a3d74dfb66d80b36d3ba750363100b75

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2015-Apr-29 15:17:40
Detected languages English - United States
Russian - Russia
CompanyName ООО Корпорация
FileDescription Описание
FileVersion 6.1.2600.0012
InternalName FDownloader
LegalCopyright © ООО Корпорация
OriginalFilename FDownloader
ProductName Загрузчик
ProductVersion 6.1.2600.0012

Plugin Output

Info Matching compiler(s): Microsoft Visual C++
Microsoft Visual C++ v6.0
Microsoft Visual C++ v5.0/v6.0 (MFC)
Suspicious The PE is possibly packed. Unusual section name found: .qdata
Unusual section name found: .data\x00\x00\x01
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Can access the registry:
  • RegCloseKey
  • RegSetValueExW
Info The PE is digitally signed. Signer: Consortium ltd.
Issuer: DigiCert SHA2 Assured ID Code Signing CA
Malicious VirusTotal score: 48/61 (Scanned on 2017-05-18 17:52:46) MicroWorld-eScan: Gen:Variant.Adware.Symmi.51539
CAT-QuickHeal: Trojan.Extenbro.18677
ALYac: Gen:Variant.Adware.Symmi.51539
Malwarebytes: Adware.ICLoader
SUPERAntiSpyware: PUP.LoadMoney/Variant
CrowdStrike: malicious_confidence_100% (D)
K7GW: Adware ( 004b73ea1 )
K7AntiVirus: Adware ( 004b73ea1 )
Invincea: virus.win32.jadtre.a!a
Baidu: Win32.Trojan.Kryptik.sz
F-Prot: W32/S-776b3e14!Eldorado
Symantec: Trojan.Gen.6
TrendMicro-HouseCall: TROJ_GEN.R00XC0PEI17
ClamAV: Win.Adware.Agent-1287372
Kaspersky: not-a-virus:AdWare.Win32.ICLoader.iti
BitDefender: Gen:Variant.Adware.Symmi.51539
NANO-Antivirus: Trojan.Win32.InstallCube.dreene
Avast: Win32:InstallCube-BV [PUP]
Ad-Aware: Gen:Variant.Adware.Symmi.51539
Sophos: ICLoader (PUA)
Comodo: Application.Win32.ICLoader.BACA
F-Secure: Gen:Variant.Adware.Symmi
DrWeb: Trojan.InstallCube.196
Zillya: Adware.ICLoaderCRT.Win32.92
McAfee-GW-Edition: BehavesLike.Win32.ICLoader.fc
Emsisoft: Gen:Variant.Adware.Symmi.51539 (B)
SentinelOne: static engine - malicious
Cyren: W32/S-776b3e14!Eldorado
Jiangmin: AdWare/ICLoader.awh
Avira: ADWARE/ICLoader.Gen4
Fortinet: W32/Kryptik.DJDR!tr
Antiy-AVL: GrayWare[AdWare]/Win32.ICLoader.iti
Endgame: malicious (high confidence)
Arcabit: Trojan.Adware.Symmi.DC953
AegisLab: AdWare.MSIL.DomaIQ.mlp7
ZoneAlarm: not-a-virus:AdWare.Win32.ICLoader.iti
Microsoft: SoftwareBundler:Win32/ICLoader
AhnLab-V3: PUP/Win32.Agent.R148042
McAfee: ICLoader
VBA32: Signed-Downware.ICloader
ESET-NOD32: Win32/Adware.ICLoader.IC
Rising: Malware.Generic.1!tfe (thunder:1:j9LCpUxK6bU)
Yandex: PUA.ICLoader!
Ikarus: PUA.ICLoader
GData: Gen:Variant.Adware.Symmi.51539
AVG: AdInstaller
Panda: Trj/Genetic.gen
Qihoo-360: Win32/Virus.Adware.656

Hashes

MD5 a3d74dfb66d80b36d3ba750363100b75
SHA1 39737fefa2bc7f4f6ba6d08bce5b20cf4a52e7d5
SHA256 a189bc68bff2fc8742c6a6749638320f8062054ab8adf6926204e75617a0df52
SHA3 7275adce0cb553efeba494318063019deea5bc0b515fae43fc5b232d18f9a1c0
SSDeep 6144:NFkLQrMQ5iz/DKzpaLsi3xZWeKP8EytCgJn5gotBpAuS8Bq3uJM:rkLQrMQ5iPSaLvTW8sa+oZABiJM
Imports Hash bb4abdb5bfab9b7023c0d5b6aac64572

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2015-Apr-29 15:17:40
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x43000
SizeOfInitializedData 0xd000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0003F348 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x44000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x51000
SizeOfHeaders 0x1000
Checksum 0x56254
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 04e88270732581ee4f463ba7a831e315
SHA1 3008404c8fe5324fb70ea4d273d6b9e500209d3b
SHA256 d7a5a46904831d4e2feea3d55bcb25d3ea33ea08d44b080e920510e13a1e86ff
SHA3 b2606655f552d4c938d6262b0aa086e96af8859c5fc1f39db9f6141245a8d0c8
VirtualSize 0x429ae
VirtualAddress 0x1000
SizeOfRawData 0x43000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.95051

.qdata

MD5 3aa855737df0f64be61f3353c3a21626
SHA1 830fdd2fb102febba9ff3657a97492aee7d6926e
SHA256 34e08d9c3241667a5e031d23d21ca1e74d7b472d7ac88d99bb77ce9d9be37e2e
SHA3 0f76c85c4af9062e3ba4971d2e01349bcdb091e9d4b1a2f4d51707bdf7d26e58
VirtualSize 0xee4
VirtualAddress 0x44000
SizeOfRawData 0x1000
PointerToRawData 0x44000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_LNK_NRELOC_OVFL
IMAGE_SCN_MEM_READ
IMAGE_SCN_TYPE_NOLOAD
Entropy 5.2476

.data\x00\x00\x01

MD5 77a885e2e2ef45965eace933d114c974
SHA1 035e87a28780170b3b6fdb1ba1e3de03e5845548
SHA256 88df51b9f4e89dd0d63ddb88fd4b6890a98cddc69ee37eeffdde83dc957aa4ab
SHA3 b0f0ef133e8fc0867f5dfd982561a719020df546b41f638756502b1071af02e9
VirtualSize 0x471c
VirtualAddress 0x45000
SizeOfRawData 0x3000
PointerToRawData 0x45000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.619167

.rsrc

MD5 4ef8bc1631279797d1b63c76e90d630d
SHA1 af8ef6ed9600bf151446b24985189ae8046d96d5
SHA256 9197ad9060a85aaae035a155118825f1fbbd11fd677f32cf7a1110fb8bbae6f5
SHA3 420d834c01037a47c098b6a7d743bb018de05f254cd0a542e52a5998a88bfdaa
VirtualSize 0x69b8
VirtualAddress 0x4a000
SizeOfRawData 0x7000
PointerToRawData 0x48000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.70648

Imports

COMCTL32.dll #17
VERSION.dll VerQueryValueW
KERNEL32.dll GetVersion
GetModuleHandleW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
GetCommandLineW
WriteFile
VirtualAlloc
CreateFileA
ReadFile
lstrcmpiA
LockResource
TlsSetValue
GetLastError
CreateFileMappingA
FileTimeToDosDateTime
EnumCalendarInfoA
CreateEventA
CompareStringA
CloseHandle
GetCurrentProcess
GetUserDefaultLangID
QueryPerformanceCounter
CreateThread
SetErrorMode
GetModuleHandleA
MultiByteToWideChar
SetFilePointer
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapAlloc
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
GetStringTypeW
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
ExitProcess
TlsGetValue
GetStartupInfoA
DeleteFileW
GetVersionExA
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
TerminateProcess
HeapFree
GetProcAddress
GetCommandLineA
LCMapStringW
GetStringTypeA
LCMapStringA
USER32.dll EndPaint
CreateWindowExA
GetSystemMetrics
MessageBoxA
CreateDialogParamA
ShowWindow
RegisterClipboardFormatA
CharNextA
LoadStringA
GetKeyboardType
GetScrollPos
PtInRect
RemoveMenu
GetClientRect
RegisterClassExA
EndDialog
DialogBoxParamA
GDI32.dll TextOutW
Rectangle
comdlg32.dll ChooseFontA
GetOpenFileNameA
FindTextW
GetSaveFileNameA
ADVAPI32.dll GetUserNameA
AllocateAndInitializeSid
RegCloseKey
RegSetValueExW
SHELL32.dll StrStrIA
ole32.dll CoInitialize
CoTaskMemAlloc
CoUninitialize
OLEAUT32.dll #175

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.32398
MD5 61b537e9694adc424f6e5b577100d84e
SHA1 a42887d811efe6bfa2f4a1937a7a294e62a6a1a8
SHA256 873de50ce3936c17cd2c8cec8763789ed47ce4ee979e43f6da3c7a97b822b100
SHA3 10faac76481abb24c277ac8ca0d2a9161b29fe6e27eb85a008b9f9ff2833e438

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.83211
MD5 671dd025a01658bc17d623226dea0feb
SHA1 017150eaa6133fcd9eb1ebad952582d95b01e177
SHA256 98db7e41a33c96ccc60b0debae0c9c7e5abed4ec604eb770eb0173c4a42c6379
SHA3 06be1ce74ba435c383227fb6d0f715e42c0315e08afafede33a3f93db448e143

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.13379
MD5 8953d930aaf85b820cf19a35f9e28d3d
SHA1 d562bb54c6d20fa6c530ecc7f2751107ea1f8b96
SHA256 b452b03062ddd5c2e1e72f9bd51a45f551aed3e5ac741e55e91510569b9aa70f
SHA3 b97a25169454a59edff9ce7c07f0d5f6e5963e7c13fa00563fed5333e7af5760

4

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.25747
MD5 5354c7066a7bae6777668bbe77ce5329
SHA1 5a0dde8e03433105266b6c561e3f59251bed9d4a
SHA256 d914193208662784ad38cf883eebe2a65d186ce6f6af9b69d1fceb290409806f
SHA3 4860fa68862c43a4180d340bd45097a66e1f479569f53fa4596330beab3fb0af

5

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.77753
MD5 ad2a24aa2e8c301cbc9079e7d4356d3c
SHA1 cb9cedd207f4f064240dcb2897c4b002a90c6bc8
SHA256 220aee9709be47e843bf9286338e109775f324be6b41adec9d9269e14f1b7dd2
SHA3 d0b8cf89fab340c801d95f7c1aaccb1b3d71a893a4f98d59709fc99620f584a0

MAINICON

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x30
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.50016
Detected Filetype Icon file
MD5 cbb5e98bc6f602fa33226e9855c470b9
SHA1 5071ae4f377f2871312db58d780103c0dc1ee3d7
SHA256 eb1d25243ea4e9b60ccffd55dc287a2201689aa6a43eb840f01062c9338b0004
SHA3 bb9a1bb4e586cbb19a837f3cebff51056dfa2fb754ecd8795a9d6e6abf162780

138

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.9815
Detected Filetype Icon file
MD5 40c1414025bcc34e7ba97fd22bc9f5a4
SHA1 b53a6a13513b5205cef6fc6d7556ad80d8b62173
SHA256 d6659139f55adad2497df8d1a11fcd68324a00ccdadbc133ddd49fb79e9ccc1c
SHA3 88c00f73975983695c16e34c6a1750573250999152f5399a198b799e76349720

150

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.0815
Detected Filetype Icon file
MD5 9b2193af49fdb53892356f594e9f18b9
SHA1 448aa28721dd65475b37505de8140d88d5aa1501
SHA256 9b8ca9c6a330d0d17d1108ab5442d60ea574817a65caa860cceb24313cc4f0e4
SHA3 46527c3333b02958fd025cfdaa12d481f8505aa77c1cd0b5f15348e870530116

1 (#2)

Type RT_VERSION
Language Russian - Russia
Codepage UNKNOWN
Size 0x2c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.77019
MD5 5a019dca6e829e7e5751bee2f96f528d
SHA1 5deec018a3b4ff388b4205577d21544adbb1cc5c
SHA256 46f282fcab11b30be9051d30551d7669ff862d9beae16a5bba9ba9f50b293d26
SHA3 ba1596cbd11ca7abf7ccebeba7a5a7c05a9b87510edd3f0aeec66d1dff8fa8ab

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x42c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.33361
MD5 fa140205692392be88038eaba9ca7910
SHA1 4ede0ea94437564dc9b1d1d989e3116e92a1a4dc
SHA256 1f4b3a5657ae0d8242461a11cb08b8adf8e46a21fb612336311fcba10faccb61
SHA3 c72a92379b693f109c695e4e9511e110aa78840b4f2d31bc63ef1a9ff674e88d

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 5.1.2600.5512
ProductVersion 5.1.2600.5512
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language Russian - Russia
CompanyName ООО Корпорация
FileDescription Описание
FileVersion (#2) 6.1.2600.0012
InternalName FDownloader
LegalCopyright © ООО Корпорация
OriginalFilename FDownloader
ProductName Загрузчик
ProductVersion (#2) 6.1.2600.0012
Resource LangID Russian - Russia

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x1d929e27
Unmarked objects 0
14 (7299) 12
C objects (VS98 SP6 build 8804) 47
19 (8022) 3
Total imports 111
19 (8034) 16
Unmarked objects (#2) 4
C++ objects (VS98 SP6 build 8804) 3
Resource objects (VS98 SP6 cvtres build 1736) 1

Errors

<-- -->