9ee4d0a0caf095314fd7041a3e4404dc

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1987-Sep-11 01:35:02

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: \x00\x00\x00\x00t
Unusual section name found: \x00\x00\x00\x00ta
The PE only has 0 import(s).
Malicious VirusTotal score: 50/55 (Scanned on 2016-01-22 06:32:56) MicroWorld-eScan: Generic.Malware.SP!VdldPk!g.753D6A03
nProtect: Trojan-Downloader/W32.Small.14592.C
CMC: Generic.Win32.9ee4d0a0ca!MD
CAT-QuickHeal: (Suspicious) - DNAScan
McAfee: BackDoor-CHO
Malwarebytes: Trojan.MalPack.Generic
Zillya: Trojan.Agent.Win32.99745
TheHacker: W32/Behav-Heuristic-061
K7GW: Trojan ( 0036e6f71 )
K7AntiVirus: Trojan ( 0036e6f71 )
NANO-Antivirus: Trojan.Win32.Agent2.ycfeb
F-Prot: W32/Backdoor.HVC
Symantec: Backdoor.Xordoor
ESET-NOD32: probably unknown NewHeur_PE
TrendMicro-HouseCall: BKDR_XORDOOR.A
Avast: Win32:Trojano-LZ [Trj]
ClamAV: Trojan.Bagle.AH-1
Kaspersky: Trojan-Proxy.Win32.Agent.az
BitDefender: Generic.Malware.SP!VdldPk!g.753D6A03
Agnitum: Trojan.PR.Agent!RLQeW2VuNyQ
SUPERAntiSpyware: Trojan.Agent/Gen-FSG
Tencent: Win32.Trojan-proxy.Agent.Hzdk
Ad-Aware: Generic.Malware.SP!VdldPk!g.753D6A03
Emsisoft: Generic.Malware.SP!VdldPk!g.753D6A03 (B)
Comodo: TrojWare.Win32.Patched.KSU
F-Secure: Generic.Malware.SP!VdldPk!g.753D6A03
DrWeb: Trojan.Proxy.133
VIPRE: Trojan.Win32.Generic!BT
TrendMicro: BKDR_XORDOOR.A
McAfee-GW-Edition: BehavesLike.Win32.Downloader.lc
Sophos: Mal/Emogen-Y
Cyren: W32/Trojan-Sml-IWW!Eldorado
Jiangmin: TrojanProxy.Agent.cja
Avira: TR/Proxy.Agent.AZ.7
Antiy-AVL: Trojan[Proxy]/Win32.Agent
Microsoft: TrojanProxy:Win32/Agent.IH
Arcabit: Generic.Malware.SP!VdldPk!g.753D6A03
ViRobot: Trojan.Win32.S.Agent.14592.A[h]
AhnLab-V3: Win-Trojan/Agent.14592
GData: Generic.Malware.SP!VdldPk!g.753D6A03
TotalDefense: Win32/Reign.BA
VBA32: Trojan-Proxy.Win32.Agent.az
ALYac: Generic.Malware.SP!VdldPk!g.753D6A03
Baidu-International: Trojan.Win32.Proxy.az
Rising: PE:Malware.Generic/QRS!1.9E2D [F]
Ikarus: Trojan-Proxy.Win32.Agent
Fortinet: Iyus.CHO!tr.bdr
AVG: Proxy.8.I
Panda: Trj/Genetic.gen
Qihoo-360: Malware.Radar01.Gen

Hashes

MD5 9ee4d0a0caf095314fd7041a3e4404dc
SHA1 de7389e82d11edeacdc71d2c54c811bfb16c3584
SHA256 675d00d4c798678e336e9dd5ddfb08daff5ede19c03f4eb6ad8533ca083f81fc
SHA3 ae75f2262067237c7c038886f9ad01026cbea07740e42bf9e438286e3a9c7144
SSDeep 384:uVj9Mmc9Z8SfUIYVhPL2sfmqy53lEo8BXaWXgnaRJ1xMqS:Mmmc9GSfUINY78lERKy6a7
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0x4550
e_ss 0
e_sp 0x14c
e_csum 0x2
e_ip 0x5346
e_cs 0x2147
e_ovno 0
e_oemid 0x10b
e_oeminfo 0
e_lfanew 0xc

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 2
TimeDateStamp 1987-Sep-11 01:35:02
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 0.0
SizeOfCode 0x5000
SizeOfInitializedData 0x6000
SizeOfUninitializedData 0
AddressOfEntryPoint 0xf5f9 (Section: \x00\x00\x00\x00ta)
BaseOfCode 0x1000
BaseOfData 0xc
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x10000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics (EMPTY)
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

\x00\x00\x00\x00t

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470
VirtualSize 0xb000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

\x00\x00\x00\x00ta

MD5 fa7039433a3f2862fd31dd1ef918d6a1
SHA1 440a915058e2502c1e6b080bdef25466b6a1f171
SHA256 10d59fc9384dd1948d105a7bf3cd91ae49e05930b2c589df5106e68e6e6b6834
SHA3 cbfe68c54c05c2bc74c926781556b12458d163a649323b09182dffeb724f4263
VirtualSize 0x4000
VirtualAddress 0xc000
SizeOfRawData 0x36f2
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.85412

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

Errors

[*] Warning: The PE's sections are not aligned to its reported FileAlignment. It was almost certainly crafted manually. [!] Error: Could not read an import's name. [*] Warning: The PE's sections are not aligned to its reported FileAlignment. It was almost certainly crafted manually. [!] Error: Could not reach the requested directory (offset=0x0). [*] Warning: Section \x00\x00\x00\x00t has a size of 0! [*] Warning: Section \x00\x00\x00\x00t has a size of 0!