8363436878404da0ae3e46991e355b83

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2011-Jan-19 16:10:41

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Unusual section name found: UPX2
The PE only has 9 import(s).
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Has Internet access capabilities:
  • InternetOpenA
Interacts with services:
  • CreateServiceA
Malicious VirusTotal score: 40/65 (Scanned on 2017-10-03 13:58:49) nProtect: Trojan/W32.Agent.3072.PM
CAT-QuickHeal: Trojan.Dynamer!ac
McAfee: Generic.ait
Cylance: Unsafe
VIPRE: Trojan.Win32.Generic!BT
TheHacker: Posible_Worm32
Invincea: heuristic
Baidu: Win32.Trojan-Clicker.Agent.ad
Symantec: Trojan.Gen.2
ESET-NOD32: Win32/TrojanClicker.Agent.NVM
TrendMicro-HouseCall: TROJ_GEN.R08JC0OF817
Paloalto: generic.ml
ClamAV: Win.Trojan.Agent-709658
NANO-Antivirus: Trojan.Win32.RP.cwxtpf
Avast: Win32:Malware-gen
Rising: Trojan.Clicker-Agent!8.13 (CLOUD)
Comodo: UnclassifiedMalware
DrWeb: Trojan.Click3.12740
Zillya: Trojan.Agent.Win32.549706
TrendMicro: TROJ_GEN.R08JC0OF817
McAfee-GW-Edition: Generic.ait
Cyren: W32/Trojan.UCOC-9169
Jiangmin: Trojan.Generic.fxlq
Webroot:
Avira: TR/Downloader.Gen
Antiy-AVL: Trojan/Win32.SGeneric
Kingsoft: Win32.Malware.Heur_Generic.A.(kcloud)
Endgame: malicious (moderate confidence)
AegisLab: Troj.Downloader.Gen!c
GData: Win32.Trojan.Agent.JV4OJM
AhnLab-V3: Trojan/Win32.StartPage.C26214
ALYac: Trojan.Startpage.3072
AVware: Trojan.Win32.Generic!BT
Tencent: Win32.Trojan.Downloader.Dyzr
Yandex: Trojan.CL.Agent!SYJ1YyE/ZV4
Ikarus: Trojan.Win32.TrojanClicker
Fortinet: W32/Agent.NVM!tr
AVG: Win32:Malware-gen
CrowdStrike: malicious_confidence_90% (W)
Qihoo-360: HEUR/Malware.QVM11.Gen

Hashes

MD5 8363436878404da0ae3e46991e355b83
SHA1 5a016facbcb77e2009a01ea5c67b39af209c3fcb
SHA256 c876a332d7dd8da331cb8eee7ab7bf32752834d4b2b54eaa362674a2a48f64a6
SHA3 3b1fbe4ad2a846ccaaddf52d801764864d0bf5fd6222cc7d027c446fd4a1bbc8
SSDeep 48:atUKzxRhvlNZEVtfbn4m3ZUJSSeJY8JTaIcLoBgs:0UKXktfb4KOJzcK
Imports Hash 096aa05b8a2e1f2dc66fc73a1a978a7b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2011-Jan-19 16:10:41
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x1000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x4000
AddressOfEntryPoint 0x5410 (Section: UPX1)
BaseOfCode 0x5000
BaseOfData 0x6000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x7000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics (EMPTY)
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470
VirtualSize 0x4000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

UPX1

MD5 ad0f236c2b34f1031486c8cc4803a908
SHA1 bd7ea516ea0f96cc57d5b7c008db3de3a2f6d0f5
SHA256 ac4fe158d7fbb3b8bdea75cbb8459d9b8d2faedcdb50a3a30d563a1c76366e7c
SHA3 3f6afdd32f4ed312ff06a5640e649dde8b5fdeefdd20d59ef7f1e2090fef521c
VirtualSize 0x1000
VirtualAddress 0x5000
SizeOfRawData 0x600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.06718

UPX2

MD5 f998d25f473e69cc89bf43af3102beea
SHA1 cdc7c68f02e81c18e9d40b6e94e4e40038ce80e5
SHA256 17e519e58fbf915862e673b8f108f7b8994f3cc503b63496ca677383abc358ca
SHA3 5202eb029f35f0d94daffb52a965f1d615e15b8063cce51104eb13094503ef46
VirtualSize 0x1000
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0xa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.7978

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
ADVAPI32.dll CreateServiceA
MSVCRT.dll exit
WININET.dll InternetOpenA

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0! [*] Warning: Section UPX0 has a size of 0!