Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2009-Dec-05 22:50:52 |
Detected languages |
English - United States
|
Suspicious | The PE is an NSIS installer | Unusual section name found: .ndata |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
5433155 bytes of data starting at offset 0x8c00.
The overlay data has an entropy of 7.99853 and is possibly compressed or encrypted. Overlay data amounts for 99.3447% of the executable. |
Malicious | VirusTotal score: 33/64 (Scanned on 2018-03-22 04:15:30) |
MicroWorld-eScan:
Trojan.Generic.12950866
CAT-QuickHeal: Trojan.Crypt McAfee: Artemis!61450DF46C20 VIPRE: Trojan.Win32.Generic!BT K7GW: Riskware ( 0040eff71 ) K7AntiVirus: Riskware ( 0040eff71 ) Symantec: Trojan.Gen.2 Paloalto: generic.ml BitDefender: Trojan.Generic.12950866 NANO-Antivirus: Trojan.Win32.Crypt.dritmi Avast: Win32:Agent-AWEV [Trj] Sophos: Mal/Generic-S F-Secure: Trojan.Generic.12950866 McAfee-GW-Edition: RDN/Generic.grp Emsisoft: Trojan.Generic.12950866 (B) Ikarus: Trojan.Agent Cyren: W32/Trojan.KOWM-0819 Jiangmin: Trojan.MSIL.tfn Avira: TR/Rogue.643584.6 Antiy-AVL: Trojan/Win32.TSGeneric Microsoft: Trojan:Win32/Tiggre!rfn Arcabit: Trojan.Generic.DC59D52 AegisLab: Troj.Msil.Crypt!c GData: Trojan.Generic.12950866 AVware: Trojan.Win32.Generic!BT MAX: malware (ai score=100) VBA32: Trojan.MSIL.Crypt Yandex: Trojan.Crypt!yoxuPzGeQko Fortinet: PossibleThreat AVG: Win32:Agent-AWEV [Trj] Cybereason: malicious.46c209 Panda: Trj/CI.A Qihoo-360: Win32/Trojan.39c |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2009-Dec-05 22:50:52 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x5e00 |
SizeOfInitializedData | 0x28400 |
SizeOfUninitializedData | 0x400 |
AddressOfEntryPoint | 0x000030FA (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x7000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 6.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x39000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
CompareFileTime
SearchPathA GetShortPathNameA GetFullPathNameA MoveFileA SetCurrentDirectoryA GetFileAttributesA GetLastError CreateDirectoryA SetFileAttributesA Sleep GetTickCount GetFileSize GetModuleFileNameA GetCurrentProcess CopyFileA ExitProcess GetWindowsDirectoryA SetFileTime GetCommandLineA SetErrorMode LoadLibraryA lstrcpynA GetDiskFreeSpaceA GlobalUnlock GlobalLock CreateThread CreateProcessA RemoveDirectoryA CreateFileA GetTempFileNameA lstrlenA lstrcatA GetSystemDirectoryA GetVersion CloseHandle lstrcmpiA lstrcmpA ExpandEnvironmentStringsA GlobalFree GlobalAlloc WaitForSingleObject GetExitCodeProcess GetModuleHandleA LoadLibraryExA GetProcAddress FreeLibrary MultiByteToWideChar WritePrivateProfileStringA GetPrivateProfileStringA WriteFile ReadFile MulDiv SetFilePointer FindClose FindNextFileA FindFirstFileA DeleteFileA GetTempPathA |
---|---|
USER32.dll |
EndDialog
ScreenToClient GetWindowRect EnableMenuItem GetSystemMenu SetClassLongA IsWindowEnabled SetWindowPos GetSysColor GetWindowLongA SetCursor LoadCursorA CheckDlgButton GetMessagePos LoadBitmapA CallWindowProcA IsWindowVisible CloseClipboard SetClipboardData EmptyClipboard RegisterClassA TrackPopupMenu AppendMenuA CreatePopupMenu GetSystemMetrics SetDlgItemTextA GetDlgItemTextA MessageBoxIndirectA CharPrevA DispatchMessageA PeekMessageA DestroyWindow CreateDialogParamA SetTimer SetWindowTextA PostQuitMessage SetForegroundWindow wsprintfA SendMessageTimeoutA FindWindowExA SystemParametersInfoA CreateWindowExA GetClassInfoA DialogBoxParamA CharNextA OpenClipboard ExitWindowsEx IsWindow GetDlgItem SetWindowLongA LoadImageA GetDC EnableWindow InvalidateRect SendMessageA DefWindowProcA BeginPaint GetClientRect FillRect DrawTextA EndPaint ShowWindow |
GDI32.dll |
SetBkColor
GetDeviceCaps DeleteObject CreateBrushIndirect CreateFontIndirectA SetBkMode SetTextColor SelectObject |
SHELL32.dll |
SHGetPathFromIDListA
SHBrowseForFolderA SHGetFileInfoA ShellExecuteA SHFileOperationA SHGetSpecialFolderLocation |
ADVAPI32.dll |
RegQueryValueExA
RegSetValueExA RegEnumKeyA RegEnumValueA RegOpenKeyExA RegDeleteKeyA RegDeleteValueA RegCloseKey RegCreateKeyExA |
COMCTL32.dll |
ImageList_AddMasked
ImageList_Destroy #17 ImageList_Create |
ole32.dll |
CoTaskMemFree
OleInitialize OleUninitialize CoCreateInstance |
VERSION.dll |
GetFileVersionInfoSizeA
GetFileVersionInfoA VerQueryValueA |
XOR Key | 0x69ead975 |
---|---|
Unmarked objects | 0 |
C objects (VS2003 (.NET) build 4035) | 2 |
Total imports | 155 |
Imports (VS2003 (.NET) build 4035) | 17 |
48 (9044) | 10 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |