Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2012-Nov-15 06:03:51 |
Detected languages |
English - United States
|
CompanyName | Hummingbird Communications Ltd. |
FileDescription | Overreacted |
FileVersion | 190, 62, 118, 154 |
InternalName | Intruders |
LegalCopyright | Copyright © 2011 |
OriginalFilename | Lovelier.exe |
ProductName | Omnibuses Injectable |
ProductVersion | 6, 99, 18, 139 |
Info | Matching compiler(s): |
Microsoft Visual C++ v6.0 DLL
Microsoft Visual C++ 6.0 DLL (Debug) Microsoft Visual C++ 6.0 DLL |
Info | The PE contains common functions which appear in legitimate applications. |
Can access the registry:
|
Suspicious | The file contains overlay data. |
8192288 bytes of data starting at offset 0x2c000.
Overlay data amounts for 97.8474% of the executable. |
Malicious | VirusTotal score: 51/69 (Scanned on 2021-02-21 21:47:27) |
Bkav:
W32.FamVT.UsbdlHQc.Trojan
Elastic: malicious (high confidence) ClamAV: Win.Worm.Gamarue-9814694-0 CAT-QuickHeal: Worm.Gamarue.WR5 McAfee: Trojan-FHRE!4F43122B4466 Cylance: Unsafe Zillya: Worm.Bundpil.Win32.121764 Sangfor: Trojan.Win32.Save.a K7AntiVirus: Trojan ( 004d3cf31 ) K7GW: Trojan ( 004d3cf31 ) CrowdStrike: win/malicious_confidence_100% (D) Cyren: W32/S-964b3575!Eldorado Symantec: Packed.Dromedan!gen23 ESET-NOD32: Win32/Bundpil.DF APEX: Malicious Cynet: Malicious (score: 100) Kaspersky: Trojan.Win32.Wauchos.ea BitDefender: Gen:Variant.Jaik.42846 NANO-Antivirus: Trojan.Win32.Wauchos.elmjzq MicroWorld-eScan: Gen:Variant.Jaik.42846 Avast: Win32:Papras-AV [Trj] Rising: Worm.Bundpil!8.139 (RDMK:cmRtazpB9wvKOYEerjhnubuPSBvh) Ad-Aware: Gen:Variant.Jaik.42846 Emsisoft: Gen:Variant.Jaik.42846 (B) F-Secure: Trojan.TR/Crypt.ZPACK.Gen4 DrWeb: Trojan.Bundpil.8 McAfee-GW-Edition: Trojan-FHRE!4F43122B4466 FireEye: Generic.mg.4f43122b44664548 Sophos: ML/PE-A + Troj/Bundpil-Z Ikarus: Worm.Win32.Bundpil GData: Win32.Worm.Gamarue.AJ Jiangmin: Trojan.Generic.xzbb Avira: TR/Crypt.ZPACK.Gen4 Antiy-AVL: Trojan/Win32.TSGeneric Gridinsoft: Trojan.Win32.Packed.oa!s1 Arcabit: Trojan.Jaik.DA75E ZoneAlarm: Trojan.Win32.Wauchos.ea Microsoft: Worm:Win32/Gamarue AhnLab-V3: Worm/Win32.Gamarue.R184772 BitDefenderTheta: Gen:NN.ZedlaF.34574.@x@@aq73Xuni ALYac: Gen:Variant.Jaik.42846 MAX: malware (ai score=86) VBA32: Trojan.Wauchos Malwarebytes: Trojan.MalPack Tencent: Malware.Win32.Gencirc.114b3edc Yandex: Trojan.Wauchos!EvgJxX+xdBE SentinelOne: Static AI - Malicious PE Fortinet: W32/Generic.AC.34110C!tr AVG: Win32:Papras-AV [Trj] Panda: Trj/Gamarue.A Qihoo-360: HEUR/QVM27.0.723B.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2012-Nov-15 06:03:51 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x15000 |
SizeOfInitializedData | 0x323000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000153BD (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x16000 |
