Manalyze report for 167f8bf0459b32d81e4285af1a2305fc

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2009-Sep-23 01:45:03
Detected languages	English - United States
Comments	Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
CompanyName	Apache Software Foundation
FileDescription	ApacheBench command line utility
FileVersion	`2.2.14`
InternalName	ab.exe
LegalCopyright	Copyright 2009 The Apache Software Foundation.
OriginalFilename	ab.exe
ProductName	Apache HTTP Server
ProductVersion	`2.2.14`

Plugin Output

Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Leverages the raw socket API to access the Internet: WSARecv WSASend`
Malicious	VirusTotal score: 41/55 (Scanned on 2016-07-12 16:54:56)	`MicroWorld-eScan: Backdoor.Shell.AC` `nProtect: Backdoor.Shell.AC` `CAT-QuickHeal: Trojan.Swrort.A` `McAfee: Swrort.d` `Malwarebytes: Backdoor.Bot.Gen` `VIPRE: Trojan.Win32.Swrort.B (v)` `K7GW: Backdoor ( 04c51d011 )` `K7AntiVirus: Backdoor ( 04c51d011 )` `Baidu: Win32.Trojan.WisdomEyes.151026.9950.9999` `F-Prot: W32/Swrort.A.gen!Eldorado` `Symantec: Packed.Generic.347` `ESET-NOD32: a variant of Win32/Rozena.AM` `TrendMicro-HouseCall: TROJ_SWRORT.SMCA` `Avast: Win32:SwPatch [Wrm]` `ClamAV: Win.Trojan.MSShellcode-8` `Kaspersky: Packed.Win32.BDF.a` `BitDefender: Backdoor.Shell.AC` `NANO-Antivirus: Trojan.Win32.Swrort.uhpfc` `Ad-Aware: Backdoor.Shell.AC` `Sophos: Mal/Swrort-C` `Comodo: TrojWare.Win32.Rozena.A` `F-Secure: Backdoor.Shell.AC` `DrWeb: Trojan.Swrort.1` `TrendMicro: TROJ_SWRORT.SMCA` `McAfee-GW-Edition: Swrort.d` `Emsisoft: Backdoor.Shell.AC (B)` `Cyren: W32/Swrort.A.gen!Eldorado` `Avira: TR/Crypt.XPACK.Gen2` `Fortinet: W32/Swrort.C!tr` `Antiy-AVL: Trojan[:HEUR]/Win32.AGeneric` `Arcabit: Backdoor.Shell.AC` `AegisLab: Backdoor.W32.Gen.lEkc` `AhnLab-V3: Trojan/Win32.Shell.R1283` `Microsoft: Trojan:Win32/Swrort.A` `ALYac: Backdoor.Shell.AC` `AVware: Trojan.Win32.Swrort.B (v)` `Yandex: Trojan.Rosena.Gen.1` `Ikarus: Exploit.PDF` `GData: Backdoor.Shell.AC` `AVG: Win32/Heur` `Panda: Generic Suspicious`

Hashes

MD5	`167f8bf0459b32d81e4285af1a2305fc`
SHA1	`60f2d6d6cb55a9248629b2a0ea82a1fcbff32cd8`
SHA256	`547f959c5dc272ea8f59e44bab776096262922ddb0c975e338141b65d8ef6e45`
SHA3	`446bfa6934bdb2f0c1020114d7702146a8a97303fb37cab96c6b1ec4ceedfc71`
SSDeep	`384:IdmbFPObrx9PA8DteDzuscUHH06zfAdYRcWmU5q3:IdpXP94DzdTCQq3`
Imports Hash	`4c6e5b9cc5b626d38b0b4a6780d021dc`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2009-Sep-23 01:45:03
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0xb000`
SizeOfInitializedData	`0xa000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000BEB2 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xc000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x16000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5d08107e5347bc4850957dd8d9be6fdc`
SHA1	`79b4a7c6844e056915afd4ae6ba866450cb9d08a`
SHA256	`280da83faa92f9a1bb0ab0583e0428eb5eff4209d690b010a9eaa18de157a977`
SHA3	`6a0d585ea82e6bad0fc33729b7f55f2ebc5dd1e14dbfdd0d84578a4b44c4e1ad`
VirtualSize	`0xa966`
VirtualAddress	`0x1000`
SizeOfRawData	`0xb000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`1.66371`

.rdata

MD5	`2e3e9740d0defee103a448d03a09adc7`
SHA1	`6da5a7c46a485da2e83848e89ce3fb42d6094ba1`
SHA256	`4074709813a9e829c385c8f08342af1c55f56066a991a86dcd7a3d13970e6ea1`
SHA3	`284e7c7b524902f472fc969720f40fc15ba4e9c4390f61ed6ef2f1f9ed3ddc86`
VirtualSize	`0xfe6`
VirtualAddress	`0xc000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xc000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.75484`

.data

MD5	`ce338fe6899778aacfc28414f2d9498b`
SHA1	`897256b6709e1a4da9daba92b6bde39ccfccd8c1`
SHA256	`4fe7b59af6de3b665b67788cc2f99892ab827efae3a467342b3bb4e3bc8e5bfe`
SHA3	`e95e7ae1d380908a4d3af10dfe53abc3dbe538b60df1117482b2738adbc20418`
VirtualSize	`0x705c`
VirtualAddress	`0xd000`
SizeOfRawData	`0x4000`
PointerToRawData	`0xd000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`c13a9413aea7291b6fc85d75bfcde381`
SHA1	`2e051ef30946f9bed1931d1f9dde3ebdb9b99b89`
SHA256	`77d4d9b7bcf6235ac21dc6b2569ecc9c3a854539e23d8b939078d4ce151baae0`
SHA3	`620378dff7f5fa3d0b3d5417b589a509dd0cb5902c34fcac6034e8bd2d6e626a`
VirtualSize	`0x7c8`
VirtualAddress	`0x15000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x11000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.9583`

Imports

MSVCRT.dll	`_iob` `_except_handler3` `__set_app_type` `__p__fmode` `__p__commode` `_adjust_fdiv` `__setusermatherr` `_initterm` `__getmainargs` `__p___initenv` `_XcptFilter` `_exit` `_onexit` `__dllonexit` `strrchr` `wcsncmp` `_close` `wcslen` `wcscpy` `strerror` `modf` `strspn` `realloc` `__p__environ` `__p__wenviron` `_errno` `free` `strncmp` `strstr` `strncpy` `_ftol` `qsort` `fopen` `perror` `fclose` `fflush` `calloc` `malloc` `signal` `printf` `_isctype` `atoi` `exit` `__mb_cur_max` `_pctype` `strchr` `fprintf` `_controlfp` `_strdup` `_strnicmp`
KERNEL32.dll	`PeekNamedPipe` `ReadFile` `WriteFile` `LoadLibraryA` `GetProcAddress` `GetVersionExA` `GetExitCodeProcess` `TerminateProcess` `LeaveCriticalSection` `SetEvent` `ReleaseMutex` `EnterCriticalSection` `DeleteCriticalSection` `InitializeCriticalSection` `CreateMutexA` `GetFileType` `SetLastError` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GlobalFree` `GetCommandLineW` `TlsAlloc` `TlsFree` `DuplicateHandle` `GetCurrentProcess` `SetHandleInformation` `CloseHandle` `GetSystemTimeAsFileTime` `FileTimeToSystemTime` `GetTimeZoneInformation` `FileTimeToLocalFileTime` `SystemTimeToFileTime` `SystemTimeToTzSpecificLocalTime` `Sleep` `FormatMessageA` `GetLastError` `WaitForSingleObject` `CreateEventA` `SetStdHandle` `SetFilePointer` `CreateFileA` `CreateFileW` `GetOverlappedResult` `DeviceIoControl` `GetFileInformationByHandle` `LocalFree`
ADVAPI32.dll	`FreeSid` `AllocateAndInitializeSid`
WSOCK32.dll	`#7` `#4` `#9` `#52` `#14` `#12` `#21` `#23` `#3` `#18` `#10` `#151` `#115` `#116` `#111`
WS2_32.dll	`WSARecv` `WSASend`

Delayed Imports

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x768`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.49991`
MD5	`ddfda397f78597f8a3a40b972300dc26`
SHA1	`1e92b61cf6c7f7d73422bb7a2c0c335a7e459a7d`
SHA256	`465417d96548ce85076f6509efac41e5ad02fee2b8f712416e8b6aa08d93c494`
SHA3	`d057bd49bc4c303fa2411089f9681ec0f7baa4225cc802200eb9508872771603`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.2.14.0
ProductVersion	2.2.14.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
CompanyName	Apache Software Foundation
FileDescription	ApacheBench command line utility
FileVersion (#2)	2.2.14
InternalName	ab.exe
LegalCopyright	Copyright 2009 The Apache Software Foundation.
OriginalFilename	ab.exe
ProductName	Apache HTTP Server
ProductVersion (#2)	2.2.14

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read PDB file information of invalid magic number.