Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date |
2019-Jun-23 15:15:53
|
Detected languages |
English - United States
French - Belgium
|
CompanyName |
indeed
|
FileDescription |
indeed
|
FileVersion |
1.5.1.2
|
InternalName |
indeed
|
LegalCopyright |
indeed
|
LegalTrademarks |
indeed
|
OriginalFilename |
indeed
|
ProgramID |
indeed
|
ProductName |
indeed
|
ProductVersion |
1.7.0.0
|
Suspicious |
The PE is possibly packed. |
Section .text is both writable and executable.
Section .rsrc is both writable and executable.
|
Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Can access the registry:
Possibly launches other programs:
Has Internet access capabilities:
- WinHttpGetIEProxyConfigForCurrentUser
Queries user information on remote machines:
|
Info |
The PE's resources present abnormal characteristics. |
The binary may have been compiled on a machine in the UTC-7 timezone.
|
Info |
The PE is digitally signed. |
Signer: law.com
Issuer: Trusted Secure Certificate Authority 5
|
Malicious |
VirusTotal score: 45/68 (Scanned on 2019-07-10 22:13:21) |
MicroWorld-eScan:
Trojan.GenericKD.32080002
FireEye:
Trojan.GenericKD.32080002
CAT-QuickHeal:
Trojan.Fuery
ALYac:
Trojan.GenericKD.32080002
Malwarebytes:
Trojan.Injector.NSIS
Alibaba:
Trojan:Win32/Agentb.e602433d
K7GW:
Trojan ( 005505201 )
K7AntiVirus:
Trojan ( 005505201 )
F-Prot:
W32/Trojan3.AOCC
Symantec:
Trojan.Gen.MBT
Avast:
Win32:Trojan-gen
Kaspersky:
Trojan.Win32.Agentb.jpsc
BitDefender:
Trojan.GenericKD.32080002
NANO-Antivirus:
Trojan.Win32.Delf.frwpbe
Paloalto:
generic.ml
AegisLab:
Trojan.Win32.Generic.4!c
Tencent:
Win32.Trojan.Agentb.Hvje
Ad-Aware:
Trojan.GenericKD.32080002
Emsisoft:
Trojan.GenericKD.32080002 (B)
Comodo:
Malware@#2bqlvgyqdl6t5
F-Secure:
Trojan.TR/AD.TA505.DQ
DrWeb:
BackDoor.Siggen2.2906
TrendMicro:
TROJ_GEN.R002C0RFP19
McAfee-GW-Edition:
RDN/Generic.dx
Sophos:
Troj/Stealer-TO
Cyren:
W32/Trojan.AGIJ-2032
Jiangmin:
Trojan/PSW.Lmir.dah
Avira:
TR/AD.TA505.DQ
Fortinet:
W32/Delf.BJF!tr
Antiy-AVL:
Trojan/Win32.Agentb
Arcabit:
Trojan.Generic.D1E98082
ZoneAlarm:
Trojan.Win32.Agentb.jpsc
Microsoft:
Trojan:Win32/Occamy.C
AhnLab-V3:
Backdoor/Win32.ServHelper.C3299795
Acronis:
suspicious
McAfee:
RDN/Generic.dx
Cylance:
Unsafe
ESET-NOD32:
a variant of Win32/Delf.BJF
TrendMicro-HouseCall:
TROJ_GEN.R002C0RFP19
Rising:
Backdoor.Agent!1.B95C (CLASSIC)
Ikarus:
Backdoor.ServHelper
GData:
Trojan.GenericKD.32080002
AVG:
Win32:Trojan-gen
Panda:
Trj/CI.A
Qihoo-360:
Win32/Trojan.da1
|
MD5 |
9c6ac05f579778bf0ea33452e12d1e42
|
SHA1 |
68536a4f2c5d3f50fe277d696174ad07c95504f2
|
SHA256 |
ad377333d9d2d6620fcb6b63b4c48bf70202776e1e9bb38a8577434937c08e73
|
SHA3 |
9645bf91889ef4dab2117301012af49677e29fc1807b028af1a74d7694537222
|
SSDeep |
6144:3wbfMCT/tQb4tp087UrRm9V7TMETA9Oi6dT0OmdFLYR1yP2vdh6V8NDFLY8HfJa2:CFUreV7YHWdT0OmdFLNPadHNRsAJavFo
|
Imports Hash |
9910dd55d2ca96fa801c306c6750abc4
|
e_magic |
MZ
|
e_cblp |
0x50
|
e_cp |
0x2
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0xf
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0x1a
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x100
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
3
|
TimeDateStamp |
2019-Jun-23 15:15:53
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32
|
LinkerVersion |
2.0
|
SizeOfCode |
0x114200
|
SizeOfInitializedData |
0xd000
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x0012E005 (Section: .rsrc)
|
BaseOfCode |
0x1000
|
BaseOfData |
0x116000
|
ImageBase |
0x13140000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
5.0
|
ImageVersion |
0.0
|
SubsystemVersion |
5.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x131000
|
SizeOfHeaders |
0x400
|
Checksum |
0x5f37b
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve |
0x1000
|
SizeofStackCommit |
0x100000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
cfcbd5382c5f4ce3b3b23f1838e284cb
|
SHA1 |
4c832a7c203c4c2afc13fd1b4adcd157e3c776ce
|
SHA256 |
aac82815aa5622d66a2e3bb9df83b1906c415ebbc854b8398b9be3cd66cded05
|
SHA3 |
01d1a067fba5cd33663b2c58f3f6094a620d51e1acbe2c7123046fd85e34d7e2
|
VirtualSize |
0x12c000
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x56e00
|
PointerToRawData |
0x400
|
PointerToRelocations |
0x32434550
|
PointerToLineNumbers |
