Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Dec-01 08:36:04 |
Detected languages |
Chinese - PRC
|
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ Microsoft Visual C++ v6.0 |
Suspicious | PEiD Signature: | ASPack v2.12 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to internet browsers:
|
Suspicious | The PE is possibly packed. |
Unusual section name found: T\xe5}{\xa3ua
Section T\xe5}{\xa3ua is both writable and executable. |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 66/72 (Scanned on 2024-04-03 13:53:14) |
ALYac:
Dropped:Trojan.Downloader.JQJR
APEX: Malicious AVG: Other:Malware-gen [Trj] Acronis: suspicious AhnLab-V3: Win32/VJadtre.Gen Alibaba: Trojan:Win32/Mikcer.35a Antiy-AVL: Virus/Win32.Nimnul.f Arcabit: Trojan.Downloader.JQJR Avast: Other:Malware-gen [Trj] Avira: W32/Jadtre.B BitDefender: Dropped:Trojan.Downloader.JQJR BitDefenderTheta: Gen:NN.ZexaF.36802.9uWbaSeASImb Bkav: W32.FamVT.DumpModuleInfectiousNME.PE ClamAV: Win.Malware.Wapomi-10020301-0 CrowdStrike: win/malicious_confidence_100% (W) Cybereason: malicious.af60cd Cylance: unsafe Cynet: Malicious (score: 100) DeepInstinct: MALICIOUS DrWeb: Trojan.Siggen8.64210 ESET-NOD32: Win32/Wapomi.BA Elastic: malicious (high confidence) Emsisoft: Dropped:Trojan.Downloader.JQJR (B) F-Secure: Malware.W32/Jadtre.B FireEye: Generic.mg.586c328af60cdca1 Fortinet: W32/CoinMiner.EC2B!tr GData: Win32.Virus.Wapomi.A Google: Detected Gridinsoft: Trojan.Heur!.03002201 Ikarus: Trojan.Win32 Jiangmin: Win32/Nimnul.f K7AntiVirus: Virus ( 0040f7441 ) K7GW: Virus ( 0040f7441 ) Kaspersky: Virus.Win32.Nimnul.f Kingsoft: Win32.Infected.AutoInfector.a Lionic: Virus.Win32.Nimnul.m1R5 MAX: malware (ai score=85) Malwarebytes: Generic.Malware.AI.DDS MaxSecure: Virus.Nimnul.F McAfee: W32/Kudj MicroWorld-eScan: Dropped:Trojan.Downloader.JQJR Microsoft: Virus:Win32/Mikcer.B NANO-Antivirus: Trojan.Win32.Banload.cstqaj Panda: W32/Pcarrier.A Rising: Virus.Roue!1.9E10 (CLASSIC) Sangfor: Suspicious.Win32.Save.ins SentinelOne: Static AI - Malicious PE Skyhigh: BehavesLike.Win32.Generic.dz Sophos: W32/Nimnul-A Symantec: W32.Wapomi.C!inf TACHYON: Virus/W32.Ramnit.C Tencent: Virus.Win32.Loader.aab Trapmine: malicious.high.ml.score TrendMicro: PE_WAPOMI.BM TrendMicro-HouseCall: PE_WAPOMI.BM VBA32: Virus.Nimnul.19209 VIPRE: Dropped:Trojan.Downloader.JQJR Varist: W32/PatchLoad.E ViRobot: Win32.Ramnit.F VirIT: Win32.Nimnul.F Xcitium: Virus.Win32.Wali.KA@558nxg Zillya: Virus.Nimnul.Win32.5 ZoneAlarm: Virus.Win32.Nimnul.f Zoner: Probably Heur.ExeHeaderL alibabacloud: Virus:Win/Jadtre.A(dyn) tehtris: Generic.Malware |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2019-Dec-01 08:36:04 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0xbf000 |
SizeOfInitializedData | 0x5b000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00116000 (Section: T\xe5}{\xa3ua) |
BaseOfCode | 0x1000 |
BaseOfData | 0xbb000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x11b000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetEnvironmentStringsW
