52bc7c27598d86197dc5ec4663dff214

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2012-Dec-21 20:59:46

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Can create temporary files:
  • GetTempPathA
  • CreateFileA
Suspicious The PE is possibly a dropper. Resource DLL is possibly compressed or encrypted.
Resources amount for 99.8262% of the executable.
Malicious VirusTotal score: 46/67 (Scanned on 2018-01-04 17:56:01) MicroWorld-eScan: Application.Hacktool.UM
CAT-QuickHeal: Riskware.Dupatcher.A4
McAfee: Artemis!52BC7C27598D
Cylance: Unsafe
VIPRE: Trojan.Win32.Agent.wfn (v)
K7GW: Trojan ( 0040f3a51 )
K7AntiVirus: Trojan ( 0040f3a51 )
TrendMicro: TROJ_GEN.R002C0DLP17
Baidu: Win32.Trojan.Generic.f
Cyren: W32/Agent.EWQQ-1275
Symantec: Trojan.Gen.2
ESET-NOD32: a variant of Win32/HackTool.Patcher.AD potentially unsafe
TrendMicro-HouseCall: TROJ_GEN.R002C0DLP17
Avast: Win32:Malware-gen
ClamAV: Win.Trojan.Agent-6326860-0
BitDefender: Application.Hacktool.UM
ViRobot: Trojan.Win32.Agent.754688.B
Ad-Aware: Application.Hacktool.UM
Sophos: Generic Patcher (PUA)
Comodo: TrojWare.Win32.Agent.WFN
F-Secure: Application.Hacktool.UM
Zillya: Tool.Patcher.Win32.21239
Invincea: heuristic
McAfee-GW-Edition: BehavesLike.Win32.AdwareLinkury.tc
Emsisoft: Application.Hacktool.UM (B)
SentinelOne: static engine - malicious
F-Prot: W32/Agent.KFY
Webroot: W32.Hacktool.Gen
Avira: TR/Symmi.kgobp
Antiy-AVL: RiskWare[RiskTool]/Win32.Patcher
Microsoft: Trojan:Win32/Tiggre!rfn
Endgame: malicious (high confidence)
Arcabit: Application.Hacktool.UM
AegisLab: Gen.Troj.Heur!c
GData: Application.Hacktool.UM
AhnLab-V3: Unwanted/Win32.Patcher.C1963789
AVware: Trojan.Win32.Agent.wfn (v)
MAX: malware (ai score=100)
Malwarebytes: HackTool.FilePatch
Yandex: Riskware.HackTool!LT2poWNG63M
eGambit: HackTool.Generic
Fortinet: Riskware/GamePatcher
AVG: Win32:Malware-gen
Cybereason: malicious.1b8fb7
Panda: Trj/CI.A
CrowdStrike: malicious_confidence_100% (D)

Hashes

MD5 52bc7c27598d86197dc5ec4663dff214
SHA1 d00c1095d6495ba38d966162cfb0c0fea9be388b
SHA256 69909d397b447c084230aba457e10599425a6389bf52f3baf2530a656cfa47ad
SHA3 b4a6e9f9feba7a8486fe58542fce24d4c8dd513b68849c61765c4897ec215b8c
SSDeep 49152:1swqw1OzdB9ZIADCSrnepFk3ZWXN1REegZsQckYq:HN1OH9/NrepFOCXKeg2QKq
Imports Hash dc73a9bd8de0fd640549c85ac4089b87

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2012-Dec-21 20:59:46
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 10.0
SizeOfCode 0x200
SizeOfInitializedData 0x1ee800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x102b (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x1f4000
SizeOfHeaders 0x400
Checksum 0xecdd
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 4c584307e5aa70f515ee8c3d942e5f6c
SHA1 05668764efd56b4a53d8574ff9dec26b851ca07b
SHA256 9c0c821fe1c66ad45a044fec0be845fa08b96ea7b7c24e852b132a92fe08a90c
SHA3 e2f7e20f8f63fd2e747f62c85d8e58d9e3ee15eaceb3aba139a3021d08e6f5e7
VirtualSize 0x1f6
VirtualAddress 0x1000
SizeOfRawData 0x200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.06408

.rdata

MD5 e5aa65265e17d8a1b524adbc10c0a1ad
SHA1 0e0eb11d610df253f860f9b46790f28f7477d12a
SHA256 b8af2ef3ea5c0fb35d0c846a94425f028f8cdba30eefbb401377749e0266640b
SHA3 6c392bf761ec09f676606a56372bdf6b6b65907bf08d62a30a946fc4904ce4bb
VirtualSize 0x1d8
VirtualAddress 0x2000
SizeOfRawData 0x200
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.27064

.data

MD5 f8fedf1be1122ff5cd0e5b4716311cc5
SHA1 c41831c104ced77633be9d2b09364c22a9392a73
SHA256 b23a9af37c2bfeb0bcb17555a8038d0403b12616851e58513e9135a77c84363b
SHA3 bd2007323661911d976c092e8ba6e9cf2a2337b3be3ad59a06e422c9e54df897
VirtualSize 0x34
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.568988

.rsrc

MD5 1ead9df1448f2e9833bd587f2a4fc83a
SHA1 a1537ff90aa40e6d951d4dc0570553915211ca5d
SHA256 7d17ad8f1857540b84008a42d3b82705d650ae7d4ff2dd848a7b773d6b4ecdd6
SHA3 736957ed95838c84173e4d771e94be55ec969673a3ac587886601f4889ca226c
VirtualSize 0x1ee178
VirtualAddress 0x4000
SizeOfRawData 0x1ee200
PointerToRawData 0xa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.99989

.reloc

MD5 2e6554ffc943448b686d85ad68f9ec9a
SHA1 2983937fa0491ffb874e3d5084ddc909f7b417ba
SHA256 4bb6e032bb8a0cc87b345564204b1e74d8eb2ed7665c2a1d82dcd3b3096bf885
SHA3 2439ee7ea465d2163e985b3fba89e4be2c7c9e8468ba1cf96b8fbd6190ebb7d5
VirtualSize 0x52
VirtualAddress 0x1f3000
SizeOfRawData 0x200
PointerToRawData 0x1eec00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.736046

Imports

kernel32.dll DeleteFileA
ExitProcess
FindResourceA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetTempPathA
LoadLibraryA
LoadResource
RtlMoveMemory
SizeofResource
VirtualAlloc
lstrcatA
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xca8
Entropy 6.22252
MD5 8676ba9582ac6ce686571ede050c5a22
SHA1 1e8127221f96861a39c902a6835885d271b4daa7
SHA256 6f78800d35702e0290549efbc4498b7f802975329dce4d0e1d2fedfdf9f66fe0
SHA3 65c53d427eb005b27c18d8ea6f00b3dfe32e4bd3b1791013f05bf1e86fa533d8

DLL

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1ed000
Entropy 7.99992
MD5 40395f8c97b5fe491ac2ed44939c60dd
SHA1 da524b633ae6137fc5f6249f4b649791a1e0c4fe
SHA256 eafda8c5967b4d505026ff097e780bdac9b003ae92f0a7fb6ac345946f840719
SHA3 308591fdfce16a1902e299bfbd3305a0007a6016317c358048c6963e9c613b15

500

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x14
Entropy 1.5789
Detected Filetype Icon file
MD5 96368a1d01b9b3ad7ba32197a2f5ab9b
SHA1 8fe4086815852f396a60e076cf81470be5d0736f
SHA256 917277758ec26a2ac726258b0330a530d9e69918ef94104faeff9a418f932244
SHA3 6c5f56652f6ca771d4604cb85f7792dbf31e7d9178f06d58a85851f6e9a6954c

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x382
Entropy 4.85663
MD5 3d015c7d35d5e650f594c23c7368cd6f
SHA1 b5fdca6e0c5847a306b43553ce96c7c37a40c680
SHA256 3e11f55df49746534018ddcb81f928559124029992dfaa0adb67318b2d41df15
SHA3 23a9a17c2553a7dc7ed010ebbfc9af988c71a88e8a2177f29c667d8e1a146f65

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors