4d2738a802e3ff27b1a267656d392c96

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2015-Jul-01 21:01:36
CompanyName ASCON-Design systems, LLC (Russia)
FileDescription XPS Rasterization Service Component
FileVersion 5.1.4.2
LegalCopyright © 2017 ASCON-Design systems. Russia. All rights reserved.
LegalTrademarks ASCON® are registered trademarks of ZAO ASCON.
ProductName XPS Rasterization Service Component
ProductVersion 5.1.4.2
Comments Modified by an unpaid evaluation copy of Resource Tuner 2 (www.heaventools.com)

Plugin Output

Suspicious The PE is possibly packed. Section .text is both writable and executable.
Section .rsrc is both writable and executable.
The PE only has 4 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Info The PE's resources present abnormal characteristics. The binary may have been compiled on a machine in the UTC+3 timezone.
Malicious VirusTotal score: 24/67 (Scanned on 2018-11-20 03:48:28) Bkav: HW32.Packed.
Cylance: Unsafe
VIPRE: Trojan.Win32.Generic!BT
K7GW: Unwanted-Program ( 004c5a181 )
K7AntiVirus: Unwanted-Program ( 004c5a181 )
Invincea: heuristic
NANO-Antivirus: Trojan.Win32.RemoteAdmin.euosxh
ESET-NOD32: a variant of Win32/RemoteAdmin.RemoteUtilities.J potentially unsafe
TrendMicro-HouseCall: HKTL_REMOTEADMIN
Paloalto: generic.ml
Kaspersky: not-a-virus:RemoteAdmin.Win32.RMS.nx
TrendMicro: HKTL_REMOTEADMIN
Fortinet: Riskware/RMS
Sophos: Generic PUA EJ (PUA)
SentinelOne: static engine - malicious
Cyren: W32/GenBl.4D2738A8!Olympus
Jiangmin: RemoteAdmin.RMS.qe
Webroot: W32.Malware.Gen
Endgame: malicious (high confidence)
Microsoft: Trojan:Win32/Bitrep.A
ZoneAlarm: not-a-virus:RemoteAdmin.Win32.RMS.nx
AhnLab-V3: Unwanted/Win32.RemoteAdmin.C2319232
Yandex: Riskware.RemoteAdmin!
Qihoo-360: Win32/Virus.RemoteAdmin.adb

Hashes

MD5 4d2738a802e3ff27b1a267656d392c96
SHA1 490c9d13bdc9fee86dcc8b754ec7b4cefe1d5a8d
SHA256 09109704b8711c6ae14860d06dfc9ac93293673eeec54b5e640abdec1613ba6c
SHA3 3119b69a59667338b91546b9da853d06663b20c8dd6a645105002b0e5fbb0280
SSDeep 49152:IwQ0iyca2nkrr3uFowloSj/uJytJmxGKdeAmZX5vmwsOrXd4qXl4hINZcv:Idvyr2krCFowlfj/sytJUGKV2NmwsOr
Imports Hash 09d0478591d4f788cb3e5ea416c25237

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2015-Jul-01 21:01:36
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x501600
SizeOfInitializedData 0x96000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001000 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x503000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x6c1000
SizeOfHeaders 0x400
Checksum 0x2d6fde
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 fd6bd5728543a0429bade0a30784cf47
SHA1 0e9c36ae53c429f82efdf00f195cf97cad283be5
SHA256 7c36a811c8286ddea7ff3017dae7b854bb86a44b8ad312a8186487b7c2a71c6a
SHA3 d79b4ac8e074b839ad0aaedf3f66042b98fd4d6ed5dc982b65e82ce5976ee4ec
VirtualSize 0x6bc000
VirtualAddress 0x1000
SizeOfRawData 0x2d1c00
PointerToRawData 0x400
PointerToRelocations 0x32434550
PointerToLineNumbers 0x4f54
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99994