0x4f5d
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.99921
|
MD5 |
3a85937c292233256a281f37d13c3b0e
|
SHA1 |
d626dd77723e7cf3bf9eb0ece875daf82e90ffc1
|
SHA256 |
a6940ef71c278c6dd7ad5fafa85871894cebc416304354d098ba32faf83a6449
|
SHA3 |
1fb4d6a0c94711b41c6aac2d74167886ee2d7a3452606a0ded56cc26aab54463
|
VirtualSize |
0x3000
|
VirtualAddress |
0x12d000
|
SizeOfRawData |
0x2200
|
PointerToRawData |
0x57200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
6.76031
|
MD5 |
eba119a9015b959e2beab82ebdf68322
|
SHA1 |
3ef3d3eb4f4aef4dc06ffa054edd620141ab4324
|
SHA256 |
11f9d8d531e3ad55d252914b643a17437239d43b298bd0c95aef8c9e9209f3d8
|
SHA3 |
1cbb9b6305e42ab5d61adbdf8860cb16674577f507f7a844ed43961023a0cdcc
|
VirtualSize |
0x200
|
VirtualAddress |
0x130000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x59400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.227252
|
kernel32.dll |
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
|
shell32.dll |
ShellExecuteW
|
version.dll |
GetFileVersionInfoSizeW
|
user32.dll |
CharUpperBuffW
|
oleaut32.dll |
SysAllocStringLen
|
msvcrt.dll |
memcpy
|
netapi32.dll |
NetWkstaGetInfo
|
advapi32.dll |
RegSetValueExW
|
winhttp.dll |
WinHttpGetIEProxyConfigForCurrentUser
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x2ec
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x400
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x2a8
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0xb8
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0xd0
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x354
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x3ac
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x354
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x344
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x4ec
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x294
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x4f8
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x3bc
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_STRING
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x414
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_RCDATA
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x10
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_RCDATA
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x384
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_RCDATA
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x2
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_RCDATA
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0xa84
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
0
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
Type |
RT_VERSION
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x2d8
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
3.16569
|
MD5 |
14ed356419a88a10d639b7f60494812f
|
SHA1 |
e0d8e82b49583e8b592c2ec0d0e672921b122ac4
|
SHA256 |
0b9fc4b324ee81a38573e3a42f046d05592508ca8a139b358ddc7436083e5e45
|
SHA3 |
a1e55ebc74f7e22fa1abdbe40bf60bdf97e927b4a4ecfd077454b7b62f836a2d
|
Type |
RT_MANIFEST
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x4ad
|
TimeDateStamp |
2019-Jun-23 08:15:54
|
Entropy |
5.313
|
MD5 |
677ba397080a2b7570c6701163d99ae1
|
SHA1 |
46afdacb256a5630be6bf4958f1d1b98569c09fc
|
SHA256 |
004c7aaa322a7135b5b8c3e77235131aed6da15d2310022be766ca90170fc491
|
SHA3 |
e1c590496e844856389e762ac926d3a4c044e37d191b23232b4e7fd0309ab9dd
|
Signature |
0xfeef04bd
|
StructVersion |
0x10000
|
FileVersion |
1.5.1.2
|
ProductVersion |
1.7.0.0
|
FileFlags |
(EMPTY)
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language |
French - Belgium
|
CompanyName |
indeed
|
FileDescription |
indeed
|
FileVersion (#2) |
1.5.1.2
|
InternalName |
indeed
|
LegalCopyright |
indeed
|
LegalTrademarks |
indeed
|
OriginalFilename |
indeed
|
ProgramID |
indeed
|
ProductName |
indeed
|
ProductVersion (#2) |
1.7.0.0
|
Resource LangID |
English - United States
|
[*] Warning: Could not read the Delay-Load Directory Table!
[!] Error: Could not read the exported DLL name.
[*] Warning: Resource DVCLAL is empty!
[*] Warning: Resource PACKAGEINFO is empty!
[*] Warning: Resource PLATFORMTARGETS is empty!
[*] Warning: Resource RESTA is empty!