6ece002459049f6afc3ffb50595aede0

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1992-Jun-19 22:22:17
Detected languages English - United States

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Contains obfuscated function names:
  • 42 60 71 55 77 6a 66 44 61 61 77 60 76 76
  • 49 6a 64 61 49 6c 67 77 64 77 7c
Suspicious The PE is possibly packed. Unusual section name found: BSS\x00\x10\x00\x12\xe0
Unusual section name found: .tls\x00\x00\x04
Info The PE contains common functions which appear in legitimate applications. Enumerates local disk drives:
  • GetVolumeInformationA
Suspicious The PE header may have been manually modified. The resource timestamps differ from the PE header:
  • 2019-Nov-11 02:08:18
Suspicious The file contains overlay data. 500661 bytes of data starting at offset 0x331000.
The overlay data has an entropy of 7.84768 and is possibly compressed or encrypted.
Malicious VirusTotal score: 54/69 (Scanned on 2019-03-12 05:41:45) Bkav: HW32.Packed.
MicroWorld-eScan: Gen:Adware.SMSHoax.2
ALYac: Gen:Adware.SMSHoax.2
TheHacker: Trojan/Kryptik.anhj
BitDefender: Gen:Adware.SMSHoax.2
K7GW: Trojan ( 7000000f1 )
K7AntiVirus: Trojan ( 7000000f1 )
Invincea: heuristic
Baidu: Win32.Virus.Krap.a
Cyren: W32/Pameseg.L.gen!Eldorado
Symantec: Packed.Generic.382
TrendMicro-HouseCall: TROJ_AGENT_009284.TOMB
Paloalto: generic.ml
ClamAV: Win.Trojan.Zbot-49363
GData: Gen:Adware.SMSHoax.2
Kaspersky: Virus.Win32.Krap.it
NANO-Antivirus: Trojan.Win32.SmsSend.cbobaq
AegisLab: Hacktool.Win32.Generic.3!c
Rising: Malware.Heuristic.MLite(97%) (AI-LITE:+LdHhORWJeW0o8qWLIwJ2w)
Ad-Aware: Gen:Adware.SMSHoax.2
Sophos: Troj/ArchSMS-AC
Comodo: ApplicUnwnt.Win32.Hoax.ArchSMS.RXU@4nkp87
F-Secure: Trojan.TR/Smshoax.1254847
DrWeb: Trojan.SMSSend.6752
Zillya: Tool.ArchSMS.Win32.5590
TrendMicro: TROJ_AGENT_009284.TOMB
McAfee-GW-Edition: BehavesLike.Win32.PWSZbot.wc
Trapmine: malicious.high.ml.score
Emsisoft: Gen:Adware.SMSHoax.2 (B)
Ikarus: Packer.Win32.Krap
F-Prot: W32/Pameseg.L.gen!Eldorado
Jiangmin: Packed.Krap.erei
Webroot: W32.Trojan.Gen
Avira: TR/Smshoax.1254847
MAX: malware (ai score=99)
Kingsoft: Win32.Troj.Krap.it.(kcloud)
Arcabit: Adware.SMSHoax.2
ZoneAlarm: Virus.Win32.Krap.it
Microsoft: Trojan:Win32/Zonsterarch.AT
AhnLab-V3: Trojan/Win32.Zbot.R22644
McAfee: PWS-Zbot.gen.ro
VBA32: BScope.Trojan-Ransom.MBRLock.2314
Cylance: Unsafe
Panda: Trj/Genetic.gen
ESET-NOD32: a variant of Win32/Hoax.ArchSMS.SG
Yandex: Hoax.ArchSMS!+bAyOqo1lhU
SentinelOne: DFI - Malicious PE
eGambit: Unsafe.AI_Score_99%
Fortinet: W32/Zbot.RO!tr
AVG: Win32:PUP-gen [PUP]
Cybereason: malicious.459049
Avast: Win32:PUP-gen [PUP]
CrowdStrike: win/malicious_confidence_70% (W)
Qihoo-360: Malware.Radar01.Gen

Hashes

MD5 6ece002459049f6afc3ffb50595aede0
SHA1 8ff0e63b1f54af8b34b2b20c82aea5ecb0201d02
SHA256 3ef3e9f044cc98bdc7660a80ec3d68276553111f3f63594cdbcb006d74938e8d
SHA3 6ae52fb4a2525b373e23db010cd855cabb385574f7735591e31192bc4e2ed071
SSDeep 98304:lonSQDBwAxM0gm9qQf8tcnkx03HaS3quseWW49:oS2Lgm9lf8tqkU6S6VeO9
Imports Hash 870f9fe53c071fce5aac63abd8636339

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 8
TimeDateStamp 1992-Jun-19 22:22:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x313600
SizeOfInitializedData 0x1c000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00314424 (Section: CODE)
BaseOfCode 0x1000
BaseOfData 0x315000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x337000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

CODE

MD5 66d12fa91db11e9a3c84540b84208811
SHA1 c53385048b3875b4fe97729988c67d574f51be9d
SHA256 46e9681745894f11e31a940b3ec2f9b41a96f837850901581ff7c4e7cfcbdd2b
SHA3 17963929d3c6c7533ae3530e87875f5861c04301be9e5d897732d7901184f0be
VirtualSize 0x3135b8
VirtualAddress 0x1000
SizeOfRawData 0x313600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.91425

DATA

MD5 5c759eee19ea651f40602453bb5c1ad8
SHA1 02a5803171b8c300a5b64956109d32305891107e
SHA256 871a1abea3e0bd5505597ca6971546c22cc3928c902582454c28431aa8866c95
SHA3 5e55bf3025b1f8014a970821987e6672ea4e76d9022c3a2d371a9cb01dec453d
VirtualSize 0x17dc4
VirtualAddress 0x315000
SizeOfRawData 0x17e00
PointerToRawData 0x313a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.7204

BSS\x00\x10\x00\x12\xe0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1a8
VirtualAddress 0x32d000
SizeOfRawData 0
PointerToRawData 0x32b800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 767aaf79b1151152a1dd6a05292149ba
SHA1 2d635db85afa4e44e8c57d151bb421349b489ed5
SHA256 19154e755f33fd70436a5b1b95441ac8e50e24b672a575408dc441f954f243cb
SHA3 4da363d24a546c80c950117d4041ad21486f6cd081f9457ed8b494aeb85045e9
VirtualSize 0x5bc
VirtualAddress 0x32e000
SizeOfRawData 0x600
PointerToRawData 0x32b800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.66636

.tls\x00\x00\x04

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x45
VirtualAddress 0x32f000
SizeOfRawData 0
PointerToRawData 0x32be00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata

MD5 ca8d534b20be2081a16c7e33ac5b76ef
SHA1 51434bbb715bea486de765fce102cda740804ea2
SHA256 fbfdec8697990f4d34bae5b83d5101f73cedbd2c5ea699ea5d6f93dd0ac6bf8c
SHA3 a1bd98f21be1f8d2ed7d91d3b767c9dc762ba8556891fc765fc299227048227f
VirtualSize 0x18
VirtualAddress 0x330000
SizeOfRawData 0x200
PointerToRawData 0x32be00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 0.170146

.reloc

MD5 6508f408cad1d288aa663a1112df5f5e
SHA1 2ab1bcf6bf75a4b408c4697b68a26c2c12f96fec
SHA256 b01b54eaaf525bb9bcd0d6b758705f8c3f744ddae89e3c7ee465ac6dfa34d5be
SHA3 f6623683c8f93f97fc45ed6a8f077cf6646978f918adb3d81b3fdfcfce870057
VirtualSize 0x1a3c
VirtualAddress 0x331000
SizeOfRawData 0x1c00
PointerToRawData 0x32c000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 6.66849

.rsrc

MD5 2857c30ee65f04b6185c9f3db4bb3602
SHA1 e8c79f2233b1d263380221d3c9e7ccd994413fe4
SHA256 47bbb54967b2126be2d3242abfa7390496f3c36d992bc368396b7829a436b9c7
SHA3 ca9d9f135915e9982708a032a801484a0499514187c8bfa3ba7767a1096d7f12
VirtualSize 0x32ec
VirtualAddress 0x333000
SizeOfRawData 0x3400
PointerToRawData 0x32dc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 5.04554

Imports

shlwapi.dll PathUndecorateW
user32.dll GetClassNameA
GetWindowWord
FindWindowExA
ChangeDisplaySettingsExA
GetScrollRange
UpdateWindow
GetMenu
LoadBitmapA
BringWindowToTop
GetIconInfo
EnumClipboardFormats
GetThreadDesktop
GetWindowThreadProcessId
CreateMDIWindowA
UnregisterClassW
RemovePropA
GetTabbedTextExtentA
CallWindowProcW
IsHungAppWindow
kernel32.dll GetCommandLineA
SetLocaleInfoW
LoadLibraryExA
GlobalGetAtomNameA
GetNamedPipeHandleStateW
GetConsoleAliasExesA
DelayLoadFailureHook
SetTapeParameters
Heap32First
GetVersion
GetConsoleTitleA
CreateMailslotW
EnumSystemLocalesA
IsBadReadPtr
GetVolumeInformationA
CreatePipe
DebugBreakProcess
ole32.dll CoRevokeMallocSpy
StgCreatePropStg
comdlg32.dll LoadAlterBitmap
ChooseFontW
dwLBSubclass
PageSetupDlgA
GetSaveFileNameA
shell32.dll SHLoadInProc
SHBrowseForFolder
SHGetSpecialFolderPathW
ShellExec_RunDLLW
SHGetFolderPathA
ShellExecuteEx
gdi32.dll GetDCOrgEx
ClearBitmapAttributes

Delayed Imports

5

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x568
TimeDateStamp 2019-Nov-11 02:08:18
Entropy 3.46719
MD5 78d0a42ab1b18710a40bb080bfa13f97
SHA1 2b3d16a44fe511fd3ed27682c0577b9775d7493f
SHA256 57410c9be0db55c43a5af7d6a5b19122bf34daa20768a143e8da3e046f2cf8d2
SHA3 017027b5b2308bbf4c63e60379b131a7e0ef6af7156b47f8baad3e715ab4138d

6

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x8a8
TimeDateStamp 2019-Nov-11 02:08:18
Entropy 5.82448
MD5 081d22ac7006527539b31b63a3dc061f
SHA1 661f7f55f6d34a6b08ead54b6b2cf01e87a1e9e4
SHA256 5ccf6222852a2d830b3fa7d4b10eecb4420070f6af7959986401bc7ce8ba7d21
SHA3 903d6f4a0797ff06b228f10096484aad6e864605aa5ee504f643056c6e9cfff5

7

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x128
TimeDateStamp 2019-Nov-11 02:08:18
Entropy 3.29053
MD5 b844faf626d01c2da4f6f396d129b189
SHA1 1ed21f64afb00bb7a9f104fbd40afd4ff6ae1c18
SHA256 c1cd525facea7e0c4b59396e08ee363e03ea5263b1482c065a3dad968f9956d8
SHA3 6a3286c1ce76acb761e7a03dbb04470269155157e5c93948a3fd06bca05066f5

8

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x2e8
TimeDateStamp 2019-Nov-11 02:08:18
Entropy 3.90721
MD5 088b6966704f8a676a6b548626877f32
SHA1 33293f5930603d84eab5b9a02ed948fc73ce7a5d
SHA256 65b3b78011cc67b0ea7557134fa58b1f60857b6d59b743d1cb5d7146d2c0b89e
SHA3 fcd45067b775224085eea4b0a7843cda9333a014b5c54dd7763be74ba0d5df01

9

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x668
TimeDateStamp 2019-Nov-11 02:08:18
Entropy 3.71109
MD5 22dd987155c543b2fa964f8702145025
SHA1 a53bd03dcd9c2dc17a570be2d6ec2fd9aeba4259
SHA256 8aedf6ecbc4af4832165f868ba4de3cb7e68a5017b7e67cc60af797e0fb1b759
SHA3 87a5b0121f4a72e1ab7a6eb3a59febbc9090a655e8926c343ebd9f5899fce7fc

10

Type RT_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0xea8
TimeDateStamp 2019-Nov-11 02:08:18
Entropy 5.04683
MD5 b6a27103548e96a5c58c9deff2644a83
SHA1 2b4afa488c1fb3dc69882f0a141bbe32910affc1
SHA256 d0b4dc03326c77d3438b5c1654ffd50b651ab55ff806c424a075092c8dba1385
SHA3 32b5fe856b4fe05adb7bd40ea1426c0eea6cbc65b002e6ea0882367b0c22c4df

100

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0xe4
TimeDateStamp 2019-Nov-11 02:08:18
Entropy 2.88999
MD5 39228c862179486a5dd3ca2f51f5d820
SHA1 22a0688e6404fe92f407e3b88a4c8578a577e54e
SHA256 d7f08af1b126e6f29069e389118ff0f3e55614a040b887d9b491fd9deb2a4516
SHA3 a5a3acb972225a65a4b030c1536d367624409e090a037dbe48cc094cf4c6ce89

200

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0xe4
TimeDateStamp 2019-Nov-11 02:08:18
Entropy 2.92761
MD5 f785db2d0bba65859fe60e7e8eb6617f
SHA1 4db32812e36307933be2f9c51b9e26ce69e3deb9
SHA256 1ad7f28c5819df8d3253f9a5af6acc4ad9bf2287edbce578c74bbc9dc0b6daff
SHA3 ee7a6004b6ac8672c27359f164c7ebcf7a15014e158e754f34a20828460cfb95

400

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0xfe
TimeDateStamp 2019-Nov-11 02:08:18
Entropy 3.19651
MD5 54cdc9f6848afac5f384566e28237e41
SHA1 c20c5382d9fae2ddfd7045bd700110dcfa208dde
SHA256 7ac3df17123a15391e38e78cb024048f189d1af74ea8774058afac8dfe26e02e
SHA3 1b7d18db1160e729d64a55441b4efe024c3986ab04be1faa797a0b7f8adc39b0

500

Type RT_DIALOG
Language English - United States
Codepage Latin 1 / Western European
Size 0xfe
TimeDateStamp 2019-Nov-11 02:08:18
Entropy 3.23048
MD5 7bf710b6d1ae9f5175987f74e9bc853d
SHA1 5c02a11a699f87a8f332b2e1e7fe5c4dca7a86e4
SHA256 7bebda097945b312bcfe82bfd72f4de25be369b8edeeb7bc494f4799d43843df
SHA3 5133cd4523577373bac5784611f42759d3b5cf69f868681194607a5c1c28ac30

PACKAGEINFO

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x5c
TimeDateStamp 2019-Nov-11 02:08:18
Entropy 0.580103
MD5 1d3845a9995511030bda8c134d168b96
SHA1 ab6f480b5959cf5d501cd74a97e8728408414bcb
SHA256 10bebb9fc2032591c0765890d5284411558699ab1c8299f50ceb699f329bb1bd
SHA3 6817f65cd5b0acad2a7faa2f39e9daafdec370ee1694f2e64baf6442b247e45a

MAINICON

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Unicode (UTF 16LE)
Size 0x5a
TimeDateStamp 2019-Nov-11 02:08:18
Entropy 2.92697
Detected Filetype Icon file
MD5 5b75fb9dbad9126cb9f3c969271a2cf4
SHA1 f9b0911cf3760e098edc862c8a4752f7c1ad78b3
SHA256 8910967d22372ccd600bd74108f2e661002ddc78d7fe34f8664f6b71de62efae
SHA3 5d3b6b3817a844d66fd0799dae8864abe7e8b5cac77dba15ebedfc5863cdf0fe

1

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x416
TimeDateStamp 2019-Nov-11 02:08:18
Entropy 3.7969
MD5 ffe7005abfa4c832a44081924886f5a2
SHA1 908fdf5b28bee613d18bd0bfff845f60eb9a6c77
SHA256 5c080341040dea477ae93cf82a0af9e6ded8a59aa6d81a5396d3b57befc86a6a
SHA3 f7c3e925451bc5b676a1f7b4799aac355a676bef1e83035e5367e90d7506be79

Version Info

TLS Callbacks

StartAddressOfRawData 0x72f000
EndAddressOfRawData 0x72f045
AddressOfIndex 0x72d000
AddressOfCallbacks 0x730010
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS\x00\x10\x00\x12\xe0 has a size of 0! [*] Warning: Section .tls\x00\x00\x04 has a size of 0!
<-- -->