Manalyze report for 87e221027dc4e9cb9d73e4a5775719d6

Summary

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)`
Malicious	The file headers were tampered with.	`The RICH header checksum is invalid.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW`
Suspicious	The file contains overlay data.	`3212 bytes of data starting at offset 0xd0600.` `The overlay data has an entropy of 7.94659 and is possibly compressed or encrypted.`
Malicious	VirusTotal score: 24/49 (Scanned on 2014-03-15 09:07:11)	`MicroWorld-eScan: Gen:Variant.Symmi.37420` `CMC: Packed.Win32.Hrup.2!O` `McAfee: Artemis!87E221027DC4` `NANO-Antivirus: Trojan.Win32.Ponmocup.cumdag` `Norman: Troj_Generic.SZULO` `TrendMicro-HouseCall: TROJ_GEN.F47V0314` `Avast: Win32:Malware-gen` `Kaspersky: HEUR:Trojan.Win32.Generic` `BitDefender: Gen:Variant.Symmi.37420` `SUPERAntiSpyware: Trojan.Agent/Gen-Ponmocup` `Ad-Aware: Gen:Variant.Symmi.37420` `Sophos: Mal/Generic-S` `Comodo: UnclassifiedMalware` `F-Secure: Gen:Variant.Symmi.37420` `DrWeb: Trojan.DownLoader7.14920` `VIPRE: Trojan.Win32.Vundo.aba (v)` `AntiVir: TR/Crypt.ZPACK.55740` `McAfee-GW-Edition: Artemis!87E221027DC4` `Emsisoft: Gen:Variant.Symmi.37420 (B)` `Antiy-AVL: Trojan/Win32.SGeneric` `GData: Gen:Variant.Symmi.37420` `ESET-NOD32: a variant of Win32/Ponmocup.IP.gen` `AVG: Crypt3.CJJ` `Panda: Suspicious file`

MD5	`87e221027dc4e9cb9d73e4a5775719d6`
SHA1	`87d5f0c0f1705b1c36f212f34c1d4699682607b3`
SHA256	`7f5700d2abdc0711ed92c65b2c4b7ea6fc1fa5ddb40eac356e9841da4f78932e`
SHA3	`a950455594283292419cb3a0b6b3ab647f8ce02e2dc31bfa1636ec52aed38b2a`
SSDeep	`3072:8cPpglFZgcbGNOJMiYLToByh7c67asmoSkeDh3FUKodi4qw:8cP2DZgirJcLBUK9`
Imports Hash	`15ecda76abf0a57d320901a1b9eb619d`

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2014-Feb-15 06:32:39
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Magic	`PE32`
LinkerVersion	`10.0`
SizeOfCode	`0x13600`
SizeOfInitializedData	`0xc0200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000EA99 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x15000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0xd6000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

MD5	`4d1cc0c3ea20f0d79447d8d74d2f2ce2`
SHA1	`833665e1ed3869dadc6130f3a676e7025476d9b6`
SHA256	`cb8350b183cd03d7e63df589d58c2f8355adf11de9ca393c1d1d701ad7374283`
SHA3	`3f4827b293d48fe95d9b321763ee6c72a27942000607d6372b0e021841081a41`
VirtualSize	`0x135e6`
VirtualAddress	`0x1000`
SizeOfRawData	`0x13600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.43509`

MD5	`2c96466c23d91e8f0a81dfdf77a938ba`
SHA1	`60ba266812552da0318b534da49135a8a1658f70`
SHA256	`2230fb77b8f2c3b7394dcea3050e6cd7d60b41dc43c7d6f2eadfde7a112b799a`
SHA3	`74c76d92cab3f805e289b4ade0fe47de31117f769e9ba5984318fb8fc95b2c23`
VirtualSize	`0x840e6`
VirtualAddress	`0x15000`
SizeOfRawData	`0x84200`
PointerToRawData	`0x13a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.54134`

MD5	`0eef30632ebb1d1c7475e95375b6baea`
SHA1	`786ae4fcefad69af075f5546b3dabafa6d648158`
SHA256	`72e952067589d18ae28b8262a08484abd8c4366b03a2f708c6302eb92eb10a66`
SHA3	`22480536884e9607df439ebd0524f468d4f3d6d7053a92d58ca498b99532f875`
VirtualSize	`0x3bf08`
VirtualAddress	`0x9a000`
SizeOfRawData	`0x38a00`
PointerToRawData	`0x97c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.46373`

KERNEL32.dll	`VirtualAlloc` `GetProcAddress` `GetModuleHandleW` `ExitProcess` `DecodePointer` `GetCommandLineA` `HeapSetInformation` `GetStartupInfoW` `IsProcessorFeaturePresent` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `LeaveCriticalSection` `FatalAppExitA` `EnterCriticalSection` `EncodePointer` `GetLastError` `SetConsoleCtrlHandler` `FreeLibrary` `InterlockedExchange` `LoadLibraryW` `GetLocaleInfoW` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `TerminateProcess` `GetCurrentProcess` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `InterlockedIncrement` `SetLastError` `GetCurrentThreadId` `InterlockedDecrement` `GetCurrentThread` `WriteFile` `GetStdHandle` `GetModuleFileNameW` `GetModuleFileNameA` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStringsW` `SetHandleCount` `GetFileType` `HeapCreate` `HeapDestroy` `QueryPerformanceCounter` `GetTickCount` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `HeapFree` `Sleep` `GetCPInfo` `GetACP` `GetOEMCP` `IsValidCodePage` `HeapSize` `RtlUnwind` `HeapAlloc` `HeapReAlloc` `LCMapStringW` `MultiByteToWideChar` `GetStringTypeW`

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4d2184`
SEHandlerTable	`0x498910`
SEHandlerCount	`3`