GetEnvironmentStrings FreeEnvironmentStringsW FreeEnvironmentStringsA UnhandledExceptionFilter GetACP HeapSize TerminateProcess RaiseException GetLocalTime GetSystemTime GetTimeZoneInformation RtlUnwind GetStartupInfoA GetOEMCP GetCPInfo GetProcessVersion SetErrorMode GlobalFlags GetCurrentThread SetHandleCount GetFileTime GetFileSize TlsGetValue LocalReAlloc TlsSetValue TlsFree GlobalHandle TlsAlloc LocalAlloc lstrcmpA GetVersion GlobalGetAtomNameA GlobalAddAtomA GlobalFindAtomA GlobalDeleteAtom lstrcmpiA SetEndOfFile UnlockFile LockFile FlushFileBuffers SetFilePointer GetCurrentProcess DuplicateHandle lstrcpynA SetLastError FileTimeToLocalFileTime FileTimeToSystemTime LocalFree InterlockedDecrement InterlockedIncrement GetStdHandle GetFileType GetEnvironmentVariableA HeapDestroy HeapCreate VirtualFree SetEnvironmentVariableA LCMapStringA LCMapStringW VirtualAlloc IsBadWritePtr GetStringTypeA GetStringTypeW SetUnhandledExceptionFilter CompareStringA CompareStringW IsBadReadPtr IsBadCodePtr SetStdHandle SuspendThread TerminateThread ReleaseMutex CreateMutexA CreateSemaphoreA ResumeThread ReleaseSemaphore EnterCriticalSection LeaveCriticalSection GetProfileStringA WriteFile WaitForMultipleObjects CreateFileA SetEvent FindResourceA LoadResource LockResource ReadFile lstrlenW GetModuleFileNameA WideCharToMultiByte MultiByteToWideChar GetCurrentThreadId ExitProcess GlobalSize GlobalFree DeleteCriticalSection InitializeCriticalSection lstrcatA lstrlenA WinExec lstrcpyA FindNextFileA GlobalReAlloc HeapFree HeapReAlloc GetProcessHeap HeapAlloc GetUserDefaultLCID GetFullPathNameA FreeLibrary LoadLibraryA GetLastError GetVersionExA WritePrivateProfileStringA CreateThread CreateEventA Sleep ExpandEnvironmentStringsA GlobalAlloc GlobalLock GlobalUnlock FindFirstFileA FindClose GetFileAttributesA MoveFileA DeleteFileA CreateDirectoryA SetCurrentDirectoryA GetVolumeInformationA GetModuleHandleA GetProcAddress MulDiv GetCommandLineA GetTickCount WaitForSingleObject CloseHandle |
---|---|
USER32.dll |
LoadIconA
TranslateMessage DrawFrameControl DrawEdge DrawFocusRect WindowFromPoint GetMessageA DispatchMessageA SetRectEmpty RegisterClipboardFormatA CreateIconFromResourceEx CreateIconFromResource DrawIconEx CreatePopupMenu AppendMenuA ModifyMenuA CreateMenu CreateAcceleratorTableA GetDlgCtrlID GetSubMenu EnableMenuItem ClientToScreen EnumDisplaySettingsA LoadImageA SystemParametersInfoA ShowWindow IsWindowEnabled TranslateAcceleratorA GetKeyState CopyAcceleratorTableA PostQuitMessage IsZoomed GetClassInfoA DefWindowProcA GetMenu SetMenu PeekMessageA IsIconic SetFocus GetActiveWindow GetWindow DestroyAcceleratorTable SetWindowRgn GetMessagePos ScreenToClient ChildWindowFromPointEx CopyRect LoadBitmapA WinHelpA KillTimer SetTimer ReleaseCapture GetCapture SetCapture GetScrollRange SetScrollRange SetScrollPos SetRect InflateRect IntersectRect DestroyIcon PtInRect OffsetRect IsWindowVisible EnableWindow UnregisterClassA GetWindowLongA SetWindowLongA GetSysColor SetActiveWindow SetCursorPos LoadCursorA SetCursor GetDC FillRect IsRectEmpty ReleaseDC IsChild DestroyMenu SetForegroundWindow GetWindowRect EqualRect UpdateWindow ValidateRect InvalidateRect GetClientRect GetFocus GetParent GetTopWindow PostMessageA GetWindowTextA GetWindowTextLengthA CharUpperA GetWindowDC BeginPaint EndPaint TabbedTextOutA DrawTextA GrayStringA GetDlgItem DestroyWindow CreateDialogIndirectParamA EndDialog GetNextDlgTabItem GetWindowPlacement RegisterWindowMessageA GetForegroundWindow GetLastActivePopup GetMessageTime RemovePropA CallWindowProcA GetPropA UnhookWindowsHookEx SetPropA GetClassLongA CallNextHookEx SetWindowsHookExA CreateWindowExA GetMenuItemID GetMenuItemCount RegisterClassA GetScrollPos AdjustWindowRectEx MapWindowPoints SendDlgItemMessageA ScrollWindowEx IsDialogMessageA SetWindowTextA MoveWindow CheckMenuItem SetMenuItemBitmaps GetMenuState GetMenuCheckMarkDimensions GetClassNameA GetDesktopWindow LoadStringA GetSysColorBrush IsWindow SetParent DestroyCursor SendMessageA SetWindowPos MessageBoxA GetCursorPos GetSystemMetrics EmptyClipboard SetClipboardData OpenClipboard GetClipboardData CloseClipboard wsprintfA RedrawWindow |
GDI32.dll |
GetTextMetricsA
Escape ExtTextOutA TextOutA RectVisible PtVisible GetViewportExtEx ExtSelectClipRgn SetBkColor CreateRectRgnIndirect SetStretchBltMode GetClipRgn CreatePolygonRgn SelectClipRgn DeleteObject CreateDIBitmap GetSystemPaletteEntries CreatePalette StretchBlt SelectPalette RealizePalette GetDIBits GetWindowExtEx GetViewportOrgEx GetWindowOrgEx BeginPath EndPath PathToRegion CreateEllipticRgn CreateRoundRectRgn GetTextColor GetBkMode GetBkColor GetROP2 GetStretchBltMode GetPolyFillMode CreateCompatibleBitmap CreateDCA CreateBitmap SelectObject CreatePen PatBlt CombineRgn CreateRectRgn FillRgn CreateSolidBrush CreateFontIndirectA GetStockObject GetObjectA EndPage EndDoc DeleteDC StartDocA ExcludeClipRect GetClipBox ScaleWindowExtEx SetWindowExtEx SetWindowOrgEx ScaleViewportExtEx SetViewportExtEx OffsetViewportOrgEx SetViewportOrgEx SetMapMode SetTextColor SetROP2 SetPolyFillMode SetBkMode RestoreDC SaveDC StartPage BitBlt CreateCompatibleDC Ellipse Rectangle LPtoDP DPtoLP GetCurrentObject RoundRect GetTextExtentPoint32A GetDeviceCaps LineTo MoveToEx |
WINMM.dll |
midiStreamStop
midiOutReset midiStreamClose waveOutRestart waveOutUnprepareHeader waveOutPrepareHeader waveOutWrite waveOutPause midiStreamRestart midiStreamOut midiOutPrepareHeader waveOutReset waveOutClose waveOutGetNumDevs waveOutOpen midiOutUnprepareHeader midiStreamOpen midiStreamProperty |
WINSPOOL.DRV |
ClosePrinter
DocumentPropertiesA OpenPrinterA |
ADVAPI32.dll |
RegCloseKey
RegQueryValueExA RegOpenKeyExA RegSetValueExA RegCreateKeyA RegCreateKeyExA RegQueryValueA |
SHELL32.dll |
ShellExecuteA
Shell_NotifyIconA |
ole32.dll |
CLSIDFromProgID
OleRun CoCreateInstance OleUninitialize OleInitialize CLSIDFromString |
OLEAUT32.dll |
SafeArrayGetUBound
SafeArrayGetLBound SafeArrayGetDim SafeArrayUnaccessData SafeArrayAccessData SafeArrayGetElement VariantCopyInd VariantInit SysAllocString RegisterTypeLib LHashValOfNameSys LoadTypeLib UnRegisterTypeLib VariantClear VariantChangeType |
COMCTL32.dll |
ImageList_Destroy
#17 |
WS2_32.dll |
inet_ntoa
WSACleanup closesocket WSAAsyncSelect recvfrom ioctlsocket recv getpeername accept ntohl |
comdlg32.dll |
GetSaveFileNameA
GetOpenFileNameA ChooseColorA GetFileTitleA |
XOR Key | 0xd9d4be84 |
---|---|
Unmarked objects | 0 |
12 (7291) | 3 |
14 (7299) | 43 |
19 (8022) | 44 |
19 (8034) | 21 |
Total imports | 596 |
C++ objects (VS98 SP6 build 8804) | 102 |
C objects (VS98 SP6 build 8804) | 208 |
C++ objects (VS98 build 8168) | 75 |
C objects (VS98 build 8168) | 27 |
Unmarked objects (#2) | 31 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |