Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2018-Jan-10 14:07:16 |
Detected languages |
English - United States
|
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h) Microsoft Visual C++ Microsoft Visual C++ v6.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to security software:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 58/70 (Scanned on 2019-11-11 01:16:10) |
Bkav:
W32.HfsAutoB.
MicroWorld-eScan: Trojan.GenericKD.30565346 FireEye: Generic.mg.32b8d08e67cf5092 CAT-QuickHeal: Backdoor.Agent Qihoo-360: Win32/Backdoor.c25 McAfee: Trojan-FQCD!32B8D08E67CF Cylance: Unsafe Zillya: Backdoor.Agent.Win32.67931 K7AntiVirus: Trojan ( 0052d26b1 ) Alibaba: Backdoor:Win32/Agent.bd2792f9 K7GW: Trojan ( 0052d26b1 ) Cybereason: malicious.e67cf5 Arcabit: Trojan.Generic.D1D263E2 TrendMicro: BKDR_POWPOOL.A BitDefenderTheta: Gen:NN.ZexaF.32245.muW@a44EV1di Cyren: W32/Popool.A.gen!Eldorado Symantec: Backdoor.Trojan TrendMicro-HouseCall: BKDR_POWPOOL.A Paloalto: generic.ml ClamAV: Win.Trojan.Agent-6674623-0 BitDefender: Trojan.GenericKD.30565346 NANO-Antivirus: Trojan.Win32.Generic.ezqbfh ViRobot: Backdoor.Win32.S.Agent.198656.I Avast: Win32:Malware-gen Endgame: malicious (moderate confidence) Emsisoft: Trojan.GenericKD.30565346 (B) Comodo: Malware@#21uhcz1g9c0gi F-Secure: Backdoor.BDS/Agent.ospwe DrWeb: BackDoor.Spy.3610 VIPRE: Trojan.Win32.Generic!BT McAfee-GW-Edition: BehavesLike.Win32.Dropper.ch SentinelOne: DFI - Malicious PE Trapmine: malicious.moderate.ml.score Sophos: Troj/Bckdoor-AD APEX: Malicious F-Prot: W32/Popool.A.gen!Eldorado Jiangmin: Backdoor.Agent.ecf Webroot: W32.Trojan.GenKD Avira: BDS/Agent.ospwe Fortinet: W32/Agent.SZS!tr Antiy-AVL: Trojan[Backdoor]/Win32.Agent Microsoft: Trojan:Win32/Popool.A AegisLab: Trojan.Win32.Agent.4!c TACHYON: Backdoor/W32.Agent.198656.AG AhnLab-V3: Trojan/Win32.Backdoor.C2699360 VBA32: Trojan.Agent ALYac: Backdoor.Agent.Cypress MAX: malware (ai score=100) Ad-Aware: Trojan.GenericKD.30565346 ESET-NOD32: a variant of Win32/Agent.SZS Rising: Backdoor.Agent!8.C5D (TFE:5:bnSzInUyaSL) Yandex: Backdoor.Agent!TAhr/VvY9Io Ikarus: Trojan.Win32.Agent GData: Trojan.GenericKD.30565346 AVG: Win32:Malware-gen Panda: Trj/GdSda.A CrowdStrike: win/malicious_confidence_100% (W) MaxSecure: Trojan.Malware.320772.susgen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2018-Jan-10 14:07:16 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x1f600 |
SizeOfInitializedData | 0x10e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0001175B (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x21000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x39000 |
SizeOfHeaders | 0x400 |
Checksum | 0x3d1c2 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
FileTimeToLocalFileTime
GetComputerNameW GetVersionExW FindVolumeClose GetCurrentProcess OpenProcess FindNextVolumeW GetVolumePathNamesForVolumeNameW TerminateProcess Process32FirstW QueryDosDeviceW Process32NextW CreateToolhelp32Snapshot FindFirstVolumeW CreateMutexW GetModuleFileNameW IsWow64Process GetExitCodeThread SetCurrentDirectoryW GetCurrentThreadId CompareStringW CompareStringA GetProcessHeap SetEndOfFile FindNextFileW FileTimeToSystemTime GetDriveTypeW FindFirstFileW GetCurrentDirectoryW GetLastError MultiByteToWideChar ExitThread WideCharToMultiByte GetSystemDefaultLangID GetProcAddress GetStartupInfoW Wow64RevertWow64FsRedirection Wow64DisableWow64FsRedirection Sleep TerminateThread GetModuleHandleW CreateProcessW CreateThread DeleteFileW CloseHandle WTSGetActiveConsoleSessionId GlobalFree EnterCriticalSection InterlockedExchange GlobalUnlock CreateFileW ReadFile LeaveCriticalSection GlobalAlloc WriteFile WaitForSingleObject GetLocaleInfoA GetStringTypeW GetStringTypeA LCMapStringW LCMapStringA CreateFileA SetStdHandle WriteConsoleW GetConsoleOutputCP WriteConsoleA LoadLibraryA InitializeCriticalSectionAndSpinCount IsValidCodePage SetEnvironmentVariableA GetOEMCP GetACP GetCPInfo HeapSize GetCurrentProcessId GetTickCount QueryPerformanceCounter GetStartupInfoA GetFileType SetHandleCount GetCommandLineW GetEnvironmentStringsW FreeEnvironmentStringsW InterlockedDecrement SetLastError InterlockedIncrement TlsFree TlsSetValue TlsAlloc TlsGetValue GetTimeZoneInformation FlushFileBuffers GetConsoleMode GetConsoleCP GetModuleFileNameA GetStdHandle ExitProcess VirtualFree HeapCreate RtlUnwind GlobalLock GlobalSize SetFilePointer GetFileSize GetSystemTimeAsFileTime IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter HeapReAlloc VirtualQuery GetSystemInfo RaiseException InitializeCriticalSection DeleteCriticalSection HeapFree HeapAlloc VirtualProtect VirtualAlloc |
---|---|
USER32.dll |
ReleaseDC
GetDesktopWindow GetDC PostThreadMessageW wsprintfW GetWindowRect |
GDI32.dll |
GetObjectW
GetDIBits SelectPalette RealizePalette BitBlt DeleteDC CreateDIBSection GetDeviceCaps CreateCompatibleBitmap SetDIBColorTable CreateDCW DeleteObject SelectObject CreateCompatibleDC GetStockObject |
ADVAPI32.dll |
ImpersonateLoggedOnUser
RevertToSelf GetUserNameW OpenProcessToken SetServiceStatus RegisterServiceCtrlHandlerA OpenSCManagerW StartServiceCtrlDispatcherA CloseServiceHandle OpenServiceA AdjustTokenPrivileges LookupAccountSidW LookupPrivilegeValueW GetTokenInformation CreateProcessAsUserW |
SHELL32.dll |
ShellExecuteW
|
ole32.dll |
GetHGlobalFromStream
CreateStreamOnHGlobal |
gdiplus.dll |
GdipDrawImageI
GdipBitmapUnlockBits GdipDeleteGraphics GdipCreateBitmapFromScan0 GdipGetImagePixelFormat GdipCreateBitmapFromStream GdipGetImagePalette GdipGetImageHeight GdipFree GdipSaveImageToStream GdiplusShutdown GdipAlloc GdipGetImageEncodersSize GdipDisposeImage GdipCreateBitmapFromHBITMAP GdipGetImageEncoders GdipGetImagePaletteSize GdipBitmapLockBits GdipGetImageWidth GdiplusStartup GdipCloneImage GdipGetImageGraphicsContext |
WINHTTP.dll |
WinHttpOpen
WinHttpQueryDataAvailable WinHttpSetTimeouts WinHttpCloseHandle WinHttpConnect WinHttpOpenRequest WinHttpSendRequest WinHttpGetIEProxyConfigForCurrentUser WinHttpSetOption WinHttpReceiveResponse WinHttpGetProxyForUrl WinHttpReadData WinHttpWriteData WinHttpAddRequestHeaders WinHttpQueryHeaders |
VERSION.dll |
GetFileVersionInfoSizeW
VerQueryValueW GetFileVersionInfoW |
IPHLPAPI.DLL |
GetExtendedTcpTable
GetExtendedUdpTable GetAdaptersInfo |
WS2_32.dll |
#12
#15 |
PSAPI.DLL |
GetModuleFileNameExW
|
WTSAPI32.dll |
WTSQueryUserToken
|
XOR Key | 0xc256de2a |
---|---|
Unmarked objects | 0 |
ASM objects (VS2008 SP1 build 30729) | 23 |
C objects (VS2008 SP1 build 30729) | 136 |
C objects (VS2012 build 50727 / VS2005 build 50727) | 9 |
ASM objects (VS2012 build 50727 / VS2005 build 50727) | 2 |
C++ objects (VS2012 build 50727 / VS2005 build 50727) | 1 |
C++ objects (VS2008 SP1 build 30729) | 55 |
C objects (VS2012 build 50727 / VS2005 build 50727) (#2) | 1 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 29 |
Total imports | 219 |
138 (VS2008 SP1 build 30729) | 10 |
Resource objects (VS2008 SP1 build 30729) | 1 |