9c6ac05f579778bf0ea33452e12d1e42

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2019-Jun-23 15:15:53
Detected languages English - United States
French - Belgium
CompanyName indeed
FileDescription indeed
FileVersion 1.5.1.2
InternalName indeed
LegalCopyright indeed
LegalTrademarks indeed
OriginalFilename indeed
ProgramID indeed
ProductName indeed
ProductVersion 1.7.0.0

Plugin Output

Suspicious The PE is possibly packed. Section .text is both writable and executable.
Section .rsrc is both writable and executable.
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Can access the registry:
  • RegSetValueExW
Possibly launches other programs:
  • ShellExecuteW
Has Internet access capabilities:
  • WinHttpGetIEProxyConfigForCurrentUser
Queries user information on remote machines:
  • NetWkstaGetInfo
Info The PE's resources present abnormal characteristics. The binary may have been compiled on a machine in the UTC-7 timezone.
Info The PE is digitally signed. Signer: law.com
Issuer: Trusted Secure Certificate Authority 5
Malicious VirusTotal score: 45/68 (Scanned on 2019-07-10 22:13:21) MicroWorld-eScan: Trojan.GenericKD.32080002
FireEye: Trojan.GenericKD.32080002
CAT-QuickHeal: Trojan.Fuery
ALYac: Trojan.GenericKD.32080002
Malwarebytes: Trojan.Injector.NSIS
Alibaba: Trojan:Win32/Agentb.e602433d
K7GW: Trojan ( 005505201 )
K7AntiVirus: Trojan ( 005505201 )
F-Prot: W32/Trojan3.AOCC
Symantec: Trojan.Gen.MBT
Avast: Win32:Trojan-gen
Kaspersky: Trojan.Win32.Agentb.jpsc
BitDefender: Trojan.GenericKD.32080002
NANO-Antivirus: Trojan.Win32.Delf.frwpbe
Paloalto: generic.ml
AegisLab: Trojan.Win32.Generic.4!c
Tencent: Win32.Trojan.Agentb.Hvje
Ad-Aware: Trojan.GenericKD.32080002
Emsisoft: Trojan.GenericKD.32080002 (B)
Comodo: Malware@#2bqlvgyqdl6t5
F-Secure: Trojan.TR/AD.TA505.DQ
DrWeb: BackDoor.Siggen2.2906
TrendMicro: TROJ_GEN.R002C0RFP19
McAfee-GW-Edition: RDN/Generic.dx
Sophos: Troj/Stealer-TO
Cyren: W32/Trojan.AGIJ-2032
Jiangmin: Trojan/PSW.Lmir.dah
Avira: TR/AD.TA505.DQ
Fortinet: W32/Delf.BJF!tr
Antiy-AVL: Trojan/Win32.Agentb
Arcabit: Trojan.Generic.D1E98082
ZoneAlarm: Trojan.Win32.Agentb.jpsc
Microsoft: Trojan:Win32/Occamy.C
AhnLab-V3: Backdoor/Win32.ServHelper.C3299795
Acronis: suspicious
McAfee: RDN/Generic.dx
Cylance: Unsafe
ESET-NOD32: a variant of Win32/Delf.BJF
TrendMicro-HouseCall: TROJ_GEN.R002C0RFP19
Rising: Backdoor.Agent!1.B95C (CLASSIC)
Ikarus: Backdoor.ServHelper
GData: Trojan.GenericKD.32080002
AVG: Win32:Trojan-gen
Panda: Trj/CI.A
Qihoo-360: Win32/Trojan.da1

Hashes

MD5 9c6ac05f579778bf0ea33452e12d1e42
SHA1 68536a4f2c5d3f50fe277d696174ad07c95504f2
SHA256 ad377333d9d2d6620fcb6b63b4c48bf70202776e1e9bb38a8577434937c08e73
SHA3 9645bf91889ef4dab2117301012af49677e29fc1807b028af1a74d7694537222
SSDeep 6144:3wbfMCT/tQb4tp087UrRm9V7TMETA9Oi6dT0OmdFLYR1yP2vdh6V8NDFLY8HfJa2:CFUreV7YHWdT0OmdFLNPadHNRsAJavFo
Imports Hash 9910dd55d2ca96fa801c306c6750abc4

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2019-Jun-23 15:15:53
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x114200
SizeOfInitializedData 0xd000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0012E005 (Section: .rsrc)
BaseOfCode 0x1000
BaseOfData 0x116000
ImageBase 0x13140000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x131000
SizeOfHeaders 0x400
Checksum 0x5f37b
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x1000
SizeofStackCommit 0x100000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 cfcbd5382c5f4ce3b3b23f1838e284cb
SHA1 4c832a7c203c4c2afc13fd1b4adcd157e3c776ce
SHA256 aac82815aa5622d66a2e3bb9df83b1906c415ebbc854b8398b9be3cd66cded05
SHA3 01d1a067fba5cd33663b2c58f3f6094a620d51e1acbe2c7123046fd85e34d7e2
VirtualSize 0x12c000
VirtualAddress 0x1000
SizeOfRawData 0x56e00
PointerToRawData 0x400
PointerToRelocations 0x32434550
PointerToLineNumbers 0x4f5d
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99921

.rsrc

MD5 3a85937c292233256a281f37d13c3b0e
SHA1 d626dd77723e7cf3bf9eb0ece875daf82e90ffc1
SHA256 a6940ef71c278c6dd7ad5fafa85871894cebc416304354d098ba32faf83a6449
SHA3 1fb4d6a0c94711b41c6aac2d74167886ee2d7a3452606a0ded56cc26aab54463
VirtualSize 0x3000
VirtualAddress 0x12d000
SizeOfRawData 0x2200
PointerToRawData 0x57200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.76031

.reloc

MD5 eba119a9015b959e2beab82ebdf68322
SHA1 3ef3d3eb4f4aef4dc06ffa054edd620141ab4324
SHA256 11f9d8d531e3ad55d252914b643a17437239d43b298bd0c95aef8c9e9209f3d8
SHA3 1cbb9b6305e42ab5d61adbdf8860cb16674577f507f7a844ed43961023a0cdcc
VirtualSize 0x200
VirtualAddress 0x130000
SizeOfRawData 0x200
PointerToRawData 0x59400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.227252

Imports

kernel32.dll LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
shell32.dll ShellExecuteW
version.dll GetFileVersionInfoSizeW
user32.dll CharUpperBuffW
oleaut32.dll SysAllocStringLen
msvcrt.dll memcpy
netapi32.dll NetWkstaGetInfo
advapi32.dll RegSetValueExW
winhttp.dll WinHttpGetIEProxyConfigForCurrentUser

Delayed Imports

4083

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x2ec
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

4084

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x400
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

4085

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x2a8
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

4086

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0xb8
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

4087

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0xd0
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

4088

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x354
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

4089

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x3ac
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

4090

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x354
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

4091

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x344
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

4092

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x4ec
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

4093

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x294
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

4094

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x4f8
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

4095

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x3bc
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

4096

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x414
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

DVCLAL

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x10
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

PACKAGEINFO

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x384
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

PLATFORMTARGETS

Type RT_RCDATA
Language English - United States
Codepage UNKNOWN
Size 0x2
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

RESTA

Type RT_RCDATA
Language English - United States
Codepage UNKNOWN
Size 0xa84
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 0
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x2d8
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 3.16569
MD5 14ed356419a88a10d639b7f60494812f
SHA1 e0d8e82b49583e8b592c2ec0d0e672921b122ac4
SHA256 0b9fc4b324ee81a38573e3a42f046d05592508ca8a139b358ddc7436083e5e45
SHA3 a1e55ebc74f7e22fa1abdbe40bf60bdf97e927b4a4ecfd077454b7b62f836a2d

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x4ad
TimeDateStamp 2019-Jun-23 08:15:54
Entropy 5.313
MD5 677ba397080a2b7570c6701163d99ae1
SHA1 46afdacb256a5630be6bf4958f1d1b98569c09fc
SHA256 004c7aaa322a7135b5b8c3e77235131aed6da15d2310022be766ca90170fc491
SHA3 e1c590496e844856389e762ac926d3a4c044e37d191b23232b4e7fd0309ab9dd

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.5.1.2
ProductVersion 1.7.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language French - Belgium
CompanyName indeed
FileDescription indeed
FileVersion (#2) 1.5.1.2
InternalName indeed
LegalCopyright indeed
LegalTrademarks indeed
OriginalFilename indeed
ProgramID indeed
ProductName indeed
ProductVersion (#2) 1.7.0.0
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Could not read the Delay-Load Directory Table! [!] Error: Could not read the exported DLL name. [*] Warning: Resource DVCLAL is empty! [*] Warning: Resource PACKAGEINFO is empty! [*] Warning: Resource PLATFORMTARGETS is empty! [*] Warning: Resource RESTA is empty!
<-- -->