Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2018-Dec-15 22:24:32 |
Detected languages |
English - United States
|
Comments | |
CompanyName | dxdiag |
FileDescription | dxdiag Application |
FileVersion | 1.0.2.1 |
LegalCopyright | Copyright dxdiag company |
LegalTrademarks | dxdiag company |
ProductName | dxdiag |
Suspicious | The PE is an NSIS installer | Unusual section name found: .ndata |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: law.com
Issuer: Trusted Secure Certificate Authority 5 |
Malicious | VirusTotal score: 45/71 (Scanned on 2019-07-05 07:38:08) |
Bkav:
HW32.Packed.
MicroWorld-eScan: Trojan.Agent.DZCM FireEye: Trojan.Agent.DZCM CAT-QuickHeal: Trojan.Wacatac McAfee: RDN/Generic.dx Alibaba: Trojan:Win32/Agentb.8f98eb93 K7AntiVirus: Trojan ( 005505201 ) TrendMicro: Trojan.Win32.DELF.AKT NANO-Antivirus: Trojan.Win32.Delf.frtxvo F-Prot: W32/Trojan3.AOCC Symantec: Trojan Horse Paloalto: generic.ml Kaspersky: Trojan.Win32.Agentb.jpsa BitDefender: Trojan.Agent.DZCM AegisLab: Trojan.Win32.Agentb.4!c Tencent: Win32.Trojan.Raasmx.Auto Endgame: malicious (high confidence) Emsisoft: Trojan.Agent.DZCM (B) Comodo: Malware@#3ht055kuiswb9 F-Secure: Trojan.TR/AD.TA505.DQ DrWeb: Trojan.Siggen8.35088 Zillya: Trojan.Agentb.Win32.22672 McAfee-GW-Edition: RDN/Generic.dx Sophos: Troj/Mdrop-ISJ Cyren: W32/Trojan.XYUQ-3703 Webroot: W32.Adware.Gen Avira: TR/AD.TA505.DR Fortinet: W32/Delf.BJF!tr Arcabit: Trojan.Agent.DZCM ViRobot: Trojan.Win32.S.Infostealer.411696 ZoneAlarm: Trojan.Win32.Agentb.jpsa Microsoft: Trojan:Win32/Skeeyah.A!bit AhnLab-V3: Backdoor/Win32.ServHelper.R277861 ALYac: Backdoor.Agent.ServHelper Ad-Aware: Trojan.Agent.DZCM Malwarebytes: Trojan.Injector.NSIS ESET-NOD32: a variant of Win32/Delf.BJF TrendMicro-HouseCall: Trojan.Win32.DELF.AKT Rising: Backdoor.Agent!1.B95C (CLOUD) Ikarus: Backdoor.ServHelper GData: Trojan.Agent.DZCM AVG: Win32:Trojan-gen Avast: Win32:Trojan-gen CrowdStrike: win/malicious_confidence_100% (W) Qihoo-360: HEUR/QVM42.3.12C3.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2018-Dec-15 22:24:32 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x6200 |
SizeOfInitializedData | 0x1d000 |
SizeOfUninitializedData | 0x400 |
AddressOfEntryPoint | 0x00003328 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x8000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 6.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x2e000 |
SizeOfHeaders | 0x400 |
Checksum | 0x6acd7 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
SetEnvironmentVariableA
CreateFileA GetFileSize GetModuleFileNameA ReadFile GetCurrentProcess CopyFileA Sleep GetTickCount GetWindowsDirectoryA GetTempPathA GetCommandLineA lstrlenA GetVersion SetErrorMode lstrcpynA ExitProcess SetCurrentDirectoryA GlobalLock CreateThread GetLastError CreateDirectoryA CreateProcessA RemoveDirectoryA GetTempFileNameA WriteFile lstrcpyA MoveFileExA lstrcatA GetSystemDirectoryA GetProcAddress GetExitCodeProcess WaitForSingleObject CompareFileTime SetFileAttributesA GetFileAttributesA GetShortPathNameA MoveFileA GetFullPathNameA SetFileTime SearchPathA CloseHandle lstrcmpiA GlobalUnlock GetDiskFreeSpaceA lstrcmpA FindFirstFileA FindNextFileA DeleteFileA SetFilePointer GetPrivateProfileStringA FindClose MultiByteToWideChar FreeLibrary MulDiv WritePrivateProfileStringA LoadLibraryExA GetModuleHandleA GlobalAlloc GlobalFree ExpandEnvironmentStringsA |
---|---|
USER32.dll |
ScreenToClient
GetSystemMenu SetClassLongA IsWindowEnabled SetWindowPos GetSysColor GetWindowLongA SetCursor LoadCursorA CheckDlgButton GetMessagePos LoadBitmapA CallWindowProcA IsWindowVisible CloseClipboard SetClipboardData EmptyClipboard PostQuitMessage GetWindowRect EnableMenuItem CreatePopupMenu GetSystemMetrics SetDlgItemTextA GetDlgItemTextA MessageBoxIndirectA CharPrevA DispatchMessageA PeekMessageA ReleaseDC EnableWindow InvalidateRect SendMessageA DefWindowProcA BeginPaint GetClientRect FillRect DrawTextA EndDialog RegisterClassA SystemParametersInfoA CreateWindowExA GetClassInfoA DialogBoxParamA CharNextA ExitWindowsEx GetDC CreateDialogParamA SetTimer GetDlgItem SetWindowLongA SetForegroundWindow LoadImageA IsWindow SendMessageTimeoutA FindWindowExA OpenClipboard TrackPopupMenu AppendMenuA EndPaint DestroyWindow wsprintfA ShowWindow SetWindowTextA |
GDI32.dll |
SelectObject
SetBkMode CreateFontIndirectA SetTextColor DeleteObject GetDeviceCaps CreateBrushIndirect SetBkColor |
SHELL32.dll |
SHGetSpecialFolderLocation
ShellExecuteExA SHGetPathFromIDListA SHBrowseForFolderA SHGetFileInfoA SHFileOperationA |
ADVAPI32.dll |
AdjustTokenPrivileges
RegCreateKeyExA RegOpenKeyExA SetFileSecurityA OpenProcessToken LookupPrivilegeValueA RegEnumValueA RegDeleteKeyA RegDeleteValueA RegCloseKey RegSetValueExA RegQueryValueExA RegEnumKeyA |
COMCTL32.dll |
ImageList_Create
ImageList_AddMasked ImageList_Destroy #17 |
ole32.dll |
OleUninitialize
OleInitialize CoTaskMemFree CoCreateInstance |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0 |
FileVersion | 2.3.6.0 |
ProductVersion | 2.3.6.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
Comments | |
CompanyName | dxdiag |
FileDescription | dxdiag Application |
FileVersion (#2) | 1.0.2.1 |
LegalCopyright | Copyright dxdiag company |
LegalTrademarks | dxdiag company |
ProductName | dxdiag |
Resource LangID | English - United States |
---|
XOR Key | 0xd246d0e9 |
---|---|
Unmarked objects | 0 |
C objects (VS2003 (.NET) build 4035) | 2 |
Total imports | 159 |
Imports (VS2003 (.NET) build 4035) | 15 |
48 (9044) | 10 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |