Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2017-Jan-19 08:33:43 |
Info | Matching compiler(s): | MASM/TASM - sig2(h) |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 49/66 (Scanned on 2018-11-05 12:45:59) |
MicroWorld-eScan:
Trojan.GenericKD.40144676
CAT-QuickHeal: Trojan.GenericPMF.S1550930 McAfee: Artemis!35D2CE0651D8 Cylance: Unsafe BitDefender: Trojan.GenericKD.40144676 K7GW: Trojan-Downloader ( 0053aede1 ) K7AntiVirus: Trojan-Downloader ( 0053aede1 ) Invincea: heuristic F-Prot: W32/Trojan2.PTGS Symantec: Trojan Horse ESET-NOD32: VBS/Starter.NBS TrendMicro-HouseCall: TROJ_RUNNER.GBE Paloalto: generic.ml Kaspersky: HEUR:Trojan.Script.Agent.gen NANO-Antivirus: Trojan.Win32.Betload.eljjjk ViRobot: Trojan.Win32.S.Agent.68608.KM Avast: FileRepMalware Ad-Aware: Trojan.GenericKD.40144676 Sophos: Troj/Agent-AZAG F-Secure: Trojan.GenericKD.40144676 DrWeb: Trojan.BtcMine.1177 Zillya: Downloader.Betload.Win32.65 TrendMicro: TROJ_RUNNER.GBE McAfee-GW-Edition: BehavesLike.Win32.Downloader.kh Emsisoft: Trojan.GenericKD.40144676 (B) Ikarus: Trojan.Win32.Dynamer Cyren: W32/Trojan.QIDT-4071 Jiangmin: TrojanDownloader.Betload.i Webroot: W32.Trojan.Gen Avira: TR/ScriptDldr.B Antiy-AVL: Trojan/Script.Agent Microsoft: Trojan:Win32/Tiggre!rfn Endgame: malicious (high confidence) Arcabit: Trojan.Generic.D2648F24 AegisLab: Trojan.Script.Agent.4!c ZoneAlarm: HEUR:Trojan.Script.Agent.gen GData: Win32.Trojan.Agent.AAV AhnLab-V3: Trojan/Win32.DownLoader.C2567045 VBA32: Trojan.Script ALYac: Trojan.Script.Agent MAX: malware (ai score=99) Yandex: Trojan.BtcMine! SentinelOne: static engine - malicious Fortinet: W32/Agent.OYC!tr AVG: FileRepMalware Cybereason: malicious.651d8b Panda: Trj/Genetic.gen CrowdStrike: malicious_confidence_100% (W) Qihoo-360: Win32/Trojan.Script.af7 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2017-Jan-19 08:33:43 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0xe400 |
SizeOfInitializedData | 0x2400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001000 (Section: .code) |
BaseOfCode | 0x1000 |
BaseOfData | 0x11000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x15000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
MSVCRT.dll |
memset
strncmp memmove strncpy strstr _strnicmp _stricmp strlen strcmp memcpy sprintf fabs ceil malloc floor free fclose strcpy tolower |
---|---|
KERNEL32.dll |
GetModuleHandleA
HeapCreate HeapDestroy ExitProcess RemoveDirectoryA GetExitCodeProcess GetTempFileNameA GetNativeSystemInfo FindResourceA LoadResource SizeofResource GetShortPathNameA GetWindowsDirectoryA GetSystemDirectoryA HeapAlloc HeapFree Sleep LoadLibraryA GetProcAddress FreeLibrary GetCurrentThreadId GetCurrentProcessId CloseHandle InitializeCriticalSection GetCommandLineA GetModuleFileNameA GetEnvironmentVariableA SetEnvironmentVariableA CreateFileA ReadFile WriteFile SetFilePointer DeleteFileA GetFileSize HeapReAlloc GetCurrentProcess TerminateProcess SetUnhandledExceptionFilter EnterCriticalSection LeaveCriticalSection GetVersionExA SetLastError HeapSize TlsAlloc CreateDirectoryA GetCurrentDirectoryA SetCurrentDirectoryA SetFileAttributesA GetTempPathA DeleteCriticalSection MultiByteToWideChar WideCharToMultiByte |
USER32.DLL |
CharUpperA
CharLowerA MessageBoxA SendMessageA PostMessageA GetWindowThreadProcessId IsWindowVisible GetWindowLongA GetForegroundWindow IsWindowEnabled EnableWindow EnumWindows SetWindowPos DestroyWindow GetDC GetWindowTextLengthA GetWindowTextA SetRect DrawTextA GetSystemMetrics ReleaseDC GetSysColor GetSysColorBrush CreateWindowExA CallWindowProcA SetWindowLongA SetFocus RedrawWindow RemovePropA DefWindowProcA SetPropA GetParent GetPropA GetWindow SetActiveWindow UnregisterClassA DestroyAcceleratorTable LoadIconA LoadCursorA RegisterClassA AdjustWindowRectEx ShowWindow CreateAcceleratorTableA PeekMessageA MsgWaitForMultipleObjects GetMessageA GetActiveWindow TranslateAcceleratorA TranslateMessage DispatchMessageA GetFocus GetClientRect FillRect EnumChildWindows DefFrameProcA GetWindowRect IsChild GetClassNameA GetKeyState DestroyIcon RegisterWindowMessageA |
GDI32.DLL |
GetStockObject
SelectObject SetBkColor SetTextColor GetTextExtentPoint32A CreateSolidBrush DeleteObject GetObjectA CreateCompatibleDC GetDIBits DeleteDC GetObjectType CreateDIBSection BitBlt CreateBitmap SetPixel |
COMCTL32.DLL |
InitCommonControlsEx
|
OLE32.DLL |
CoInitialize
CoTaskMemFree RevokeDragDrop |
SHELL32.DLL |
ShellExecuteExA
|
WINMM.DLL |
timeBeginPeriod
|
SHLWAPI.DLL |
PathQuoteSpacesA
PathAddBackslashA PathRenameExtensionA PathUnquoteSpacesA |