76ef16e94f77454aaffdfa4c700be85f

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2008-Aug-05 15:01:45
Detected languages English - United States
CompanyName Adobe Systems Incorporated
FileDescription AutoPlay
FileVersion 6.0
InternalName AutoPlay
LegalCopyright © 1990-2008 Adobe Systems Incorporated
OriginalFilename AutoPlay.exe
ProductName Autoplay
ProductVersion 6.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 7.1
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ v7.0
Microsoft Visual C++ v7.1 EXE
Microsoft Visual C++ 7.0 MFC
Suspicious Strings found in the binary may indicate undesirable behavior: Miscellaneous malware strings:
  • cmd.exe
Suspicious The PE contains functions most legitimate programs don't use. Can access the registry:
  • RegQueryValueA
  • RegCloseKey
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
 Can take screenshots:
  • GetDC
  • CreateCompatibleDC
  • BitBlt
Info The PE is digitally signed. Signer: Adobe Systems Incorporated
Issuer: VeriSign Class 3 Code Signing 2004 CA
Suspicious VirusTotal score: 1/72 (Scanned on 2024-11-02 07:59:35) Jiangmin: Trojan.Generic.hetyo

Hashes

MD5 76ef16e94f77454aaffdfa4c700be85f
SHA1 9b45b3826706337a11e43248095fb2c62e42d14d
SHA256 3b9dabd99dc58a5242616cb6d1d876bca3046119a9b150c7d7868bf02202ea82
SHA3 8f8f4a82f12ff1902d0038e3ecc5519c0c202bc3194e0f1b95f1bfab96435d29
SSDeep 3072:fNCpBPbYsMn1mx6nWGdN6YROBxQo6PfSPgHvUJjX1qINSxT3OIpkApPxn:fNiGC6nWGdN6YO6Pf9vAjX1qINGLdRz
Imports Hash ec7603dfc11290c5ea59ede1b41eac50

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2008-Aug-05 15:01:45
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 7.0
SizeOfCode 0x1d000
SizeOfInitializedData 0x93000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0001257A (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1e000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xb1000
SizeOfHeaders 0x1000
Checksum 0x38bb5
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1129d40427a7031ada2ee8ff89bce7bf
SHA1 652ae433db1b6faada4efd3c17df623053a26f48
SHA256 0e144b3fa46cdd2a88ae424dcfa00488ccc1cddbcdca7d86cc1842714f2845c1
SHA3 103467e6c284fdbdbe4f894f5fbff7175a306a2dd273f4914bf723ef734265a6
VirtualSize 0x1c854
VirtualAddress 0x1000
SizeOfRawData 0x1d000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.54496

.rdata

MD5 4ad49102466741cc4e39381f2c364f88
SHA1 f9647b79fe142602443a7550cadf1e06b9d31eac
SHA256 fe5fb267ae24df0fccae99f382ec5127a9bb3da077b6641d86cf5cbf5da61479
SHA3 6eed1750f1d6db5d054f095927bb75a980c53ed48567207cf4f0a7915c1457a3
VirtualSize 0x4bf8
VirtualAddress 0x1e000
SizeOfRawData 0x5000
PointerToRawData 0x1e000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.38634

.data

MD5 4e0a3a8b48ed7178451196d306cad366
SHA1 c0da32e6e6ceec47b145d2db11ea6482d45e43ac
SHA256 2902e3df52171eddb4416604591c8bb11e9efb7b316d188dd0f2c58a0902a7cf
SHA3 4054fd34bc0b848d85b2820dea2e8553ea71f3f835a904cec917190068bea7e9
VirtualSize 0x868f4
VirtualAddress 0x23000
SizeOfRawData 0x3000
PointerToRawData 0x23000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.0653

.rsrc

MD5 eae30d44f93456badb4191527f8a4b7d
SHA1 dd58880d05341eadffd8dbfa3db5eab62bb047fa
SHA256 f2e7c28c770a1fd29a42baa3888f442d2e203172488c735f092631ee40fdbce6
SHA3 1f93f18f98a5470eaf02cd1a781be3229689c04269da0928138631e7f181d49a
VirtualSize 0x61a0
VirtualAddress 0xaa000
SizeOfRawData 0x7000
PointerToRawData 0x26000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.64617

Imports

COMCTL32.dll _TrackMouseEvent
#17
MSVFW32.dll MCIWndCreateW
MCIWndCreateA
WINMM.dll waveOutSetVolume
waveOutGetVolume
PlaySoundA
waveOutGetNumDevs
SHLWAPI.dll PathRemoveFileSpecW
KERNEL32.dll InterlockedExchange
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
SetLastError
GetOEMCP
GetACP
SetEndOfFile
CreateFileA
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
IsBadCodePtr
IsBadReadPtr
SetFilePointer
GetStringTypeA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCommandLineW
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
CompareStringA
WaitForSingleObject
CloseHandle
DeviceIoControl
MulDiv
FreeLibrary
Sleep
ReleaseMutex
GetLastError
GetUserDefaultLCID
GetUserDefaultUILanguage
GetSystemDefaultLangID
WriteFile
ReadFile
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
SetEnvironmentVariableA
HeapSize
HeapReAlloc
RtlUnwind
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
GetVersionExA
HeapAlloc
HeapFree
LCMapStringA
USER32.dll DestroyIcon
GetSystemMetrics
SetFocus
BeginPaint
FillRect
DrawEdge
keybd_event
SetForegroundWindow
UpdateWindow
TranslateMessage
ReleaseDC
GetAsyncKeyState
SetCursor
EndPaint
RedrawWindow
MoveWindow
GetIconInfo
CreateIconIndirect
GetClientRect
InvalidateRect
ShowWindow
PostQuitMessage
DrawIconEx
SetRect
GetDC
GetWindowRect
GDI32.dll CreateSolidBrush
GetStockObject
PatBlt
CreateCompatibleBitmap
CreateCompatibleDC
SetTextAlign
SetLayout
LineTo
SetBkMode
StretchBlt
BitBlt
SetTextColor
CreatePenIndirect
SelectObject
MoveToEx
Polyline
DeleteObject
DeleteDC
ADVAPI32.dll RegQueryValueA
RegCloseKey

