Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Sep-30 06:56:21 |
Detected languages |
English - United States
Russian - Russia |
FileVersion | 7.2.1.1 |
LegalCopyright | Copyright © 2020 |
ProductVersion | 7.2.1.1 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Microsoft's Cryptography API |
Suspicious | The PE is possibly packed. | Unusual section name found: init |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 40/71 (Scanned on 2020-11-20 14:09:02) |
Bkav:
W32.AIDetectVM.malware1
Elastic: malicious (high confidence) MicroWorld-eScan: Gen:Variant.Ulise.121606 McAfee: GenericRXHS-AA!8FB9D89F1F96 Malwarebytes: Trojan.Glupteba Sangfor: Malware CrowdStrike: win/malicious_confidence_80% (D) K7GW: Trojan ( 0056559e1 ) K7AntiVirus: Trojan ( 0056559e1 ) Invincea: Troj/Glupteba-M Cyren: W32/S-3ebf0797!Eldorado Symantec: ML.Attribute.HighConfidence ESET-NOD32: a variant of Win32/Glupteba.BC APEX: Malicious Kaspersky: Trojan.Win32.Kepiten.a BitDefender: Gen:Variant.Ulise.121606 Avast: Win32:TrojanX-gen [Trj] Rising: Trojan.Glupteba!1.BC88 (CLASSIC) Ad-Aware: Gen:Variant.Ulise.121606 Sophos: Troj/Glupteba-M F-Secure: Trojan.TR/Crypt.XPACK.Gen2 DrWeb: Trojan.SpyBot.961 McAfee-GW-Edition: GenericRXHS-AA!8FB9D89F1F96 FireEye: Generic.mg.8fb9d89f1f96c022 Emsisoft: Gen:Variant.Ulise.121606 (B) Ikarus: Trojan.Win32.Glupteba Jiangmin: Trojan.Kepiten.a Webroot: W32.Trojan.Gen Avira: TR/Crypt.XPACK.Gen2 Microsoft: Trojan:Win32/Glupteba.PA!MTB Arcabit: Trojan.Ulise.D1DB06 ZoneAlarm: Trojan.Win32.Kepiten.a GData: Gen:Variant.Ulise.121606 Cynet: Malicious (score: 100) ALYac: Gen:Variant.Ulise.121606 MAX: malware (ai score=87) Cylance: Unsafe Fortinet: W32/Glupteba.B!tr BitDefenderTheta: Gen:NN.ZexaF.34634.Iu0@aubuUXbk AVG: Win32:TrojanX-gen [Trj] |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x118 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2020-Sep-30 06:56:21 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x68e00 |
SizeOfInitializedData | 0x1ea00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00028D70 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x6a000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x8b000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
SHLWAPI.dll |
StrCpyNW
|
---|---|
WININET.dll |
InternetCheckConnectionW
|
KERNEL32.dll |
FormatMessageA
PostQueuedCompletionStatus GetQueuedCompletionStatus SetLastError SetWaitableTimer LeaveCriticalSection EnterCriticalSection TlsFree TlsAlloc TlsSetValue TlsGetValue CloseHandle WaitForSingleObject SleepEx SetEvent CreateEventW QueueUserAPC TerminateThread WaitForMultipleObjects DeleteCriticalSection CreateIoCompletionPort InitializeCriticalSectionAndSpinCount VerifyVersionInfoW VerSetConditionMask FormatMessageW CopyFileW lstrlenW GetTempFileNameW MultiByteToWideChar GetTickCount CreateMutexW CreateMutexA ExitProcess DeleteFileW RemoveDirectoryW AllocConsole SetConsoleTextAttribute GetStdHandle WriteConsoleW ReadConsoleInputW FreeConsole GetLocalTime GetWindowsDirectoryW OpenEventW InitializeCriticalSection GetModuleHandleA VirtualProtect lstrcmp GetModuleFileNameW CreateProcessW GetModuleHandleW SetEnvironmentVariableW LocalFree WideCharToMultiByte MoveFileExW GetTickCount64 GetLastError GetProcessHeap SetStdHandle HeapSize GetCurrentProcess FreeEnvironmentStringsW GetEnvironmentStringsW GetOEMCP GetACP IsValidCodePage GetTimeZoneInformation HeapReAlloc ReadConsoleW ReadFile FlushFileBuffers GetFileSizeEx GetConsoleMode GetConsoleCP GetFileType EnumSystemLocalesW GetUserDefaultLCID IsValidLocale GetTimeFormatW GetDateFormatW HeapAlloc HeapFree WriteFile GetCommandLineW GetCommandLineA GetModuleHandleExW ExitThread RaiseException RtlUnwind WaitForSingleObjectEx Sleep SwitchToThread GetCurrentThreadId QueryPerformanceCounter QueryPerformanceFrequency CreateFileW FindClose FindFirstFileExW FindNextFileW GetFileAttributesW GetFileAttributesExW GetFileInformationByHandle SetEndOfFile SetFilePointerEx AreFileApisANSI DeviceIoControl GetProcAddress GetSystemTimeAsFileTime EncodePointer DecodePointer CompareStringW LCMapStringW GetLocaleInfoW GetStringTypeW GetCPInfo GetEnvironmentVariableW ResetEvent InitializeSListHead UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent IsDebuggerPresent GetStartupInfoW GetCurrentProcessId CreateThread GetCurrentThread GetThreadTimes FreeLibrary FreeLibraryAndExitThread LoadLibraryExW |
ADVAPI32.dll |
RegDeleteValueW
CryptGenRandom CryptReleaseContext CryptAcquireContextW ConvertSidToStringSidA RegQueryValueExW RegOpenKeyExW RegSetValueExW RegCreateKeyExW RegCloseKey GetTokenInformation OpenProcessToken |
SHELL32.dll |
SHGetFolderPathAndSubDirW
|
ole32.dll |
CoInitializeEx
CoUninitialize CoCreateGuid StringFromGUID2 CoInitializeSecurity |
WS2_32.dll |
#21
#10 #112 #111 #3 #116 WSASend #18 #4 WSASocketW #22 #8 #14 #9 getaddrinfo #7 WSACloseEvent #115 WSARecv WSACreateEvent freeaddrinfo WSAEventSelect |
EpicNet Inc. |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 7.2.1.1 |
ProductVersion | 7.2.1.1 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
FileVersion (#2) | 7.2.1.1 |
LegalCopyright | Copyright © 2020 |
ProductVersion (#2) | 7.2.1.1 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Sep-30 06:56:21 |
Version | 0.0 |
SizeofData | 956 |
AddressOfRawData | 0x7c80c |
PointerToRawData | 0x7ba0c |
StartAddressOfRawData | 0x47cbd8 |
---|---|
EndAddressOfRawData | 0x47cbe0 |
AddressOfIndex | 0x486100 |
AddressOfCallbacks | 0x46a398 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0xa4 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x483064 |
SEHandlerTable | 0x47c3e0 |
SEHandlerCount | 267 |
XOR Key | 0xdae10580 |
---|---|
Unmarked objects | 0 |
ASM objects (26715) | 19 |
C++ objects (26715) | 176 |
C objects (26715) | 24 |
C objects (VS 2015/2017/2019 runtime 28117) | 17 |
ASM objects (VS 2015/2017/2019 runtime 28117) | 23 |
C++ objects (28106) | 8 |
C++ objects (VS 2015/2017/2019 runtime 28117) | 152 |
262 (26715) | 1 |
Imports (26715) | 19 |
Total imports | 234 |
265 (VS2019 Update 4 (16.4.4-5) compiler 28316) | 14 |
ASM objects (VS2019 Update 4 (16.4.4-5) compiler 28316) | 1 |
Resource objects (VS2019 Update 4 (16.4.4-5) compiler 28316) | 1 |
151 | 1 |
Linker (VS2019 Update 4 (16.4.4-5) compiler 28316) | 1 |