Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2018-Feb-01 20:18:00 |
Info | Matching compiler(s): | MASM/TASM - sig2(h) |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Info | The PE's resources present abnormal characteristics. |
Resource 9B9840EAA1A76AF7BB1868B10ED8E4CB is possibly compressed or encrypted.
Resource AB47C57B653ED393398EDE4725607050A82A2901 is possibly compressed or encrypted. Resource CD5C4E8FFC04F57B6F0FEB7E4E9DF9C08F537CE6 is possibly compressed or encrypted. |
Malicious | VirusTotal score: 36/66 (Scanned on 2018-11-05 02:00:50) |
MicroWorld-eScan:
Trojan.Generic.23177354
McAfee: RDN/Generic PUP.z Cylance: Unsafe Zillya: Trojan.Agent.Win32.877885 BitDefender: Trojan.Generic.23177354 K7GW: Riskware ( 0040eff71 ) K7AntiVirus: Riskware ( 0040eff71 ) F-Prot: W32/Strictor.AR Symantec: PUA.Gen.2 TrendMicro-HouseCall: TROJ_GEN.R002C0OK218 Paloalto: generic.ml Kaspersky: not-a-virus:HEUR:RiskTool.Win32.Generic Rising: Trojan.Fuerboos!8.EFC8 (CLOUD) Ad-Aware: Trojan.Generic.23177354 Emsisoft: Trojan.Generic.23177354 (B) F-Secure: Trojan.Generic.23177354 Invincea: heuristic McAfee-GW-Edition: BehavesLike.Win32.Generic.dc Fortinet: W32/Jaiks.ps!tr SentinelOne: static engine - malicious Cyren: W32/Strictor.ZBXX-9129 Jiangmin: RiskTool.BitCoinMiner.gwc Antiy-AVL: Trojan/Win32.TSGeneric Endgame: malicious (high confidence) Arcabit: Trojan.Generic.D161A88A ZoneAlarm: not-a-virus:HEUR:RiskTool.Win32.Generic Microsoft: Trojan:Win32/Occamy.C Sophos: Generic PUA JH (PUA) TotalDefense: Win32/Inject.C!generic VBA32: BScope.Trojan.Tiggre Ikarus: Trojan.CoinMiner GData: Win32.Trojan.Agent.HW3TT4 Cybereason: malicious.dc8354 Panda: Trj/Genetic.gen CrowdStrike: malicious_confidence_100% (W) Qihoo-360: Win32/Virus.RiskTool.2bb |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2018-Feb-01 20:18:00 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x10800 |
SizeOfInitializedData | 0x34a00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001000 (Section: .code) |
BaseOfCode | 0x1000 |
BaseOfData | 0x12000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x49000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
MSVCRT.dll |
memset
wcsncmp memmove wcsncpy wcsstr _wcsnicmp _wcsdup free _wcsicmp wcslen wcscpy wcscmp memcpy tolower wcscat malloc |
---|---|
KERNEL32.dll |
GetModuleHandleW
HeapCreate GetStdHandle HeapDestroy ExitProcess WriteFile GetTempFileNameW LoadLibraryExW EnumResourceTypesW FreeLibrary RemoveDirectoryW GetExitCodeProcess EnumResourceNamesW GetCommandLineW LoadResource SizeofResource FreeResource FindResourceW GetNativeSystemInfo GetShortPathNameW GetWindowsDirectoryW GetSystemDirectoryW EnterCriticalSection CloseHandle LeaveCriticalSection InitializeCriticalSection WaitForSingleObject TerminateThread CreateThread Sleep GetProcAddress GetVersionExW WideCharToMultiByte HeapAlloc HeapFree LoadLibraryW GetCurrentProcessId GetCurrentThreadId GetModuleFileNameW GetEnvironmentVariableW SetEnvironmentVariableW GetCurrentProcess TerminateProcess SetUnhandledExceptionFilter HeapSize MultiByteToWideChar CreateDirectoryW SetFileAttributesW GetTempPathW DeleteFileW GetCurrentDirectoryW SetCurrentDirectoryW CreateFileW SetFilePointer TlsFree TlsGetValue TlsSetValue TlsAlloc HeapReAlloc DeleteCriticalSection InterlockedCompareExchange InterlockedExchange GetLastError SetLastError UnregisterWait GetCurrentThread DuplicateHandle RegisterWaitForSingleObject |
USER32.DLL |
CharUpperW
CharLowerW MessageBoxW DefWindowProcW DestroyWindow GetWindowLongW GetWindowTextLengthW GetWindowTextW UnregisterClassW LoadIconW LoadCursorW RegisterClassExW IsWindowEnabled EnableWindow GetSystemMetrics CreateWindowExW SetWindowLongW SendMessageW SetFocus CreateAcceleratorTableW SetForegroundWindow BringWindowToTop GetMessageW TranslateAcceleratorW TranslateMessage DispatchMessageW DestroyAcceleratorTable PostMessageW GetForegroundWindow GetWindowThreadProcessId IsWindowVisible EnumWindows SetWindowPos |
GDI32.DLL |
GetStockObject
|
COMCTL32.DLL |
InitCommonControlsEx
|
SHELL32.DLL |
ShellExecuteExW
SHGetFolderLocation SHGetPathFromIDListW |
WINMM.DLL |
timeBeginPeriod
|
OLE32.DLL |
CoInitialize
CoTaskMemFree |
SHLWAPI.DLL |
PathAddBackslashW
PathRenameExtensionW PathQuoteSpacesW PathRemoveArgsW PathRemoveBackslashW |