Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date |
1992-Jun-19 22:22:17
|
Detected languages |
English - United States
|
Suspicious |
Strings found in the binary may indicate undesirable behavior: |
Contains obfuscated function names:
- 42 60 71 55 77 6a 66 44 61 61 77 60 76 76
- 49 6a 64 61 49 6c 67 77 64 77 7c
|
Suspicious |
The PE is possibly packed. |
Unusual section name found: BSS\x00\x10\x00\x12\xe0
Unusual section name found: .tls\x00\x00\x04
|
Info |
The PE contains common functions which appear in legitimate applications. |
Enumerates local disk drives:
|
Suspicious |
The PE header may have been manually modified. |
The resource timestamps differ from the PE header:
|
Suspicious |
The file contains overlay data. |
500661 bytes of data starting at offset 0x331000.
The overlay data has an entropy of 7.84768 and is possibly compressed or encrypted.
|
Malicious |
VirusTotal score: 54/69 (Scanned on 2019-03-12 05:41:45) |
Bkav:
HW32.Packed.
MicroWorld-eScan:
Gen:Adware.SMSHoax.2
ALYac:
Gen:Adware.SMSHoax.2
TheHacker:
Trojan/Kryptik.anhj
BitDefender:
Gen:Adware.SMSHoax.2
K7GW:
Trojan ( 7000000f1 )
K7AntiVirus:
Trojan ( 7000000f1 )
Invincea:
heuristic
Baidu:
Win32.Virus.Krap.a
Cyren:
W32/Pameseg.L.gen!Eldorado
Symantec:
Packed.Generic.382
TrendMicro-HouseCall:
TROJ_AGENT_009284.TOMB
Paloalto:
generic.ml
ClamAV:
Win.Trojan.Zbot-49363
GData:
Gen:Adware.SMSHoax.2
Kaspersky:
Virus.Win32.Krap.it
NANO-Antivirus:
Trojan.Win32.SmsSend.cbobaq
AegisLab:
Hacktool.Win32.Generic.3!c
Rising:
Malware.Heuristic.MLite(97%) (AI-LITE:+LdHhORWJeW0o8qWLIwJ2w)
Ad-Aware:
Gen:Adware.SMSHoax.2
Sophos:
Troj/ArchSMS-AC
Comodo:
ApplicUnwnt.Win32.Hoax.ArchSMS.RXU@4nkp87
F-Secure:
Trojan.TR/Smshoax.1254847
DrWeb:
Trojan.SMSSend.6752
Zillya:
Tool.ArchSMS.Win32.5590
TrendMicro:
TROJ_AGENT_009284.TOMB
McAfee-GW-Edition:
BehavesLike.Win32.PWSZbot.wc
Trapmine:
malicious.high.ml.score
Emsisoft:
Gen:Adware.SMSHoax.2 (B)
Ikarus:
Packer.Win32.Krap
F-Prot:
W32/Pameseg.L.gen!Eldorado
Jiangmin:
Packed.Krap.erei
Webroot:
W32.Trojan.Gen
Avira:
TR/Smshoax.1254847
MAX:
malware (ai score=99)
Kingsoft:
Win32.Troj.Krap.it.(kcloud)
Arcabit:
Adware.SMSHoax.2
ZoneAlarm:
Virus.Win32.Krap.it
Microsoft:
Trojan:Win32/Zonsterarch.AT
AhnLab-V3:
Trojan/Win32.Zbot.R22644
McAfee:
PWS-Zbot.gen.ro
VBA32:
BScope.Trojan-Ransom.MBRLock.2314
Cylance:
Unsafe
Panda:
Trj/Genetic.gen
ESET-NOD32:
a variant of Win32/Hoax.ArchSMS.SG
Yandex:
Hoax.ArchSMS!+bAyOqo1lhU
SentinelOne:
DFI - Malicious PE
eGambit:
Unsafe.AI_Score_99%
Fortinet:
W32/Zbot.RO!tr
AVG:
Win32:PUP-gen [PUP]
Cybereason:
malicious.459049
Avast:
Win32:PUP-gen [PUP]
CrowdStrike:
win/malicious_confidence_70% (W)
Qihoo-360:
Malware.Radar01.Gen
|
MD5 |
6ece002459049f6afc3ffb50595aede0
|
SHA1 |
8ff0e63b1f54af8b34b2b20c82aea5ecb0201d02
|
SHA256 |
3ef3e9f044cc98bdc7660a80ec3d68276553111f3f63594cdbcb006d74938e8d
|
SHA3 |
6ae52fb4a2525b373e23db010cd855cabb385574f7735591e31192bc4e2ed071
|
SSDeep |
98304:lonSQDBwAxM0gm9qQf8tcnkx03HaS3quseWW49:oS2Lgm9lf8tqkU6S6VeO9
|
Imports Hash |
870f9fe53c071fce5aac63abd8636339
|
e_magic |
MZ
|
e_cblp |
0x50
|
e_cp |
0x2
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0xf
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0x1a
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x100
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
8
|
TimeDateStamp |
1992-Jun-19 22:22:17
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic |
PE32
|
LinkerVersion |
8.0
|
SizeOfCode |
0x313600
|
SizeOfInitializedData |
0x1c000
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x00314424 (Section: CODE)
|
BaseOfCode |
0x1000
|
BaseOfData |
0x315000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
0.0
|
SubsystemVersion |
4.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x337000
|
SizeOfHeaders |
0x400
|
Checksum |
0
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x4000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
66d12fa91db11e9a3c84540b84208811
|
SHA1 |
c53385048b3875b4fe97729988c67d574f51be9d
|
SHA256 |
46e9681745894f11e31a940b3ec2f9b41a96f837850901581ff7c4e7cfcbdd2b
|
SHA3 |
17963929d3c6c7533ae3530e87875f5861c04301be9e5d897732d7901184f0be
|
VirtualSize |
0x3135b8
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x313600
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
6.91425
|
MD5 |
5c759eee19ea651f40602453bb5c1ad8
|
SHA1 |
02a5803171b8c300a5b64956109d32305891107e
|
SHA256 |
871a1abea3e0bd5505597ca6971546c22cc3928c902582454c28431aa8866c95
|
SHA3 |
5e55bf3025b1f8014a970821987e6672ea4e76d9022c3a2d371a9cb01dec453d
|
VirtualSize |
0x17dc4
|
VirtualAddress |
0x315000
|
SizeOfRawData |
0x17e00
|
PointerToRawData |
0x313a00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
3.7204
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x1a8
|
VirtualAddress |
0x32d000
|
SizeOfRawData |
0
|
PointerToRawData |
0x32b800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
767aaf79b1151152a1dd6a05292149ba
|
SHA1 |
2d635db85afa4e44e8c57d151bb421349b489ed5
|
SHA256 |
19154e755f33fd70436a5b1b95441ac8e50e24b672a575408dc441f954f243cb
|
SHA3 |
4da363d24a546c80c950117d4041ad21486f6cd081f9457ed8b494aeb85045e9
|
VirtualSize |
0x5bc
|
VirtualAddress |
0x32e000
|
SizeOfRawData |
0x600
