Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2009-Jun-19 16:02:00 |
Detected languages |
Chinese - PRC
English - United States |
Info | Matching compiler(s): |
MASM/TASM - sig1(h)
Microsoft Visual C++ Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
Info | The PE contains common functions which appear in legitimate applications. |
Possibly launches other programs:
|
Suspicious | The file contains overlay data. |
126048 bytes of data starting at offset 0x8000.
Overlay data amounts for 79.3673% of the executable. |
Malicious | VirusTotal score: 46/71 (Scanned on 2019-03-13 05:13:29) |
MicroWorld-eScan:
Gen:Variant.Graftor.28753
CMC: Virus.Win32.Lamer!O McAfee: Generic Packed Zillya: Downloader.Murlo.Win32.3243 TheHacker: Trojan/Dropper.Agent.nyn Invincea: heuristic Cyren: W32/Dropper.AA.gen!Eldorado Symantec: ML.Attribute.HighConfidence TrendMicro-HouseCall: TROJ_DOWNLOADER_0000a08.TOMA ClamAV: Win.Trojan.4492986-1 Kaspersky: Virus.Win32.Lamer.bs BitDefender: Gen:Variant.Graftor.28753 NANO-Antivirus: Virus.Win32.Lamer.vpqnl Tencent: Win32.Virus.Lamer.Wkcb Endgame: malicious (high confidence) Emsisoft: Gen:Variant.Graftor.28753 (B) Comodo: TrojWare.Win32.TrojanDropper.Mudrop.H@1cukoj F-Secure: Trojan.TR/Drop.Agen.102912 DrWeb: Trojan.DownLoader6.40818 TrendMicro: TROJ_DOWNLOADER_0000a08.TOMA McAfee-GW-Edition: Generic Packed Sophos: Mal/Mdrop-DA Ikarus: Trojan-Downloader.Win32.Murlo F-Prot: W32/Dropper.AA.gen!Eldorado Jiangmin: Trojan/Generic.bdzl Webroot: W32.Trojan.Gen Avira: TR/Drop.Agen.102912 MAX: malware (ai score=99) Kingsoft: Win32.Infector.xd.118303 Arcabit: Trojan.Graftor.D7051 ZoneAlarm: Virus.Win32.Lamer.bs GData: Gen:Variant.Graftor.28753 AhnLab-V3: Win-Trojan/Muldrop.Gen ALYac: Gen:Variant.Graftor.28753 Ad-Aware: Gen:Variant.Graftor.28753 Cylance: Unsafe ESET-NOD32: a variant of Win32/TrojanDropper.Agent.NYN Rising: Worm.Win32.ExeKiller.o (CLOUD) Yandex: Trojan.DR.Agent!jKqaLpDoX2w SentinelOne: DFI - Malicious PE Fortinet: W32/Mudrop.GFO!tr AVG: FileRepMalware Cybereason: malicious.ca7a68 Panda: Trj/Genetic.gen CrowdStrike: win/malicious_confidence_100% (D) Qihoo-360: Win32/Trojan.ff0 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2009-Jun-19 16:02:00 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x4000 |
SizeOfInitializedData | 0x2b000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00003EB6 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x5000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x30000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
WSOCK32.dll |
#4
#23 #116 #9 #18 #52 #22 #16 #19 #3 #115 |
---|---|
MFC42.DLL |
#5199
#2396 #3346 #5300 #5302 #2725 #4079 #4698 #5307 #5289 #5714 #2982 #3147 #3259 #4465 #3136 #3262 #2985 #3081 #2976 #3830 #3831 #3825 #3079 #4080 #4622 #4424 #3738 #561 #825 #815 #641 #2514 #860 #540 #800 #5265 #4998 #6052 #4078 #1775 #4407 #5241 #2385 #1089 #6374 #4353 #5280 #3798 #4837 #4441 #2648 #2055 #6376 #3749 #5065 #1727 #5261 #2446 #2124 #5277 #4627 #4425 #3597 #1146 #1168 #324 #4234 #798 #5583 #1997 #6392 #5194 #533 #1576 #539 #537 #941 #858 #4129 #665 #3790 #924 #354 #535 #859 #4710 #2379 #6215 #668 #1980 #4202 #3181 #4058 #2781 #2770 #5710 #356 #823 #3922 #5731 #2512 #2554 #4486 #6375 #4274 #4673 #5163 #939 |
MSVCRT.dll |
fclose
fopen atoi rand srand time strcat strcpy exit _mbscmp memset __dllonexit _onexit _exit _XcptFilter _acmdln __getmainargs _initterm __setusermatherr _adjust_fdiv __p__commode __p__fmode __set_app_type _except_handler3 _controlfp fread fseek fwrite memcpy getc putc _setmbcp |
KERNEL32.dll |
LockResource
GetStartupInfoA GetModuleHandleA CreateThread CloseHandle GetModuleFileNameA MoveFileExA GetCurrentDirectoryA DeleteFileA WinExec GetWindowsDirectoryA SizeofResource FindResourceA SetFileAttributesA EnumResourceNamesA LoadLibraryExA Sleep MultiByteToWideChar CopyFileA LoadResource |
USER32.dll |
SetTimer
EnableWindow LookupIconIdFromDirectory KillTimer SendMessageA LoadIconA |
ole32.dll |
CoCreateInstance
CoInitialize |
XOR Key | 0x110775d |
---|---|
Unmarked objects | 0 |
Unmarked objects (#2) | 3 |
C++ objects (8047) | 1 |
C objects (8047) | 11 |
14 (7299) | 2 |
Linker (8047) | 2 |
C++ objects (VS98 SP6 build 8804) | 3 |
Linker (VS98 SP6 build 8804) | 2 |
Total imports | 185 |
19 (8034) | 9 |
C++ objects (VS98 build 8168) | 4 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |