16fdcb13438224dfe36d9889671fe641

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2014-Oct-13 07:41:02
Detected languages Chinese - PRC
Comments
CompanyName Net.Soft Studio
FileDescription P2P终结者辅助模块
FileVersion 1, 0, 0, 9
InternalName adbrowser
LegalCopyright 版权所有 (C) 2012
LegalTrademarks
OriginalFilename adbrowser.EXE
PrivateBuild 20120830.01
ProductName adbrowser
ProductVersion 1, 0, 0, 9
SpecialBuild

Plugin Output

Info Matching compiler(s): Microsoft Visual C++
Microsoft Visual C++ v6.0
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Suspicious The file contains overlay data. 373 bytes of data starting at offset 0x1b800.
Malicious VirusTotal score: 52/65 (Scanned on 2018-05-19 02:34:51) Bkav: W32.eHeur.Malware10
MicroWorld-eScan: DeepScan:Generic.Rincux2.84184404
CAT-QuickHeal: Trojan.Aksula.A
McAfee: BackDoor-FCGT!16FDCB134382
Cylance: Unsafe
Zillya: Trojan.Dialer.Win32.20400
AegisLab: Packer.W32.Krap.lbym
TheHacker: Trojan/Farfli.bgp
K7GW: Trojan ( 0040f7ad1 )
K7AntiVirus: Trojan ( 0040f7ad1 )
Arcabit: DeepScan:Generic.Rincux2.84184404
Invincea: heuristic
Baidu: Win32.Trojan.Farfli.bg
NANO-Antivirus: Trojan.Win32.TrjGen.csulmd
Symantec: ML.Attribute.HighConfidence
ESET-NOD32: a variant of Win32/Farfli.ARD
TrendMicro-HouseCall: BKDR_ZEGOST.SML
Kaspersky: Backdoor.Win32.Farfli.alus
BitDefender: DeepScan:Generic.Rincux2.84184404
Babable: Malware.HighConfidence
SUPERAntiSpyware: Trojan.Agent/Gen-Zegost
Ad-Aware: DeepScan:Generic.Rincux2.84184404
Emsisoft: DeepScan:Generic.Rincux2.84184404 (B)
Comodo: TrojWare.Win32.Kryptik.BPVQ
F-Secure: DeepScan:Generic.Rincux2.84184404
DrWeb: BackDoor.Zegost.595
VIPRE: BehavesLike.Win32.Malware.wsc (mx-v)
TrendMicro: BKDR_ZEGOST.SML
McAfee-GW-Edition: BackDoor-FCGT!16FDCB134382
Sophos: Troj/Zegost-CV
Ikarus: Backdoor.Win32.Zegost
Jiangmin: Trojan/Dialer.one
Avira: BDS/Zegost.Gen
Fortinet: W32/Farfli.PZ!tr
Endgame: malicious (high confidence)
Microsoft: Backdoor:Win32/Zegost
ZoneAlarm: Backdoor.Win32.Farfli.alus
AhnLab-V3: Trojan/Win32.Scar.R65072
ALYac: DeepScan:Generic.Rincux2.84184404
AVware: BehavesLike.Win32.Malware.wsc (mx-v)
MAX: malware (ai score=87)
VBA32: BScope.TrojanDDoS.Macri
Malwarebytes: Backdoor.Staser
Panda: Trj/Genetic.gen
Zoner: Trojan.Farfli.BGP
Tencent: Win32.Backdoor.Farfli.Eaxx
Yandex: Trojan.Kryptik!T9L6QycFKL4
SentinelOne: static engine - malicious
GData: DeepScan:Generic.Rincux2.84184404
AVG: Win32:Farfli-CF [Cryp]
Avast: Win32:Farfli-CF [Cryp]
Qihoo-360: Win32/Backdoor.Agent.ZX

Hashes

MD5 16fdcb13438224dfe36d9889671fe641
SHA1 f67516c6e64934730615e1d0801259d4bab5ddfe
SHA256 7c55a3a092734978028722b69df1176d68bca7c89e25c88862391511e0a3be50
SHA3 38a2f976bb5b14978f15ac9999fce9823401a7a825c5780e89404f3abf33aa55
SSDeep 1536:1MjX3OTeykPfzSSv1vLNnodzzM5BY+9+hk+6DIQDqRLmysqaPWVD9yh:1MyC/z11Noz+YqHkJLmys9Wryh
Imports Hash ee349f2838eb4a8578b72443c467a36e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 2
TimeDateStamp 2014-Oct-13 07:41:02
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0
SizeOfInitializedData 0x1b400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000161D0 (Section: .data)
BaseOfCode 0x1000
BaseOfData 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1d000
SizeOfHeaders 0x400
Checksum 0x2b03d
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.data

MD5 3ad4690cd0c1e8b873081737547dc770
SHA1 3fad9642cf9f859ded0113c2986732965fd4e364
SHA256 ef6b6eb03bed7c1fa77c3997b39c92d17d458d4ae09d464105d9c496d3be1430
SHA3 e03d005749dfe44b5017b8e103b7bef566ad2c6a114a589f02a3632d086efb2e
VirtualSize 0x1552e
VirtualAddress 0x1000
SizeOfRawData 0x15600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.86214

.rsrc

MD5 e3e08d0e3d4aff5e7afc6a25e6854665
SHA1 93f48889390c5048b06736fb385a80032d2db402
SHA256 79cf5b2ef2c98d6cffea13845ad46fe115c4d25b929971ec54421b663ea13aea
SHA3 2f15ef2b7635ce1beedf768be3f089fe84c63819a2c8850377dd8bf8dbfee942
VirtualSize 0x5c54
VirtualAddress 0x17000
SizeOfRawData 0x5e00
PointerToRawData 0x15a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.57782

