Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2017-Jun-06 15:24:44 |
Detected languages |
English - United States
Korean - Korea |
Comments | |
CompanyName | Kamsky Co,.Ltd |
FileDescription | Vote_Controller |
FileVersion | 49, 0, 0, 0 |
InternalName | MDL_170329_x86_V06Lv3 |
LegalCopyright | Copyright ⓒ 2017 |
LegalTrademarks | |
OriginalFilename | Vote_Controller |
PrivateBuild | |
ProductName | Kamsky ColdFear |
ProductVersion | 17, 0, 0, 0 |
SpecialBuild |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 33/52 (Scanned on 2019-09-09 07:14:42) |
MicroWorld-eScan:
Trojan.GenericKD.41198710
CAT-QuickHeal: Trojan.Hoplight.S5795935 ALYac: Trojan.Nukesped.A K7AntiVirus: Trojan ( 0054bc321 ) K7GW: Trojan ( 0054bc321 ) CrowdStrike: win/malicious_confidence_100% (W) TrendMicro: Trojan.Win64.HOPLIGHT.B Cyren: W64/Trojan.NKDY-0871 Symantec: Trojan.Hoplight Paloalto: generic.ml Alibaba: Trojan:Win64/Hoplight.bd429bba ViRobot: Trojan.Win64.S.Agent.346624 Rising: Trojan.Hoplight!1.B71E (CLASSIC) Ad-Aware: Trojan.GenericKD.41198710 Comodo: Malware@#1o8aj0re9tng4 FireEye: Trojan.GenericKD.41198710 Emsisoft: Trojan.GenericKD.41198710 (B) Jiangmin: Trojan.Generic.dgxud Webroot: W32.Trojan.Gen Avira: TR/NukeSped.tbxxd MAX: malware (ai score=100) Antiy-AVL: Trojan/Win64.NukeSped AegisLab: Trojan.Win32.Generic.4!c GData: Trojan.GenericKD.41198710 AhnLab-V3: Trojan/Win32.Generic.C3154759 ESET-NOD32: a variant of Win64/NukeSped.T TrendMicro-HouseCall: Trojan.Win64.HOPLIGHT.B Tencent: Win32.Trojan.Generic.Pavo Yandex: Trojan.Agent!yMGm9L9385k Ikarus: Trojan.Win64.Nukesped Fortinet: W32/Generic.T!tr Panda: Trj/CI.A Qihoo-360: Win32/Trojan.542 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 6 |
TimeDateStamp | 2017-Jun-06 15:24:44 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x45600 |
SizeOfInitializedData | 0xf000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000009350 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x180000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.2 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x5e000 |
SizeOfHeaders | 0x400 |
Checksum | 0x63d41 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
WS2_32.dll |
#23
#4 #16 #111 #18 #151 #21 #19 #3 |
---|---|
KERNEL32.dll |
ExitProcess
CompareStringW GetProcessHeap SetEndOfFile CreateFileA GetTimeZoneInformation QueryPerformanceFrequency FindFirstFileW FindNextFileW FindClose GetLastError GetProcAddress LoadLibraryA GetWindowsDirectoryA GetWindowsDirectoryW GetTickCount QueryDosDeviceW GetLogicalDriveStringsW GetFileSize LocalFree GetVolumeInformationW GetSystemInfo GetModuleHandleW LocalAlloc CreateThread GetACP WideCharToMultiByte FileTimeToLocalFileTime CloseHandle Sleep UnmapViewOfFile DuplicateHandle GetSystemTimeAsFileTime GetFileAttributesW MultiByteToWideChar EncodePointer DecodePointer GetCurrentThreadId FlsSetValue GetCommandLineA UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent RtlVirtualUnwind RtlLookupFunctionEntry RtlCaptureContext TerminateProcess GetCurrentProcess FlsGetValue FlsFree SetLastError FlsAlloc GetCPInfo GetOEMCP IsValidCodePage RtlUnwindEx EnterCriticalSection LeaveCriticalSection HeapSize SetEnvironmentVariableA HeapFree SetHandleCount GetStdHandle InitializeCriticalSectionAndSpinCount GetFileType GetStartupInfoW DeleteCriticalSection GetModuleFileNameA FreeEnvironmentStringsW GetEnvironmentStringsW HeapSetInformation GetVersion HeapCreate HeapDestroy QueryPerformanceCounter GetCurrentProcessId SetFilePointer WriteFile GetConsoleCP GetConsoleMode LCMapStringW GetStringTypeW RaiseException RtlPcToFileHeader HeapAlloc HeapReAlloc LoadLibraryW GetModuleFileNameW SetStdHandle WriteConsoleW FlushFileBuffers CreateFileW FileTimeToSystemTime FileTimeToDosDateTime ReadFile SystemTimeToFileTime GetLocalTime GetSystemTime GetFileInformationByHandle MapViewOfFile CreateFileMappingW |
USER32.dll |
GetSystemMetrics
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 49.0.0.0 |
ProductVersion | 17.0.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | English - United States |
Comments | |
CompanyName | Kamsky Co,.Ltd |
FileDescription | Vote_Controller |
FileVersion (#2) | 49, 0, 0, 0 |
InternalName | MDL_170329_x86_V06Lv3 |
LegalCopyright | Copyright ⓒ 2017 |
LegalTrademarks | |
OriginalFilename | Vote_Controller |
PrivateBuild | |
ProductName | Kamsky ColdFear |
ProductVersion (#2) | 17, 0, 0, 0 |
SpecialBuild |
Resource LangID | Korean - Korea |
---|
XOR Key | 0x48bea71b |
---|---|
Unmarked objects | 0 |
152 (20115) | 2 |
C objects (VS2010 SP1 build 40219) | 155 |
ASM objects (VS2010 SP1 build 40219) | 12 |
Imports (VS2008 SP1 build 30729) | 7 |
Total imports | 120 |
C++ objects (VS2010 SP1 build 40219) | 60 |
Resource objects (VS2010 SP1 build 40219) | 1 |
Linker (VS2010 SP1 build 40219) | 1 |