Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2014-Jan-14 04:38:30 |
Detected languages |
Chinese - PRC
|
Info | Matching compiler(s): |
Microsoft Visual C++
Microsoft Visual C++ v6.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains another PE executable:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to DES |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE is possibly a dropper. |
Resource 108 detected as a PDF document.
Resource 109 detected as a PE Executable. Resources amount for 93.026% of the executable. |
Malicious | VirusTotal score: 45/65 (Scanned on 2022-02-18 08:40:14) |
Bkav:
W32.AIDetect.malware2
Elastic: malicious (high confidence) MicroWorld-eScan: Gen:Variant.Barys.229848 FireEye: Generic.mg.643654975b63a9bb McAfee: Artemis!643654975B63 Malwarebytes: Malware.AI.4172468544 Zillya: Dropper.Agent.Win32.234271 Alibaba: Backdoor:Win32/Sloth.e877666f Cybereason: malicious.75b63a BitDefenderTheta: AI:Packer.9CE5F6661F VirIT: Trojan.Win32.DownLoader9.RDJ Symantec: ML.Attribute.HighConfidence ESET-NOD32: a variant of Win32/TrojanDropper.Agent.PVR APEX: Malicious Paloalto: generic.ml ClamAV: Win.Trojan.B-262 Kaspersky: Backdoor.Win32.Sloth.c BitDefender: Gen:Variant.Barys.229848 NANO-Antivirus: Trojan.Win32.RP.czjbjv Avast: Win32:Downloader-VAV [Trj] Rising: Dropper.Agent!8.2F (CLOUD) Ad-Aware: Gen:Variant.Barys.229848 Sophos: Mal/Generic-S Comodo: Malware@#i8nnjf8prdx7 DrWeb: Trojan.DownLoader9.11579 VIPRE: Trojan.Win32.Generic!BT TrendMicro: Mal_DLDER McAfee-GW-Edition: BackDoor-FBVO!AB9DB28EEC90 Emsisoft: Gen:Variant.Barys.229848 (B) SentinelOne: Static AI - Suspicious PE GData: Gen:Variant.Barys.229848 Jiangmin: Trojan.Generic.pbdo Avira: TR/ATRAPS.Gen4 Antiy-AVL: Trojan/Win32.Occamy Kingsoft: Win32.Heur.KVM007.a.(kcloud) Microsoft: Trojan:Win32/Comisproc!gmb Cynet: Malicious (score: 99) VBA32: BScope.Trojan-Spy.Zbot ALYac: Gen:Variant.Barys.229848 Tencent: Win32.Trojan.Atraps.Wmiw Yandex: Trojan.GenAsa!tbPeKqtnYCk Fortinet: W32/Agent.PVR!tr AVG: Win32:Downloader-VAV [Trj] Panda: Trj/CI.A CrowdStrike: win/malicious_confidence_100% (W) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2014-Jan-14 04:38:30 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x4000 |
SizeOfInitializedData | 0x51800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000014C2 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x5000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x57000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
CreateProcessA
CloseHandle WriteFile LockResource SizeofResource LoadResource FindResourceA CreateFileA CreateDirectoryA GetCurrentDirectoryA GetTempPathA SetProcessPriorityBoost SetThreadPriority GetCurrentThread SetPriorityClass GetCurrentProcess lstrcatA lstrcpyA GetEnvironmentVariableA GetShortPathNameA GetModuleFileNameA GetStringTypeW GetStringTypeA LCMapStringW LCMapStringA GetModuleHandleA GetStartupInfoA GetCommandLineA GetVersion ExitProcess TerminateProcess UnhandledExceptionFilter FreeEnvironmentStringsA FreeEnvironmentStringsW WideCharToMultiByte GetEnvironmentStrings GetEnvironmentStringsW SetHandleCount GetStdHandle GetFileType HeapDestroy HeapCreate VirtualFree HeapFree RtlUnwind GetLastError SetFilePointer GetCPInfo GetACP GetOEMCP HeapAlloc VirtualAlloc HeapReAlloc GetProcAddress LoadLibraryA SetStdHandle MultiByteToWideChar FlushFileBuffers |
---|---|
SHELL32.dll |
SHChangeNotify
ShellExecuteA ShellExecuteExA |
XOR Key | 0x4cfbc511 |
---|---|
Unmarked objects | 0 |
14 (7299) | 11 |
C objects (VS98 build 8168) | 43 |
19 (8034) | 5 |
Total imports | 62 |
C++ objects (VS98 build 8168) | 3 |
Resource objects (VS98 cvtres build 1720) | 1 |