Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2011-Apr-03 00:50:03 |
Detected languages |
English - United States
|
Info | Matching compiler(s): | MASM/TASM - sig2(h) |
Suspicious | PEiD Signature: |
FASM 1.5x
FASM v1.5x |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to SHA1 |
Info | The PE contains common functions which appear in legitimate applications. |
Possibly launches other programs:
|
Suspicious | The file contains overlay data. |
213556 bytes of data starting at offset 0x3400.
Overlay data amounts for 94.1323% of the executable. |
Malicious | VirusTotal score: 64/73 (Scanned on 2020-07-13 19:50:38) |
Bkav:
W32.FamVT.LamerBTTc.PE
MicroWorld-eScan: Gen:Trojan.FileInfector.nuZ@a4T!Kcmi FireEye: Generic.mg.642c74aa1ecb0fdc CAT-QuickHeal: Trojan.Agent Qihoo-360: Win32/Virus.FileInfector.A ALYac: Gen:Trojan.FileInfector.nuZ@a4T!Kcmi Cylance: Unsafe VIPRE: Virus.Win32.sivis.a (v) Sangfor: Malware K7AntiVirus: Virus ( 004d554e1 ) Alibaba: Virus:Win32/Zatoxp.d65237b2 K7GW: Virus ( 004d554e1 ) CrowdStrike: win/malicious_confidence_100% (W) Arcabit: Trojan.FileInfector.ED1D1C TrendMicro: PE_SIVIS_FC18000B.UVPM Baidu: Win32.Virus.Lamer.g F-Prot: W32/Lamer.C.gen!Eldorado Symantec: W32.Suviapen APEX: Malicious ClamAV: Win.Malware.Sivis-6838221-0 Kaspersky: Virus.Win32.Lamer.cq BitDefender: Gen:Trojan.FileInfector.nuZ@a4T!Kcmi NANO-Antivirus: Virus.Win32.Lamer.zocpe AegisLab: Virus.Win32.Lamer.tn6d Tencent: Virus.Win32.Lamer.cq Ad-Aware: Gen:Trojan.FileInfector.nuZ@a4T!Kcmi Sophos: Troj/Agent-APCU Comodo: Backdoor.Win32.Androm.XTA@4z809t F-Secure: Trojan.TR/Dropper.Gen8 DrWeb: Win32.HLLW.Siggen.4657 Zillya: Adware.AdLoad.Win32.6665 Invincea: heuristic Fortinet: W32/Sivis.A!tr Trapmine: malicious.high.ml.score Emsisoft: Gen:Trojan.FileInfector.nuZ@a4T!Kcmi (B) SentinelOne: DFI - Malicious PE Cyren: W32/Lamer.C.gen!Eldorado Jiangmin: Win32/Lamer.l Webroot: W32.Infector Avira: TR/Dropper.Gen8 MAX: malware (ai score=83) Antiy-AVL: Virus/Win32.Lamer.cq Endgame: malicious (high confidence) Microsoft: Virus:Win32/Zatoxp.A ZoneAlarm: Virus.Win32.Lamer.cq Cynet: Malicious (score: 100) AhnLab-V3: Trojan/Win32.FileInfector.C933388 Acronis: suspicious McAfee: W32/Sivis.gen.a TACHYON: Trojan/W32.Sivis.Gen VBA32: Virus.Lamer.cq Panda: Generic Suspicious ESET-NOD32: a variant of Win32/Zatoxp.C TrendMicro-HouseCall: PE_SIVIS_FC18000B.UVPM Rising: Worm.Lamer!1.A4FA (RDMK:cmRtazrwqL96nJyfz3VGF4p7V0BX) Yandex: Trojan.Agent!Gvkm4yfNIq8 Ikarus: Virus.Win32.Zatoxp eGambit: Unsafe.AI_Score_100% GData: Gen:Trojan.FileInfector.nuZ@a4T!Kcmi BitDefenderTheta: Gen:NN.ZexaF.34134.nuZ@a4T!Kcmi AVG: Win32:Lamer-A [Trj] Cybereason: malicious.a1ecb0 Avast: Win32:Lamer-A [Trj] MaxSecure: Virus.W32.Lamer.CQ |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2011-Apr-03 00:50:03 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x2200 |
SizeOfInitializedData | 0xe00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001000 (Section: .code) |
BaseOfCode | 0x1000 |
BaseOfData | 0x4000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x7000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
MSVCRT.dll |
memset
memcpy _stricmp strncmp _strnicmp strcmp memmove strlen strcpy strcat strncpy |
---|---|
KERNEL32.dll |
GetModuleHandleA
HeapCreate HeapDestroy ExitProcess GetCurrentThreadId GetTickCount HeapAlloc HeapFree WriteFile CloseHandle CreateFileA GetFileSize ReadFile SetFilePointer InitializeCriticalSection GetModuleFileNameA GetCurrentProcess DuplicateHandle CreatePipe GetStdHandle CreateProcessA WaitForSingleObject EnterCriticalSection LeaveCriticalSection GetCurrentProcessId FindClose FindFirstFileA GetLastError FindNextFileA SetFileAttributesA HeapReAlloc |
COMCTL32.DLL |
InitCommonControls
|
USER32.DLL |
MessageBoxA
GetWindowThreadProcessId IsWindowVisible IsWindowEnabled GetForegroundWindow EnableWindow EnumWindows |
SHELL32.DLL |
ShellExecuteExA
|
OLE32.DLL |
CoInitialize
|