Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2017-Jun-13 15:12:43 |
Detected languages |
Korean - Korea
|
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. | 124 bytes of data starting at offset 0x38000. |
Malicious | VirusTotal score: 54/70 (Scanned on 2020-01-22 07:30:16) |
MicroWorld-eScan:
Trojan.GenericKD.32416090
CAT-QuickHeal: Trojan.Generic McAfee: Trojan-HidCobra Cylance: Unsafe Zillya: Trojan.NukeSped.Win32.160 Sangfor: Malware K7AntiVirus: Trojan ( 005329311 ) Alibaba: Trojan:Win32/Nukesped.137c7b50 K7GW: Trojan ( 005329311 ) Cybereason: malicious.32ea70 Symantec: Trojan.Gen.MBT ESET-NOD32: a variant of Win32/NukeSped.AI APEX: Malicious Paloalto: generic.ml ClamAV: Win.Trojan.HiddenCobra-7402602-0 Kaspersky: HEUR:Trojan.Win32.Generic BitDefender: Trojan.GenericKD.32416090 ViRobot: Trojan.Win32.S.Agent.229500 Avast: Win32:Trojan-gen Ad-Aware: Trojan.GenericKD.32416090 Sophos: Troj/Inject-DZV Comodo: Malware@#1dpmth2llp9fd F-Secure: Trojan.TR/AD.APTLazerus.oytdw VIPRE: Trojan.Win32.Generic!BT TrendMicro: BKDR_HOPLIGHT.ZKGJ McAfee-GW-Edition: Trojan-HidCobra Trapmine: malicious.moderate.ml.score FireEye: Generic.mg.2ff1688fe866ec28 Emsisoft: Trojan.GenericKD.32416090 (B) SentinelOne: DFI - Suspicious PE Cyren: W32/Trojan.GCCR-6631 Jiangmin: Trojan.Generic.egcnd Webroot: W32.Trojan.Hiddencobra Avira: TR/AD.APTLazerus.oytdw MAX: malware (ai score=100) Antiy-AVL: Trojan/Win32.Casdet Microsoft: Trojan:Win32/Nukesped.PA!MTB Endgame: malicious (high confidence) Arcabit: Trojan.Generic.D1EEA15A ZoneAlarm: HEUR:Trojan.Win32.Generic GData: Trojan.GenericKD.32416090 AhnLab-V3: Trojan/Win32.Agent.R290904 ALYac: Trojan.Nukesped.A TrendMicro-HouseCall: BKDR_HOPLIGHT.ZKGJ Rising: Trojan.Hoplight!1.B71E (CLOUD) Yandex: Trojan.Agent!4PGYBZAmAZU Ikarus: Trojan.Win32.NukeSped eGambit: Unsafe.AI_Score_97% Fortinet: W32/HidCobra.9CFB!tr BitDefenderTheta: Gen:NN.ZexaE.34084.oqX@amBCcSeG AVG: Win32:Trojan-gen Panda: Trj/Agent.KOS CrowdStrike: win/malicious_confidence_100% (W) Qihoo-360: Win32/Trojan.5ee |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2017-Jun-13 15:12:43 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x2f000 |
SizeOfInitializedData | 0xc000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00008447 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x30000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x3c000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
WS2_32.dll |
#16
#111 #23 #4 #18 #151 #21 #19 #22 #3 #11 |
---|---|
KERNEL32.dll |
LeaveCriticalSection
CreateFileA QueryPerformanceCounter QueryPerformanceFrequency FindFirstFileW FindNextFileW FindClose UnmapViewOfFile DuplicateHandle CreateFileW CreateFileMappingW MapViewOfFile CreateProcessW GetModuleFileNameW GetWindowsDirectoryW GetTickCount WideCharToMultiByte FileTimeToLocalFileTime LocalFree LocalAlloc QueryDosDeviceW GetLogicalDriveStringsW GetFileSize CreateThread GetVolumeInformationW GetACP GetSystemInfo GetProcAddress GetModuleHandleW GetLastError LoadLibraryA Sleep GetFileInformationByHandle SystemTimeToFileTime GetTimeZoneInformation GetSystemTime GetLocalTime RtlUnwind InterlockedDecrement InterlockedIncrement MultiByteToWideChar GetFileAttributesW GetModuleHandleA GetStartupInfoW GetVersion ExitProcess TerminateProcess GetCurrentProcess HeapReAlloc HeapAlloc HeapSize GetCurrentThreadId TlsSetValue TlsAlloc SetLastError TlsGetValue InitializeCriticalSection DeleteCriticalSection EnterCriticalSection SetEndOfFile UnhandledExceptionFilter FreeEnvironmentStringsA FreeEnvironmentStringsW GetEnvironmentStringsW GetEnvironmentStrings GetCommandLineW GetCommandLineA SetHandleCount GetStdHandle GetFileType GetStartupInfoA HeapDestroy HeapCreate VirtualFree HeapFree WriteFile GetModuleFileNameA VirtualAlloc IsBadWritePtr SetFilePointer SetUnhandledExceptionFilter IsBadReadPtr IsBadCodePtr GetCPInfo LCMapStringA LCMapStringW SetStdHandle GetStringTypeA GetStringTypeW FlushFileBuffers CloseHandle CompareStringA CompareStringW GetOEMCP SetEnvironmentVariableA FileTimeToSystemTime FileTimeToDosDateTime ReadFile |
USER32.dll |
GetSystemMetrics
|
XOR Key | 0x7efa3341 |
---|---|
Unmarked objects | 0 |
12 (7291) | 2 |
14 (7299) | 25 |
C objects (VS98 build 8168) | 140 |
Total imports | 121 |
Imports (VS2003 (.NET) build 4035) | 7 |
C++ objects (VS98 build 8168) | 16 |
Resource objects (VS98 cvtres build 1720) | 1 |