Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2015-Apr-29 15:17:40 |
Detected languages |
English - United States
Russian - Russia |
CompanyName | ООО Корпорация |
FileDescription | Описание |
FileVersion | 6.1.2600.0012 |
InternalName | FDownloader |
LegalCopyright | © ООО Корпорация |
OriginalFilename | FDownloader |
ProductName | Загрузчик |
ProductVersion | 6.1.2600.0012 |
Info | Matching compiler(s): |
Microsoft Visual C++
Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
Suspicious | The PE is possibly packed. |
Unusual section name found: .qdata
Unusual section name found: .data\x00\x00\x01 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Consortium ltd.
Issuer: DigiCert SHA2 Assured ID Code Signing CA |
Malicious | VirusTotal score: 48/61 (Scanned on 2017-05-18 17:52:46) |
MicroWorld-eScan:
Gen:Variant.Adware.Symmi.51539
CAT-QuickHeal: Trojan.Extenbro.18677 ALYac: Gen:Variant.Adware.Symmi.51539 Malwarebytes: Adware.ICLoader SUPERAntiSpyware: PUP.LoadMoney/Variant CrowdStrike: malicious_confidence_100% (D) K7GW: Adware ( 004b73ea1 ) K7AntiVirus: Adware ( 004b73ea1 ) Invincea: virus.win32.jadtre.a!a Baidu: Win32.Trojan.Kryptik.sz F-Prot: W32/S-776b3e14!Eldorado Symantec: Trojan.Gen.6 TrendMicro-HouseCall: TROJ_GEN.R00XC0PEI17 ClamAV: Win.Adware.Agent-1287372 Kaspersky: not-a-virus:AdWare.Win32.ICLoader.iti BitDefender: Gen:Variant.Adware.Symmi.51539 NANO-Antivirus: Trojan.Win32.InstallCube.dreene Avast: Win32:InstallCube-BV [PUP] Ad-Aware: Gen:Variant.Adware.Symmi.51539 Sophos: ICLoader (PUA) Comodo: Application.Win32.ICLoader.BACA F-Secure: Gen:Variant.Adware.Symmi DrWeb: Trojan.InstallCube.196 Zillya: Adware.ICLoaderCRT.Win32.92 McAfee-GW-Edition: BehavesLike.Win32.ICLoader.fc Emsisoft: Gen:Variant.Adware.Symmi.51539 (B) SentinelOne: static engine - malicious Cyren: W32/S-776b3e14!Eldorado Jiangmin: AdWare/ICLoader.awh Avira: ADWARE/ICLoader.Gen4 Fortinet: W32/Kryptik.DJDR!tr Antiy-AVL: GrayWare[AdWare]/Win32.ICLoader.iti Endgame: malicious (high confidence) Arcabit: Trojan.Adware.Symmi.DC953 AegisLab: AdWare.MSIL.DomaIQ.mlp7 ZoneAlarm: not-a-virus:AdWare.Win32.ICLoader.iti Microsoft: SoftwareBundler:Win32/ICLoader AhnLab-V3: PUP/Win32.Agent.R148042 McAfee: ICLoader VBA32: Signed-Downware.ICloader ESET-NOD32: Win32/Adware.ICLoader.IC Rising: Malware.Generic.1!tfe (thunder:1:j9LCpUxK6bU) Yandex: PUA.ICLoader! Ikarus: PUA.ICLoader GData: Gen:Variant.Adware.Symmi.51539 AVG: AdInstaller Panda: Trj/Genetic.gen Qihoo-360: Win32/Virus.Adware.656 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2015-Apr-29 15:17:40 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x43000 |
SizeOfInitializedData | 0xd000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0003F348 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x44000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x51000 |
SizeOfHeaders | 0x1000 |
Checksum | 0x56254 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
COMCTL32.dll |
#17
|
---|---|
VERSION.dll |
VerQueryValueW
|
KERNEL32.dll |
GetVersion
GetModuleHandleW GetSystemTimeAsFileTime GetCurrentThreadId GetTickCount GetCommandLineW WriteFile VirtualAlloc CreateFileA ReadFile lstrcmpiA LockResource TlsSetValue GetLastError CreateFileMappingA FileTimeToDosDateTime EnumCalendarInfoA CreateEventA CompareStringA CloseHandle GetCurrentProcess GetUserDefaultLangID QueryPerformanceCounter CreateThread SetErrorMode GetModuleHandleA MultiByteToWideChar SetFilePointer SetEndOfFile LoadLibraryA GetOEMCP GetACP GetCPInfo FlushFileBuffers SetStdHandle HeapReAlloc HeapAlloc RtlUnwind VirtualFree HeapCreate HeapDestroy GetEnvironmentVariableA GetFileType GetStdHandle GetStringTypeW SetHandleCount GetEnvironmentStringsW GetEnvironmentStrings WideCharToMultiByte FreeEnvironmentStringsW ExitProcess TlsGetValue GetStartupInfoA DeleteFileW GetVersionExA FreeEnvironmentStringsA GetModuleFileNameA UnhandledExceptionFilter TerminateProcess HeapFree GetProcAddress GetCommandLineA LCMapStringW GetStringTypeA LCMapStringA |
USER32.dll |
EndPaint
CreateWindowExA GetSystemMetrics MessageBoxA CreateDialogParamA ShowWindow RegisterClipboardFormatA CharNextA LoadStringA GetKeyboardType GetScrollPos PtInRect RemoveMenu GetClientRect RegisterClassExA EndDialog DialogBoxParamA |
GDI32.dll |
TextOutW
Rectangle |
comdlg32.dll |
ChooseFontA
GetOpenFileNameA FindTextW GetSaveFileNameA |
ADVAPI32.dll |
GetUserNameA
AllocateAndInitializeSid RegCloseKey RegSetValueExW |
SHELL32.dll |
StrStrIA
|
ole32.dll |
CoInitialize
CoTaskMemAlloc CoUninitialize |
OLEAUT32.dll |
#175
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 5.1.2600.5512 |
ProductVersion | 5.1.2600.5512 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | Russian - Russia |
CompanyName | ООО Корпорация |
FileDescription | Описание |
FileVersion (#2) | 6.1.2600.0012 |
InternalName | FDownloader |
LegalCopyright | © ООО Корпорация |
OriginalFilename | FDownloader |
ProductName | Загрузчик |
ProductVersion (#2) | 6.1.2600.0012 |
Resource LangID | Russian - Russia |
---|
XOR Key | 0x1d929e27 |
---|---|
Unmarked objects | 0 |
14 (7299) | 12 |
C objects (VS98 SP6 build 8804) | 47 |
19 (8022) | 3 |
Total imports | 111 |
19 (8034) | 16 |
Unmarked objects (#2) | 4 |
C++ objects (VS98 SP6 build 8804) | 3 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |