Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2017-May-11 00:38:40 |
Detected languages |
English - United States
|
Comments | Dugiyurarije xijo rafuxe rovizubo to rehunopovubeha nuka |
FileVersion | 26, 8, 8, 10 |
LegalCopyright | Vohewobuvaxado vavijuyi ximupu kilofa lezolewero re gifewoyahatige pudikuxebipo |
OriginalFilename | zodacobi.exe |
ProductVersion | 26, 8, 8, 10 |
Info | Matching compiler(s): |
Microsoft Visual C++ v6.0 DLL
Microsoft Visual C++ 6.0 - 8.0 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Info | The PE's resources present abnormal characteristics. | Resource 123 is possibly compressed or encrypted. |
Malicious | VirusTotal score: 54/63 (Scanned on 2017-07-03 06:24:25) |
MicroWorld-eScan:
Trojan.GenericKD.5045609
CMC: Trojan-Downloader.Win32.Gamarue.2!O CAT-QuickHeal: TrojanBanker.Emotet McAfee: Generic.abu Cylance: Unsafe K7GW: Hacktool ( 655367771 ) K7AntiVirus: Trojan ( 0050d6a81 ) Arcabit: Trojan.Generic.D4CFD69 TrendMicro: TSPY_EMOTET.XXTN Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9949 F-Prot: W32/Emotet.CB Symantec: Ransom.Kovter TrendMicro-HouseCall: TSPY_EMOTET.XXTN Paloalto: generic.ml Kaspersky: Trojan-Banker.Win32.Emotet.vms BitDefender: Trojan.GenericKD.5045609 NANO-Antivirus: Trojan.Win32.Agent.epvmnx ViRobot: Trojan.Win32.Emotet.175616 AegisLab: Troj.Banker.W32.Emotet!c Rising: Trojan.Emotet!8.B95 (ktse) Ad-Aware: Trojan.GenericKD.5045609 Sophos: Troj/Wonton-ZH Comodo: UnclassifiedMalware F-Secure: Trojan.GenericKD.5045609 DrWeb: Trojan.Siggen7.21438 VIPRE: Trojan.Win32.Generic!BT Invincea: heuristic McAfee-GW-Edition: BehavesLike.Win32.SoftPulse.cc Emsisoft: Trojan.GenericKD.5045609 (B) SentinelOne: static engine - malicious Cyren: W32/Emotet.YBAD-6300 Jiangmin: Trojan.Banker.Emotet.z Webroot: W32.Trojan.Gen Avira: TR/Crypt.Xpack.skjke Antiy-AVL: Trojan[Backdoor]/Win32.Androm Microsoft: Trojan:Win32/Emotet.K SUPERAntiSpyware: Trojan.Agent/Gen-Kryptik ZoneAlarm: Trojan-Banker.Win32.Emotet.vms GData: Win32.Trojan.Agent.IFH4S8 AhnLab-V3: Trojan/Win32.Emotet.C1946623 ALYac: Trojan.GenericKD.5045609 AVware: Trojan.Win32.Generic!BT MAX: malware (ai score=88) Malwarebytes: Trojan.MalPack Panda: Trj/WLT.C ESET-NOD32: Win32/Emotet.AO Tencent: Win32.Trojan.Inject.Auto Yandex: Trojan.PWS.Emotet! Ikarus: Trojan.Crypt.XPACK Fortinet: W32/Emotet.AO!tr AVG: Win32:Rootkit-gen [Rtk] Avast: Win32:Rootkit-gen [Rtk] CrowdStrike: malicious_confidence_89% (W) Qihoo-360: Trojan.Generic |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2017-May-11 00:38:40 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x7e00 |
SizeOfInitializedData | 0x25400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000020B3 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x9000 |
ImageBase | 0x1000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x30000 |
SizeOfHeaders | 0x400 |
Checksum | 0x39ad4 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
lstrlenA
GetFileAttributesW IsBadStringPtrA GetProcAddress LoadLibraryA GetCommandLineA HeapSetInformation GetStartupInfoW RaiseException TerminateProcess GetCurrentProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent IsProcessorFeaturePresent HeapAlloc GetLastError HeapFree SetFilePointer EnterCriticalSection LeaveCriticalSection EncodePointer DecodePointer GetModuleHandleW ExitProcess WriteFile GetStdHandle GetModuleFileNameW GetModuleFileNameA FreeEnvironmentStringsW WideCharToMultiByte GetEnvironmentStringsW SetHandleCount InitializeCriticalSectionAndSpinCount GetFileType DeleteCriticalSection TlsAlloc TlsGetValue TlsSetValue TlsFree InterlockedIncrement SetLastError GetCurrentThreadId InterlockedDecrement HeapCreate QueryPerformanceCounter GetTickCount GetCurrentProcessId GetSystemTimeAsFileTime SetStdHandle GetConsoleCP GetConsoleMode FlushFileBuffers Sleep RtlUnwind HeapSize LoadLibraryW GetCPInfo GetACP GetOEMCP IsValidCodePage WriteConsoleW MultiByteToWideChar HeapReAlloc LCMapStringW GetStringTypeW CreateFileW CloseHandle |
---|---|
USER32.dll |
UpdateWindow
TileWindows |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 26.8.8.10 |
ProductVersion | 26.8.8.10 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_UNKNOWN
|
Language | English - United States |
Comments | Dugiyurarije xijo rafuxe rovizubo to rehunopovubeha nuka |
FileVersion (#2) | 26, 8, 8, 10 |
LegalCopyright | Vohewobuvaxado vavijuyi ximupu kilofa lezolewero re gifewoyahatige pudikuxebipo |
OriginalFilename | zodacobi.exe |
ProductVersion (#2) | 26, 8, 8, 10 |
Resource LangID | UNKNOWN |
---|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x100d07c |
SEHandlerTable | 0x100b3c0 |
SEHandlerCount | 7 |
XOR Key | 0xa306ef64 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2010 build 30319) | 16 |
C objects (VS2010 build 30319) | 85 |
C++ objects (VS2010 build 30319) | 30 |
Imports (VS2008 SP1 build 30729) | 5 |
Total imports | 81 |
175 (VS2010 build 30319) | 1 |
Resource objects (VS2010 build 30319) | 1 |
Linker (VS2010 build 30319) | 1 |