52bc7c27598d86197dc5ec4663dff214

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2012-Dec-21 20:59:46

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Can create temporary files:
  • GetTempPathA
  • CreateFileA
Suspicious The PE is possibly a dropper. Resource DLL is possibly compressed or encrypted.
Resources amount for 99.8262% of the executable.
Malicious VirusTotal score: 46/67 (Scanned on 2018-01-04 17:56:01) MicroWorld-eScan: Application.Hacktool.UM
CAT-QuickHeal: Riskware.Dupatcher.A4
McAfee: Artemis!52BC7C27598D
Cylance: Unsafe
VIPRE: Trojan.Win32.Agent.wfn (v)
K7GW: Trojan ( 0040f3a51 )
K7AntiVirus: Trojan ( 0040f3a51 )
TrendMicro: TROJ_GEN.R002C0DLP17
Baidu: Win32.Trojan.Generic.f
Cyren: W32/Agent.EWQQ-1275
Symantec: Trojan.Gen.2
ESET-NOD32: a variant of Win32/HackTool.Patcher.AD potentially unsafe
TrendMicro-HouseCall: TROJ_GEN.R002C0DLP17
Avast: Win32:Malware-gen
ClamAV: Win.Trojan.Agent-6326860-0
BitDefender: Application.Hacktool.UM
ViRobot: Trojan.Win32.Agent.754688.B
Ad-Aware: Application.Hacktool.UM
Sophos: Generic Patcher (PUA)
Comodo: TrojWare.Win32.Agent.WFN
F-Secure: Application.Hacktool.UM
Zillya: Tool.Patcher.Win32.21239
Invincea: heuristic
McAfee-GW-Edition: BehavesLike.Win32.AdwareLinkury.tc
Emsisoft: Application.Hacktool.UM (B)
SentinelOne: static engine - malicious
F-Prot: W32/Agent.KFY
Webroot: W32.Hacktool.Gen
Avira: TR/Symmi.kgobp
Antiy-AVL: RiskWare[RiskTool]/Win32.Patcher
Microsoft: Trojan:Win32/Tiggre!rfn
Endgame: malicious (high confidence)
Arcabit: Application.Hacktool.UM
AegisLab: Gen.Troj.Heur!c
GData: Application.Hacktool.UM
AhnLab-V3: Unwanted/Win32.Patcher.C1963789
AVware: Trojan.Win32.Agent.wfn (v)
MAX: malware (ai score=100)
Malwarebytes: HackTool.FilePatch
Yandex: Riskware.HackTool!LT2poWNG63M
eGambit: HackTool.Generic
Fortinet: Riskware/GamePatcher
AVG: Win32:Malware-gen
Cybereason: malicious.1b8fb7
Panda: Trj/CI.A
CrowdStrike: malicious_confidence_100% (D)

Hashes

MD5 52bc7c27598d86197dc5ec4663dff214
SHA1 d00c1095d6495ba38d966162cfb0c0fea9be388b
SHA256 69909d397b447c084230aba457e10599425a6389bf52f3baf2530a656cfa47ad
SHA3 dec99b342eddd590317e1138362da89b0199b5447478da95584e9515e32a056c
SSDeep 49152:1swqw1OzdB9ZIADCSrnepFk3ZWXN1REegZsQckYq:HN1OH9/NrepFOCXKeg2QKq
Imports Hash dc73a9bd8de0fd640549c85ac4089b87

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2012-Dec-21 20:59:46
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 10.0
SizeOfCode 0x200
SizeOfInitializedData 0x1ee800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000102B (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x1f4000
SizeOfHeaders 0x400
Checksum 0xecdd
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 4c584307e5aa70f515ee8c3d942e5f6c
SHA1 05668764efd56b4a53d8574ff9dec26b851ca07b
SHA256 9c0c821fe1c66ad45a044fec0be845fa08b96ea7b7c24e852b132a92fe08a90c
SHA3 a56964eb90adb7bd0f5c92dbd62425658cbd2b396621386f34ca3397e2a0465f
VirtualSize 0x1f6
VirtualAddress 0x1000
SizeOfRawData 0x200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.06408

