Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2013-Mar-25 09:34:55 |
Detected languages |
Russian - Russia
|
Suspicious | The PE is packed or was manually edited. |
Unusual section name found: .text5
The number of imports reported in the RICH header is inconsistent. |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
768 bytes of data starting at offset 0x2bc00.
The overlay data has an entropy of 7.7222 and is possibly compressed or encrypted. |
Malicious | VirusTotal score: 65/71 (Scanned on 2023-05-24 11:51:24) |
Bkav:
W32.AIDetectMalware
Lionic: Trojan.Win32.ShipUp.lISW tehtris: Generic.Malware DrWeb: Trojan.Redirect.140 MicroWorld-eScan: Trojan.Ransom.Cerber.1 FireEye: Generic.mg.75573228fe05a1b3 CAT-QuickHeal: Trojan.Mauvaise.SL1 ALYac: Trojan.Ransom.Cerber.1 Malwarebytes: Crypt.Trojan.Malicious.DDS VIPRE: Trojan.Ransom.Cerber.1 Sangfor: Trojan.Win32.Save.a K7AntiVirus: Trojan ( 0042fce51 ) K7GW: Trojan ( 0042fce51 ) Cybereason: malicious.8fe05a BitDefenderTheta: Gen:NN.ZexaF.36196.kuX@aWPE!Imc VirIT: Trojan.Win32.Agent4.AKVT Cyren: W32/Zbot.JC.gen!Eldorado Symantec: Packed.Generic.459 Elastic: malicious (high confidence) ESET-NOD32: Win32/Agent.UNQ APEX: Malicious ClamAV: Win.Trojan.Redirect-6055402-0 Kaspersky: Trojan.Win32.ShipUp.bou BitDefender: Trojan.Ransom.Cerber.1 NANO-Antivirus: Trojan.Win32.ShipUp.bqogfc ViRobot: Trojan.Win.Z.Ransom.179968.V Avast: Win32:Gepys-J [Trj] Rising: Trojan.Kryptik!1.AB8B (CLASSIC) Emsisoft: Trojan.Ransom.Cerber.1 (B) F-Secure: Trojan.TR/Crypt.XPACK.Gen7 Baidu: Win32.Trojan.Agent.eq Zillya: Trojan.ShipUp.Win32.1164 TrendMicro: TROJ_KRYPTK.SML3 McAfee-GW-Edition: BehavesLike.Win32.FakeAVSecurityTool.cc Trapmine: malicious.high.ml.score Sophos: Mal/EncPk-AIT SentinelOne: Static AI - Malicious PE GData: Win32.Trojan.PSE.1387P79 Jiangmin: Trojan/ShipUp.ih Google: Detected Avira: TR/Crypt.XPACK.Gen7 MAX: malware (ai score=81) Antiy-AVL: Trojan/Win32.ShipUp Gridinsoft: Trojan.Win32.Agent.bot!s4 Xcitium: TrojWare.Win32.Kryptik.AYQE@4wlbfl Arcabit: Trojan.Ransom.Cerber.1 SUPERAntiSpyware: Trojan.Agent/Gen-Injector ZoneAlarm: Trojan.Win32.ShipUp.bou Microsoft: Trojan:Win32/ShipUp.DSK!MTB Cynet: Malicious (score: 100) AhnLab-V3: Trojan/Win32.Shipup.R58811 McAfee: PWS-Zbot-FATG!75573228FE05 TACHYON: Trojan/W32.Shipup.179968 VBA32: BScope.Trojan.ShipUp Cylance: unsafe Panda: Trj/Hexas.HEU TrendMicro-HouseCall: TROJ_KRYPTK.SML3 Tencent: Trojan.Win32.Cerber.i Yandex: Trojan.GenAsa!WywhmPdxlQw Ikarus: Trojan.Win32.ShipUp MaxSecure: Trojan.Malware.300983.susgen Fortinet: W32/Kryptik.AXRD!tr AVG: Win32:Gepys-J [Trj] DeepInstinct: MALICIOUS CrowdStrike: win/malicious_confidence_100% (W) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2013-Mar-25 09:34:55 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x5200 |
SizeOfInitializedData | 0x26600 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001940 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x7000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x5b000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetProcAddress
LoadLibraryA ReadFile VirtualAlloc CloseHandle CreateDirectoryA CreateFileA FindClose FindFirstFileA FindNextFileA GetDiskFreeSpaceA GetFileSize GetLastError GetLocalTime GetLocaleInfoA SetEndOfFile SetFilePointer SystemTimeToFileTime WriteFile lstrcmpiA lstrlenA |
---|---|
USER32.dll |
LoadIconW
LoadCursorA LoadIconA CharPrevA CheckDlgButton CreateDialogParamA DestroyWindow DialogBoxParamA DispatchMessageA EndDialog GetDesktopWindow GetDlgItem GetParent GetWindowRect IsDialogMessageA IsDlgButtonChecked LoadStringA MessageBoxA OffsetRect PeekMessageA SendMessageA SetDlgItemTextA SetFocus SetForegroundWindow SetWindowPos ShowWindow SystemParametersInfoA TranslateMessage |
msvcrt.dll |
_cexit
_controlfp exit _acmdln |
Группы (*.grp)#*.grp#Все файлы (*.*)#*.*# |
Выберите преобразуемую группу |
Конвертор групп диспетчера программ |
Преобразовать группу "%s"\? |
Ошибка при преобразовании группы. Преобразование выполнено не полностью. |
Файл "%s" не является файлом описания группы диспетчера программ. |
Не удается прочесть файл "%s". |
Группа повреждена. Часть ее элементов преобразовать невозможно. |
Программы |
Группа программ |
Другая |
SendTo |
Обновление ярлыков: |
Автозагрузка |
Рабочий стол |
040904E4 |
Проверка оболочки: |
Документы |
Группа |
XOR Key | 0x9fe1c937 |
---|---|
Unmarked objects | 0 |
19 (8078) | 6 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 5 |
Total imports | 49 |
C objects (VS2008 build 21022) | 1 |
Unmarked objects (#2) | 1 |
Linker (VS2008 build 21022) | 1 |
Resource objects (VS2008 build 21022) | 1 |