Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2011-Nov-08 23:03:23 |
Detected languages |
English - United States
|
Info | Matching compiler(s): |
Microsoft Visual C++
Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
Suspicious | The PE is packed or was manually edited. | The number of imports reported in the RICH header is inconsistent. |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 29/68 (Scanned on 2023-02-16 00:13:29) |
Lionic:
Trojan.Win32.Generic.4!c
Elastic: malicious (high confidence) FireEye: Generic.mg.a9a2734d080e3ae0 Zillya: Adware.OpenCandy.Win32.1375 Sangfor: Trojan.Win32.Agent.V3td Alibaba: Trojan:Win32/Generic.774eab6b CrowdStrike: win/malicious_confidence_100% (W) VirIT: Trojan.Win32.Pakes2_c.LJB Symantec: ML.Attribute.HighConfidence ESET-NOD32: a variant of Generik.HKQROYL Paloalto: generic.ml NANO-Antivirus: Trojan.Win32.Waski.fbctie Avast: Win32:Malware-gen DrWeb: Trojan.Siggen8.12456 Trapmine: suspicious.low.ml.score Ikarus: Trojan.SuspectCRC GData: Win32.Trojan.Agent.RADOY8 Webroot: W32.Malware.Dkvt Avira: TR/Dldr.Waski.32768 Antiy-AVL: Trojan/Win32.SGeneric Xcitium: Malware@#3r1hyjlvxbmoy Google: Detected BitDefenderTheta: Gen:NN.ZexaF.36276.cqW@aeY4zWni VBA32: suspected of Trojan.Downloader.gen TrendMicro-HouseCall: TROJ_GEN.R002H0CEQ21 Rising: Trojan.Occamy!8.F1CD (TFE:5:QaWfW4kmgpV) Fortinet: Generik.HKQROYL!tr AVG: Win32:Malware-gen Cybereason: malicious.990e9f |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2011-Nov-08 23:03:23 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x4000 |
SizeOfInitializedData | 0x4000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001681 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x5000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x9000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
LockResource
LoadResource GlobalAlloc SizeofResource FindResourceA GetModuleHandleA Sleep GetStringTypeW GetStringTypeA LCMapStringW LCMapStringA MultiByteToWideChar FlushFileBuffers SetStdHandle LoadLibraryA GetProcAddress GetCommandLineA GetVersion ExitProcess TerminateProcess GetCurrentProcess UnhandledExceptionFilter GetModuleFileNameA FreeEnvironmentStringsA FreeEnvironmentStringsW WideCharToMultiByte GetEnvironmentStrings GetEnvironmentStringsW SetHandleCount GetStdHandle GetFileType GetStartupInfoA HeapDestroy HeapCreate VirtualFree HeapFree RtlUnwind WriteFile GetLastError SetFilePointer HeapAlloc GetCPInfo GetACP GetOEMCP VirtualAlloc HeapReAlloc CloseHandle |
---|---|
WS2_32.dll |
WSACleanup
gethostname WSAStartup |
WININET.dll |
InternetOpenA
InternetOpenUrlA InternetCloseHandle InternetReadFile |
XOR Key | 0x4ce50579 |
---|---|
Unmarked objects | 0 |
C++ objects (VS98 build 8168) | 1 |
C objects (VS98 build 8168) | 43 |
14 (7299) | 11 |
Unmarked objects (#2) | 6 |
19 (8034) | 5 |
Total imports | 51 |
C++ objects (VS98 build 8168) (#2) | 1 |
Resource objects (VS98 cvtres build 1720) | 1 |