Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2010-Jan-18 02:18:34 |
Malicious | The file headers were tampered with. |
Unusual section name found: CRT
The PE only has 2 import(s). The RICH header checksum is invalid. |
Malicious | VirusTotal score: 48/66 (Scanned on 2017-11-17 21:11:46) |
MicroWorld-eScan:
Trojan.Generic.7703560
CMC: Trojan.Win64.Pakes!O McAfee: Artemis!B6C9FDB500AB Cylance: Unsafe Zillya: Trojan.Kryptik.Win64.108 K7GW: Trojan ( 0046a4201 ) K7AntiVirus: Trojan ( 0046a4201 ) Invincea: heuristic Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9928 Symantec: Trojan.Gen ESET-NOD32: a variant of Win64/Kryptik.B TrendMicro-HouseCall: TROJ_GEN.R047C0DGL17 Paloalto: generic.ml Kaspersky: Trojan.Win64.Pakes.e BitDefender: Trojan.Generic.7703560 NANO-Antivirus: Trojan.Win64.Rodricter.vccnn AegisLab: Troj.Win64.Pakes.e!c Avast: FileRepMetagen [Malware] Tencent: Win64.Trojan.Pakes.Phgj Ad-Aware: Trojan.Generic.7703560 Sophos: Mal/Generic-S Comodo: UnclassifiedMalware F-Secure: Trojan.Generic.7703560 DrWeb: Trojan.Rodricter.17 VIPRE: Trojan.Win32.Generic!BT TrendMicro: TROJ_GEN.R047C0DGL17 McAfee-GW-Edition: BehavesLike.Win64.Downloader.ph Emsisoft: Trojan.Generic.7703560 (B) Jiangmin: Trojan.Pakes.asx Webroot: W32.Trojan.Gen Avira: TR/Crypt.XPACK.Gen Microsoft: Trojan:Win64/Simda.A Endgame: malicious (high confidence) Arcabit: Trojan.Generic.D758C08 ZoneAlarm: Trojan.Win64.Pakes.e GData: Trojan.Generic.7703560 ALYac: Trojan.Generic.7703560 AVware: Trojan.Win32.Generic!BT MAX: malware (ai score=87) VBA32: Trojan.Win64.Pakes Yandex: Trojan.Pakes!My4XUxIhDIQ Ikarus: Trojan.Win64 Fortinet: W64/Simda.BD!tr AVG: FileRepMetagen [Malware] Cybereason: malicious.1b8fb7 Panda: Trj/CI.A CrowdStrike: malicious_confidence_100% (D) Qihoo-360: Malware.Radar01.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xc8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 5 |
TimeDateStamp | 2010-Jan-18 02:18:34 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32+ |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x1000 |
SizeOfInitializedData | 0x2e000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000002E078 (Section: .text) |
BaseOfCode | 0x2e000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 3.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x30000 |
SizeOfHeaders | 0x400 |
Checksum | 0x10998 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
GDI32.dll |
GetArcDirection
|
---|---|
KERNEL32.dll |
VirtualAlloc
|
XOR Key | 0x69ae5966 |
---|---|
Unmarked objects | 0 |
177 (13181) | 185 |
ASM objects (13181) | 185 |
24 (13181) | 185 |