| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2019-Jan-25 11:28:44
|
| TLS Callbacks |
2 callback(s) detected.
|
| Malicious |
VirusTotal score: 47/70 (Scanned on 2019-02-11 01:56:23) |
MicroWorld-eScan:
Trojan.GenericKD.31586296
CAT-QuickHeal:
Trojan.Inject
McAfee:
RDN/Generic.hbg
Malwarebytes:
Trojan.TrickBot
K7GW:
Trojan ( 005452431 )
K7AntiVirus:
Trojan ( 005452431 )
Arcabit:
Trojan.Generic.D1E1F7F8
TrendMicro:
TROJ_GEN.R002C0PAS19
NANO-Antivirus:
Trojan.Win32.Trick.fmlohv
Cyren:
W32/Trojan.YHHP-4688
Symantec:
Trojan.Gen.2
TrendMicro-HouseCall:
TROJ_GEN.R002C0PAS19
Avast:
Win32:Malware-gen
Kaspersky:
Trojan.Win32.Inject.aldxy
BitDefender:
Trojan.GenericKD.31586296
Paloalto:
generic.ml
ViRobot:
Trojan.Win32.Z.Agent.802816.WI
Tencent:
Win32.Trojan.Inject.Llrh
Ad-Aware:
Trojan.GenericKD.31586296
Emsisoft:
Trojan.GenericKD.31586296 (B)
Comodo:
Malware@#37jx3tmnnm7dd
F-Secure:
Trojan.TR/Crypt.Agent.ctdaw
DrWeb:
Trojan.Trick.46210
Zillya:
Trojan.Inject.Win32.281049
Invincea:
heuristic
McAfee-GW-Edition:
BehavesLike.Win32.Suspiciousatg.bm
Fortinet:
W32/Kryptik.GOKM!tr
Sophos:
Mal/Generic-S
Webroot:
W32.Trojan.Gen
Avira:
TR/Crypt.Agent.ctdaw
MAX:
malware (ai score=80)
Antiy-AVL:
Trojan/Win32.Inject
Endgame:
malicious (high confidence)
Microsoft:
Trojan:Win32/MereTam.A
ZoneAlarm:
Trojan.Win32.Inject.aldxy
Acronis:
suspicious
VBA32:
BScope.Trojan.MereTam
ALYac:
Trojan.Trickster.Gen
Cylance:
Unsafe
ESET-NOD32:
a variant of Win32/Kryptik.GOKM
Rising:
Trojan.Kryptik!8.8 (CLOUD)
SentinelOne:
static engine - malicious
GData:
Trojan.GenericKD.31586296
AVG:
Win32:Malware-gen
Panda:
Trj/CI.A
CrowdStrike:
malicious_confidence_90% (W)
Qihoo-360:
Win32/Trojan.5d4
|
| MD5 |
36c5aa499a288ed5ce30088a048c7f43
|
| SHA1 |
6871278890e75437225b246065ab63d12027b258
|
| SHA256 |
e41f379c56a22e3ffaaa07673f6061ec1bb51cd5c2ea941209b9f7700cf5a103
|
| SHA3 |
fed503ffa1a89fc69a25ff5eb6181657ddf548b2515e7b6de5761bad51b09460
|
| SSDeep |
6144:xttVLl0WyrtDApwB0HW3g2iDqeHTK8gv7k8DFwR4AnCXOqu902Ug:xtjOzAqB0Hgg2YqAO9TkcrkV
|
| Imports Hash |
06ee554f9877d032cfa124920b0a351c
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
8
|
| TimeDateStamp |
2019-Jan-25 11:28:44
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x91400
|
| SizeOfInitializedData |
0xc3c00
|
| SizeOfUninitializedData |
0x200
|
| AddressOfEntryPoint |
0x000012A0 (Section: .text)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0x93000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
1.0
|
| SubsystemVersion |
4.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0xca000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0xcc83a
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
8e5bbcc118abb92e44511a38a090f068
|
| SHA1 |
549f559f8da39282964f4cf9a90318784bea00be
|
| SHA256 |
714ce5d066c6c431f586194a69844e4b3c72c2ca64a70117e70b014a4480a049
|
| SHA3 |
cd0fce04886d98b2040ebd4cf23174128852db47f70501fd5625fd86772cbef5
|
| VirtualSize |
0x91340
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x91400
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
4.83302
|
| MD5 |
40402b6b0749282f9b50ebf9d2ea50c6
