93665e3424dd59d37f001b88567215f075d555be959d05442c12deeae8e87de1

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2011-Mar-17 19:04:26

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Unusual section name found: UPX2
The PE only has 8 import(s).
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
 Interacts with services:
  • OpenServiceA
Malicious VirusTotal score: 8/70 (Scanned on 2025-09-29 14:45:33) APEX: Malicious
Bkav: W32.AIDetectMalware
Cylance: Unsafe
Cynet: Malicious (score: 100)
DeepInstinct: MALICIOUS
NANO-Antivirus: Trojan.Win32.GenKryptik.fgfbqz
Trapmine: malicious.moderate.ml.score
Webroot: Trojan:Win32/Qhost.V

Hashes

MD5 7ab75380a2bf28a718bf19fbfaa3b30d
SHA1 6edba2fff4c12dbce7d9bcca4646e239f9dfa017
SHA256 93665e3424dd59d37f001b88567215f075d555be959d05442c12deeae8e87de1
SHA3 63dc5a6afdd3938ac0a77722d1a7783b47e2fa21634ae0bf6b9a3a3a9f33eaf4
SSDeep 768:q8ANgjY2WXKltMwiMrOxreMtRsAIKxlusrJxmv6B:FIgjY/BwdKVtmK/ra
Imports Hash cc8c7e5957900af45c9541fa878134f4

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2011-Mar-17 19:04:26
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x8000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0xc000
AddressOfEntryPoint 0x000140E0 (Section: UPX1)
BaseOfCode 0xd000
BaseOfData 0x15000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x16000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xc000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 f7bc17ba147f4d0bc1a8c8111259c892
SHA1 a3110d32c5c2e26510983685d8bf05b09f3cd1ce
SHA256 20f2eb00074b5a398facde1a25201fd1023479d13727a39e0c12b8f7590d94a0
SHA3 c829b6474f385bd4b296e84c204e755f74f9370ea3266542580bde53cbeee209
VirtualSize 0x8000
VirtualAddress 0xd000
SizeOfRawData 0x7400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.87242

UPX2

MD5 58b3089b842c3dc30cd8f4d10bfb8448
SHA1 d3e77f68b7b5e64db868b1afab96bb0acac8cbbc
SHA256 bd314d07e90e6a150bbec7e63b55a957703c0eb8f5d7e8d2503b19492ec0ce32
SHA3 da9fa971c0c2dd64e370bd3cd7d0f0e85c6b5012e76efe36b90465a1977a23c7
VirtualSize 0x1000
VirtualAddress 0x15000
SizeOfRawData 0x200
PointerToRawData 0x7800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.68743

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
ADVAPI32.dll OpenServiceA
USER32.dll PostThreadMessageA

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x5ecdf982
Unmarked objects 0
14 (7299) 22
C objects (VS98 build 8168) 110
Imports (2179) 7
Total imports 95
C++ objects (VS98 build 8168) 19

Errors

[*] Warning: Section UPX0 has a size of 0!
Leave a comment

No comments yet.