Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2009-Jan-12 11:44:17 |
Detected languages |
English - United States
|
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ 8 Microsoft Visual C++ 8.0 MSVC++ v.8 (procedure 1 recognized - h) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains another PE executable:
|
Suspicious | The PE is possibly packed. | Unusual section name found: .modu |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 35/71 (Scanned on 2020-06-27 07:56:16) |
FireEye:
Generic.mg.7f790f63573759d7
Cylance: Unsafe Zillya: Adware.BrowseFox.Win32.139956 SUPERAntiSpyware: Trojan.Agent/Gen-PWS Sangfor: Malware CrowdStrike: win/malicious_confidence_90% (W) Alibaba: HackTool:Win32/Mmorpg.f200a48a K7GW: Unwanted-Program ( 004ba41e1 ) K7AntiVirus: Unwanted-Program ( 004ba41e1 ) Invincea: heuristic F-Prot: W32/Heuristic-KPP!Eldorado Symantec: Trojan.Gen.2 APEX: Malicious AegisLab: Riskware.Win32.Game.1!c Sophos: Cheathappens (PUA) Comodo: Malware@#3uirww886ef3s VIPRE: Trojan.Win32.Generic!BT TrendMicro: HKTL_GAMEHACK Trapmine: malicious.high.ml.score SentinelOne: DFI - Malicious PE Jiangmin: Trojan.Generic.foya Fortinet: Riskware/GameHack Endgame: malicious (high confidence) Cynet: Malicious (score: 100) AhnLab-V3: Spyware/Win32.Gampass.C1115832 McAfee: RDN/PWS-Mmorpg.gen MAX: malware (ai score=100) VBA32: Trojan.Agent.12115 Malwarebytes: HackTool.Agent.AIM ESET-NOD32: a variant of Win32/GameHack.BB potentially unsafe TrendMicro-HouseCall: HKTL_GAMEHACK Rising: Malware.Heuristic!ET#99% (CLOUD) Yandex: Riskware.GameHack!TJ5BfqSNE7o GData: Win32.Application.Agent.7VTR6Q BitDefenderTheta: Gen:NN.ZexaF.34130.ruW@ayfHkmni |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2009-Jan-12 11:44:17 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 8.0 |
SizeOfCode | 0x14000 |
SizeOfInitializedData | 0x8000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00005CA4 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x15000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x49000 |
SizeOfHeaders | 0x1000 |
Checksum | 0x24665 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetFileSize
LoadLibraryA CloseHandle VirtualFreeEx Process32Next ReadFile GetProcAddress GetCompressedFileSizeA WriteProcessMemory CreateRemoteThread CreateToolhelp32Snapshot Process32First GetFileAttributesA VirtualProtectEx VirtualAllocEx WaitForSingleObject OpenProcess GetModuleFileNameA Module32First Module32Next CreateFileA GetModuleHandleA GlobalFree WriteFile GlobalAlloc InterlockedIncrement InterlockedDecrement Sleep InitializeCriticalSection DeleteCriticalSection EnterCriticalSection LeaveCriticalSection TerminateProcess GetCurrentProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent GetLastError HeapFree GetCommandLineA GetVersionExA HeapAlloc GetProcessHeap RtlUnwind RaiseException LCMapStringA WideCharToMultiByte MultiByteToWideChar LCMapStringW GetCPInfo TlsGetValue TlsAlloc TlsSetValue TlsFree SetLastError GetCurrentThreadId HeapDestroy HeapCreate VirtualFree VirtualAlloc HeapReAlloc ExitProcess GetStdHandle FreeEnvironmentStringsA GetEnvironmentStrings FreeEnvironmentStringsW GetEnvironmentStringsW SetHandleCount GetFileType GetStartupInfoA QueryPerformanceCounter GetTickCount GetCurrentProcessId GetSystemTimeAsFileTime GetACP GetOEMCP IsValidCodePage GetUserDefaultLCID GetLocaleInfoA EnumSystemLocalesA IsValidLocale GetStringTypeA GetStringTypeW HeapSize GetConsoleCP GetConsoleMode FlushFileBuffers SetFilePointer WriteConsoleA GetConsoleOutputCP WriteConsoleW SetStdHandle GetLocaleInfoW |
---|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x41a5a8 |
SEHandlerTable | 0x417ca0 |
SEHandlerCount | 39 |