627929fe0a27c4f2392484dbbe10f731

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2010-Jun-12 18:41:24
Detected languages English - United States

Plugin Output

Suspicious PEiD Signature: HQR data file
Suspicious Strings found in the binary may indicate undesirable behavior: Looks for Qemu presence:
  • QEmu
Contains domain names:
  • gmail.com
  • http://qt.nokia.com
  • http://qt.nokia.com/
  • http://qt.nokia.com/products/licensing
  • http://www.gnu.org
  • http://www.gnu.org/licenses/
  • http://www.w3.org
  • http://www.w3.org/1999/xlink
  • http://www.w3.org/2000/xmlns/
  • http://www.w3.org/TR/REC-html40/strict.dtd
  • http://www.w3.org/XML/1998/namespace
  • inkscape.org
  • nokia.com
  • qt.nokia.com
  • www.gnu.org
  • www.inkscape.org
  • www.w3.org
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
  • LoadLibraryW
Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Can access the registry:
  • RegCloseKey
  • RegCreateKeyExW
  • RegDeleteKeyW
  • RegDeleteValueW
  • RegEnumKeyExW
  • RegEnumValueW
  • RegFlushKey
  • RegOpenKeyExW
  • RegQueryInfoKeyW
  • RegQueryValueExW
  • RegSetValueExW
Possibly launches other programs:
  • CreateProcessW
  • ShellExecuteW
Can create temporary files:
  • CreateFileA
  • CreateFileW
  • GetTempPathW
Uses functions commonly found in keyloggers:
  • CallNextHookEx
  • MapVirtualKeyW
Leverages the raw socket API to access the Internet:
  • WSAAsyncSelect
Functions related to the privilege level:
  • OpenProcessToken
Enumerates local disk drives:
  • GetDriveTypeW
  • GetVolumeInformationW
Can take screenshots:
  • BitBlt
  • CreateCompatibleDC
  • GetDC
Malicious VirusTotal score: 3/68 (Scanned on 2021-06-13 05:48:51) APEX: Malicious
TACHYON: Joke/W32.ArchSMS.8040448
Sophos: Generic ML PUA (PUA)

Hashes

MD5 627929fe0a27c4f2392484dbbe10f731
SHA1 63a15189956b7f0c19e82a6fef37bef4734fc40c
SHA256 e9f03b80e02865689b68e810996cea747718f9e4ed21cad621fa7a014cdab7c8
SHA3 254c8bfb4e3ed3c5d586c4a8e73366f5dd95e445940c2c3d90bd350ca06f9ac2
SSDeep 196608:itsuX7/RcK7/uLHafBYOVj/Z61JSrO2HWih+kInN2mlI8D8nidtg/oSzkUrVjnPy:OLZ7uTTyOXkGa6pgj0NSAKFdu9B
Imports Hash 691941630525a5017eb336d18911873d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2010-Jun-12 18:41:24
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x65c000
SizeOfInitializedData 0x7aac00
SizeOfUninitializedData 0x6a00
AddressOfEntryPoint 0x000012A0 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x65d000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x7b5000
SizeOfHeaders 0x400
Checksum 0x7b91e5
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 a396e25a5bdff45ca8d4a81443d245e6
SHA1 6a5a9372a1e00cf2d95ad3e525b014eb53cd93da
SHA256 31b88e0d414fcd1ea73fa5d68ce7064274e9848f9720ea8bd957818609407aee
SHA3 e93b6c977bdb888af3747bd8040bfd4744bf26a2a59d2d18d525b3ff9962ba61
VirtualSize 0x65be20
VirtualAddress 0x1000
SizeOfRawData 0x65c000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.38392

.data

MD5 a651150e1a17d7476036f1e5ce812967
SHA1 b6c0fd5119045fac283aa55d20adceaa255a94f6
SHA256 2bf4373967243cfdac4272274495b923a163d82703f9e0269bc2e78a2ae1ba4a
SHA3 e04da1d1fa280e1a3586d5f04d0480c116585e1f6c0402f2838d6feefecd750c
VirtualSize 0x148504
VirtualAddress 0x65d000
SizeOfRawData 0x148600
PointerToRawData 0x65c400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.82918