|
PointerToRawData |
0x32b800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
4.66636
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x45
|
VirtualAddress |
0x32f000
|
SizeOfRawData |
0
|
PointerToRawData |
0x32be00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
ca8d534b20be2081a16c7e33ac5b76ef
|
SHA1 |
51434bbb715bea486de765fce102cda740804ea2
|
SHA256 |
fbfdec8697990f4d34bae5b83d5101f73cedbd2c5ea699ea5d6f93dd0ac6bf8c
|
SHA3 |
a1bd98f21be1f8d2ed7d91d3b767c9dc762ba8556891fc765fc299227048227f
|
VirtualSize |
0x18
|
VirtualAddress |
0x330000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x32be00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
|
Entropy |
0.170146
|
MD5 |
6508f408cad1d288aa663a1112df5f5e
|
SHA1 |
2ab1bcf6bf75a4b408c4697b68a26c2c12f96fec
|
SHA256 |
b01b54eaaf525bb9bcd0d6b758705f8c3f744ddae89e3c7ee465ac6dfa34d5be
|
SHA3 |
f6623683c8f93f97fc45ed6a8f077cf6646978f918adb3d81b3fdfcfce870057
|
VirtualSize |
0x1a3c
|
VirtualAddress |
0x331000
|
SizeOfRawData |
0x1c00
|
PointerToRawData |
0x32c000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
|
Entropy |
6.66849
|
MD5 |
2857c30ee65f04b6185c9f3db4bb3602
|
SHA1 |
e8c79f2233b1d263380221d3c9e7ccd994413fe4
|
SHA256 |
47bbb54967b2126be2d3242abfa7390496f3c36d992bc368396b7829a436b9c7
|
SHA3 |
ca9d9f135915e9982708a032a801484a0499514187c8bfa3ba7767a1096d7f12
|
VirtualSize |
0x32ec
|
VirtualAddress |
0x333000
|
SizeOfRawData |
0x3400
|
PointerToRawData |
0x32dc00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
|
Entropy |
5.04554
|
shlwapi.dll |
PathUndecorateW
|
user32.dll |
GetClassNameA
GetWindowWord
FindWindowExA
ChangeDisplaySettingsExA
GetScrollRange
UpdateWindow
GetMenu
LoadBitmapA
BringWindowToTop
GetIconInfo
EnumClipboardFormats
GetThreadDesktop
GetWindowThreadProcessId
CreateMDIWindowA
UnregisterClassW
RemovePropA
GetTabbedTextExtentA
CallWindowProcW
IsHungAppWindow
|
kernel32.dll |
GetCommandLineA
SetLocaleInfoW
LoadLibraryExA
GlobalGetAtomNameA
GetNamedPipeHandleStateW
GetConsoleAliasExesA
DelayLoadFailureHook
SetTapeParameters
Heap32First
GetVersion
GetConsoleTitleA
CreateMailslotW
EnumSystemLocalesA
IsBadReadPtr
GetVolumeInformationA
CreatePipe
DebugBreakProcess
|
ole32.dll |
CoRevokeMallocSpy
StgCreatePropStg
|
comdlg32.dll |
LoadAlterBitmap
ChooseFontW
dwLBSubclass
PageSetupDlgA
GetSaveFileNameA
|
shell32.dll |
SHLoadInProc
SHBrowseForFolder
SHGetSpecialFolderPathW
ShellExec_RunDLLW
SHGetFolderPathA
ShellExecuteEx
|
gdi32.dll |
GetDCOrgEx
ClearBitmapAttributes
|
Type |
RT_ICON
|
Language |
UNKNOWN
|
Codepage |
Unicode (UTF 16LE)
|
Size |
0x568
|
TimeDateStamp |