.rdata

MD5 e5aa65265e17d8a1b524adbc10c0a1ad
SHA1 0e0eb11d610df253f860f9b46790f28f7477d12a
SHA256 b8af2ef3ea5c0fb35d0c846a94425f028f8cdba30eefbb401377749e0266640b
SHA3 7c0d77a4d031c3944bb719376c53cf53fc047471e027fa4f69aacd44c986f6a8
VirtualSize 0x1d8
VirtualAddress 0x2000
SizeOfRawData 0x200
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.27064

.data

MD5 f8fedf1be1122ff5cd0e5b4716311cc5
SHA1 c41831c104ced77633be9d2b09364c22a9392a73
SHA256 b23a9af37c2bfeb0bcb17555a8038d0403b12616851e58513e9135a77c84363b
SHA3 eed0f7054aa182d7497331ee77969143efb3a63e8fee1ed02e44e82494404132
VirtualSize 0x34
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.568988

.rsrc

MD5 1ead9df1448f2e9833bd587f2a4fc83a
SHA1 a1537ff90aa40e6d951d4dc0570553915211ca5d
SHA256 7d17ad8f1857540b84008a42d3b82705d650ae7d4ff2dd848a7b773d6b4ecdd6
SHA3 412f26aa2da2e8b9f2f47156eef225779f673dbdb6569693ec73c0a16bde09f6
VirtualSize 0x1ee178
VirtualAddress 0x4000
SizeOfRawData 0x1ee200
PointerToRawData 0xa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.99989

.reloc

MD5 2e6554ffc943448b686d85ad68f9ec9a
SHA1 2983937fa0491ffb874e3d5084ddc909f7b417ba
SHA256 4bb6e032bb8a0cc87b345564204b1e74d8eb2ed7665c2a1d82dcd3b3096bf885
SHA3 1037aac5df319410ca7ed864e945ccb384d66f6e8ac2a1f9c2cfcdc03c63f497
VirtualSize 0x52
VirtualAddress 0x1f3000
SizeOfRawData 0x200
PointerToRawData 0x1eec00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.736046

Imports

kernel32.dll DeleteFileA
ExitProcess
FindResourceA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetTempPathA
LoadLibraryA
LoadResource
RtlMoveMemory
SizeofResource
VirtualAlloc
lstrcatA
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xca8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.22252
MD5 8676ba9582ac6ce686571ede050c5a22
SHA1 1e8127221f96861a39c902a6835885d271b4daa7
SHA256 6f78800d35702e0290549efbc4498b7f802975329dce4d0e1d2fedfdf9f66fe0
SHA3 cc20e3d30e689a90fa67f21cd3f6b22ad5a6a807b6403da1bf047be2f5fc3d72

DLL

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1ed000
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.99992
MD5 40395f8c97b5fe491ac2ed44939c60dd
SHA1 da524b633ae6137fc5f6249f4b649791a1e0c4fe
SHA256 eafda8c5967b4d505026ff097e780bdac9b003ae92f0a7fb6ac345946f840719
SHA3 dbdf58e41243ebde1e2c479389f767ab3445e92288b0c99666f1afa7b82b412b

500

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.5789
Detected Filetype Icon file
MD5 96368a1d01b9b3ad7ba32197a2f5ab9b
SHA1 8fe4086815852f396a60e076cf81470be5d0736f
SHA256 917277758ec26a2ac726258b0330a530d9e69918ef94104faeff9a418f932244
SHA3 3a10cdd2ad4c78ab863d5cceae110eb3061f61d55f5bd2a8817d958d67a0fb2d

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x382
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.85663
MD5 3d015c7d35d5e650f594c23c7368cd6f
SHA1 b5fdca6e0c5847a306b43553ce96c7c37a40c680
SHA256 3e11f55df49746534018ddcb81f928559124029992dfaa0adb67318b2d41df15
SHA3 94d9e3898971601d603eb374856eca2677a11d61314d956b1f82e18cd60c9b4c

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x9103f02d
Unmarked objects 0
18 (8444) 1
Imports (VS2010 build 30319) 3
Total imports 17
ASM objects (VS2010 build 30319) 1
Resource objects (VS2010 build 30319) 1
Linker (VS2010 build 30319) 1

Errors

<-- -->