28fcf8b199da61f6e5ab1ae2422fa9a27c97007563c687a84e94566d89edb3e7

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2011-Aug-08 02:30:18
Detected languages Chinese - PRC
English - United States
Debug artifacts d:\worcopy\player2.1\Runplayer\release\run.pdb

Plugin Output

Info The PE contains common functions which appear in legitimate applications. Possibly launches other programs:
  • ShellExecuteA
Suspicious The PE is possibly a dropper. Resources amount for 81.1864% of the executable.
Malicious VirusTotal score: 6/70 (Scanned on 2026-06-07 16:26:52) APEX: Malicious
Antiy-AVL: Trojan/Win32.Agent
ClamAV: Win.Trojan.Agent-5332081-0
Fortinet: W32/PossibleThreat
NANO-Antivirus: Trojan.Win32.Kazy.cziymb
Zoner: Trojan.Win32.65634

Hashes

MD5 390d77096407abdb34e5543b83ee44f7
SHA1 d67d8a5b4d53c5bd1353df1dbc40ef36f023254c
SHA256 28fcf8b199da61f6e5ab1ae2422fa9a27c97007563c687a84e94566d89edb3e7
SHA3 6758869d7e97ba0df702d7ce8435dee55f4dd2091e5f21aca52159e107bd3159
SSDeep 384:uTGq79ggg5LQXdonrSbd5EjltB52tgmnrREsVRRRRSRRRRASpT:uTGOggglU5EjQRnO
Imports Hash 6e284168198333c8c8ebbe764bbc3655

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2011-Aug-08 02:30:18
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x400
SizeOfInitializedData 0x4e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001000 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x9000
SizeOfHeaders 0x400
Checksum 0xfe71
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NO_SEH
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 3b3d9f56c9e44cdf9106c492153a6d25
SHA1 63d7dcf28bddb05dc68b04117c65eb28462053dd
SHA256 001465ad4c2fee81feb96b9a3c65d3aada968e985f0789a7e181b917de9fb530
SHA3 99123b20c98c81a95896dac9ba7889343650ee2e6762ee6d2428a8e84148f4dc
VirtualSize 0x3f2
VirtualAddress 0x1000
SizeOfRawData 0x400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.32546

.rdata

MD5 81b3b42a67d75fda8e73facfe40639ce
SHA1 1c21454200eb8aa0c2d95f025b7df78283c8b390
SHA256 b23946bb96b1efd631e352ecdc9287891d8c2775f064f52c232f74d0d9e2404d
SHA3 aa7d5f6a5497579d055ad42ccb432580f0c12e6647d28d89ed08bc22679f0533
VirtualSize 0x373
VirtualAddress 0x2000
SizeOfRawData 0x400
PointerToRawData 0x800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.46053

.data

MD5 fc634e0d3c92a669da61c44979441ca1
SHA1 6412485480236fa201cc2e80905bd0cfbcbcf894
SHA256 c8d5c7a37aa2a54e4f4f1a22e9b7ab54777bb093d588136a37aaa3ffdfe35a38
SHA3 9bb89d36e02aca83a6237c463a45947eea6e8daa58d51d4b3b7cd192e1c34406
VirtualSize 0x338
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0xc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.220113

.rsrc

MD5 f133c91eaae6ce81f7676814a281f5a8
SHA1 c7469810a94e025f0542cb9e65bac49bb6884d1e
SHA256 9d728ffa3c271815db01eed459d87e18bac3a6058f4a068df8c1269eaf700e9c
SHA3 446a1ab84a07ee68dac1ab631fe32b1e989a1251be0d3e79575261d5f070da39
VirtualSize 0x4764
VirtualAddress 0x4000
SizeOfRawData 0x4800
PointerToRawData 0xe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.41963

Imports

KERNEL32.dll WaitForSingleObject
CopyFileA
DeleteFileA
Sleep
GetModuleFileNameA
GetWindowsDirectoryA
CreateDirectoryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
SHELL32.dll ShellExecuteA
ShellExecuteExA
MSVCR80.dll _crt_debugger_hook
strlen
sprintf
strcat
memset

Delayed Imports

1

Type RT_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.1494
MD5 9ff5bde5d8f374222ab57906a5913f67
SHA1 3713d992dec00cc40434135c44536431ce1c7fca
SHA256 c4aafaa137df7a98492c022fa2e3ca2c222f644827c0a0cf40373dc54b8107c6
SHA3 24c8f6b0fb1f00f019bb590078d9e7fdd2df6a65d1e68c34e8383401c179b9e9

2

Type RT_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.89164
MD5 7e9f38fdb18b1dd8bfce2c3e2cbeffb2
SHA1 cd9bacac9a99132369f5fd5ebf50029bc7913b6b
SHA256 c1605758d9ce60f41ce09e1f5d95942cfcfd877e5f20852c9aaedfd5dc06c36b
SHA3 df5b1bdfc0d0b6b9d3e651855885ae84c0dcbd5ffc5881fa2732985ff12ad870

3

Type RT_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.62717
MD5 1f15971b6f0c9acffcf4642899f29268
SHA1 32c10d8069e3d0ef62d04f21d7ef31cd8773b9bc
SHA256 49b24bdb52de8bc1a947a3b67dacdb6c9dfe3698f830b5a3a0dd07520515ba4f
SHA3 8e9b1c5d5df7ced211b2a833858f0ff01216f5cc86623254ca28697dd1bb84f9

4

Type RT_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.5658
MD5 fd1f05b94c1224738d2018e73005decd
SHA1 3f1c1341051da273ee9d51242d8c411cc80f7629
SHA256 876826ee1e7bdbf8fc892025a97f5e024cdbcac667f27bb2789646ddfcdb2f85
SHA3 16c400e22077b7b5b473fe3f742d8bb0d5aa8c11c73a8d242420a5ba85be9614

IDR_MAINICO

Type RT_GROUP_ICON
Language Chinese - PRC
Codepage Latin 1 / Western European
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.62308
Detected Filetype Icon file
MD5 5c84b5099ac46312565be1aa2e21eff0
SHA1 25f00759b0e6641f9b423e6a52556c2e4e2796c3
SHA256 816cc8c77a0adb35a7432b2bac047e9834bfd21b0ef96c612e5f8bc4f0986620
SHA3 17e6deff600599725f4cf3c95b7472cf6ca993cdc40907ae04b6209f5619547f

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x154
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.08566
MD5 0549a01545d67cc0c9486e96436c4e65
SHA1 8d7059bae0f1a3c56ff430415e059f6b74bc53df
SHA256 4c7c973b7c4a6d704375147c6853e9031ad06434836858820a611d2032b4e85a
SHA3 4e4e1e13230a3ebe9e95b7c033a42396ccb7bd61d426190a67945bdfcc59e406

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2011-Aug-08 02:30:18
Version 0.0
SizeofData 71
AddressOfRawData 0x232c
PointerToRawData 0xb2c
Referenced File d:\worcopy\player2.1\Runplayer\release\run.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x9d04a795
Unmarked objects 0
Imports (VS2012 build 50727 / VS2005 build 50727) 2
C objects (VS2012 build 50727 / VS2005 build 50727) 3
Imports (VS2003 (.NET) build 4035) 5
Total imports 19
114 (VS2012 build 50727 / VS2005 build 50727) 2
Resource objects (VS2012 build 50727 / VS2005 build 50727) 1
Linker (VS2012 build 50727 / VS2005 build 50727) 1

Errors

Leave a comment

No comments yet.