18a2fb1c4e5c32b00a1c911b1c9301ad

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2012-Dec-21 20:59:46

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Can create temporary files:
  • GetTempPathA
  • CreateFileA
Suspicious The PE is possibly a dropper. Resource DLL is possibly compressed or encrypted.
Resources amount for 95.9918% of the executable.
Malicious VirusTotal score: 50/67 (Scanned on 2021-10-08 03:11:59) Bkav: W32.AIDetect.malware2
Elastic: malicious (high confidence)
MicroWorld-eScan: Dropped:Trojan.Generic.15915311
FireEye: Generic.mg.18a2fb1c4e5c32b0
CAT-QuickHeal: Riskware.Dupatcher.A4
ALYac: Dropped:Trojan.Generic.15915311
Malwarebytes: HackTool.FilePatch
Zillya: Tool.Patcher.Win32.14045
Sangfor: Suspicious.Win32.Save.a
K7AntiVirus: Trojan ( 0040f3a51 )
Alibaba: HackTool:Win32/Patcher.2440722d
K7GW: Trojan ( 0040f3a51 )
CrowdStrike: win/malicious_confidence_70% (D)
BitDefenderTheta: AI:Packer.21A5A4CA1E
Cyren: W32/Agent.EWQQ-1275
Symantec: Trojan.Gen.2
ESET-NOD32: a variant of Win32/HackTool.Patcher.AD potentially unsafe
Baidu: Win32.Trojan.Generic.f
TrendMicro-HouseCall: TROJ_GEN.R002C0PDP21
Paloalto: generic.ml
ClamAV: Win.Trojan.Agent-5330877-0
BitDefender: Dropped:Trojan.Generic.15915311
SUPERAntiSpyware: Hack.Tool/Gen-FilePatcher
APEX: Malicious
Ad-Aware: Dropped:Trojan.Generic.15915311
Emsisoft: Dropped:Trojan.Generic.15915311 (B)
Comodo: Application.Win32.HackTool.Patcher.T@8rlo7s
VIPRE: Trojan.Win32.Agent.wfn (v)
TrendMicro: TROJ_GEN.R002C0PDP21
McAfee-GW-Edition: BehavesLike.Win32.FilePatcher.nc
Sophos: Generic Patcher (PUA)
Ikarus: PUA.HackTool.Patcher
GData: Win32.Riskware.Patcher.E
eGambit: HackTool.Generic
MAX: malware (ai score=99)
Antiy-AVL: Trojan/Generic.ASMalwS.1D098
Kingsoft: Win32.HackTool.Undef.(kcloud)
Gridinsoft: Malware.Win32.GenericMC.cc
ViRobot: Trojan.Win32.Agent.754688.B
Microsoft: HackTool:Win32/Keygen
Cynet: Malicious (score: 100)
Acronis: suspicious
McAfee: FilePatcher
Cylance: Unsafe
Rising: PUF.Patcher!1.B3BB (CLASSIC)
Yandex: Trojan.Igent.bU1Rkp.12
SentinelOne: Static AI - Malicious PE
Fortinet: Riskware/GamePatcher
Webroot: W32.Hacktool.Gen
Panda: PUP/Crack

Hashes

MD5 18a2fb1c4e5c32b00a1c911b1c9301ad
SHA1 8ff7e12e8f0e01d2554f783bafdf506d08a462f4
SHA256 258cf0cf6d7445197b9e19f0fce6563d74c6554f9e1ea041d67a6e1baa0a817e
SHA3 3d07914bd9ec130fabbbe452913ddd46067ac7fc705a86038ac4b57b65d9c06b
SSDeep 1536:uuiNTG1PBVo8G7ngmvIDz9o4R/l4zH44rkPqMl20JMVZbjhcZUtgUxq:uuicvmLgmgFL/OzH3rEqMdJa7tg
Imports Hash dc73a9bd8de0fd640549c85ac4089b87

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2012-Dec-21 20:59:46
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 10.0
SizeOfCode 0x200
SizeOfInitializedData 0x16a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000102B (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x1c000
SizeOfHeaders 0x400
Checksum 0xecdd
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 4c584307e5aa70f515ee8c3d942e5f6c
SHA1 05668764efd56b4a53d8574ff9dec26b851ca07b
SHA256 9c0c821fe1c66ad45a044fec0be845fa08b96ea7b7c24e852b132a92fe08a90c
SHA3 a56964eb90adb7bd0f5c92dbd62425658cbd2b396621386f34ca3397e2a0465f
VirtualSize 0x1f6
VirtualAddress 0x1000
SizeOfRawData 0x200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.06408

.rdata

MD5 e5aa65265e17d8a1b524adbc10c0a1ad
SHA1 0e0eb11d610df253f860f9b46790f28f7477d12a
SHA256 b8af2ef3ea5c0fb35d0c846a94425f028f8cdba30eefbb401377749e0266640b
SHA3 7c0d77a4d031c3944bb719376c53cf53fc047471e027fa4f69aacd44c986f6a8
VirtualSize 0x1d8
VirtualAddress 0x2000
SizeOfRawData 0x200
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.27064

.data

MD5 f8fedf1be1122ff5cd0e5b4716311cc5
SHA1 c41831c104ced77633be9d2b09364c22a9392a73
SHA256 b23a9af37c2bfeb0bcb17555a8038d0403b12616851e58513e9135a77c84363b
SHA3 eed0f7054aa182d7497331ee77969143efb3a63e8fee1ed02e44e82494404132
VirtualSize 0x34
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.568988

.rsrc

MD5 1e6c180b5034147b9f79fa66042ed39c
SHA1 40a89af01417ca3cfea62ab9a1eb092890e63de3
SHA256 bebdd5631dacc614c45d57c96897eff0a8693d0e12652ec0a61c11576015a85b
SHA3 79287e5fe453711c0d6e244c0d22be4b91db91cde518fb7f84d43d98df664cf8
VirtualSize 0x1630c
VirtualAddress 0x4000
SizeOfRawData 0x16400
PointerToRawData 0xa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.75467

.reloc

MD5 2e6554ffc943448b686d85ad68f9ec9a
SHA1 2983937fa0491ffb874e3d5084ddc909f7b417ba
SHA256 4bb6e032bb8a0cc87b345564204b1e74d8eb2ed7665c2a1d82dcd3b3096bf885
SHA3 1037aac5df319410ca7ed864e945ccb384d66f6e8ac2a1f9c2cfcdc03c63f497
VirtualSize 0x52
VirtualAddress 0x1b000
SizeOfRawData 0x200
PointerToRawData 0x16e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.736046

Imports

kernel32.dll DeleteFileA
ExitProcess
FindResourceA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetTempPathA
LoadLibraryA
LoadResource
RtlMoveMemory
SizeofResource
VirtualAlloc
lstrcatA
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.10298
MD5 0049c130654d156586af68bca670d190
SHA1 8663ded97a27eb37c493db944691c2074ff7f64d
SHA256 e49a5361ea6ef56278d22802e27befb80ddb0ef7a40887880b999724d5847d41
SHA3 daaa39376cdd5ef57fbbec9f0b62a9193d78d035e3a70440035631ef6775fbf9

2

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.78788
MD5 a3a27905bfebc39b5bfcd974e960b2e5
SHA1 efa9f92a8c0efd7c27a37895ed1fa6d8267cc876
SHA256 6eb0519e78b110955b9b1e96a1fbad8df49a6f2da36119b407594ca1b2518f40
SHA3 b0ad1c3022c14e9a860c94327619c95e857a875f89b8bc311d458cce10fc1d3e

3

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x6c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.83875
MD5 27569bf9fe02651bc010e5b5df9ac963
SHA1 3b17f131b9553bb7513938b2ef01340791ce81d1
SHA256 557d68c3e33c288f68e279bb13b58b577f4511d290e7fc48ef9e57d0ebebb4e6
SHA3 65807af99e8ff1ea265a9faf0c253ce0f6241f58787934c5c47b95b1d825a9ba

4

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.44011
MD5 0a065b8d93c39f97474faf60b4233289
SHA1 272e13f953a38ebd1f0b671560687d9983bdae9e
SHA256 16ac2879d31d08b29c899f88701ab1fc52e676a9607323d44667c5d9ca5268af
SHA3 0651b411d6469c8fe2583561386b2bb64596f0dd2411064af51069ca7e9e67b2

DLL

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x13a00
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.99785
MD5 a1ad257db19c6b2205b91bc0a641eb88
SHA1 7b79d8a89a90e16e5c3a84ccce9d6d2b3d2505a4
SHA256 2de8db4cec0bf8a7d27a5a207e21367bec246926c9986e4fd8e1cafae65c2b06
SHA3 b09cd35a6fd6b8c62d90d171033602acbddd82362d4f48bb44eb94d11a437129

500

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.74259
Detected Filetype Icon file
MD5 1ef04dcda310f168317c2d113e4a610c
SHA1 0e995398b74ad692cf9d3bc3267fdb01ffbcb3c3
SHA256 02aec4257b2859e36a2b08073d1529b614f408829f19c78b16c9fec109b488c0
SHA3 029d46d3ff512f36ca50a5cb40dace763cf27630d3536d19d63a7a8511ae165a

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x382
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.85663
MD5 3d015c7d35d5e650f594c23c7368cd6f
SHA1 b5fdca6e0c5847a306b43553ce96c7c37a40c680
SHA256 3e11f55df49746534018ddcb81f928559124029992dfaa0adb67318b2d41df15
SHA3 94d9e3898971601d603eb374856eca2677a11d61314d956b1f82e18cd60c9b4c

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x9103f02d
Unmarked objects 0
18 (8444) 1
Imports (VS2010 build 30319) 3
Total imports 17
ASM objects (VS2010 build 30319) 1
Resource objects (VS2010 build 30319) 1
Linker (VS2010 build 30319) 1

Errors

<-- -->