Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2004-Jan-23 23:39:42 |
Debug artifacts |
Embedded COFF debugging symbols
|
Suspicious | PEiD Signature: |
PolyEnE 0.01+ by Lennart Hedlund
Upack 0.399 -> Dwing Upack v0.39 final -> Sign by hot_UNP |
Suspicious | The PE is possibly packed. |
Unusual section name found: PS\xff\xd5\xab\xeb\xe7\xc3
Section PS\xff\xd5\xab\xeb\xe7\xc3 is both writable and executable. Unusual section name found: \x00\x10@\x00\xf0\x94@ Section \x00\x10@\x00\xf0\x94@ is both writable and executable. Unusual section name found: \xb8t@\x00\xfc\x0f@ Section \xb8t@\x00\xfc\x0f@ is both writable and executable. The PE only has 0 import(s). |
Malicious | VirusTotal score: 40/56 (Scanned on 2015-08-08 04:52:22) |
Bkav:
W32.OnGamesLT180912HKGHAAI.Trojan
MicroWorld-eScan: DeepScan:Generic.Malware.dld!!g.8AC8DD1D CAT-QuickHeal: Win32.Trojan.Glox.gen!damaged.3 Malwarebytes: Malware.Packer.Gen TheHacker: W32/Behav-Heuristic-060 K7GW: Trojan ( 003b1b581 ) K7AntiVirus: Trojan ( 003b1b581 ) NANO-Antivirus: Trojan.Win32.Genome.dquraq F-Prot: W32/SuspPack.CY.gen!Eldorado Symantec: Suspicious.DLoader ESET-NOD32: a variant of Win32/TrojanDownloader.Small.AEZ TrendMicro-HouseCall: TSPY_ONLINEG.IA Avast: Win32:Malware-gen ClamAV: Trojan.Onlinegames-2021 Kaspersky: Trojan-Downloader.Win32.Genome.qgdd BitDefender: DeepScan:Generic.Malware.dld!!g.8AC8DD1D Agnitum: Trojan.DL.Genome!jd94hw7+fvU Ad-Aware: DeepScan:Generic.Malware.dld!!g.8AC8DD1D Emsisoft: DeepScan:Generic.Malware.dld!!g.8AC8DD1D (B) Comodo: Packed.Win32.MUPACK.~KW F-Secure: DeepScan:Generic.Malware.dld!!g.8AC8DD1D DrWeb: Trojan.DownLoader11.55803 VIPRE: Trojan.Win32.Packer.Upack0.3.9 (ep) TrendMicro: TSPY_ONLINEG.IA McAfee-GW-Edition: BehavesLike.Win32.Downloader.xc Cyren: W32/SuspPack.CY.gen!Eldorado Jiangmin: Trojan/PSW.OnLineGames.bhmz Avira: TR/Hijacker.Gen Microsoft: Trojan:Win32/Senta!rfn Arcabit: DeepScan:Generic.Malware.dld!!g.8AC8DD1D AhnLab-V3: Trojan/Win32.OnlineGameHack GData: DeepScan:Generic.Malware.dld!!g.8AC8DD1D ALYac: DeepScan:Generic.Malware.dld!!g.8AC8DD1D AVware: Trojan.Win32.Packer.Upack0.3.9 (ep) VBA32: BScope.Trojan.Win32.Inject.2 Rising: PE:Trojan.Win32.Generic.18A7393B!413612347 Ikarus: Trojan-PWS.Win32.OnLineGames AVG: Downloader.Generic14.SVL Panda: Trj/Pupack.A Qihoo-360: HEUR/QVM14.0.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x454b |
e_cp | 0x4e52 |
e_crlc | 0x4c45 |
e_cparhdr | 0x3233 |
e_minalloc | 0x442e |
e_maxalloc | 0x4c4c |
e_ss | 0 |
e_sp | 0x4550 |
e_csum | 0 |
e_ip | 0x14c |
e_cs | 0x3 |
e_ovno | 0x4011 |
e_oemid | 0x148 |
e_oeminfo | 0x10f |
e_lfanew | 0x10 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 3 |
TimeDateStamp | 2004-Jan-23 23:39:42 |
PointerToSymbolTable | 0xff50ad00 |
NumberOfSymbols | 2095789174 |
SizeOfOptionalHeader | 0x148 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 76.58 |
SizeOfCode | 0x694c6461 |
SizeOfInitializedData | 0x72617262 |
SizeOfUninitializedData | 0x4179 |
AddressOfEntryPoint | 0x00001018 (Section: PS\xff\xd5\xab\xeb\xe7\xc3) |
BaseOfCode | 0x10 |
BaseOfData | 0x4000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.3A |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x12000 |
SizeOfHeaders | 0x200 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 10 |
KERNEL32.DLL | (EMPTY) |
---|