ImageBase | 0x10000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x339000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
ReadEventLogA
RegDeleteValueA ReportEventA LsaOpenPolicy OpenEventLogA CreateProcessAsUserA RegSetValueExA DeregisterEventSource ReadEventLogW LsaAddAccountRights InitiateSystemShutdownA NotifyChangeEventLog GetNumberOfEventLogRecords RegDeleteKeyA IsTextUnicode LsaNtStatusToWinError BackupEventLogA EqualSid CloseEventLog RegSetValueA RegDeleteValueW RegNotifyChangeKeyValue RegisterEventSourceW |
---|---|
SETUPAPI.dll |
SetupDiClassGuidsFromNameA
SetupOpenInfFileA SetupDiEnumDeviceInterfaces |
USER32.dll |
CheckMenuItem
DrawIconEx GetClientRect GetAsyncKeyState EnumDisplaySettingsA CharLowerBuffW IsWindowVisible EndDialog SetTimer CheckDlgButton DdeInitializeA wvsprintfA GetCaretBlinkTime LoadAcceleratorsA LoadBitmapA SetRect SetClassLongA AdjustWindowRect GetDlgItemTextA CloseClipboard FillRect RegisterHotKey SetMenuContextHelpId ClientToScreen IsWindowEnabled TranslateAcceleratorW UnregisterClassA CharToOemBuffA |
Ordinal | 1 |
---|---|
Address | 0xce54 |
Ordinal | 2 |
---|---|
Address | 0x1366e |
Ordinal | 3 |
---|---|
Address | 0x123f9 |
Ordinal | 4 |
---|---|
Address | 0xce54 |
Ordinal | 5 |
---|---|
Address | 0x10aef |
Ordinal | 6 |
---|---|
Address | 0x123f9 |
Ordinal | 7 |
---|---|
Address | 0x1366e |
Ordinal | 8 |
---|---|
Address | 0x10564 |
Ordinal | 9 |
---|---|
Address | 0x10956 |
Ordinal | 10 |
---|---|
Address | 0xce54 |
Ordinal | 11 |
---|---|
Address | 0x12746 |
Ordinal | 12 |
---|---|
Address | 0x123f9 |
Ordinal | 13 |
---|---|
Address | 0xce54 |
Ordinal | 14 |
---|---|
Address | 0xce54 |
Ordinal | 15 |
---|---|
Address | 0x10956 |
Ordinal | 16 |
---|---|
Address | 0x1366e |
Ordinal | 17 |
---|---|
Address | 0xce54 |
Ordinal | 18 |
---|---|
Address | 0xce54 |
Ordinal | 19 |
---|---|
Address | 0x1366e |
Ordinal | 20 |
---|---|
Address | 0x10564 |
Ordinal | 21 |
---|---|
Address | 0x12746 |
Ordinal | 22 |
---|---|
Address | 0xce54 |
Ordinal | 23 |
---|---|
Address | 0x10564 |
Ordinal | 24 |
---|---|
Address | 0x12746 |
Ordinal | 25 |
---|---|
Address | 0x10564 |
Ordinal | 26 |
---|---|
Address | 0xce54 |
Ordinal | 27 |
---|---|
Address | 0x123f9 |
Ordinal | 28 |
---|---|
Address | 0xce54 |
Ordinal | 29 |
---|---|
Address | 0xce54 |
Ordinal | 30 |
---|---|
Address | 0x123f9 |
Ordinal | 31 |
---|---|
Address | 0xce54 |
Ordinal | 32 |
---|---|
Address | 0x128ad |
Ordinal | 33 |
---|---|
Address | 0xce54 |
Ordinal | 34 |
---|---|
Address | 0xce54 |
Ordinal | 35 |
---|---|
Address | 0xce54 |
Ordinal | 36 |
---|---|
Address | 0xce54 |
Ordinal | 37 |
---|---|
Address | 0xce54 |
Ordinal | 38 |
---|---|
Address | 0xce54 |
Ordinal | 39 |
---|---|
Address | 0xce54 |
Ordinal | 40 |
---|---|
Address | 0x1265e |
Ordinal | 41 |
---|---|
Address | 0x10956 |
Ordinal | 42 |
---|---|
Address | 0x8e39 |
Ordinal | 43 |
---|---|