Imports

KERNEL32.dll GetProcAddress
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetStartupInfoA
MSVCRT.dll exit
_acmdln
__getmainargs
_XcptFilter
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_exit
_initterm

Delayed Imports

1

Type RT_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.81933
MD5 388452493d8e3b29bcf1443e884dca8d
SHA1 50a84c059f70124a023782aea1e090642026bd4a
SHA256 819458e01761ce623694e28befc8c704f04d14eae75e2507693bca3c5e467fdd
SHA3 c057cd8d30d249571ad5be1569caee6e8d0b3e9400ca5dd7c421cab4e35689a6

2

Type RT_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.16365
MD5 2f2ada16a2c53b0f4d833719822b1470
SHA1 d1a3cc35b033fef5241cf1a003e77e602cf27910
SHA256 a361c009bbcd5c470b2429b1f3aba0db5024032c656ee3d92b08e561be935ccd
SHA3 ed28a5a1644fb39925db861c5805f2dd96e45cfdbb8bb7b98b948d1870e4b526

3

Type RT_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.83893
MD5 19cc008f22a7a9428b4d2b4eb515965f
SHA1 85fbe64f448a59aa18c00b04ce99eba9d84776a5
SHA256 0bfa102fddb94f9c56ac987b820043a393db20328a5d633eb4ccf63323de814e
SHA3 bbe1f747496c11a2aa0b450b34102ab0c1352cb9f8592db6743b9ad7c445d68f

4

Type RT_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.16757
MD5 25e712f09af4e0b277b66e5f9a7c0748
SHA1 cdb0bc9699f7362ed463540fce0f6373f6754c6d
SHA256 d493a66e03fa8a164637e1701fda9074c1bf9bdc98ea2a0026b0b33872e3b248
SHA3 61f9dad80f78fecaf617ba942aba78c13c03343e06044dad5e55297c70d1a474

5

Type RT_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0xca8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.66552
MD5 5e78141ae854a18b35dcb641e260939a
SHA1 262644db4425d8ac7b6d45f5ae3674b1f3f26594
SHA256 d62d3f2f9389079e9ae184893b9c54dc93f1abd872d884ed1e7806af276255a1
SHA3 c08ae2460d6a39f6865932ccd10810736ca237eb8abbe71a275a04a8ad791bc9

6

Type RT_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.60988
MD5 83d5d965387ccd8ae8c455e932f99db2
SHA1 6ef13a9de018fc8ee2efacfdb455a19b4147e3de
SHA256 f381c24038c36e1b9a7116256fdaff388c1ce2a3c94965abf0a14935fad92a92
SHA3 06058a89ad4d019437ee56c07fd25c9ff0cb5b92bb44eab787ceda37602edc6d

7

Type RT_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.58263
MD5 ad811b9a49d0ff34ec87f8ec98510ae6
SHA1 323e5132c76c8d442f942f014636714d42941992
SHA256 5c92b455cccc9b4981f1451f6c77ddfb23fce0e4a0946f7200cb150db602e314
SHA3 86a79ca16974a094eab6b4c1bd96654ab8ea445fd3f50d9d09095bfc77e0025d

102

Type RT_GROUP_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x5a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.78526
Detected Filetype Icon file
MD5 2505b162672e2f82dacf2f73f7847e37
SHA1 6f04bc41a0df3fe5ba1aa871827b77af1c830698
SHA256 795fc56b13192f7934cb19f9ca135699174073bc5c96a50671e336d81482faef
SHA3 54818336adb51d46ce76e33a2bbdf2bfa29f046812820c9e1aaf895f9e82a9d6

103

Type RT_GROUP_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.32322
Detected Filetype Icon file
MD5 5ae32d259c741094fd7321a97efab12f
SHA1 de0c9059c97a1395fffb9e9c713c69b87a2f80f3
SHA256 4420d38956c089533731669f88ae00ee4bdf4069a53932dc180b9a5a36ac6fd4
SHA3 46acabd2a8fde1e236e7bd40f606204cf74ad896f802e9e5baca1ea8d518abee

1 (#2)

Type RT_VERSION
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x354
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.56921
MD5 0ad810adab380bf2c388cef07152f6e2
SHA1 984adac6523d1ee064e36cca0c5cc3d011f72d5a
SHA256 df64636ff9529acb563303e2f856702e942bdc601a550a59c421e6e012a6963d
SHA3 2b14b6613cdfe9ef9ca518624fa65cc9ab6429312243c908b7e10a7839037987

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.1
ProductVersion 1.0.0.1
FileFlags VS_FF_PRIVATEBUILD
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language Chinese - PRC
Comments
CompanyName Net.Soft Studio
FileDescription P2P终结者辅助模块
FileVersion (#2) 1, 0, 0, 9
InternalName adbrowser
LegalCopyright 版权所有 (C) 2012
LegalTrademarks
OriginalFilename adbrowser.EXE
PrivateBuild 20120830.01
ProductName adbrowser
ProductVersion (#2) 1, 0, 0, 9
SpecialBuild
Resource LangID Chinese - PRC

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xdc822ed9
Unmarked objects 0
C objects (8047) 11
14 (7299) 1
Linker (8047) 2
Imports (VS2003 (.NET) build 4035) 3
Total imports 23
C++ objects (VS98 build 8168) 1
Resource objects (VS98 SP6 cvtres build 1736) 1

Errors

<-- -->