Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2004-Apr-29 03:00:54 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 61/69 (Scanned on 2018-12-16 01:13:32) |
Bkav:
HW32.Packed.
MicroWorld-eScan: Gen:Variant.Sirefef.443 CMC: Backdoor.Win32.ZAccess!O CAT-QuickHeal: Trojan.Sirefef.C McAfee: ZeroAccess.hr Cylance: Unsafe VIPRE: Lookslike.Win32.Sirefef.qb (v) TheHacker: Trojan/Kryptik.arff K7GW: Trojan ( 0001140e1 ) K7AntiVirus: Trojan ( 0001140e1 ) TrendMicro: TROJ_SIREFEF.SM9 F-Prot: W32/ZAccess.H Symantec: Trojan.Zeroaccess.C ESET-NOD32: a variant of Win32/Kryptik.ARGF TrendMicro-HouseCall: TROJ_SIREFEF.SM9 Paloalto: generic.ml ClamAV: Win.Trojan.Zeroaccess-698 Kaspersky: Backdoor.Win32.ZAccess.aqep BitDefender: Gen:Variant.Sirefef.443 NANO-Antivirus: Trojan.Win32.ZAccess.crmccz ViRobot: Backdoor.Win32.A.ZAccess.163840.AM SUPERAntiSpyware: Trojan.Agent/Gen-Sirefef Avast: Win32:MalOb-LJ [Cryp] Tencent: Win32.Trojan.Inject.Auto Ad-Aware: Gen:Variant.Sirefef.443 Sophos: Troj/ZAccess-HJ Comodo: Malware@#2rzyey1k5x9lq F-Secure: Gen:Variant.Sirefef.443 DrWeb: Trojan.DownLoader7.45527 Zillya: Backdoor.ZAccess.Win32.10145 Invincea: heuristic McAfee-GW-Edition: BehavesLike.Win32.ZeroAccess.cc Trapmine: malicious.high.ml.score Emsisoft: Gen:Variant.Sirefef.443 (B) SentinelOne: static engine - malicious Cyren: W32/Trojan.DGBX-7083 Jiangmin: Backdoor/ZAccess.hbi Webroot: W32.Rogue.Gen Avira: TR/Crypt.ZPACK.Gen2 Antiy-AVL: Trojan[Backdoor]/Win32.ZAccess Microsoft: TrojanDropper:Win32/Sirefef.gen!C Endgame: malicious (high confidence) Arcabit: Trojan.Sirefef.443 AegisLab: Trojan.Win32.ZAccess.4!c ZoneAlarm: Backdoor.Win32.ZAccess.aqep GData: Gen:Variant.Sirefef.443 TACHYON: Backdoor/W32.ZAccess.163840.N AhnLab-V3: Backdoor/Win32.ZAccess.R47373 VBA32: BScope.Backdoor.Maxplus.2613 ALYac: Gen:Variant.Sirefef.443 MAX: malware (ai score=100) Malwarebytes: Rootkit.0Access Rising: Backdoor.ZAccess!8.242 (CLOUD) Yandex: Backdoor.ZAccess!quwZWCWLdhY Ikarus: Backdoor.Win32.ZAccess Fortinet: W32/Kryptik.ARCN!tr AVG: Win32:MalOb-LJ [Cryp] Cybereason: malicious.5f689f Panda: Trj/Genetic.gen CrowdStrike: malicious_confidence_100% (W) Qihoo-360: HEUR/Malware.QVM20.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2004-Apr-29 03:00:54 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x24cb2 |
SizeOfInitializedData | 0 |
SizeOfUninitializedData | 0x1000 |
AddressOfEntryPoint | 0x00003515 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x26000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x2b000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
OLEAUT32.dll |
CreateErrorInfo
DispGetIDsOfNames BstrFromVector OleLoadPictureEx GetErrorInfo |
---|---|
KERNEL32.dll |
GetVersionExW
GlobalLock GlobalAlloc GlobalReAlloc GetModuleHandleW GlobalSize FreeResource SizeofResource LockResource LoadResource FindResourceA LocalAlloc LocalFree CreateFileA lstrcmpA GetFileAttributesA GetProcAddress GetModuleFileNameA GetTempPathA DeleteFileA CloseHandle GetCurrentDirectoryA GetLocalTime FindClose FindNextFileA FindFirstFileA EnumResourceLanguagesA WideCharToMultiByte ReadFile WriteFile SetFilePointer GlobalHandle IsDBCSLeadByte GetModuleHandleA VirtualProtect QueryPerformanceCounter GetCurrentThreadId GetCurrentProcessId GetSystemTimeAsFileTime GetProcessHeap CreateProcessA GetTempFileNameA HeapFree HeapAlloc LoadLibraryW InterlockedExchange Sleep InterlockedCompareExchange GetStartupInfoA TerminateProcess GetCurrentProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent GetLastError GlobalFree GlobalUnlock GetCurrentThread lstrlenA MulDiv MultiByteToWideChar FreeLibrary RaiseException LoadLibraryA FormatMessageA GetSystemDirectoryW |
SETUPAPI.dll |
CM_Get_DevNode_Status
SetupDiGetDeviceRegistryPropertyW CMP_WaitNoPendingInstallEvents |
USER32 |
SetWindowLongA
SetWindowTextA SendMessageA GetDlgItem wsprintfA WaitForInputIdle CharUpperA MessageBoxA |