78734cd268e5c9ab4184e1bbe21a6eb9

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2012-Jan-17 03:24:07
Detected languages English - United States
Debug artifacts K:\GPUTweakCodeVer2031NoSkin20120111\ASGT_2011.04.16\Release\ASGT.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious PEiD Signature: FASM 1.5x
FASM v1.5x
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Functions which can be used for anti-debugging purposes:
  • QueryPerformanceCounter
Possibly launches other programs:
  • CreateProcessA
  • CreateProcessAsUserA
Functions related to the privilege level:
  • DuplicateTokenEx
  • OpenProcessToken
Interacts with services:
  • ControlService
  • OpenSCManagerA
  • QueryServiceStatus
  • CreateServiceA
  • DeleteService
  • OpenServiceA
Suspicious The file contains overlay data. The overlay data has an entropy of 7.99373 and is possibly compressed or encrypted.
Malicious VirusTotal score: 47/67 (Scanned on 2018-08-29 00:26:35) MicroWorld-eScan: Trojan.GenericKD.40352713
CAT-QuickHeal: TrojanDropper.FelixRoot
ALYac: Trojan.Dropper.Agent
Cylance: Unsafe
K7GW: Riskware ( 0040eff71 )
K7AntiVirus: Riskware ( 0040eff71 )
Arcabit: Trojan.Generic.D267BBC9
TrendMicro: TROJ_FRS.VSN0AH18
Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9634
Symantec: Trojan Horse
TrendMicro-HouseCall: TROJ_FRS.VSN0AH18
Avast: Win32:Malware-gen
Kaspersky: Trojan-Dropper.Win32.Agent.bjveuj
BitDefender: Trojan.GenericKD.40352713
NANO-Antivirus: Trojan.Win32.Generic.feircw
ViRobot: Trojan.Win32.S.Agent.119296.XG
Tencent: Win32.Trojan-dropper.Agent.Aiid
Ad-Aware: Trojan.GenericKD.40352713
Emsisoft: Trojan.GenericKD.40352713 (B)
F-Secure: Trojan.GenericKD.40352713
DrWeb: Trojan.MulDrop8.32653
Zillya: Dropper.Agent.Win32.378699
Invincea: heuristic
McAfee-GW-Edition: Generic-FAEX
Sophos: Mal/Behav-321
Paloalto: generic.ml
Cyren: W32/Trojan.DGFN-4552
Jiangmin: TrojanDropper.Agent.gfpv
Avira: TR/Agent.rwsdv
Fortinet: W32/Agent.SCT!tr
Antiy-AVL: Trojan/Win32.TSGeneric
Endgame: malicious (high confidence)
Microsoft: TrojanDropper:Win32/FelixRoot
AegisLab: Troj.Dropper.W32.Agent!c
ZoneAlarm: Trojan-Dropper.Win32.Agent.bjveuj
AhnLab-V3: Trojan/Win32.Agent.C2640876
McAfee: Generic-FAEX
MAX: malware (ai score=100)
VBA32: Malware-Cryptor.General.3
ESET-NOD32: Win32/Agent.SCT
Rising: Dropper.Agent!8.2F (CLOUD)
Yandex: Trojan.DR.Agent!/sJBXoyj9nI
GData: Trojan.GenericKD.40352713
AVG: Win32:Malware-gen
Panda: Trj/CI.A
CrowdStrike: malicious_confidence_60% (D)
Qihoo-360: Win32/Trojan.Dropper.453

Hashes

MD5 78734cd268e5c9ab4184e1bbe21a6eb9
SHA1 d5ac50d38f8b98decda52fb8fcf85a576b0494c7
SHA256 573ea78afb50100f896185164da3b8519e2e0f609a34a7c70460eca5b4ae640d
SHA3 92a6b6f742391335841df1dc0b4a234640bab6beea517315eb0d033dad866139
SSDeep 1536:82dRSDlre9NigEv4bahAOSSd5AAKIyax6lB027TUqYe6POoauGEz1qIUAWs2h+M:0eaAM7Ld5AAKIwlB3ORWqvzkzoMU
Imports Hash 0867dae1b7dc01d9b94be5a2c4d8d929

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2012-Jan-17 03:24:07
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x9600
SizeOfInitializedData 0x3e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00008371 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xb000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x12000
SizeOfHeaders 0x400
Checksum 0x273c2
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 b409a73f3882c852c9f1d2121fade4ce
SHA1 89c552f65fb461cd9978df8eaa969f5aa646778f
SHA256 ac1c1288c3c4bc7b27f72e48b982688d2be6bb30cfc77e606766d55256b07796
SHA3 22d3a5607c5b03ce3b8b8a15ffd2beb04f820ac32167c611789fb816305bcee7
VirtualSize 0x9600
VirtualAddress 0x1000
SizeOfRawData 0x9600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.88277

.rdata

MD5 8cf474841dbcabcad6410bfb53361173
SHA1 4b591c2f429e15754a6708b3554e53bf088455d1
SHA256 d44f704fe2d488754fa4dd47694a744abac791687a1d8d3576280f822d7a50be
SHA3 86fc7e67bdaab107a2333a2bc664336ac0be85dddf8f9747877483670040bfa2
VirtualSize 0x2a38
VirtualAddress 0xb000
SizeOfRawData 0x2c00
PointerToRawData 0x9a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.40674

.data

MD5 252fd1f9506bd4d87a1dd6653f701087
SHA1 36b4c2fb553b1e906e8ef24b9ac4dece2284a1f1
SHA256 33c7c98f8c8d5e0da07db1bb2484a1ab20db9b97deb04b8de4f003e34b1cb959
SHA3 d3a527c32453740d65ac9a7ac0aa974dafff3b2108aa5509ba7377775b86fbbe
VirtualSize 0x2c84
VirtualAddress 0xe000
SizeOfRawData 0x1000
PointerToRawData 0xc600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.10391

.rsrc

MD5 81195ca9b22c050f79e44175e9e7150e
SHA1 c5ab2bb5fd494c24e57c83dc6bb902eaa0dc7c30
SHA256 3329dcfd3c785098e3d024dda1387ee950cdd4a2a857337a8006952114611c09
SHA3 97bccdfe004270d5acf25793824aae6354bbc9b178b4150052a389dea07aad30
VirtualSize 0x1b4
VirtualAddress 0x11000
SizeOfRawData 0x200
PointerToRawData 0xd600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.10501

Imports

WTSAPI32.dll WTSEnumerateSessionsA
WTSFreeMemory
KERNEL32.dll CloseHandle
GetVersionExA
GetModuleFileNameA
GetLastError
CreateProcessA
CreateEventA
Sleep
SetEvent
WaitForSingleObject
GetCurrentProcess
SetLastError
GetModuleHandleW
GetProcAddress
ExitProcess
GetCommandLineA
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
VirtualAlloc
HeapReAlloc
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
RtlUnwind
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
ADVAPI32.dll CloseServiceHandle
RegCloseKey
ControlService
GetLengthSid
OpenSCManagerA
SetServiceStatus
QueryServiceStatus
DuplicateTokenEx
RegOpenKeyExA
ReportEventA
RegisterServiceCtrlHandlerExA
SetTokenInformation
DeregisterEventSource
CreateServiceA
RegQueryValueExA
DeleteService
StartServiceCtrlDispatcherA
CreateProcessAsUserA
OpenServiceA
RegisterEventSourceA
OpenProcessToken

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x15a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.79597
MD5 24d3b502e1846356b0263f945ddd5529
SHA1 bac45b86a9c48fc3756a46809c101570d349737d
SHA256 49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e
SHA3 1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2012-Jan-17 03:24:07
Version 0.0
SizeofData 94
AddressOfRawData 0xcd28
PointerToRawData 0xb728
Referenced File K:\GPUTweakCodeVer2031NoSkin20120111\ASGT_2011.04.16\Release\ASGT.pdb

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x40e00c
SEHandlerTable 0x40cd90
SEHandlerCount 3

RICH Header

XOR Key 0x1f2d73c0
Unmarked objects 0
C++ objects (VS2008 build 21022) 35
ASM objects (VS2008 build 21022) 16
C objects (VS2008 build 21022) 96
Imports (VS2012 build 50727 / VS2005 build 50727) 7
Total imports 114
138 (VS2008 build 21022) 1
Resource objects (VS2008 build 21022) 1

Errors