8e19989ef10458ddc0cb036dd81d1bf9

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2015-Mar-20 13:47:48
Detected languages Estonian - Estonia
CompanyName JungleApp
FileDescription JungleApp
FileVersion 1.1.2.56
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
ProductName JungleApp
ProductVersion 2.57

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 8.0
Info The PE contains common functions which appear in legitimate applications. Can access the registry:
  • RegCloseKey
  • RegQueryValueExA
  • RegOpenKeyExA
Malicious VirusTotal score: 34/57 (Scanned on 2015-08-20 07:24:31) MicroWorld-eScan: Trojan.Upatre.Gen.3
nProtect: Trojan.Upatre.Gen.3
CAT-QuickHeal: TrojanDownloader.Upatre.r4
Malwarebytes: Spyware.Dyre
VIPRE: Trojan.Win32.Generic!BT
BitDefender: Trojan.Upatre.Gen.3
K7GW: Hacktool ( 655367771 )
F-Prot: W32/Upatre.CD.gen!Eldorado
Symantec: Downloader.Upatre!gen5
ESET-NOD32: a variant of Win32/Kryptik.DQEG
TrendMicro-HouseCall: TROJ_UPATRE.SMJV5
Avast: Win32:Evo-gen [Susp]
Kaspersky: Trojan-Downloader.Win32.Upatre.dqmk
Tencent: Win32.Trojan-downloader.Upatre.Ebgz
Ad-Aware: Trojan.Upatre.Gen.3
Sophos: Troj/Dyreza-HK
F-Secure: Trojan.Upatre.Gen.3
TrendMicro: TROJ_UPATRE.SMJV5
McAfee-GW-Edition: Upatre-FACH!8E19989EF104
Emsisoft: Trojan.Upatre.Gen.3 (B)
Cyren: W32/Upatre.CD.gen!Eldorado
Avira: TR/Dldr.Upatre.MU
Microsoft: TrojanDownloader:Win32/Upatre!rfn
Arcabit: Trojan.Upatre.Gen.3
AhnLab-V3: Trojan/Win32.Upatre
GData: Trojan.Upatre.Gen.3
McAfee: Upatre-FACH!8E19989EF104
AVware: Trojan.Win32.Generic!BT
Baidu-International: Trojan.Win32.Upatre.dqmk
Ikarus: Trojan.VB.Inject
Fortinet: W32/Waski.A!tr
AVG: Agent
Panda: Trj/Genetic.gen
Qihoo-360: HEUR/QVM02.0.Malware.Gen

Hashes

MD5 8e19989ef10458ddc0cb036dd81d1bf9
SHA1 6171b0c08caa7695c3d5a3b3462da4e820887d0a
SHA256 a55dbb35055f9a1123c50f772a6c62483a67278e4c0daeb16ad1260847657d0d
SHA3 52abcbe8b36cc68cb13254c86c0eebc8e414719638a5ea8bc056051b5a01d6f4
SSDeep 768:by/GRFXOU4AzjvBHIvzhQddmeyJqO16Nui:by/GqU4ABIrhQddmeyJ5Ox
Imports Hash 026d95d06192b86a9566356b600e0aa6

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2015-Mar-20 13:47:48
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 7.9
SizeOfCode 0x2800
SizeOfInitializedData 0x5c00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000034B2 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x4000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 6.9
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xb000
SizeOfHeaders 0x400
Checksum 0x12952
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 039f2042bfb8a612fd251d51c6c2ddd6
SHA1 4d3acb5f30e4cea2a9719a74c407bfed94fdea2c
SHA256 021a075bc50d9adb8325da865b8435c659e6e0a6dd439da30c90333e702ee2ae
SHA3 be3ccf5846755927aff6b99ef57b9a9bd711c06ec4ca122de54e4ff45c715b14
VirtualSize 0x2761
VirtualAddress 0x1000
SizeOfRawData 0x2800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.96162

.rdata

MD5 49a61131113dbb841a996834c692b275
SHA1 11b78765f4f8d92f866a2781ce479743c3caefbf
SHA256 c9686acf95f6347da0977f767780de5f0a62869071714e9daf131566d6885606
SHA3 d8a9e65db1a78edf8172817839f49cb3dec5cfe6a7970246423dd748c3750f3d
VirtualSize 0x824
VirtualAddress 0x4000
SizeOfRawData 0xa00
PointerToRawData 0x2c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.8139

.data

MD5 c485f85f15eb4bd1b739d156f7a0d5e1
SHA1 0738e6d4b1c6b07aef9d04966e501478232dc91d
SHA256 a0860609fcd8f6cd0caca0108fcc113783aa80f6a1aa42349f8aba4d7f81b13d
SHA3 29595e89566bbb5a662a5f57de78c710d901cc48502abdf5ece007cf5230a888
VirtualSize 0x2a0
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x3600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.1255

.rsrc

MD5 4b32ccc3f5f50f961b046963b7296bfe
SHA1 bcf03a44db6b6f7b0b5d269b5e37643ab632ac5d
SHA256 20e533cde3cfc3687e386a6b09731dcc1004f56bbaae259b18f0370c7dd5c61c
SHA3 f9850bde779a0db67198e594a9d83f897f865bb58a5faceb79c7fe846d704e22
VirtualSize 0x4c40
VirtualAddress 0x6000
SizeOfRawData 0x4e00
PointerToRawData 0x3800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.05705

