Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2013-Mar-28 22:45:04 |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ 8 |
Suspicious | PEiD Signature: | ASPack v2.12 |
Suspicious | The PE is packed with Aspack or Armadillo |
Section .text is both writable and executable.
Unusual section name found: .aspack Section .aspack is both writable and executable. Unusual section name found: .adata Section .adata is both writable and executable. Unusual section name found: .newiat |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE header may have been manually modified. |
Resource 79 is possibly compressed or encrypted.
The resource timestamps differ from the PE header:
|
Malicious | The program tries to mislead users about its origins. | The PE pretends to be from AMd but is not signed! |
Malicious | VirusTotal score: 56/71 (Scanned on 2023-05-24 07:49:33) |
Bkav:
W32.AIDetectMalware
Lionic: Trojan.Win32.Generic.m9uu Elastic: malicious (high confidence) MicroWorld-eScan: Trojan.Generic.KDZ.12397 ClamAV: Win.Trojan.Ag-4254306-1 CAT-QuickHeal: TrojanDownloader.Carberp McAfee: PWS-Zbot-FAXY!3AB00A9B0D4E Malwarebytes: Malware.AI.788052892 VIPRE: Trojan.Generic.KDZ.12397 Sangfor: Suspicious.Win32.Save.ins K7AntiVirus: Trojan ( 0053bba21 ) K7GW: Trojan ( 0053bba21 ) Cybereason: malicious.b0d4e2 Cyren: W32/Injector.BNF.gen!Eldorado Symantec: ML.Attribute.HighConfidence ESET-NOD32: a variant of Win32/Injector.AEOI APEX: Malicious Cynet: Malicious (score: 100) Kaspersky: Trojan.Win32.Agentb.jcf BitDefender: Trojan.Generic.KDZ.12397 NANO-Antivirus: Trojan.Win32.Agent.brmlyv Avast: Win32:Carberp-AOR [Trj] Tencent: Win32.Trojan.Agentb.Mqil Emsisoft: Trojan.Generic.KDZ.12397 (B) F-Secure: Trojan.TR/GenGun.A DrWeb: Trojan.Packed.24081 Zillya: Trojan.Agentb.Win32.758 TrendMicro: Mal_LIFTOH2 McAfee-GW-Edition: BehavesLike.Win32.Generic.dt Trapmine: malicious.high.ml.score FireEye: Generic.mg.3ab00a9b0d4e2c83 Sophos: Mal/Generic-S SentinelOne: Static AI - Malicious PE GData: Trojan.Generic.KDZ.12397 Jiangmin: Trojan/Agentb.uh Avira: TR/GenGun.A MAX: malware (ai score=86) Antiy-AVL: Trojan/Win32.Agentb Xcitium: TrojWare.Win32.Injector.AFSS@4wik6f Arcabit: Trojan.Generic.KDZ.D306D ZoneAlarm: Trojan.Win32.Agentb.jcf Microsoft: TrojanDownloader:Win32/Carberp.BR Google: Detected AhnLab-V3: Trojan/Win.Agentb.C5432075 BitDefenderTheta: AI:Packer.21A2605920 ALYac: Trojan.Generic.KDZ.12397 VBA32: BScope.Trojan.Agent Cylance: unsafe Panda: Trj/CI.A TrendMicro-HouseCall: Mal_LIFTOH2 Rising: Malware.FakeDOC/ICON!1.9C3B (CLASSIC) Ikarus: Virus.Win32.CeeInject Fortinet: W32/Injector.ZVR!tr AVG: Win32:Carberp-AOR [Trj] DeepInstinct: MALICIOUS CrowdStrike: win/malicious_confidence_100% (W) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 8 |
TimeDateStamp | 2013-Mar-28 22:45:04 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0xe400 |
SizeOfInitializedData | 0x1be00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00002647 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x10000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x4b000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.DLL | (EMPTY) |
---|---|
gdi32.dll | (EMPTY) |
ntdll.dll | (EMPTY) |
KERNEL32.DLL (#2) | (EMPTY) |
KERNEL32.DLL (#3) | (EMPTY) |
KERNEL32.DLL (#4) | (EMPTY) |
KERNEL32.DLL (#5) | (EMPTY) |
KERNEL32.DLL (#6) | (EMPTY) |
KERNEL32.DLL (#7) | (EMPTY) |
KERNEL32.DLL (#8) | (EMPTY) |
KERNEL32.DLL (#9) | (EMPTY) |
KERNEL32.DLL (#10) | (EMPTY) |
KERNEL32.DLL (#11) | (EMPTY) |
KERNEL32.DLL (#12) | (EMPTY) |
KERNEL32.DLL (#13) | (EMPTY) |
KERNEL32.DLL (#14) | (EMPTY) |
KERNEL32.DLL (#15) | (EMPTY) |
KERNEL32.DLL (#16) | (EMPTY) |
KERNEL32.DLL (#17) | (EMPTY) |
KERNEL32.DLL (#18) | (EMPTY) |
KERNEL32.DLL (#19) | (EMPTY) |
KERNEL32.DLL (#20) | (EMPTY) |
KERNEL32.DLL (#21) | (EMPTY) |
KERNEL32.DLL (#22) | (EMPTY) |
KERNEL32.DLL (#23) | (EMPTY) |
KERNEL32.DLL (#24) | (EMPTY) |
KERNEL32.DLL (#25) | (EMPTY) |
KERNEL32.DLL (#26) | (EMPTY) |
KERNEL32.DLL (#27) | (EMPTY) |
KERNEL32.DLL (#28) | (EMPTY) |
KERNEL32.DLL (#29) | (EMPTY) |
KERNEL32.DLL (#30) | (EMPTY) |
KERNEL32.DLL (#31) | (EMPTY) |
KERNEL32.DLL (#32) | (EMPTY) |
KERNEL32.DLL (#33) | (EMPTY) |
KERNEL32.DLL (#34) | (EMPTY) |
KERNEL32.DLL (#35) | (EMPTY) |
KERNEL32.DLL (#36) | (EMPTY) |
KERNEL32.DLL (#37) | (EMPTY) |
KERNEL32.DLL (#38) | (EMPTY) |
KERNEL32.DLL (#39) | (EMPTY) |
KERNEL32.DLL (#40) | (EMPTY) |
KERNEL32.DLL (#41) | (EMPTY) |
KERNEL32.DLL (#42) | (EMPTY) |
KERNEL32.DLL (#43) | (EMPTY) |
KERNEL32.DLL (#44) | (EMPTY) |
KERNEL32.DLL (#45) | (EMPTY) |
KERNEL32.DLL (#46) | (EMPTY) |
KERNEL32.DLL (#47) | (EMPTY) |
KERNEL32.DLL (#48) | (EMPTY) |
KERNEL32.DLL (#49) | (EMPTY) |
KERNEL32.DLL (#50) | (EMPTY) |
KERNEL32.DLL (#51) | (EMPTY) |
KERNEL32.DLL (#52) | (EMPTY) |
KERNEL32.DLL (#53) | (EMPTY) |
KERNEL32.DLL (#54) | (EMPTY) |
KERNEL32.DLL (#55) | (EMPTY) |
KERNEL32.DLL (#56) | (EMPTY) |
KERNEL32.DLL (#57) | (EMPTY) |
KERNEL32.DLL (#58) | (EMPTY) |
KERNEL32.DLL (#59) | (EMPTY) |
KERNEL32.DLL (#60) | (EMPTY) |
KERNEL32.DLL (#61) | (EMPTY) |
KERNEL32.DLL (#62) | (EMPTY) |
KERNEL32.DLL (#63) | (EMPTY) |
KERNEL32.DLL (#64) | (EMPTY) |
KERNEL32.DLL (#65) | (EMPTY) |
KERNEL32.DLL (#66) | (EMPTY) |
gdi32.dll (#2) | (EMPTY) |
gdi32.dll (#3) | (EMPTY) |
gdi32.dll (#4) | (EMPTY) |
gdi32.dll (#5) | (EMPTY) |
gdi32.dll (#6) | (EMPTY) |
gdi32.dll (#7) | (EMPTY) |
gdi32.dll (#8) | (EMPTY) |
gdi32.dll (#9) | (EMPTY) |
ntdll.dll (#2) | (EMPTY) |
ntdll.dll (#3) | (EMPTY) |
ntdll.dll (#4) | (EMPTY) |
ntdll.dll (#5) | (EMPTY) |
ntdll.dll (#6) | (EMPTY) |
ntdll.dll (#7) | (EMPTY) |
ntdll.dll (#8) | (EMPTY) |
ntdll.dll (#9) | (EMPTY) |
XOR Key | 0xcf8022da |
---|---|
Unmarked objects | 0 |
C++ objects (VS2010 SP1 build 40219) | 25 |
ASM objects (VS2010 SP1 build 40219) | 14 |
C objects (VS2010 SP1 build 40219) | 103 |
Imports (VS2008 SP1 build 30729) | 5 |
Total imports | 86 |
C++ objects (VS2008 build 21022) | 1 |
Resource objects (VS2008 build 21022) | 1 |