|
| SHA1 |
6b798811f2d82eb99fe7dfda9ee0f8369ae12eb6
|
| SHA256 |
4b7bb00759e456f487698f73eb5494fe2c2aff9bb10bdd7c427e9c1c5b07dec5
|
| SHA3 |
87914d0ba286c6801c445d899165225652fa9165e1d13195aefa424bbe4e71d7
|
| VirtualSize |
0x2c98c
|
| VirtualAddress |
0x93000
|
| SizeOfRawData |
0x2ca00
|
| PointerToRawData |
0x91800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.62185
|
| MD5 |
2bbd75812a4c289d6bb30d721846492b
|
| SHA1 |
4c30ad451afcaa7fc17bcf9a6d86a662800e39a1
|
| SHA256 |
591e9850c317f084a4a53e6f0f136e1c6a8577edd47d3b01bb58b0ebdb8d2fa0
|
| SHA3 |
492a79a7c2f0d38bb4bc36bfdedf848cbc4d425f9b221c5831f352dcd4c1561a
|
| VirtualSize |
0x2420
|
| VirtualAddress |
0xc0000
|
| SizeOfRawData |
0x2600
|
| PointerToRawData |
0xbe200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
5.08502
|
| MD5 |
351ba2ab15f1b01f75a59779e7bb76ed
|
| SHA1 |
a19847a0cd23ecc80d2107553ae9a570125cba4a
|
| SHA256 |
d5bcebdd8fb53f586048ac7e627b39de2cdd3092996bd90c4b786876ecd67b24
|
| SHA3 |
23ee98577e36a3c527f619a7874e6402668fcdb16900c1381340b3317d79ffc9
|
| VirtualSize |
0x2c2c
|
| VirtualAddress |
0xc3000
|
| SizeOfRawData |
0x2e00
|
| PointerToRawData |
0xc0800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.80511
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xb8
|
| VirtualAddress |
0xc6000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
d044e59a31ab1c72d32244fc2345db7e
|
| SHA1 |
cc6fe3905554a2858155f1f906c2c02b2a917421
|
| SHA256 |
0b7ee8407b9ba92955b07de917df2f91171d112a8d565045b0a30eb22316bd97
|
| SHA3 |
e00bb931179cec660af716aac040c3557ede30dd0ff6e853d61c87fdfda1083f
|
| VirtualSize |
0x5e0
|
| VirtualAddress |
0xc7000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0xc3600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
4.73543
|
| MD5 |
52c2223fc68452547845d00d380ede29
|
| SHA1 |
a8100f241d82c897552830f32221d7018cfe18b2
|
| SHA256 |
b7bf6d82cedcf871a37711bb7644e339fa4e50d8b95ec231b938296550b5f470
|
| SHA3 |
8a3fe1f5a3b7a2a9f2c1cdc87ca5ef7daa3812077786135c979cdbfa8cf04616
|
| VirtualSize |
0x18
|
| VirtualAddress |
0xc8000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0xc3c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.11837
|
| MD5 |
1ce13589ff5edce3f1d07fdf119d3cef
|
| SHA1 |
2691f9799257a7cfc1203d5b6f34c8929ac73cde
|
| SHA256 |
888e16e800e7a2e7bb8de51d7e5ba4c532a34d8e6189743c217a891f51583c22
|
| SHA3 |
f1fd8342af916500bddb5c1adddfd849d1fb61c3275af06f7fafe88ea3c6fbd2
|
| VirtualSize |
0x20
|
| VirtualAddress |
0xc9000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0xc3e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.22482
|
| KERNEL32.dll |
CloseHandle
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GlobalFindAtomW
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
|
| msvcrt.dll |
_access
_write
|
| msvcrt.dll (#2) |
_access
_write
|
| StartAddressOfRawData |
0x4c9019
|
| EndAddressOfRawData |
0x4c901c
|
| AddressOfIndex |
0x4c602c
|
| AddressOfCallbacks |
0x4c8004
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x0048AE40
0x0048ADF0
|
[*] Warning: Section .bss has a size of 0!