Address | 0xce54 |
Ordinal | 44 |
---|---|
Address | 0x12746 |
Ordinal | 45 |
---|---|
Address | 0xce54 |
Ordinal | 46 |
---|---|
Address | 0xce54 |
Ordinal | 47 |
---|---|
Address | 0xce54 |
Ordinal | 48 |
---|---|
Address | 0x10564 |
Ordinal | 49 |
---|---|
Address | 0x1366e |
Ordinal | 50 |
---|---|
Address | 0x1370 |
Ordinal | 51 |
---|---|
Address | 0xce54 |
Ordinal | 52 |
---|---|
Address | 0xce54 |
Ordinal | 53 |
---|---|
Address | 0x15300 |
Ordinal | 54 |
---|---|
Address | 0xce54 |
Ordinal | 55 |
---|---|
Address | 0x1366e |
Ordinal | 56 |
---|---|
Address | 0xce54 |
Ordinal | 57 |
---|---|
Address | 0xce54 |
Ordinal | 58 |
---|---|
Address | 0x1265e |
Ordinal | 59 |
---|---|
Address | 0xce54 |
Ordinal | 60 |
---|---|
Address | 0xce54 |
Ordinal | 61 |
---|---|
Address | 0xce54 |
Ordinal | 62 |
---|---|
Address | 0xce54 |
Ordinal | 63 |
---|---|
Address | 0x10956 |
Ordinal | 64 |
---|---|
Address | 0xb959 |
Ordinal | 65 |
---|---|
Address | 0x12746 |
Ordinal | 66 |
---|---|
Address | 0x10564 |
Ordinal | 67 |
---|---|
Address | 0xce54 |
Ordinal | 68 |
---|---|
Address | 0x12746 |
Ordinal | 69 |
---|---|
Address | 0x123f9 |
Ordinal | 70 |
---|---|
Address | 0xce54 |
Ordinal | 71 |
---|---|
Address | 0xce54 |
Ordinal | 72 |
---|---|
Address | 0x10956 |
Ordinal | 73 |
---|---|
Address | 0xce54 |
Ordinal | 74 |
---|---|
Address | 0x1265e |
Ordinal | 75 |
---|---|
Address | 0x10aef |
Ordinal | 76 |
---|---|
Address | 0x10564 |
Ordinal | 77 |
---|---|
Address | 0xce54 |
Ordinal | 78 |
---|---|
Address | 0x10564 |
Ordinal | 79 |
---|---|
Address | 0x1366e |
Ordinal | 80 |
---|---|
Address | 0xce54 |
Ordinal | 81 |
---|---|
Address | 0xce54 |
Ordinal | 82 |
---|---|
Address | 0xce54 |
Ordinal | 83 |
---|---|
Address | 0xce54 |
Ordinal | 84 |
---|---|
Address | 0x12746 |
Ordinal | 85 |
---|---|
Address | 0xce54 |
Ordinal | 86 |
---|---|
Address | 0x128ad |
Ordinal | 87 |
---|---|
Address | 0xce54 |
Ordinal | 88 |
---|---|
Address | 0x12746 |
Ordinal | 89 |
---|---|
Address | 0x8e39 |
Ordinal | 90 |
---|---|
Address | 0xce54 |
Ordinal | 91 |
---|---|
Address | 0x10564 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 0.186.139.116 |
ProductVersion | 0.25.172.70 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | UNKNOWN |
CompanyName | Hummingbird Communications Ltd. |
FileDescription | Overreacted |
FileVersion (#2) | 190, 62, 118, 154 |
InternalName | Intruders |
LegalCopyright | Copyright © 2011 |
OriginalFilename | Lovelier.exe |
ProductName | Omnibuses Injectable |
ProductVersion (#2) | 6, 99, 18, 139 |
Resource LangID | English - United States |
---|
XOR Key | 0x92da7ff1 |
---|---|
Unmarked objects | 0 |
C objects (VS98 build 8168) | 4 |
Total imports | 60 |
19 (8034) | 7 |
Unmarked objects (#2) | 1 |
C++ objects (VS98 build 8168) | 2 |
Resource objects (VS98 cvtres build 1720) | 1 |
Linker (VS98 build 8168) | 3 |