Manalyze report for 9ee4d0a0caf095314fd7041a3e4404dc

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1987-Sep-11 01:35:02

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: \x00\x00\x00\x00t` `Unusual section name found: \x00\x00\x00\x00ta` `The PE only has 0 import(s).`
Suspicious	The file contains overlay data.	`14 bytes of data starting at offset 0x38f2.`
Malicious	VirusTotal score: 50/55 (Scanned on 2016-01-22 06:32:56)	`MicroWorld-eScan: Generic.Malware.SP!VdldPk!g.753D6A03` `nProtect: Trojan-Downloader/W32.Small.14592.C` `CMC: Generic.Win32.9ee4d0a0ca!MD` `CAT-QuickHeal: (Suspicious) - DNAScan` `McAfee: BackDoor-CHO` `Malwarebytes: Trojan.MalPack.Generic` `Zillya: Trojan.Agent.Win32.99745` `TheHacker: W32/Behav-Heuristic-061` `K7GW: Trojan ( 0036e6f71 )` `K7AntiVirus: Trojan ( 0036e6f71 )` `NANO-Antivirus: Trojan.Win32.Agent2.ycfeb` `F-Prot: W32/Backdoor.HVC` `Symantec: Backdoor.Xordoor` `ESET-NOD32: probably unknown NewHeur_PE` `TrendMicro-HouseCall: BKDR_XORDOOR.A` `Avast: Win32:Trojano-LZ [Trj]` `ClamAV: Trojan.Bagle.AH-1` `Kaspersky: Trojan-Proxy.Win32.Agent.az` `BitDefender: Generic.Malware.SP!VdldPk!g.753D6A03` `Agnitum: Trojan.PR.Agent!RLQeW2VuNyQ` `SUPERAntiSpyware: Trojan.Agent/Gen-FSG` `Tencent: Win32.Trojan-proxy.Agent.Hzdk` `Ad-Aware: Generic.Malware.SP!VdldPk!g.753D6A03` `Emsisoft: Generic.Malware.SP!VdldPk!g.753D6A03 (B)` `Comodo: TrojWare.Win32.Patched.KSU` `F-Secure: Generic.Malware.SP!VdldPk!g.753D6A03` `DrWeb: Trojan.Proxy.133` `VIPRE: Trojan.Win32.Generic!BT` `TrendMicro: BKDR_XORDOOR.A` `McAfee-GW-Edition: BehavesLike.Win32.Downloader.lc` `Sophos: Mal/Emogen-Y` `Cyren: W32/Trojan-Sml-IWW!Eldorado` `Jiangmin: TrojanProxy.Agent.cja` `Avira: TR/Proxy.Agent.AZ.7` `Antiy-AVL: Trojan[Proxy]/Win32.Agent` `Microsoft: TrojanProxy:Win32/Agent.IH` `Arcabit: Generic.Malware.SP!VdldPk!g.753D6A03` `ViRobot: Trojan.Win32.S.Agent.14592.A[h]` `AhnLab-V3: Win-Trojan/Agent.14592` `GData: Generic.Malware.SP!VdldPk!g.753D6A03` `TotalDefense: Win32/Reign.BA` `VBA32: Trojan-Proxy.Win32.Agent.az` `ALYac: Generic.Malware.SP!VdldPk!g.753D6A03` `Baidu-International: Trojan.Win32.Proxy.az` `Rising: PE:Malware.Generic/QRS!1.9E2D [F]` `Ikarus: Trojan-Proxy.Win32.Agent` `Fortinet: Iyus.CHO!tr.bdr` `AVG: Proxy.8.I` `Panda: Trj/Genetic.gen` `Qihoo-360: Malware.Radar01.Gen`

Hashes

MD5	`9ee4d0a0caf095314fd7041a3e4404dc`
SHA1	`de7389e82d11edeacdc71d2c54c811bfb16c3584`
SHA256	`675d00d4c798678e336e9dd5ddfb08daff5ede19c03f4eb6ad8533ca083f81fc`
SHA3	`fb6c501d6be1bf121557b39bdd17cc5fcffdd05a8dfcefc2258697da94ac2442`
SSDeep	`384:uVj9Mmc9Z8SfUIYVhPL2sfmqy53lEo8BXaWXgnaRJ1xMqS:Mmmc9GSfUINY78lERKy6a7`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0x4550`
e_ss	`0`
e_sp	`0x14c`
e_csum	`0x2`
e_ip	`0x5346`
e_cs	`0x2147`
e_ovno	`0`
e_oemid	`0x10b`
e_oeminfo	`0`
e_lfanew	`0xc`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`2`
TimeDateStamp	1987-Sep-11 01:35:02
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`0.0`
SizeOfCode	`0x5000`
SizeOfInitializedData	`0x6000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000F5F9 (Section: \x00\x00\x00\x00ta)`
BaseOfCode	`0x1000`
BaseOfData	`0xc`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x10000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

\x00\x00\x00\x00t

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xb000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

\x00\x00\x00\x00ta

MD5	`fa7039433a3f2862fd31dd1ef918d6a1`
SHA1	`440a915058e2502c1e6b080bdef25466b6a1f171`
SHA256	`10d59fc9384dd1948d105a7bf3cd91ae49e05930b2c589df5106e68e6e6b6834`
SHA3	`14e343404a59a6ba1d8d49603ef5c8397047a75716576edb10d386d116e5cd1e`
VirtualSize	`0x4000`
VirtualAddress	`0xc000`
SizeOfRawData	`0x36f2`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.85412`

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: The PE's sections are not aligned to its reported FileAlignment. It was almost certainly crafted manually.
[!] Error: Could not read an import's name.
[*] Warning: The PE's sections are not aligned to its reported FileAlignment. It was almost certainly crafted manually.
[!] Error: Could not reach the requested directory (offset=0x0).
[*] Warning: Section \x00\x00\x00\x00t has a size of 0!