2019-Nov-11 02:08:18
|
Entropy |
3.46719
|
MD5 |
78d0a42ab1b18710a40bb080bfa13f97
|
SHA1 |
2b3d16a44fe511fd3ed27682c0577b9775d7493f
|
SHA256 |
57410c9be0db55c43a5af7d6a5b19122bf34daa20768a143e8da3e046f2cf8d2
|
SHA3 |
017027b5b2308bbf4c63e60379b131a7e0ef6af7156b47f8baad3e715ab4138d
|
Type |
RT_ICON
|
Language |
UNKNOWN
|
Codepage |
Unicode (UTF 16LE)
|
Size |
0x8a8
|
TimeDateStamp |
2019-Nov-11 02:08:18
|
Entropy |
5.82448
|
MD5 |
081d22ac7006527539b31b63a3dc061f
|
SHA1 |
661f7f55f6d34a6b08ead54b6b2cf01e87a1e9e4
|
SHA256 |
5ccf6222852a2d830b3fa7d4b10eecb4420070f6af7959986401bc7ce8ba7d21
|
SHA3 |
903d6f4a0797ff06b228f10096484aad6e864605aa5ee504f643056c6e9cfff5
|
Type |
RT_ICON
|
Language |
UNKNOWN
|
Codepage |
Unicode (UTF 16LE)
|
Size |
0x128
|
TimeDateStamp |
2019-Nov-11 02:08:18
|
Entropy |
3.29053
|
MD5 |
b844faf626d01c2da4f6f396d129b189
|
SHA1 |
1ed21f64afb00bb7a9f104fbd40afd4ff6ae1c18
|
SHA256 |
c1cd525facea7e0c4b59396e08ee363e03ea5263b1482c065a3dad968f9956d8
|
SHA3 |
6a3286c1ce76acb761e7a03dbb04470269155157e5c93948a3fd06bca05066f5
|
Type |
RT_ICON
|
Language |
UNKNOWN
|
Codepage |
Unicode (UTF 16LE)
|
Size |
0x2e8
|
TimeDateStamp |
2019-Nov-11 02:08:18
|
Entropy |
3.90721
|
MD5 |
088b6966704f8a676a6b548626877f32
|
SHA1 |
33293f5930603d84eab5b9a02ed948fc73ce7a5d
|
SHA256 |
65b3b78011cc67b0ea7557134fa58b1f60857b6d59b743d1cb5d7146d2c0b89e
|
SHA3 |
fcd45067b775224085eea4b0a7843cda9333a014b5c54dd7763be74ba0d5df01
|
Type |
RT_ICON
|
Language |
UNKNOWN
|
Codepage |
Unicode (UTF 16LE)
|
Size |
0x668
|
TimeDateStamp |
2019-Nov-11 02:08:18
|
Entropy |
3.71109
|
MD5 |
22dd987155c543b2fa964f8702145025
|
SHA1 |
a53bd03dcd9c2dc17a570be2d6ec2fd9aeba4259
|
SHA256 |
8aedf6ecbc4af4832165f868ba4de3cb7e68a5017b7e67cc60af797e0fb1b759
|
SHA3 |
87a5b0121f4a72e1ab7a6eb3a59febbc9090a655e8926c343ebd9f5899fce7fc
|
Type |
RT_ICON
|
Language |
UNKNOWN
|
Codepage |
Unicode (UTF 16LE)
|
Size |
0xea8
|
TimeDateStamp |
2019-Nov-11 02:08:18
|
Entropy |
5.04683
|
MD5 |
b6a27103548e96a5c58c9deff2644a83
|
SHA1 |
2b4afa488c1fb3dc69882f0a141bbe32910affc1
|
SHA256 |
d0b4dc03326c77d3438b5c1654ffd50b651ab55ff806c424a075092c8dba1385
|
SHA3 |
32b5fe856b4fe05adb7bd40ea1426c0eea6cbc65b002e6ea0882367b0c22c4df
|
Type |
RT_DIALOG
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0xe4
|
TimeDateStamp |
2019-Nov-11 02:08:18
|
Entropy |
2.88999
|
MD5 |
39228c862179486a5dd3ca2f51f5d820
|
SHA1 |
22a0688e6404fe92f407e3b88a4c8578a577e54e
|
SHA256 |
d7f08af1b126e6f29069e389118ff0f3e55614a040b887d9b491fd9deb2a4516
|
SHA3 |
a5a3acb972225a65a4b030c1536d367624409e090a037dbe48cc094cf4c6ce89
|
Type |
RT_DIALOG
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0xe4
|
TimeDateStamp |
2019-Nov-11 02:08:18
|
Entropy |
2.92761
|
MD5 |
f785db2d0bba65859fe60e7e8eb6617f
|
SHA1 |
4db32812e36307933be2f9c51b9e26ce69e3deb9
|
SHA256 |
1ad7f28c5819df8d3253f9a5af6acc4ad9bf2287edbce578c74bbc9dc0b6daff
|
SHA3 |
ee7a6004b6ac8672c27359f164c7ebcf7a15014e158e754f34a20828460cfb95
|
Type |
RT_DIALOG
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0xfe
|
TimeDateStamp |
2019-Nov-11 02:08:18
|
Entropy |
3.19651
|
MD5 |
54cdc9f6848afac5f384566e28237e41
|
SHA1 |
c20c5382d9fae2ddfd7045bd700110dcfa208dde
|
SHA256 |
7ac3df17123a15391e38e78cb024048f189d1af74ea8774058afac8dfe26e02e
|
SHA3 |
1b7d18db1160e729d64a55441b4efe024c3986ab04be1faa797a0b7f8adc39b0
|
Type |
RT_DIALOG
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0xfe
|
TimeDateStamp |
2019-Nov-11 02:08:18
|
Entropy |
3.23048
|
MD5 |
7bf710b6d1ae9f5175987f74e9bc853d
|
SHA1 |
5c02a11a699f87a8f332b2e1e7fe5c4dca7a86e4
|
SHA256 |
7bebda097945b312bcfe82bfd72f4de25be369b8edeeb7bc494f4799d43843df
|
SHA3 |
5133cd4523577373bac5784611f42759d3b5cf69f868681194607a5c1c28ac30
|
Type |
RT_RCDATA
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x5c
|
TimeDateStamp |
2019-Nov-11 02:08:18
|
Entropy |
0.580103
|
MD5 |
1d3845a9995511030bda8c134d168b96
|
SHA1 |
ab6f480b5959cf5d501cd74a97e8728408414bcb
|
SHA256 |
10bebb9fc2032591c0765890d5284411558699ab1c8299f50ceb699f329bb1bd
|
SHA3 |
6817f65cd5b0acad2a7faa2f39e9daafdec370ee1694f2e64baf6442b247e45a
|
Type |
RT_GROUP_ICON
|
Language |
UNKNOWN
|
Codepage |
Unicode (UTF 16LE)
|
Size |
0x5a
|
TimeDateStamp |
2019-Nov-11 02:08:18
|
Entropy |
2.92697
|
Detected Filetype |
Icon file
|
MD5 |
5b75fb9dbad9126cb9f3c969271a2cf4
|
SHA1 |
f9b0911cf3760e098edc862c8a4752f7c1ad78b3
|
SHA256 |
8910967d22372ccd600bd74108f2e661002ddc78d7fe34f8664f6b71de62efae
|
SHA3 |
5d3b6b3817a844d66fd0799dae8864abe7e8b5cac77dba15ebedfc5863cdf0fe
|
Type |
RT_MANIFEST
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x416
|
TimeDateStamp |
2019-Nov-11 02:08:18
|
Entropy |
3.7969
|
MD5 |
ffe7005abfa4c832a44081924886f5a2
|
SHA1 |
908fdf5b28bee613d18bd0bfff845f60eb9a6c77
|
SHA256 |
5c080341040dea477ae93cf82a0af9e6ded8a59aa6d81a5396d3b57befc86a6a
|
SHA3 |
f7c3e925451bc5b676a1f7b4799aac355a676bef1e83035e5367e90d7506be79
|
StartAddressOfRawData |
0x72f000
|
EndAddressOfRawData |
0x72f045
|
AddressOfIndex |
0x72d000
|
AddressOfCallbacks |
0x730010
|
SizeOfZeroFill |
0
|
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
(EMPTY)
|
[*] Warning: Section BSS\x00\x10\x00\x12\xe0 has a size of 0!
[*] Warning: Section .tls\x00\x00\x04 has a size of 0!