Imports

USER32.dll LoadStringA
LoadIconA
RegisterClassExA
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
SetWindowTextA
SendMessageA
DefWindowProcA
PostMessageA
CreateWindowExA
ShowWindow
UpdateWindow
KERNEL32.dll FindResourceA
LockResource
LoadResource
LoadLibraryA
GetStartupInfoA
SetLastError
GetTimeFormatA
GetDateFormatA
SizeofResource
GetModuleHandleA
lstrcpyA
COMCTL32.dll InitCommonControlsEx
ADVAPI32.dll RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CRTDLL.dll _commode_dll
__GetMainArgs
_initterm
_acmdln_dll
exit
_fmode_dll
_exit
??2@YAPAXI@Z
??3@YAXPAX@Z
_local_unwind2
_XcptFilter
_global_unwind2

Delayed Imports

1

Type RT_CURSOR
Language Estonian - Estonia
Codepage UNKNOWN
Size 0x134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.6949
MD5 f321ad13d1c3f35a05d67773b4bc27d6
SHA1 30aded8525417e2531d5eb88bf2f868172945baa
SHA256 99676c52310db365580965ea646ece86c62951bfd97ec0aae9f738a202a90593
SHA3 04c839da98a8c50a36697076af5bc6d527560a69153b2f718f065908fd4fe3ad

2

Type RT_CURSOR
Language Estonian - Estonia
Codepage UNKNOWN
Size 0x134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.62527
MD5 5ca217e52bdc6f23b43c7b6a23171e6e
SHA1 d99dc22ec1b655a42c475431cc3259742d0957a4
SHA256 11726dcf1eebe23a1df5eb0ee2af39196b702eddd69083d646e4475335130b28
SHA3 b358d8a5b0f400dd2671956ec45486ae1035556837b5289df5f418fe69348b3f

3

Type RT_ICON
Language Estonian - Estonia
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.96617
MD5 b5794bd0cd036f7d131d0673c3dc428c
SHA1 7f7fcf960349eb8648892dc1eef847ba49e3062c
SHA256 b61c0f9bdd24db823fb167456e2779eee5c4ca274796099ff59979451fc0ee60
SHA3 22d8865d7b6cf2b30e6886c3ff7f8d338acb363fbc3199911d0927f6d3b52315

100

Type RT_DIALOG
Language UNKNOWN
Codepage UNKNOWN
Size 0x62
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.10206
MD5 0e09c4e80bd52ebe513f4deee42f751e
SHA1 89c52369a0a6d354688d33c63c12592e84eb12ea
SHA256 e5b279b5fd21d6041060b8637ef45c5b44920bdb3ed5d39a5abe11b8c94a0ebb
SHA3 42b72ec1e7ed377fc4409f314e941ba7b417cba9b08e6e301c6e6d089d590113

200

Type RT_GROUP_CURSOR
Language Estonian - Estonia
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.83876
Detected Filetype Cursor file
MD5 a2baa01ccdea3190e4998a54dbc202a4
SHA1 e8217df98038141ab4e449cb979b1c3bbea12da3
SHA256 c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710
SHA3 8874564c406835306368adf5e869422e1bb97109b97c1499caa8af219990e8dc
Preview

210

Type RT_GROUP_CURSOR
Language Estonian - Estonia
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.91924
Detected Filetype Cursor file
MD5 aff0f5e372bd49ceb9f615b9a04c97df
SHA1 e3205724d7ee695f027ab5ea8d8e1a453aaad0dd
SHA256 b07e022f8ef0a8e5fd3f56986b2e5bf06df07054e9ea9177996b0a6c27d74d7c
SHA3 9cb042121a5269b80d18c3c5a94c0e453890686aedade960097752377dfa9712
Preview

300

Type RT_GROUP_ICON
Language Estonian - Estonia
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.0815
Detected Filetype Icon file
MD5 7ab4bec918d0a576bdc900b04936b73c
SHA1 f87fe25b1d9e7addfcc032c2ce6cd5a749e13e71
SHA256 28d38d528e682cb6a7330cc38828a3d79c559433b55829c017f7aaa73ba9ed8a
SHA3 4eb1f95ccaf68baa9e1b73d77c71e34bc1b90c1d8a32d8f3d21ea709017c015a

1 (#2)

Type RT_VERSION
Language Estonian - Estonia
Codepage UNKNOWN
Size 0x278
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.29583
MD5 32a09f03a6e50780f8ec3f3957461099
SHA1 f0b8e09856fa1876911e25280e225a78ef2e587a
SHA256 51d2826e4c7e2951886e1cc44b7eb38bc9d4368ee6adb25bf0eed8b9a8d02af4
SHA3 632a4eeaa350bc8732bfddd7d10150cfa1fa627f6a8168c14a94c41c1f480d6e

1 (#3)

Type RT_MANIFEST
Language Estonian - Estonia
Codepage UNKNOWN
Size 0x210
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.04887
MD5 72cef6e14ec6c56e93d89bd5ed813fa8
SHA1 a931da6d7989d1a63b21e1d413322cb7c7b1e0c7
SHA256 4358e2902b0dad7b82b8b29f91acbc4fdd586609cd78cb7e06be8982ef1003ca
SHA3 751f58f44ea18aa38dd37106950112b228be0426b2bb36d45e0aa43c879aef4a

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.1.2.57
ProductVersion 1.1.2.57
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
CompanyName JungleApp
FileDescription JungleApp
FileVersion (#2) 1.1.2.56
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
ProductName JungleApp
ProductVersion (#2) 2.57
Resource LangID Estonian - Estonia

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->