Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2011-Jun-30 20:47:55 |
Detected languages |
English - United States
|
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES Uses constants related to Blowfish Microsoft's Cryptography API |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 22/70 (Scanned on 2023-05-21 07:38:47) |
FireEye:
Generic.mg.b4af9d42196cc773
Malwarebytes: Malware.AI.3800302863 K7AntiVirus: Unwanted-Program ( 0055f3201 ) K7GW: Unwanted-Program ( 0055f3201 ) BitDefenderTheta: Gen:NN.ZexaF.36196.LzW@aalyECfi Elastic: malicious (moderate confidence) ESET-NOD32: a variant of Win32/NetTool.Ncat.B potentially unsafe Kaspersky: not-a-virus:RemoteAdmin.Win32.NetCat.bns NANO-Antivirus: Trojan.Win32.Mlw.ivbbwt Tencent: Malware.Win32.Gencirc.10bea1ca Zillya: Trojan.Cimag.Win32.5300 Sophos: Generic Reputation PUA (PUA) Jiangmin: Trojan.Generic.aixtw Gridinsoft: Risk.Win32.RemoteAdmin.vb!s1 ZoneAlarm: not-a-virus:RemoteAdmin.Win32.NetCat.bns VBA32: BScope.Trojan.Swrort Cylance: unsafe Rising: Trojan.Generic@AI.81 (RDML:X9d56K5P5beHaERsHUvY3A) Yandex: Trojan.Swrort!uXkeQ613Jro Fortinet: Riskware/NetTool_Ncat DeepInstinct: MALICIOUS CrowdStrike: win/grayware_confidence_100% (D) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2011-Jun-30 20:47:55 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x134a00 |
SizeOfInitializedData | 0x67e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000C25B7 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x136000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x1a1000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.DLL |
GetFileInformationByHandle
GetFullPathNameA FlushFileBuffers GetEnvironmentStringsW FreeEnvironmentStringsW SetFilePointer CreateFileW RtlUnwind HeapSize GetLocaleInfoW GetCurrentDirectoryW DeleteCriticalSection GetStartupInfoW SetHandleCount LoadLibraryW LCMapStringW IsValidCodePage GetOEMCP GetACP SetCurrentDirectoryW GetStringTypeW GetUserDefaultLCID GetLocaleInfoA GetCPInfo HeapDestroy HeapCreate IsProcessorFeaturePresent IsDebuggerPresent EnumSystemLocalesA IsValidLocale CompareStringW SetEnvironmentVariableA SetEndOfFile GetProcessHeap GetDriveTypeW FindNextFileA FatalAppExitA GetVersion FreeLibrary GetProcAddress LoadLibraryA GetSystemDirectoryA ReleaseMutex WaitForSingleObject CreateMutexA CreateProcessA GetStdHandle SetHandleInformation CreateFileA CloseHandle CreateNamedPipeA GetLastError CreatePipe TerminateProcess GetExitCodeProcess ExitProcess GetOverlappedResult WriteFile ResetEvent WaitForMultipleObjects ReadFile CreateThread GetModuleFileNameA GetModuleHandleA FormatMessageA DuplicateHandle GetCurrentProcess Sleep SetStdHandle PeekNamedPipe GetCurrentThreadId FindFirstFileA GetFileType MultiByteToWideChar GetTickCount QueryPerformanceCounter GetCurrentProcessId GlobalMemoryStatus GetVersionExA FlushConsoleInputBuffer SetLastError HeapFree WriteConsoleW GetModuleFileNameW EnterCriticalSection LeaveCriticalSection GetModuleHandleW DecodePointer EncodePointer SetConsoleCtrlHandler HeapAlloc InterlockedExchange WideCharToMultiByte GetConsoleCP GetConsoleMode GetCommandLineA HeapSetInformation HeapReAlloc GetFileAttributesA FindClose FileTimeToSystemTime FileTimeToLocalFileTime GetDriveTypeA FindFirstFileExA GetTimeZoneInformation GetSystemTimeAsFileTime InitializeCriticalSectionAndSpinCount ReadConsoleInputA SetConsoleMode PeekConsoleInputA GetNumberOfConsoleInputEvents TlsAlloc TlsGetValue TlsSetValue TlsFree InterlockedIncrement InterlockedDecrement GetCurrentThread UnhandledExceptionFilter SetUnhandledExceptionFilter |
---|---|
ADVAPI32.dll |
CryptReleaseContext
CryptAcquireContextA RegisterEventSourceA ReportEventA DeregisterEventSource CryptGenRandom |
GDI32.dll |
SelectObject
CreateCompatibleBitmap BitBlt GetBitmapBits DeleteObject DeleteDC GetDeviceCaps CreateCompatibleDC GetObjectA CreateDCA |
USER32.dll |
MessageBoxA
GetDesktopWindow GetProcessWindowStation GetUserObjectInformationW |
WS2_32.dll |
ioctlsocket
WSASocketA getsockopt sendto getsockname WSAStartup bind ntohl gethostname socket setsockopt recvfrom listen connect WSACreateEvent WSAEventSelect WSACloseEvent shutdown select recv WSASetLastError ntohs getservbyport gethostbyaddr htons getservbyname htonl inet_ntoa gethostbyname WSAGetLastError inet_addr send accept closesocket __WSAFDIsSet getpeername |
XOR Key | 0x690d6ee2 |
---|---|
Unmarked objects | 0 |
152 (20115) | 3 |
ASM objects (VS2010 build 30319) | 47 |
Total imports | 176 |
Imports (VS2008 SP1 build 30729) | 11 |
C objects (VS2008 SP1 build 30729) | 1 |
C objects (VS2010 build 30319) | 619 |
C++ objects (VS2010 build 30319) | 74 |
Resource objects (VS2010 build 30319) | 1 |
Linker (VS2010 build 30319) | 1 |