Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2016-May-30 13:27:22 |
Detected languages |
English - United States
|
Comments | KeePass Password Safe |
CompanyName | Dominik Reichl |
FileDescription | KeePass |
FileVersion | 2.37.0.0 |
InternalName | KeePass.exe |
LegalCopyright | Copyright © 2003-2017 Dominik Reichl |
OriginalFilename | KeePass.exe |
ProductName | KeePass |
ProductVersion | 2.37.0.0 |
Assembly Version | 2.37.0.18738 |
Info | Matching compiler(s): |
Microsoft Visual C++
Microsoft Visual C++ v6.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains obfuscated function names:
|
Suspicious | The PE contains functions most legitimate programs don't use. |
Manipulates other processes:
|
Suspicious | The PE is possibly a dropper. |
Resource 8 is possibly compressed or encrypted.
Resource 9 is possibly compressed or encrypted. Resource 10 is possibly compressed or encrypted. Resource 11 is possibly compressed or encrypted. Resource 12 is possibly compressed or encrypted. Resource 13 is possibly compressed or encrypted. Resource 14 is possibly compressed or encrypted. Resource 15 is possibly compressed or encrypted. Resource 16 is possibly compressed or encrypted. Resource 17 is possibly compressed or encrypted. Resource 18 is possibly compressed or encrypted. Resource 19 is possibly compressed or encrypted. Resources amount for 99.0804% of the executable. |
Malicious | VirusTotal score: 51/71 (Scanned on 2019-04-22 22:08:12) |
MicroWorld-eScan:
Gen:Variant.Zusy.293235
CAT-QuickHeal: Trojan.Mauvaise.SL1 McAfee: GenericRXFX-BV!931B8A9EEB9C Cylance: Unsafe Zillya: Downloader.Upatre.Win32.66666 BitDefender: Gen:Variant.Zusy.293235 K7GW: Trojan ( 004f12cd1 ) K7AntiVirus: Trojan ( 004f12cd1 ) Arcabit: Trojan.Zusy.D47973 Paloalto: generic.ml Kaspersky: Trojan-Downloader.Win32.Upatre.guit NANO-Antivirus: Trojan.Win32.Attack.elxloz ViRobot: Trojan.Win32.Agent.286208.N Avast: Win32:Malware-gen Tencent: Win32.Trojan-downloader.Upatre.Hqbj Endgame: malicious (high confidence) Sophos: Mal/Generic-S Comodo: Malware@#2pnoavg6aw6f6 F-Secure: Heuristic.HEUR/AGEN.1024226 DrWeb: DDoS.Attack.349 VIPRE: Trojan.Win32.Generic!BT Invincea: heuristic McAfee-GW-Edition: GenericRXFX-BV!931B8A9EEB9C Trapmine: malicious.moderate.ml.score FireEye: Generic.mg.931b8a9eeb9ca685 Emsisoft: Gen:Variant.Zusy.293235 (B) Jiangmin: Trojan.Selfdel.cdw Webroot: W32.Trojan.Gen Avira: HEUR/AGEN.1024226 MAX: malware (ai score=99) Antiy-AVL: Trojan/Win32.SGeneric Microsoft: Trojan:Win32/Tiggre!rfn AegisLab: Trojan.Win32.Generic.lwox ZoneAlarm: Trojan-Downloader.Win32.Upatre.guit GData: Win32.Trojan-Dropper.Crypt.O AhnLab-V3: Trojan/Win32.Agent.R195054 Acronis: suspicious VBA32: Backdoor.Androm ALYac: Gen:Variant.Zusy.293235 Ad-Aware: Gen:Variant.Zusy.293235 ESET-NOD32: a variant of Win32/Injector.CZMZ Rising: Backdoor.Zegost!8.177 (CLOUD) Yandex: Trojan.DL.Upatre! Ikarus: Trojan.Win32.Injector Fortinet: W32/Injector.CZMZ!tr MaxSecure: Trojan.Malware.12163317.susgen AVG: Win32:Malware-gen Cybereason: malicious.eeb9ca Panda: Trj/CI.A CrowdStrike: win/malicious_confidence_60% (D) Qihoo-360: Win32/Trojan.5fc |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2016-May-30 13:27:22 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x1e00 |
SizeOfInitializedData | 0x160e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00002B22 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x3000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x166000 |
SizeOfHeaders | 0x400 |
Checksum | 0x168d12 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetProcAddress
GetModuleHandleA lstrcatA lstrcpyA VirtualFree VirtualAlloc lstrcmpA Sleep GetTickCount GetCurrentProcess ReadProcessMemory GetStartupInfoA |
---|---|
USER32.dll |
wsprintfA
|
MSVCRT.dll |
strlen
strtok strstr atoi ??3@YAXPAX@Z memset ??2@YAPAXI@Z strcmp getenv memcpy _exit _XcptFilter exit _acmdln __getmainargs _initterm __setusermatherr _adjust_fdiv __p__commode __p__fmode __set_app_type _except_handler3 _controlfp _itoa |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 2.37.0.0 |
ProductVersion | 2.37.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
Comments | KeePass Password Safe |
CompanyName | Dominik Reichl |
FileDescription | KeePass |
FileVersion (#2) | 2.37.0.0 |
InternalName | KeePass.exe |
LegalCopyright | Copyright © 2003-2017 Dominik Reichl |
OriginalFilename | KeePass.exe |
ProductName | KeePass |
ProductVersion (#2) | 2.37.0.0 |
Assembly Version | 2.37.0.18738 |
Resource LangID | UNKNOWN |
---|
XOR Key | 0xdc8d91cd |
---|---|
Unmarked objects | 0 |
12 (7291) | 1 |
C objects (VS98 build 8168) | 11 |
14 (7299) | 1 |
Linker (VS98 build 8168) | 2 |
19 (8034) | 5 |
Total imports | 39 |
C++ objects (VS98 build 8168) | 1 |