.rdata

MD5 0cd70d58a9d972b20d2424b332430207
SHA1 6413e8d626eae6022f2420493c968a09ea26cb09
SHA256 95f3ffbc6028e062a4181fa1df556f72c6f710fab08c3cf05f727e8fd72b5349
SHA3 18cfcbabcc4443b64571c871ef319f860433ef59c2c775ced8332d8f19d76ea2
VirtualSize 0x24c8
VirtualAddress 0x7a6000
SizeOfRawData 0x2600
PointerToRawData 0x7a4a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.18629

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x69c8
VirtualAddress 0x7a9000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 a97d569b410ab057642f631a9e03913a
SHA1 8cb89ea322bc30a593f3eb2c5f09c198171b7ab6
SHA256 f93edb1e41d65b9362a518c978dd2a391fb663a56c0f12c500fdde86c950a3a8
SHA3 95f3e0a926fa4498a14f8d7fab50215a56152027d6dd00267293260b2c7e47bd
VirtualSize 0x31e8
VirtualAddress 0x7b0000
SizeOfRawData 0x3200
PointerToRawData 0x7a7000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.37817

.rsrc

MD5 2cd50f4ed7ff519e59d08e5e963f9528
SHA1 d64dcad7483d9651ba5759d9e941d968bbab0cb1
SHA256 971b94581502dc96cefd2d2f9d2c1e6d5969d899b986bb70d76dc919fb7f13b2
SHA3 76def7e6ef12d55a68209b006795f6630b4516e1cb2311fc4345c67f582f91eb
VirtualSize 0xdfc
VirtualAddress 0x7b4000
SizeOfRawData 0xe00
PointerToRawData 0x7aa200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.69831

Imports

ADVAPI32.DLL GetTokenInformation
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
COMDLG32.DLL GetOpenFileNameW
GetSaveFileNameW
PrintDlgExW
GDI32.dll AbortDoc
BeginPath
BitBlt
CloseFigure
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateEllipticRgn
CreateFontIndirectW
CreatePalette
CreatePen
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
EndDoc
EndPage
EndPath
EnumFontFamiliesExW
ExtCreatePen
ExtTextOutW
FillPath
GdiFlush
GetBkMode
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetDIBits
GetDeviceCaps
GetFontData
GetGlyphOutlineW
GetNearestPaletteIndex
GetObjectW
GetOutlineTextMetricsW
GetPaletteEntries
GetRegionData
GetStockObject
GetTextExtentPoint32W
GetTextFaceW
GetTextMetricsW
LineTo
MoveToEx
OffsetRgn
PolyBezierTo
PtInRegion
RealizePalette
ResetDCW
RestoreDC
SaveDC
SelectClipPath
SelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetGraphicsMode
SetPolyFillMode
SetTextAlign
SetTextColor
SetWorldTransform
StartDocW
StartPage
StretchBlt
StrokePath
IMM32.DLL ImmAssociateContext
ImmGetCompositionStringW
ImmGetContext
ImmGetDefaultIMEWnd
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionFontW
ImmSetCompositionWindow
KERNEL32.dll CloseHandle
CompareStringW
CopyFileW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindNextChangeNotification
FindNextFileW
FormatMessageW
FreeLibrary
GetCommandLineA
GetCommandLineW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProfileStringW
GetStartupInfoA
GetSystemInfo
GetTempPathW
GetThreadPriority
GetTimeFormatW
GetUserDefaultLCID
GetUserDefaultLangID
GetVersionExW
GetVolumeInformationW
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
IsValidLanguageGroup
IsValidLocale
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalFree
MapViewOfFile
MoveFileW
MultiByteToWideChar
OutputDebugStringW
ReadFile
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
SetCurrentDirectoryW
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetFilePointerEx
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SwitchToThread
SystemTimeToTzSpecificLocalTime
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
lstrcmpW
msvcrt.dll _close
_getpid
_putenv
_write
msvcrt.dll (#2) _close
_getpid
_putenv
_write
OLE32.dll CoCreateGuid
CoCreateInstance
CoGetMalloc
CoInitialize
CoLockObjectExternal
CoTaskMemFree
CoUninitialize
DoDragDrop
OleFlushClipboard
OleGetClipboard
OleInitialize
OleIsCurrentClipboard
OleSetClipboard
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
StringFromGUID2
OLEAUT32.DLL SysAllocStringByteLen
VariantInit
SHELL32.DLL SHGetFileInfoW
ShellExecuteW
USER32.dll AdjustWindowRectEx
BeginPaint
CallNextHookEx
ChangeClipboardChain
CharNextExA
ClientToScreen
ClipCursor
CreateCaret
CreateCursor
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyCaret
DestroyCursor
DestroyIcon
DestroyWindow
DispatchMessageW
DrawIconEx
EnableMenuItem
EndPaint
FlashWindowEx
GetActiveWindow
GetCaretBlinkTime
GetClassInfoW
GetClientRect
GetClipboardFormatNameW
GetCursorPos
GetDC
GetDesktopWindow
GetDoubleClickTime
GetFocus
GetIconInfo
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardState
GetMenu
GetMessageW
GetParent
GetQueueStatus
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetUpdateRect
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowRgn
HideCaret
InvalidateRect
InvalidateRgn
IsChild
IsIconic
IsWindowVisible
IsZoomed
KillTimer
LoadIconW
LoadImageW
MapVirtualKeyW
MessageBeep
MoveWindow
MsgWaitForMultipleObjectsEx
PeekMessageW
PostMessageW
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
ScreenToClient
ScrollWindowEx
SendMessageW
SetCapture
SetCaretBlinkTime
SetCaretPos
SetClipboardViewer
SetCursor
SetCursorPos
SetDoubleClickTime
SetFocus
SetForegroundWindow
SetMenuItemInfoW
SetParent
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowWindow
SystemParametersInfoW
ToAscii
ToUnicode
TrackPopupMenuEx
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
ValidateRgn
WindowFromPoint
WINMM.DLL PlaySoundW
WINSPOOL.DRV ClosePrinter
DeviceCapabilitiesW
EnumFormsW
EnumPrintersW
GetPrinterW
OpenPrinterW
WS2_32.DLL WSAAsyncSelect

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 2010-Jun-12 18:41:19
Entropy 2.58825
MD5 10d8f2aec21c761e78e74870dfd3cbb7
SHA1 cc4493cc628b6262bccda5dee3aaa8e2a8dc2f0a
SHA256 6a2a526458803b916e42e1d8a235c5f41692c3536f7d7218c7b6ba53865f05b6
SHA3 40cd4a44c2f46a8aedf8669b880f8849bb27ef305f566a2882ec4cf3d96bccf0

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 2010-Jun-12 18:41:19
Entropy 3.55711
MD5 f9b8cf7a9d194f8f7ab6d7f4a823db78
SHA1 813f9694d85c74820e9c2b9f432fbb61f17d6aa6
SHA256 c63d069e0c38a8ddea991d9889f917375841765db48110d10efa51d5381a6fd2
SHA3 2bcb59ce91275a1b0ac2f57274c1e0c096c0e51dd3a2977b293898b6ee427723

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 2010-Jun-12 18:41:19
Entropy 2.59233
MD5 24de823fe48859bf2033315d211b298d
SHA1 5ac95dcfa3925c2f45b2c6987b54301edf6d7bab
SHA256 d27d30bf7bf4fc31c9d6bd1873e7e60f6ebb40c189fa2684278f139c9b766ab5
SHA3 8b88fb14e861f6f431258c28af7a6d142f974844e743aef701c0fe7dda6af929

IDI_ICON1

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x30
TimeDateStamp 2010-Jun-12 18:41:19
Entropy 2.51103
Detected Filetype Icon file
MD5 d27a4a083612403cac91d4233ad4a704
SHA1 d1a8ad8cc2d4c57c13e3b7b0013e0109e113ca6f
SHA256 8aa0e8e5c6801ffc0861dad7c5136d2c64398a338007fa9fcd137d647e9b896c
SHA3 467ebb85abd57e89152cd4ea6ed45b97579e7b63eddd56a388bd8c49dd31438d

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
<-- -->