a1923d73b0488e0ab174bf759580f7ef

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2007-Feb-08 17:25:24

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ v7.1 EXE
Microsoft Visual Basic v5.0 - v6.0
Microsoft Visual C++ v7.1 DLL
Malicious VirusTotal score: 40/56 (Scanned on 2017-01-20 04:40:46) MicroWorld-eScan: Gen:Variant.EquationDrug.1
McAfee: Trojan-Equated
AegisLab: Uds.Dangerousobject.Multi!c
K7GW: Trojan ( 005026921 )
K7AntiVirus: Trojan ( 005026921 )
Arcabit: Trojan.EquationDrug.1
Cyren: W32/Trojan.FAUT-4299
Symantec: ML.Relationship.HighConfidence [Trojan.Equdrug]
TrendMicro-HouseCall: TROJ_EQUATED.E
Avast: Win32:Malware-gen
ClamAV: Win.Malware.Agent-5580382-0
Kaspersky: Trojan.Win32.EquationDrug.x
BitDefender: Gen:Variant.EquationDrug.1
NANO-Antivirus: Trojan.Win32.EquationDrug.ekktsc
Rising: Trojan.EquationDrug!8.4782-SGeywrgSxhV (cloud)
Ad-Aware: Gen:Variant.EquationDrug.1
Emsisoft: Gen:Variant.EquationDrug.1 (B)
F-Secure: Gen:Variant.EquationDrug.1
DrWeb: Trojan.EquationDrug.45
VIPRE: Trojan.Win32.Generic!BT
TrendMicro: TROJ_EQUATED.E
McAfee-GW-Edition: Trojan-Equated
Sophos: Troj/Eqdrug-N
Jiangmin: Trojan.EquationDrug.y
Avira: TR/Equdrug.ME.209
Antiy-AVL: Trojan/Win32.EquationDrug
Microsoft: HackTool:Win32/Eqtonex!dha
ViRobot: Trojan.Win32.S.EqDrug.86016.D[h]
GData: Gen:Variant.EquationDrug.1
AhnLab-V3: Trojan/Win32.EquationDrug.C1748909
ALYac: Trojan.EquationDrug
AVware: Trojan.Win32.Generic!BT
ESET-NOD32: a variant of Win32/Equdrug.G
Tencent: Win32.Trojan.Equationdrug.Llgs
Yandex: Trojan.EquationDrug!
Ikarus: Trojan.Win32.Equdrug
Fortinet: W32/Equdrug.G!tr
AVG: Atros4.BYPZ
Panda: Trj/GdSda.A
Qihoo-360: Trojan.Generic

Hashes

MD5 a1923d73b0488e0ab174bf759580f7ef
SHA1 68f0b95c2d5d1d9ea8e14a6659432c8cd38b5534
SHA256 dfb38ed2ca3870faf351df1bd447a3dc4470ed568553bf83df07bf07967bf520
SHA3 79344f076736a28dd8e811363137e55e21d05abe3ee8631c1693fae72dabb0cb
SSDeep 768:/d3DyW7ER84DkoEzz6IsuwpknEONJ1/j3ILiK7:/JDILkzuIsVknNbWL5
Imports Hash 8ddd1444e3746cb74feefcffafdc0a1e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2007-Feb-08 17:25:24
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 7.0
SizeOfCode 0x5000
SizeOfInitializedData 0xf000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00003454 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x6000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x15000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1038b3662a99b732de337769a8ae6b36
SHA1 415e9ba0dbce4153723ae342640507316f934887
SHA256 dd2d41da8e4afe24f28bcea14a48774ceeac7a4ec1d9ffdb4bf7578be0ba33b0
SHA3 720f8676f583d74ed3b660600a5f513cea91d3407d241a23874789e58893e6d1
VirtualSize 0x4a30
VirtualAddress 0x1000
SizeOfRawData 0x5000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.94019

.rdata

MD5 493e2d5ee95ea26259f0351c467cc085
SHA1 3734c1fe8f39dcbc4b9714c34128fb348e2ea85e
SHA256 083425f624d5576f5b97fb53237038692469a21e54d877689ddccf5274d23f22
SHA3 a609c6071e8d89598d59ed2e32fb03e1300a8e8785599314fc3e5b635697c4f7
VirtualSize 0xb61e
VirtualAddress 0x6000
SizeOfRawData 0xc000
PointerToRawData 0x6000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.33489

.data

MD5 bb4bb17d0bab3db2b92ab334c138e5b8
SHA1 a90964c17fdc6c8cdd0cdc5770f3fe884efb33ec
SHA256 dfec576e82b4972bf61cf05340a558e127b283960b8768123da44710b8a44c5e
SHA3 b833fe933368bae9fe90658b49482e8388e548ff036e20294d97ecdc0d30be85
VirtualSize 0x100
VirtualAddress 0x12000
SizeOfRawData 0x1000
PointerToRawData 0x12000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.357143

.reloc

MD5 a7989b0298bb6bf67d168d48436ce8f1
SHA1 f89cd6f92ad31b95367f49e0f2bc97a739b640a6
SHA256 c36ed495ff4c3fe87c8429eb8db22a71769906fb2717dc7e6ffe4d5e9f528664
SHA3 6bd46c4268b672999de4297200631b2b4ae85068620d47b826b2560456b9e56f
VirtualSize 0x138c
VirtualAddress 0x13000
SizeOfRawData 0x2000
PointerToRawData 0x13000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.49878

Imports

MSVCP71.dll ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Nomemory@std@@YAXXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?reserve@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
KERNEL32.dll WaitForSingleObject
CloseHandle
CreateMutexA
FormatMessageW
WideCharToMultiByte
MultiByteToWideChar
DisableThreadLibraryCalls
ReleaseMutex
MSVCR71.dll _CxxThrowException
free
strlen
malloc
wcslen
_vsnwprintf
memcpy
wcscpy
memset
_except_handler3
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
__dllonexit
_onexit
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_snwprintf
??_V@YAXPAX@Z
iswalnum
iswalpha
gmtime
time
_callnewh

Delayed Imports

Ordinal 1
Address 0x1914

(#2)

Ordinal 2
Address 0x331a

(#3)

Ordinal 3
Address 0x1000

(#4)

Ordinal 4
Address 0x579c

Version Info

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x100120c0
SEHandlerTable 0x100105b0
SEHandlerCount 22

RICH Header

XOR Key 0x1a82bba1
Unmarked objects 0
C objects (VS2003 (.NET) build 3077) 6
ASM objects (VS2003 (.NET) build 3077) 4
Imports (2179) 2
Total imports 107
Imports (VS2003 (.NET) build 3077) 5
C++ objects (VS2003 (.NET) build 3077) 8
C++ objects (VS2003 (.NET) SP1 build 6030) 13
Exports (VS2003 (.NET) SP1 build 6030) 1
Linker (VS2003 (.NET) SP1 build 6030) 1

Errors

<-- -->