.rsrc

MD5 7dbb92332e98875dcaef2709d8a446df
SHA1 5447eb3b4596d7319538e01af0cff81e00b73fb6
SHA256 468823d22cf74f3728c0c1e0bc7ccffb6ecf47449625051e6f628e2e95352e3c
SHA3 3b1d141f0353eed5c44410e228738e76eff727ef3f69281d78ee00c465e3d77a
VirtualSize 0x3000
VirtualAddress 0x6bd000
SizeOfRawData 0x2000
PointerToRawData 0x2d2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.82248

.reloc

MD5 9fb87c63ca6b04c82d99e986ac182c22
SHA1 c9348a6908d885f24adee69715004496444a8735
SHA256 6fac5c0eed4e3b711e42ff84d21af9ec039be56342f868429640a178117da102
SHA3 237d82c0ae800207566ce1ad3fc222caffce7250ed7992f3d959a822abaa0841
VirtualSize 0x200
VirtualAddress 0x6c0000
SizeOfRawData 0x200
PointerToRawData 0x2d4000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.366985

Imports

kernel32.dll LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Delayed Imports

Z_QUINNECT_RMS

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x1c6f
TimeDateStamp 2015-Jul-02 00:01:36
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

Z_QUINNECT_RUT

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x1154
TimeDateStamp 2015-Jul-02 00:01:36
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

DVCLAL

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x10
TimeDateStamp 2015-Jul-02 00:01:36
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

TDMMAIN

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x297
TimeDateStamp 2015-Jul-02 00:01:36
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

TFMMAINSERVICE

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x136
TimeDateStamp 2015-Jul-02 00:01:36
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

TFMQUICKCONNECT

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x3121
TimeDateStamp 2015-Jul-02 00:01:36
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x458
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.48879
MD5 b0490d10bdf13f75f1a62390d6b9d3f7
SHA1 5331c079dbfa481c4c44e8c69e965e4d50fe1dde
SHA256 0c68682dda395e80f9215a1ce3af7158a508d27fbbba99d090eabb021fa767e5
SHA3 16522c6d0ac0076a5a4867d0a8e5d4d4119ca1fbad348edd4eab880e2dd04c5e

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x342
TimeDateStamp 2015-Jul-02 00:01:36
Entropy 4.95726
MD5 73632173c44ecb06fc768e67fe9a3a1b
SHA1 cc4139c98168da3c12ed3b35f8d86d9684b2219c
SHA256 65f061b255c5d6de31bf9b9c3baa8be88829a3b272d44d80c2cfb1a8e32a88d5
SHA3 bdb3346aa66861ba27a3a24ae522743282784e3697df179971e85dd02ae56997

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 6.3.0.6
ProductVersion 6.3.0.6
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
CompanyName ASCON-Design systems, LLC (Russia)
FileDescription XPS Rasterization Service Component
FileVersion (#2) 5.1.4.2
LegalCopyright © 2017 ASCON-Design systems. Russia. All rights reserved.
LegalTrademarks ASCON® are registered trademarks of ZAO ASCON.
ProductName XPS Rasterization Service Component
ProductVersion (#2) 5.1.4.2
Comments Modified by an unpaid evaluation copy of Resource Tuner 2 (www.heaventools.com)
Resource LangID UNKNOWN

TLS Callbacks

StartAddressOfRawData 0xabefb4
EndAddressOfRawData 0xabf014
AddressOfIndex 0xabefac
AddressOfCallbacks 0xabefb0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

RICH Header

Errors

[*] Warning: Could not read the Delay-Load Directory Table! [!] Error: Could not read the exported DLL name. [*] Warning: Resource Z_QUINNECT_RMS is empty! [*] Warning: Resource Z_QUINNECT_RUT is empty! [*] Warning: Resource DVCLAL is empty! [*] Warning: Resource TDMMAIN is empty! [*] Warning: Resource TFMMAINSERVICE is empty! [*] Warning: Resource TFMQUICKCONNECT is empty!
<-- -->