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.86142
MD5 99e959127a84035a977e1a9d135addab
SHA1 db1e596a4191a422f49d843285c88b76e818eb6a
SHA256 eefc2b2966f6b92f3743e88acc5fd782da37c0fcda6e2693a30b6e0f29ec289b
SHA3 a0525b787ce6f421639fed3f94729c1f5e8b26889149d92c1004238225b424bf

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.79374
MD5 788c4728509a05cc1305d7ac2b1a9b35
SHA1 9245b996c88dccb371d2e2ba4cf5ed469283aa26
SHA256 b92ee2b6d36512da71461f86fb621f8870a09a75a22dd39f5d9f73b9c3d202ba
SHA3 33b4b3efb6bbd5aa90fbefd49163c440fe2d178dae683224721f9387334387f0

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.62314
MD5 ec21f9f4215686bc07365313b7150c8e
SHA1 35a9941af17b736ee9c70e00264c5472cf365eb0
SHA256 fde533c8b3415058a17633c4acd0c2a1af221b64d00a097eb42fd8a98122c051
SHA3 23b7633a319a453035b812b0d74a4005d9cf86a22d193b9524916fdecdbb3c8e

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.71208
MD5 2fb16707b45ae4d780b008f5ff4421fc
SHA1 1cdf2c5b082c1fd38bacba9b5b5806c0599a6862
SHA256 20f11db79b69bae115788c0f97b14e3bf9d4cf5e58985bbac27d4010243f2de5
SHA3 3db361911fa2301bdc2eb3f42789980e5e71375962467aa78e863ea75755c1d1

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.7727
MD5 e4800a5793a0ffc33b5a81097971601a
SHA1 c09a09ad4de6737a5c60a4cfa594529a30c0ca2c
SHA256 d1cfc2f941edbe4295c8c59764ce6b58a8ffdac428b0a5607694708877a8800e
SHA3 bceffa1e31e56c31af942b729565e113177f083b0df1f44ccdb5fd5d60d74804

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.40408
MD5 c41a41f7b9ab9b9faade12da70fcae70
SHA1 5ce5f2a7bd2c77562e78840a0a6aa4941229e3e8
SHA256 5c803a0172363cc396fd2f28b27ff99fe6b741a578594bd9f1baaeb5f16dd0ed
SHA3 15890d1ea695dd6422b8ca1827a31b75261c4c8dbc46c865aaee66c620075368

102

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0xf0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.10805
MD5 a1d076f68bf2b48af5262936962580ec
SHA1 2730994be345e5d75134a5108b88d5e1e32e3ccf
SHA256 5b3de2491a6246836b8a39481036e2597ca53a204faf1581b6edc81cbca8753b
SHA3 285260c558bc69315bb393c91231d16fb823074951ab4c9879c39aca992bafe5

117

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x5a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.69913
Detected Filetype Icon file
MD5 fc8846589a152507308beb48ead7a796
SHA1 787c24f9fbf50523b34bcb328ed56d33c4e7ffd7
SHA256 4a2d022975e1b62b89e1e757b73f563b68b21b71edf8cac8dbbf062b2cb2d2fe
SHA3 8ddbf8de92320682fb04bf04b166aab2b443a9fd6055b504b0c29ee44468a9c9

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x2e4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31841
MD5 326e3cdd18a3a25f8a92f5ed38f435ee
SHA1 71b84dcebcd066882e17a03b5e8daad571930fc0
SHA256 16abcb43d5dae453179154b6b90775054329d32050997d8edc8f554273d98635
SHA3 e9ff85533cc0b3b4f13767629505a3855108abec1c9d67993f918670519d4030

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x382
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.0985
MD5 8f6458d7252a7d831ec1e4542dbacd5f
SHA1 a86abe5091c424d8f412c164b88c36ad9bec9d29
SHA256 2b43cd7f22b227bbd64f124484261b0c5f9bb997bec54ca58b942efc628e885b
SHA3 af0aa679d4cf38a6951fe78d0047681fc393b554c697b142f192fc6e0535fc24

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 6.0.0.0
ProductVersion 6.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Adobe Systems Incorporated
FileDescription AutoPlay
FileVersion (#2) 6.0
InternalName AutoPlay
LegalCopyright © 1990-2008 Adobe Systems Incorporated
OriginalFilename AutoPlay.exe
ProductName Autoplay
ProductVersion (#2) 6.0
Resource LangID English - United States

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x425258
SEHandlerTable 0x421cf0
SEHandlerCount 13

RICH Header

XOR Key 0xe78f8e88
Unmarked objects 0
ASM objects (VS2003 (.NET) build 3077) 17
C objects (VS2003 (.NET) build 3077) 131
Imports (2067) 2
Imports (2179) 10
Imports (9210) 5
Total imports 133
105 (2067) 52
C objects (2179) 54
C++ objects (VS2003 (.NET) build 3077) 27
94 (VS2003 (.NET) build 3052) 1
Linker (VS2003 (.NET) build 3077) 1

Errors

<-- -->