4c135bdf7f7c7ebf93095aa273482dc5

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2005-Oct-25 21:53:12
TLS Callbacks 1 callback(s) detected.

Plugin Output

Info Matching compiler(s): Borland C++ DLL
Borland C++ for Win32 1999
Suspicious PEiD Signature: UPX -> www.upx.sourceforge.net
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Suspicious The file contains overlay data. 404568 bytes of data starting at offset 0xa5a8.
The overlay data has an entropy of 7.99609 and is possibly compressed or encrypted.
Overlay data amounts for 90.5122% of the executable.
Malicious VirusTotal score: 15/69 (Scanned on 2019-10-23 07:49:31) MicroWorld-eScan: Gen:Trojan.Heur.GM.0040440C20
Cylance: Unsafe
Cybereason: malicious.f7f7c7
APEX: Malicious
BitDefender: Gen:Trojan.Heur.GM.0040440C20
Endgame: malicious (high confidence)
Emsisoft: Gen:Trojan.Heur.GM.0040440C20 (B)
Invincea: heuristic
Trapmine: suspicious.low.ml.score
FireEye: Generic.mg.4c135bdf7f7c7ebf
MAX: malware (ai score=80)
Arcabit: Trojan.Heur.GM.0040440C20
GData: Gen:Trojan.Heur.GM.0040440C20
Ad-Aware: Gen:Trojan.Heur.GM.0040440C20
Qihoo-360: QVM41.1.Malware.Gen

Hashes

MD5 4c135bdf7f7c7ebf93095aa273482dc5
SHA1 43ccdb8fabed1e4c28f68db90626c696ae2c66b5
SHA256 fbbebe6fddc147d86a10d8633801a7954651b2b0cdf66c35f2e1df65b24e556e
SHA3 49d0fc5a55de1485f007c465629dba24dd06cec1ff0a1f5d0529a0456aa2a814
SSDeep 12288:9Idew7qtki7dLw8/R0xSKGlAHAwsFF6qUQoS:9Id6LwORUnHAwsn
Imports Hash c86600c15c3e35eccc1b02eb0ed892fb

DOS Header

e_magic MZ
e_cblp 0x6b
e_cp 0x1
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0x1
e_ss 0
e_sp 0
e_csum 0
e_ip 0x1e
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x70

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2005-Oct-25 21:53:12
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 1.0
SizeOfCode 0x7cae
SizeOfInitializedData 0x2da4
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000014C8 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x9000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xd000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x2000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 549a9315f6095758ac903bf08fd26941
SHA1 07e3032bb83146944fe7e524cb2d830bc404b905
SHA256 492ecf32abc4a7f4f2370955c6d06333188f54a799a483ecd0504601fd115d41
SHA3 04c5685fe404e4f8c6cc2087defed67057fd6243f039e5e7e1c7232d26fc9756
VirtualSize 0x7cae
VirtualAddress 0x1000
SizeOfRawData 0x7cae
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.56332

.data

MD5 6a3affb3ed85ae50380b4c445c282fa9
SHA1 c77273d982720c5596588c7b6462374a88d79839
SHA256 54bd0c7af232130e23e9c3270efe95af3211787e0b132ef76159fdee385fed3f
SHA3 d7922a339b151d98b255d1c503bcea24ac7ba8fbf33dc9b3a0136290e6f50577
VirtualSize 0x2d08
VirtualAddress 0x9000
SizeOfRawData 0x23a8
PointerToRawData 0x8200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.96792

.tls

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x9c
VirtualAddress 0xc000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Imports

KERNEL32.DLL GetStringTypeW
GetFileType
SetHandleCount
GetVersionExA
GetLastError
SetFilePointer
VirtualFree
VirtualAlloc
LoadLibraryA
GlobalMemoryStatus
SetConsoleCtrlHandler
CloseHandle
CreateFileA
GetModuleHandleA
GetLocalTime
RtlUnwind
RaiseException
WriteFile
GetStdHandle
GetModuleFileNameA
GetCurrentThreadId
HeapAlloc
GetVersion
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
GetEnvironmentStrings
GetProcAddress
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
ExitProcess
HeapFree
GetProcessHeap
USER32.DLL EnumThreadWindows
MessageBoxA
wsprintfA

Delayed Imports

__GetExceptDLLinfo

Ordinal 1
Address 0x1521

___CPPdebugHook

Ordinal 2
Address 0x9124

Version Info

TLS Callbacks

StartAddressOfRawData 0x40c000
EndAddressOfRawData 0x40c09c
AddressOfIndex 0x409117
AddressOfCallbacks 0x408bb0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x00401618

Load Configuration

RICH Header

Errors

[*] Warning: Section .tls has a size of 0!
<-- -->