3b5d1420ae64bc4ec37f3b9fd443785c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2018-Apr-19 09:19:59

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentVersion\Run
 Miscellaneous malware strings:
  • cmd.exe
Malicious VirusTotal score: 57/65 (Scanned on 2018-04-19 09:40:49) Bkav: W32.ATVC_SysidlepoLTM.Trojan
MicroWorld-eScan: Generic.MSIL.Bladabindi.070324C7
CAT-QuickHeal: Backdoor.Bladabindi.AL3
McAfee: Trojan-FIGN
Cylance: Unsafe
Zillya: Trojan.Disfa.Win32.27264
SUPERAntiSpyware: Trojan.Agent/Gen-Bladabindi
TheHacker: Trojan/Bladabindi.bc
K7GW: Trojan ( 700000121 )
K7AntiVirus: Trojan ( 700000121 )
Arcabit: Generic.MSIL.Bladabindi.070324C7
TrendMicro: BKDR_BLADABI.SMC
Baidu: MSIL.Backdoor.Bladabindi.a
Cyren: W32/MSIL_Bladabindi.AU.gen!Eldorado
Symantec: Backdoor.Ratenjay
ESET-NOD32: MSIL/Bladabindi.BC
TrendMicro-HouseCall: BKDR_BLADABI.SMC
ClamAV: Win.Trojan.B-468
Kaspersky: HEUR:Trojan.Win32.Generic
BitDefender: Generic.MSIL.Bladabindi.070324C7
NANO-Antivirus: Trojan.Win32.Disfa.dtznyx
ViRobot: Backdoor.Win32.Bladabindi.Gen.A
Ad-Aware: Generic.MSIL.Bladabindi.070324C7
Emsisoft: Generic.MSIL.Bladabindi.070324C7 (B)
Comodo: Backdoor.MSIL.Bladabindi.A
F-Secure: Generic.MSIL.Bladabindi.070324C7
DrWeb: Trojan.DownLoader17.52584
VIPRE: Backdoor.MSIL.Bladabindi.a (v)
Invincea: heuristic
Sophos: Troj/DotNet-P
SentinelOne: static engine - malicious
F-Prot: W32/MSIL_Bladabindi.AU.gen!Eldorado
Jiangmin: TrojanDropper.Autoit.dce
Webroot: W32.Trojan.Gen
Avira: TR/Dropper.Gen7
Antiy-AVL: Trojan[Backdoor]/MSIL.Bladabindi.as
Kingsoft: Win32.Troj.Undef.(kcloud)
Microsoft: Backdoor:MSIL/Bladabindi
Endgame: malicious (high confidence)
AegisLab: Win.Backdoor.Bladabindi.mBi5
ZoneAlarm: HEUR:Trojan.Win32.Generic
GData: MSIL.Backdoor.Bladabindi.AV
AhnLab-V3: Win-Trojan/Zbot.24064
ALYac: Generic.MSIL.Bladabindi.070324C7
AVware: Backdoor.MSIL.Bladabindi.a (v)
MAX: malware (ai score=84)
VBA32: Trojan.MSIL.Disfa
Malwarebytes: Backdoor.NJRat.Generic
Panda: Generic Malware
Yandex: Trojan.Agent!k6NlPiHIw7M
Ikarus: Trojan.MSIL.Bladabindi
eGambit: Unsafe.AI_Score_98%
Fortinet: MSIL/Agent.LI!tr
AVG: MSIL:Agent-DRD [Trj]
Avast: MSIL:Agent-DRD [Trj]
CrowdStrike: malicious_confidence_100% (D)
Qihoo-360: HEUR/QVM03.0.9B27.Malware.Gen

Hashes

MD5 3b5d1420ae64bc4ec37f3b9fd443785c
SHA1 5a1453d359bda7d9f5025a803d2bd39464711599
SHA256 79c94aca957168f38985e466012bd0d6aa52911ff782b2106e08ae8a8be418a1
SHA3 0f5ae33b7d3be29150b34624fe137678d447a648b9a2cd448de0328824cd4dc1
SSDeep 384:d8aLWS0dABLYVq6RxP8MDFF09vK563gRMmJKUv0mRvR6JZlbw8hqIusZzZgh:eXcwt3tRpcnuL
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2018-Apr-19 09:19:59
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x5600
SizeOfInitializedData 0x600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000747E (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x8000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xc000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d0da426cda2bf6fee7123419cc940612
SHA1 fbc3cb5da5a53cb0f076e08ce81e640d03b9f894
SHA256 f351d0bd39d8ce4af7e5db765a7e74efad5fb4d422b20de1e22847897b62ef9e
SHA3 502ad72650e7843d8cba1657db55084d3bae5085f89e25ad944c8cccd6012fb7
VirtualSize 0x5484
VirtualAddress 0x2000
SizeOfRawData 0x5600
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.56864

.rsrc

MD5 0243c9a7f8755f2c2b18037cdad6cc91
SHA1 1ffa22fd5de34253aa3b8ffab97ec5c401513128
SHA256 9a77791d60c4f151b59916a63b8b03359bdbfdf7f11e37c5e53729b0f0778d49
SHA3 8668b1bb8b401e2e9b23acb0c6a5ac31f63205aff8fb2c0be71f5db4c6785d99
VirtualSize 0x240
VirtualAddress 0x8000
SizeOfRawData 0x400
PointerToRawData 0x5800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.96608

.reloc

MD5 bb6b8b1f25ff35bc899d87eb8954f0a6
SHA1 596f51f26e2855c2dfc46e96bb4249d2d6646cf3
SHA256 e144b4583a975d9e613fd6e26070337f6fd747d702c8315b781209abcf98877a
SHA3 8b5e494153189c8638e3bf5f2b1bbc2f78d66d16cdbec6d92f64c11967916cde
VirtualSize 0xc
VirtualAddress 0xa000
SizeOfRawData 0x200
PointerToRawData 0x5c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1e7
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.96801
MD5 4d18ac38a92d15a64e2b80447b025b7e
SHA1 5c34374c2dd5afa92e0489f1d6f86dde616aca6c
SHA256 835a00d6e7c43db49ae7b3fa12559f23c2920b7530f4d3f960fd285b42b1efb5
SHA3 493c83109dbdb6284c2066debc8df200d014c6ce33cffb36f3762074df901b9a

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->