Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2009-Dec-05 22:51:56 |
Detected languages |
English - United States
|
Suspicious | PEiD Signature: | UPolyX V0.1 -> Delikon |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Suspicious | The PE is an NSIS installer | Unusual section name found: .ndata |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
7038815 bytes of data starting at offset 0x17200.
The overlay data has an entropy of 7.99987 and is possibly compressed or encrypted. Overlay data amounts for 98.6722% of the executable. |
Malicious | VirusTotal score: 52/64 (Scanned on 2017-07-07 00:21:42) |
CAT-QuickHeal:
Trojan.NSIS.Miner.SD
Cylance: Unsafe Zillya: Trojan.CoinMiner.Win32.4514 CrowdStrike: malicious_confidence_100% (W) K7GW: Trojan ( 004d394f1 ) K7AntiVirus: Trojan ( 004d394f1 ) TrendMicro: WORM_CO.331300D2 Baidu: Multi.Threats.InArchive F-Prot: W32/Adware.ALRW Symantec: Trojan.Coinbitminer TotalDefense: Win32/Tnega.XAUQ!suspicious TrendMicro-HouseCall: WORM_CO.331300D2 Avast: Win32:Malware-gen ClamAV: Win.Trojan.Virtob-1633 Kaspersky: Trojan.Win32.CoinMiner.bn BitDefender: Application.BitCoinMiner.IG NANO-Antivirus: Trojan.Win32.BitCoinMiner.ddjqfi Paloalto: generic.ml ViRobot: Trojan.Win32.Agent.4227072 Tencent: Win32.Trojan.Coinminer.Eaed Endgame: malicious (high confidence) Emsisoft: Application.BitCoinMiner.IG (B) F-Secure: Trojan.AgentWDCR.ERF DrWeb: Trojan.BtcMine.1033 VIPRE: Trojan.Win32.Generic.pak!cobra Invincea: heuristic McAfee-GW-Edition: BehavesLike.Win32.TrojanCoinMiner.vc Ikarus: Trojan.NSIS.Coinminer Cyren: W32/Adware.DEZV-3749 Jiangmin: Worm.Remoh.f Avira: TR/Dropper.Gen Fortinet: Riskware/BitCoinMiner Antiy-AVL: Trojan/Win32.CoinMiner.bn Arcabit: Application.Bitcoinminer.HH AegisLab: AdWare.W32.OneInstaller.lZ9E ZoneAlarm: Trojan.Win32.CoinMiner.bn Microsoft: Trojan:Win32/CoinMiner.AQ AVG: Win32:Malware-gen Sophos: Mal/Miner-C AhnLab-V3: Trojan/Win32.CoinMiner.R174018 McAfee: Artemis!1A9B481D7539 AVware: Trojan.Win32.Generic.pak!cobra MAX: malware (ai score=89) Malwarebytes: Trojan.Agent.VBS ESET-NOD32: NSIS/CoinMiner.N Rising: Malware.Generic.2!tfe (cloud:8f1Eqku6bM) Yandex: Riskware.Agent! SentinelOne: static engine - malicious GData: Application.BitCoinMiner.IG VBA32: Trojan.Miner Panda: Trj/CI.A Qihoo-360: Win32/Application.f14 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2009-Dec-05 22:51:56 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x5c00 |
SizeOfInitializedData | 0x3bec00 |
SizeOfUninitializedData | 0x2000 |
AddressOfEntryPoint | 0x0000323F (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x7000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 6.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x416000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
CompareFileTime
SearchPathA GetShortPathNameA GetFullPathNameA MoveFileA SetCurrentDirectoryA GetFileAttributesA GetLastError CreateDirectoryA SetFileAttributesA Sleep GetTickCount CreateFileA GetFileSize GetModuleFileNameA GetCurrentProcess CopyFileA ExitProcess SetFileTime GetTempPathA GetCommandLineA SetErrorMode LoadLibraryA lstrcpynA GetDiskFreeSpaceA GlobalUnlock GlobalLock CreateThread CreateProcessA RemoveDirectoryA GetTempFileNameA lstrlenA lstrcatA GetSystemDirectoryA GetVersion CloseHandle lstrcmpiA lstrcmpA ExpandEnvironmentStringsA GlobalFree GlobalAlloc WaitForSingleObject GetExitCodeProcess GetModuleHandleA LoadLibraryExA GetProcAddress FreeLibrary MultiByteToWideChar WritePrivateProfileStringA GetPrivateProfileStringA WriteFile ReadFile MulDiv SetFilePointer FindClose FindNextFileA FindFirstFileA DeleteFileA GetWindowsDirectoryA |
---|---|
USER32.dll |
EndDialog
ScreenToClient GetWindowRect EnableMenuItem GetSystemMenu SetClassLongA IsWindowEnabled SetWindowPos GetSysColor GetWindowLongA SetCursor LoadCursorA CheckDlgButton GetMessagePos LoadBitmapA CallWindowProcA IsWindowVisible CloseClipboard SetClipboardData EmptyClipboard RegisterClassA TrackPopupMenu AppendMenuA CreatePopupMenu GetSystemMetrics SetDlgItemTextA GetDlgItemTextA MessageBoxIndirectA CharPrevA DispatchMessageA PeekMessageA DestroyWindow CreateDialogParamA SetTimer SetWindowTextA PostQuitMessage SetForegroundWindow wsprintfA SendMessageTimeoutA FindWindowExA SystemParametersInfoA CreateWindowExA GetClassInfoA DialogBoxParamA CharNextA OpenClipboard ExitWindowsEx IsWindow GetDlgItem SetWindowLongA LoadImageA GetDC EnableWindow InvalidateRect SendMessageA DefWindowProcA BeginPaint GetClientRect FillRect DrawTextA EndPaint ShowWindow |
GDI32.dll |
SetBkColor
GetDeviceCaps DeleteObject CreateBrushIndirect CreateFontIndirectA SetBkMode SetTextColor SelectObject |
SHELL32.dll |
SHGetPathFromIDListA
SHBrowseForFolderA SHGetFileInfoA ShellExecuteA SHFileOperationA SHGetSpecialFolderLocation |
ADVAPI32.dll |
RegQueryValueExA
RegSetValueExA RegEnumKeyA RegEnumValueA RegOpenKeyExA RegDeleteKeyA RegDeleteValueA RegCloseKey RegCreateKeyExA |
COMCTL32.dll |
ImageList_AddMasked
ImageList_Destroy #17 ImageList_Create |
ole32.dll |
CoTaskMemFree
OleInitialize OleUninitialize CoCreateInstance |
VERSION.dll |
GetFileVersionInfoSizeA
GetFileVersionInfoA VerQueryValueA |
XOR Key | 0xab92c978 |
---|---|
Unmarked objects | 0 |
C objects (VS2003 (.NET) build 4035) | 2 |
Total imports | 155 |
Imports (VS2003 (.NET) build 4035) | 17 |
48 (9044) | 12 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |