Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 1970-Feb-23 13:04:10 |
Detected languages |
English - United States
|
Malicious | VirusTotal score: 61/70 (Scanned on 2023-05-22 22:41:08) |
Bkav:
W32.AIDetectMalware
Lionic: Trojan.Win32.FakeAV.llP4 tehtris: Generic.Malware DrWeb: Trojan.Fakealert.20511 MicroWorld-eScan: Gen:Variant.Symmi.14935 ALYac: Gen:Variant.Symmi.14935 Malwarebytes: Adware.SystemSecurity VIPRE: Gen:Variant.Symmi.14935 Sangfor: Suspicious.Win32.Save.a K7AntiVirus: Trojan ( 002a00f61 ) Alibaba: Malware:Win32/km_2431.None K7GW: Trojan ( 002a00f61 ) CrowdStrike: win/malicious_confidence_90% (W) BitDefenderTheta: Gen:NN.ZexaF.36196.xqW@amq3Mimi VirIT: FraudTool.SystemTool.B Cyren: W32/FakeAlert.JW.gen!Eldorado Symantec: ML.Attribute.HighConfidence Elastic: malicious (high confidence) ESET-NOD32: Win32/Adware.SystemSecurity.AF APEX: Malicious ClamAV: Win.Trojan.Fakeav-1634 Kaspersky: Trojan.Win32.FraudPack.cstz BitDefender: Gen:Variant.Symmi.14935 NANO-Antivirus: Trojan.Win32.FakeAV.bxskx SUPERAntiSpyware: Trojan.Agent/Gen-FakeAV Avast: Win32:FakeAlert-ACY [Trj] Rising: Trojan.FakeAV!1.658F (CLASSIC) Emsisoft: Gen:Variant.Symmi.14935 (B) F-Secure: Trojan.TR/FakeAV.btxt.8 Zillya: Trojan.FakeAV.Win32.52763 TrendMicro: TROJ_FAKEAV.SMID McAfee-GW-Edition: BehavesLike.Win32.Generic.fc Trapmine: malicious.high.ml.score FireEye: Generic.mg.79c2dd053543c990 Sophos: Mal/FakeAV-IS SentinelOne: Static AI - Malicious PE GData: Gen:Variant.Symmi.14935 Jiangmin: Trojan/Fakeav.noe Avira: TR/FakeAV.btxt.8 MAX: malware (ai score=81) Antiy-AVL: Trojan/Win32.FraudPack Xcitium: TrojWare.Win32.Kryptik.AG@39coru Arcabit: Trojan.Symmi.D3A57 ViRobot: Trojan.Win32.A.FraudPack.377731 ZoneAlarm: Trojan.Win32.FraudPack.cstz Microsoft: Trojan:Win32/Wacatac.B!ml Cynet: Malicious (score: 100) AhnLab-V3: Win-Trojan/Fakeav.320000.AT Acronis: suspicious McAfee: Generic FakeAV.oi VBA32: BScope.Trojan.MulDrop Cylance: unsafe Panda: Trj/Cycbot.gen TrendMicro-HouseCall: TROJ_FAKEAV.SMID Tencent: Malware.Win32.Gencirc.10bda555 Ikarus: Trojan.Win32.FakeAV MaxSecure: Trojan.Malware.300983.susgen Fortinet: W32/FakeAlert.AMB!tr AVG: Win32:FakeAlert-ACY [Trj] Cybereason: malicious.53543c DeepInstinct: MALICIOUS |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 1970-Feb-23 13:04:10 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x30200 |
SizeOfInitializedData | 0x2a600 |
SizeOfUninitializedData | 0x1000 |
AddressOfEntryPoint | 0x00004172 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x32000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xb9000 |
SizeOfHeaders | 0x400 |
Checksum | 0x5fa50 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
FreeEnvironmentStringsA
GetEnvironmentStrings SetHandleCount GetFileType GetTimeZoneInformation GetConsoleCP GetConsoleMode FlushFileBuffers EnumSystemLocalesA IsValidLocale WriteConsoleA GetConsoleOutputCP SetStdHandle SetEndOfFile SetEnvironmentVariableA LocalAlloc GetCurrentProcess GetCurrentThreadId LeaveCriticalSection InterlockedExchange SetLastError SetProcessShutdownParameters FlushInstructionCache GetProcessShutdownParameters GetCurrentProcessId InterlockedDecrement GetLastError DeleteCriticalSection HeapFree CloseHandle GetProcessHeap HeapAlloc VirtualFree VirtualQueryEx VirtualAlloc GetCommandLineA GetStartupInfoA RtlUnwind LCMapStringA GetStringTypeA ExitThread ExitProcess CreateThread HeapCreate GetStdHandle GetOEMCP |
---|---|
USER32.dll |
GetKeyState
CharLowerA GetWindowWord |
MSIMG32.dll |
TransparentBlt
|
GDI32.dll |
GetBkColor
BitBlt SelectObject GetBkMode SetLayoutWidth GetPixel SetTextCharacterExtra |
Characteristics |
659060615
|
---|---|
TimeDateStamp | 2004-Apr-03 20:34:47 |
Version | 30527.26845 |
SizeofData | 176151351 |
AddressOfRawData | 0x2daab3f1 |
PointerToRawData | 0x4ce11b70 |
XOR Key | 0xca172d24 |
---|---|
Unmarked objects | 0 |
138 (VS2008 SP1 build 30729) | 1 |
Total imports | 579 |
Imports (VS2008 SP1 build 30729) | 17 |
ASM objects (VS2008 SP1 build 30729) | 4 |
Exports (VS2008 SP1 build 30729) | 1 |
C++ objects (VS2008 SP1 build 30729) | 75 |
C objects (VS2008 SP1 build 30729) | 61 |
Linker (VS2008 SP1 build 30729) | 1 |
Resource objects (VS2008 SP1 build 30729) | 1 |