Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2017-Apr-10 16:03:20 |
Detected languages |
English - United States
|
CompanyName | VIP Technologies |
FileVersion | 1.8.3.0 |
FileDescription | VIP72 Tunneling Client |
LegalCopyright | Copyright © 2001-2017, VTECH |
OriginalFilename | vip72socks.exe |
ProductName | VIP72 Tunneling Client |
SpecialBuild | Engine Version 16f |
Info | Matching compiler(s): |
Microsoft Visual C++ v6.0 DLL
MASM/TASM - sig2(h) |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to MD5 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE is possibly a dropper. | Resources amount for 91.6797% of the executable. |
Info | The PE is digitally signed. |
Signer: Soft-Pro
Issuer: COMODO RSA Code Signing CA |
Malicious | VirusTotal score: 3/71 (Scanned on 2019-01-29 03:58:22) |
ClamAV:
Win.Virus.Sality-6823067-0
DrWeb: BackDoor.Anunak.117 Webroot: W32.Trojan.Gen |
e_magic | MZ |
---|---|
e_cblp | 0 |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x2 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0x40 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x40 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2017-Apr-10 16:03:20 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 5.0 |
SizeOfCode | 0x16000 |
SizeOfInitializedData | 0x15f600 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001000 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x17000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x178000 |
SizeOfHeaders | 0x200 |
Checksum | 0x1592c1 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
USER32.dll |
DeleteMenu
DestroyMenu DialogBoxParamA DispatchMessageA wsprintfA EmptyClipboard EnableWindow EndDialog FillRect GetClientRect GetCursorPos GetDlgCtrlID GetDlgItem GetDlgItemInt GetDlgItemTextA GetMessageA GetParent GetSysColor GetWindowDC GetWindowLongA GetWindowRect InsertMenuA IsDlgButtonChecked LoadBitmapA LoadCursorA LoadIconA LoadImageA MessageBeep MessageBoxA ModifyMenuA MoveWindow OpenClipboard RedrawWindow RegisterClassExA ReleaseCapture ReleaseDC SendMessageA SetActiveWindow SetCapture SetClipboardData SetDlgItemInt SetDlgItemTextA SetFocus SetForegroundWindow SetWindowLongA SetWindowPos SetWindowRgn SetWindowTextA ShowWindow TrackPopupMenu TrackPopupMenuEx TranslateMessage DefWindowProcA CreateWindowExA CreatePopupMenu CloseClipboard CheckDlgButton CharUpperBuffA CallWindowProcA |
---|---|
KERNEL32.dll |
lstrlenA
lstrcpynA lstrcpyA lstrcmpiA lstrcmpA lstrcatA _lwrite _lread _llseek WaitForSingleObject TerminateThread Sleep SetTimeZoneInformation SetEvent RtlZeroMemory ResetEvent OpenMutexA OpenEventA LoadLibraryA IsBadWritePtr IsBadReadPtr HeapFree HeapAlloc GlobalUnlock GlobalLock GlobalAlloc GetVersionExA GetTimeZoneInformation CloseHandle CreateEventA CreateFileA CreateMutexA CreateThread ExitProcess ExitThread GetCommandLineA GetCurrentProcess GetCurrentThreadId GetFileSize GetModuleHandleA GetProcAddress GetProcessHeap GetSystemTime GetTimeFormatA |
COMCTL32.dll |
ImageList_Create
ImageList_AddIcon |
GDI32.dll |
SetBkColor
SelectObject GetStockObject SetBkMode DeleteObject DeleteDC CreateSolidBrush CreateRectRgn CreatePatternBrush CreateCompatibleDC CreateCompatibleBitmap CreateBrushIndirect CombineRgn BitBlt SetTextColor GetPixel |
SHELL32.dll |
Shell_NotifyIconA
ShellExecuteA |
ADVAPI32.dll |
RegSetValueExA
RegQueryValueExA RegCreateKeyExA RegCloseKey OpenProcessToken LookupPrivilegeValueA AdjustTokenPrivileges |
WS2_32.dll |
#111
#115 #1 #2 #3 #4 #52 #11 #12 #10 #13 #16 #17 #18 #19 #20 #21 #22 #23 |
shell32.dll |
SHGetFolderPathA
|
gdi32.dll |
CreateDIBSection
CreateDIBitmap CreateFontIndirectA CreatePen GetClipBox GetDeviceCaps GetObjectA GetTextColor LineTo MoveToEx PatBlt Rectangle RestoreDC SaveDC SetPixel |
user32.dll |
GetMenu
GetMenuInfo GetMenuItemCount GetMenuItemInfoA GetMenuStringA GetPropA GetSubMenu GetSysColorBrush GetWindowTextA GetWindowTextLengthA InflateRect InsertMenuItemA InvalidateRect IsMenu GetIconInfo RemoveMenu RemovePropA SetClassLongA SetMenuInfo SetMenuItemInfoA SetPropA SystemParametersInfoA TrackMouseEvent FrameRect DrawTextA DrawMenuBar DrawIconEx CopyRect IsWindow GetDC DrawEdge |
kernel32.dll |
GlobalFree
MulDiv GetVersion |
comctl32.dll |
ImageList_GetIcon
|
msimg32.dll |
GradientFill
|
winmm.dll |
PlaySoundA
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.8.3.0 |
ProductVersion | 1.8.3.0 |
FileFlags |
VS_FF_PRERELEASE
|
FileOs | (EMPTY) |
FileType |
VFT_UNKNOWN
|
Language | English - United States |
CompanyName | VIP Technologies |
FileVersion (#2) | 1.8.3.0 |
FileDescription | VIP72 Tunneling Client |
LegalCopyright | Copyright © 2001-2017, VTECH |
OriginalFilename | vip72socks.exe |
ProductName | VIP72 Tunneling Client |
SpecialBuild | Engine Version 16f |
Resource LangID | English - United States |
---|