a2611095f689fadffd3068e0d4e3e7ed

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2004-Apr-29 03:00:54

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryW
  • LoadLibraryA
 Possibly launches other programs:
  • CreateProcessA
 Can create temporary files:
  • CreateFileA
  • GetTempPathA
Malicious VirusTotal score: 61/69 (Scanned on 2018-12-16 01:13:32) Bkav: HW32.Packed.
MicroWorld-eScan: Gen:Variant.Sirefef.443
CMC: Backdoor.Win32.ZAccess!O
CAT-QuickHeal: Trojan.Sirefef.C
McAfee: ZeroAccess.hr
Cylance: Unsafe
VIPRE: Lookslike.Win32.Sirefef.qb (v)
TheHacker: Trojan/Kryptik.arff
K7GW: Trojan ( 0001140e1 )
K7AntiVirus: Trojan ( 0001140e1 )
TrendMicro: TROJ_SIREFEF.SM9
F-Prot: W32/ZAccess.H
Symantec: Trojan.Zeroaccess.C
ESET-NOD32: a variant of Win32/Kryptik.ARGF
TrendMicro-HouseCall: TROJ_SIREFEF.SM9
Paloalto: generic.ml
ClamAV: Win.Trojan.Zeroaccess-698
Kaspersky: Backdoor.Win32.ZAccess.aqep
BitDefender: Gen:Variant.Sirefef.443
NANO-Antivirus: Trojan.Win32.ZAccess.crmccz
ViRobot: Backdoor.Win32.A.ZAccess.163840.AM
SUPERAntiSpyware: Trojan.Agent/Gen-Sirefef
Avast: Win32:MalOb-LJ [Cryp]
Tencent: Win32.Trojan.Inject.Auto
Ad-Aware: Gen:Variant.Sirefef.443
Sophos: Troj/ZAccess-HJ
Comodo: Malware@#2rzyey1k5x9lq
F-Secure: Gen:Variant.Sirefef.443
DrWeb: Trojan.DownLoader7.45527
Zillya: Backdoor.ZAccess.Win32.10145
Invincea: heuristic
McAfee-GW-Edition: BehavesLike.Win32.ZeroAccess.cc
Trapmine: malicious.high.ml.score
Emsisoft: Gen:Variant.Sirefef.443 (B)
SentinelOne: static engine - malicious
Cyren: W32/Trojan.DGBX-7083
Jiangmin: Backdoor/ZAccess.hbi
Webroot: W32.Rogue.Gen
Avira: TR/Crypt.ZPACK.Gen2
Antiy-AVL: Trojan[Backdoor]/Win32.ZAccess
Microsoft: TrojanDropper:Win32/Sirefef.gen!C
Endgame: malicious (high confidence)
Arcabit: Trojan.Sirefef.443
AegisLab: Trojan.Win32.ZAccess.4!c
ZoneAlarm: Backdoor.Win32.ZAccess.aqep
GData: Gen:Variant.Sirefef.443
TACHYON: Backdoor/W32.ZAccess.163840.N
AhnLab-V3: Backdoor/Win32.ZAccess.R47373
VBA32: BScope.Backdoor.Maxplus.2613
ALYac: Gen:Variant.Sirefef.443
MAX: malware (ai score=100)
Malwarebytes: Rootkit.0Access
Rising: Backdoor.ZAccess!8.242 (CLOUD)
Yandex: Backdoor.ZAccess!quwZWCWLdhY
Ikarus: Backdoor.Win32.ZAccess
Fortinet: W32/Kryptik.ARCN!tr
AVG: Win32:MalOb-LJ [Cryp]
Cybereason: malicious.5f689f
Panda: Trj/Genetic.gen
CrowdStrike: malicious_confidence_100% (W)
Qihoo-360: HEUR/Malware.QVM20.Gen

Hashes

MD5 a2611095f689fadffd3068e0d4e3e7ed
SHA1 6d21fc25b9da49d746b2b7609a5efaed4d332e6a
SHA256 71b38f041b4a4ae169c44e3aff412e527e1156f92c27f1340a8abe70a45bee10
SHA3 5c5b773dd11d07380b6a9c285275d2676b18c26c81fecb43bd764a6c81a67366
SSDeep 3072:ZXoSYlyh1J5XILewguL87w31XnS7+tRtnuH6d:QyTJFRww72Zjtn
Imports Hash f779ba733fe09bbc41ec56db49c53fa3

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2004-Apr-29 03:00:54
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x24cb2
SizeOfInitializedData 0
SizeOfUninitializedData 0x1000
AddressOfEntryPoint 0x00003515 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x26000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x2b000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 5e69262b834114abee9a7d8250baf7d3
SHA1 05fdc33a601d2adb884f35239d39664bcdac6b74
SHA256 7797a1291206574e96cfddbb6cccde8c2ca6aca9ebdb9e68413e73223582b83a
SHA3 ed53b77b68bdebb3d31f96a572c68253bfd5efa33f97d2747121b8e9e1f2322a
VirtualSize 0x24cb2
VirtualAddress 0x1000
SizeOfRawData 0x24e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.88847

.rdata

MD5 3f1afd4ea84a703c95a8415d84760cc9
SHA1 778347aa3b1a40d9925396cde8f1bf71c034e5e6
SHA256 8ac9870b1e530079688fa192ae08d99428fc2d30fa3856e9f03fd62eb3ae4507
SHA3 c81b2538ea84704573aea33e44caf530430962ee830221f197ae98b57b00ff97
VirtualSize 0x910
VirtualAddress 0x26000
SizeOfRawData 0xa00
PointerToRawData 0x25200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.45695

.data

MD5 d946c4e00b10be82f8d142f508ece41d
SHA1 87149ca9fc689d0d02866276f9112adbdeea06f2
SHA256 e8b31e302d11fbf7da124b537ba2d44f88e165da03c6557e2b0f6dc486e025bb
SHA3 ee74e4c2e89982a65cf4783483c4ca7dde63baf3aa69044bf937130461ba2e81
VirtualSize 0x2080
VirtualAddress 0x27000
SizeOfRawData 0x2200
PointerToRawData 0x25c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.reloc

MD5 0f27e593248228cd4b18c17870637a25
SHA1 d6e8bad2af8962fd0d51eaeece3b5b4d749d5738
SHA256 e6ff9ea8dc94bf8517c9e5709b3bc7644c26ffd568e1bae3e8ddd550c3c775e4
SHA3 2c9718ad6be67687a0a7b34e164f73f66bd043471de887390ac82ec876fb7c82
VirtualSize 0xfa
VirtualAddress 0x2a000
SizeOfRawData 0x200
PointerToRawData 0x27e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.29226

Imports

OLEAUT32.dll CreateErrorInfo
DispGetIDsOfNames
BstrFromVector
OleLoadPictureEx
GetErrorInfo
KERNEL32.dll GetVersionExW
GlobalLock
GlobalAlloc
GlobalReAlloc
GetModuleHandleW
GlobalSize
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
LocalAlloc
LocalFree
CreateFileA
lstrcmpA
GetFileAttributesA
GetProcAddress
GetModuleFileNameA
GetTempPathA
DeleteFileA
CloseHandle
GetCurrentDirectoryA
GetLocalTime
FindClose
FindNextFileA
FindFirstFileA
EnumResourceLanguagesA
WideCharToMultiByte
ReadFile
WriteFile
SetFilePointer
GlobalHandle
IsDBCSLeadByte
GetModuleHandleA
VirtualProtect
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
CreateProcessA
GetTempFileNameA
HeapFree
HeapAlloc
LoadLibraryW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GlobalFree
GlobalUnlock
GetCurrentThread
lstrlenA
MulDiv
MultiByteToWideChar
FreeLibrary
RaiseException
LoadLibraryA
FormatMessageA
GetSystemDirectoryW
SETUPAPI.dll CM_Get_DevNode_Status
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
USER32 SetWindowLongA
SetWindowTextA
SendMessageA
GetDlgItem
wsprintfA
WaitForInputIdle
CharUpperA
MessageBoxA

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->