8b3ae999efeb1a35c8ee9218cc23f258

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2003-Jun-23 05:09:27
Detected languages English - Canada

Plugin Output

Suspicious PEiD Signature: UPX -> www.upx.sourceforge.net
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The PE only has 4 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Malicious VirusTotal score: 27/57 (Scanned on 2015-10-20 05:44:45) MicroWorld-eScan: Gen:Trojan.Heur.GM.0000230520
McAfee: Artemis!8B3AE999EFEB
TheHacker: Trojan/KGB.aq
BitDefender: Gen:Trojan.Heur.GM.0000230520
K7GW: Riskware ( 0040eff71 )
K7AntiVirus: Riskware ( 0040eff71 )
Agnitum: VirTool.KGB!wCxNmMyQI94
F-Prot: W32/Agent.OT.gen!Eldorado
Symantec: Trojan.Gen.2
TrendMicro-HouseCall: PAK_Generic.005
NANO-Antivirus: Trojan.Win32.KgbSpy.deehdr
Ad-Aware: Gen:Trojan.Heur.GM.0000230520
Comodo: Packed.Win32.MUPX.Gen
F-Secure: Gen:Trojan.Heur.GM.0000230520
VIPRE: Trojan.Win32.Generic!BT
TrendMicro: PAK_Generic.005
McAfee-GW-Edition: BehavesLike.Win32.Flyagent.lh
Emsisoft: Gen:Trojan.Heur.GM.0000230520 (B)
Cyren: W32/Agent.OT.gen!Eldorado
Avira: TR/Crypt.XPACK.Gen
Arcabit: Trojan.Heur.GM.D38478
AhnLab-V3: Win-AppCare/Kgb.13824.B
GData: Gen:Trojan.Heur.GM.0000230520
AVware: Trojan.Win32.Generic!BT
VBA32: Trojan.Genome.al
Ikarus: Virus.Win32.KGB
Fortinet: W32/KGB.AQ!kit

Hashes

MD5 8b3ae999efeb1a35c8ee9218cc23f258
SHA1 2e40d1b13eeb98e5ed002a5515cf82d6977d8dd6
SHA256 52597c8afecd5b7dffa33814a844359902af2500b1af7d96585bbe3c2c9f8ad4
SHA3 be8b4096f331f14089d82d66a1d5bb9497737667fcb53d6ba49b8b43132a1443
SSDeep 192:g5EM3Lx81TDDwIww9XZ5NMl189nD35gBDNDDbj5Ufj6AtRvaY7:g5ECxiTAILdcWD35g/XlVAtRvB
Imports Hash ffb54f87b331c901f3380b3b840824e8

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2003-Jun-23 05:09:27
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x3000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x5000
AddressOfEntryPoint 0x00008140 (Section: UPX1)
BaseOfCode 0x6000
BaseOfData 0x9000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xa000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x5000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 ef34fae496d0a7cd19f597e2f2ba2a2c
SHA1 80f9b74eb383643c1a6e7ccb74ef10a06a19d369
SHA256 13840d8b50982198c976fe5ec42b9e7c732933dfb9a4703636c4e2f35d0e81b6
SHA3 489d21d2f9ddfc9cbe56dff875e55b8ed6e809dd937d93b9a6c8d364cd2f0b6f
VirtualSize 0x1000
VirtualAddress 0x6000
SizeOfRawData 0x1000
PointerToRawData 0x800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.79378

UPX1 (#2)

MD5 e6cc07ead6a04ec14ca4ec5911883f60
SHA1 e282d5365e14a554e815a14e778f0c4f0fb6fcfd
SHA256 c7b8b5d8208c0116b20c74af2d526c5609b74d6fccf99284d5dce36ea35a2c8b
SHA3 ee518a4174b8cf5873ad52fdd932d9448d276ee6f93bbffc187a37562d0baf11
VirtualSize 0x1000
VirtualAddress 0x7000
SizeOfRawData 0x1000
PointerToRawData 0x1800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.83427

UPX1 (#3)

MD5 9b5f2d26950f33888f6f378cef5a85fb
SHA1 2e5c1e120ca74e7e9d0e7d8d18a68210c28b55fc
SHA256 ca73b79857b8d75038b85ded909d0d3ad53a2ca6fa8b67af7a0478f866f077f9
SHA3 c86f7d4f446a1303d726f5205a438b002b9d6e3d0534ee2ecc0604f584e29258
VirtualSize 0x1000
VirtualAddress 0x8000
SizeOfRawData 0x2a0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.92822

.rsrc

MD5 d31d3502add2b7c5dcbafb8ba4b08852
SHA1 8e7ca65044e3f22f6c23e20a074ea5cc42663bff
SHA256 d4f025a82dfb0712b892ee7c9f2d034b84cf0a1856eadd8b3977d131551478a8
SHA3 04c598951b98f81aa5d12798471fae1ebd815c4d5286c161f7c5fb888d659cff
VirtualSize 0x1000
VirtualAddress 0x9000
SizeOfRawData 0x600
PointerToRawData 0x3000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.81668

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
ExitProcess
USER32.dll SetMenu

Delayed Imports

1

Type RT_ICON
Language English - Canada
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.46454
MD5 3f02daeca1c70a17ea0b7694e7efbcd6
SHA1 b6307d0ac422d7e0469a7b60a8b038eaf9aa2937
SHA256 8825003d80d05ac9c867ff607c17f6d75118796c8dc3df37aab076d79f3cd79f
SHA3 df3a4320d3a7d9f9b8b436be807136e3657c95002d565ea068676ed35b614214

2

Type RT_ICON
Language English - Canada
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.33031
MD5 ca295d896dd8717ca93f96c860f2deea
SHA1 003bcec87dcd88da3fb23409da1c579b4b6aefcb
SHA256 00bc85959458bcb7fc53bf85251b2d59a0858b69e6767ad2ff287626833e6b04
SHA3 b26b6364d378a96588967c633bb5a42cc46dbd7e10114fd01cc7d61df80b65b6

102

Type RT_GROUP_ICON
Language English - Canada
Codepage UNKNOWN
Size 0x22
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.37086
Detected Filetype Icon file
MD5 d59e0d372ea5fd8c1f4de744376a6af4
SHA1 6883ce60e71a83424db0b41d0ab6bf61080e3de2
SHA256 b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b
SHA3 5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x9b0e79b0
Unmarked objects 0
C++ objects (VS98 build 8168) 1
14 (7299) 9
19 (8034) 5
Total imports 56
C objects (VS98 build 8168) 23
Resource objects (VS98 cvtres build 1720) 1

Errors

[*] Warning: Section UPX0 has a size of 0!
<-- -->