99cfefaf942ba679d08a17c07abdbafe99f8c156e5db93a2f52f5e277830bb94

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2013-Dec-05 06:02:39
Detected languages English - United States

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The PE only has 8 import(s).
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Can access the registry:
  • RegCloseKey
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
 Leverages the raw socket API to access the Internet:
  • inet_addr
Malicious VirusTotal score: 3/61 (Scanned on 2026-05-05 06:13:54) APEX: Malicious
NANO-Antivirus: Trojan.Win32.Drop.fcbota
Trapmine: malicious.moderate.ml.score

Hashes

MD5 4af745d8fb1ce63bc97cd7874eedb613
SHA1 9cb5626ddce62dd72fd32d38282fb0ec147f9fce
SHA256 99cfefaf942ba679d08a17c07abdbafe99f8c156e5db93a2f52f5e277830bb94
SHA3 0fad01e04d82a6f95909d2b50d53ade43e5c971a029fda07117aab7dbca1bc32
SSDeep 12288:9waWFlpHmqggZRXT8XMp4Sq/OebddZd62xTT+h:9YFsyN8XqOWkTdjTT+
Imports Hash d46e3faa59affc6980912bee6dcbbad3

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2013-Dec-05 06:02:39
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 10.0
SizeOfCode 0x83000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x163000
AddressOfEntryPoint 0x001E6450 (Section: UPX1)
BaseOfCode 0x164000
BaseOfData 0x1e7000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x1e8000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x163000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 31bc8da5ad0c29f19c5a7c7bc91afb48
SHA1 00be39f80eb6b92a566da6dfc14d96cd7e967cda
SHA256 3be0e5f54d842054f16cacd61c67d54029f223b3afd2cbe99fb84cd42bc87b2b
SHA3 206f32dfb78cb5f5727ba504afa4c4ffa256a8ff3c3585536ea1929237e242e8
VirtualSize 0x83000
VirtualAddress 0x164000
SizeOfRawData 0x82800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.9153

.rsrc

MD5 265aca586821fc1e1645debd9f733c4a
SHA1 f1df938e6e1e63884a255ae3c86cdd1fcb245ebb
SHA256 e384053e054a87b42787c298874e6d45b48f7e08392153b208150878c0070391
SHA3 4568ab0c01ab821fc27cd7d06be424bb67a11c37c692d9d32ea8e1a2bc1f0566
VirtualSize 0x1000
VirtualAddress 0x1e7000
SizeOfRawData 0x400
PointerToRawData 0x82c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.83635

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
ADVAPI32.dll RegCloseKey
WS2_32.dll inet_addr

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x165
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.77792
MD5 b9b507d6297b2d514477db4ae0d55ea6
SHA1 e8c4b4e815c1788b3bab96fc44560d7282282fe1
SHA256 ec5d04c8ef3fe0e571c8e604bf146b393108cee11f1ad3d665b7501ec20d37d0
SHA3 85e8c59b71094f3ffe0990fe28a56df78d58756dc3a423284dff50f92ed7fa6f

Version Info

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x50d190
SEHandlerTable 0x4e5d40
SEHandlerCount 68

RICH Header

XOR Key 0x83c5297c
Unmarked objects 0
152 (20115) 1
ASM objects (VS2010 SP1 build 40219) 30
C objects (VS2008 SP1 build 30729) 18
Total imports 184
Imports (VS2008 SP1 build 30729) 11
C++ objects (VS2010 SP1 build 40219) 107
C objects (VS2010 SP1 build 40219) 317
Linker (VS2010 SP1 build 40219) 1

Errors

[*] Warning: Section UPX0 has a size of 0!
Leave a comment

No comments yet.