.data

MD5 3bcca56be07e2b7948e08cf9ee23044e
SHA1 2dd780c2445a5917bcf3a3c817318c120e29cf0c
SHA256 2c7d6f75c2a669e25748b2c236ce11c60a521e1fb8713d7ea5e4e8ca796c4f40
SHA3 6b9675723ba2cc3111d8b1a57ee6bd1a84a445e3edd4bb2b7b131c4fc9da3424
VirtualSize 0x2070
VirtualAddress 0x400
SizeOfRawData 0x2200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.23381

Imports

kernel32.dll ExitProcess

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x89a56ef9
Unmarked objects 0
19 (8078) 4
18 (8444) 1

Errors