8dcd25918df410e626b5a9beee38f157

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2018-Feb-08 01:11:51
Detected languages English - United States

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryW
Malicious VirusTotal score: 18/67 (Scanned on 2018-02-07 20:12:41) Bkav: W32.eHeur.Malware03
MicroWorld-eScan: Gen:Variant.Zbot.7
Cylance: Unsafe
Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9977
Kaspersky: HEUR:Trojan.Win32.Generic
BitDefender: Gen:Variant.Zbot.7
Ad-Aware: Gen:Variant.Zbot.7
F-Secure: Gen:Variant.Zbot.7
McAfee-GW-Edition: BehavesLike.Win32.AdwareLinkury.dz
Emsisoft: Gen:Variant.Zbot.7 (B)
Endgame: malicious (high confidence)
Arcabit: Trojan.Zbot.7
ZoneAlarm: HEUR:Trojan.Win32.Generic
GData: Gen:Variant.Zbot.7
MAX: malware (ai score=87)
Cybereason: malicious.18df41
CrowdStrike: malicious_confidence_60% (D)
Qihoo-360: HEUR/QVM10.1.0D41.Malware.Gen

Hashes

MD5 8dcd25918df410e626b5a9beee38f157
SHA1 782d1ee528f1235a6643a86f2372895fae647fcb
SHA256 3c14695116efa660205a544fd060ffa7b553e70f2262f06d53e850183582eb63
SHA3 efc3b0d2bd41904eaa5d83aabb791123f7b9fa74f03087d2d573aeb38d852ea8
SSDeep 768:uwbMbOYkNhXVIuD2Ho74NtEDmAnfUcSC:fobKXVFD2o74IBSC
Imports Hash fd40bbace416d98feb0c1d338ec62a38

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2018-Feb-08 01:11:51
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 10.0
SizeOfCode 0x4400
SizeOfInitializedData 0x43200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x11e2 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x6000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x4b000
SizeOfHeaders 0x400
Checksum 0x55ef7
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 be9230adb6a646b3d839f7969a669c22
SHA1 1c8b804818f7210f586e875920f6861f69ab56bf
SHA256 1ea55b424adb4e14f76a2ce4000e9523238898dcd6842545a3e74a9ec0573820
SHA3 6dc642f72aac4e6697c73e2f9e92e5b65ef33d3f015c389b66fde766d4e30f29
VirtualSize 0x42a2
VirtualAddress 0x1000
SizeOfRawData 0x4400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.4224

.rdata

MD5 a8e1114adf587f48b195e535b5df39be
SHA1 1de460bbd48b402c7637de137164b12bdffd5caa
SHA256 b714f65d65de4390206f275d25eb3873f64ad6706f3023a72acf189814e4c5e6
SHA3 d618f449fa2558f39236d0878ac84f48405fddb9ee924686ba7601583643d5ac
VirtualSize 0x1e56
VirtualAddress 0x6000
SizeOfRawData 0x2000
PointerToRawData 0x4800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.57484

.data

MD5 baf7e73bb72325d6d23a1f3f594a6835
SHA1 027dcc5c0e14df178f577f0a9b084d7c24998ef1
SHA256 eda0164c275da32f7797cda4c9a6de844949fed8687da13a26e367c54cfd30f8
SHA3 5159786bd9ef977c0a807400c7203c4587de10583bb974bf9790f4a871dca67c
VirtualSize 0x40f60
VirtualAddress 0x8000
SizeOfRawData 0x40200
PointerToRawData 0x6800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.70223

.rsrc

MD5 fdbdf5975c5fe703dc62d3d0631d9b4f
SHA1 b706e2661a423771acad20482d876dcc159c74bd
SHA256 f8d85f62a65d31435c4de400d4292aa994a9eb6d47a5d6da16b5f6d0d45ed1ca
SHA3 8001352dfe8c0efc81809754ec0c82b1f7ca1a1b4690b8a266e3e5fe5cf8bf6f
VirtualSize 0x480
VirtualAddress 0x49000
SizeOfRawData 0x600
PointerToRawData 0x46a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.35652

.reloc

MD5 558b3a41fdeff2a2422bf0f9df5141a5
SHA1 ea8813ff153de3e1bcae670b86912e168a72ec9e
SHA256 d07fa6af1a1d6131c719afaed9cfe21b1135fe8f293b89fc1521b6cf494dae4d
SHA3 90d3f05aed12d97dbb18baac06a40c60f161b339c0941459279fd274ce1cdb98
VirtualSize 0x9c2
VirtualAddress 0x4a000
SizeOfRawData 0xa00
PointerToRawData 0x47000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.53509

Imports

KERNEL32.dll VirtualAlloc
GetCommandLineW
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
HeapFree
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
WideCharToMultiByte
HeapSize
HeapAlloc
HeapReAlloc
IsProcessorFeaturePresent
LCMapStringW
MultiByteToWideChar
GetStringTypeW

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x428
Entropy 5.08047
MD5 bf80dfd1cc1129b47baf85d5e213dbf4
SHA1 3bc49aebfd065c79c6b08757053a1f68d7670107
SHA256 9cb0608961e086d85b12d247de3c717a67706c85368c3a4b306531a0ca9582a7
SHA3 2f767c399a942e839322fea2af421b8061640074eb2027701de13c4dd7ea36dd

Version Info

TLS Callbacks

Load Configuration

Errors