Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Apr-10 13:31:52 |
Detected languages |
English - United States
|
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: ORDARA LTD
Issuer: Symantec Class 3 Extended Validation Code Signing CA - G2 |
Malicious | VirusTotal score: 42/69 (Scanned on 2019-08-20 04:19:39) |
MicroWorld-eScan:
Trojan.GenericKD.32046559
FireEye: Trojan.GenericKD.32046559 CAT-QuickHeal: Trojan.Alreay McAfee: Generic Trojan.i Cylance: Unsafe Zillya: Trojan.Injector.Win64.152 Alibaba: TrojanBanker:Win32/Injector.7582ac51 K7GW: Trojan ( 005500881 ) K7AntiVirus: Trojan ( 005500881 ) Symantec: Trojan.Gen.MBT ESET-NOD32: Win64/Injector.BO Kaspersky: Trojan-Banker.Win32.Alreay.gen BitDefender: Trojan.GenericKD.32046559 NANO-Antivirus: Trojan.Win64.Alreay.frfbdw Avast: Win64:Trojan-gen Sophos: Troj/Inject-EFP Comodo: Malware@#lbil9bkxlrt4 F-Secure: Trojan.TR/Injector.zbrim DrWeb: Trojan.Siggen8.31628 VIPRE: Trojan.Win32.Generic!BT TrendMicro: Trojan.Win64.BANKER.AUSWM McAfee-GW-Edition: Generic Trojan.i Emsisoft: Trojan.GenericKD.32046559 (B) Cyren: W64/Trojan.WVUU-6963 Jiangmin: Trojan.Banker.Alreay.bv Avira: TR/Injector.zbrim Fortinet: W32/Alreay.BO!tr Antiy-AVL: Trojan[Banker]/Win32.Alreay Arcabit: Trojan.Generic.D1E8FDDF ViRobot: Trojan.Win64.S.Agent.137080 ZoneAlarm: Trojan-Banker.Win32.Alreay.gen AhnLab-V3: Trojan/Win64.Redbanc.R275085 ALYac: Spyware.Banker.Alreay MAX: malware (ai score=100) Ad-Aware: Trojan.GenericKD.32046559 TrendMicro-HouseCall: Trojan.Win64.BANKER.AUSWM Ikarus: Trojan.Win64.Injector GData: Trojan.GenericKD.32046559 AVG: Win64:Trojan-gen Cybereason: malicious.2a2e0f Panda: Trj/CI.A Qihoo-360: Win32/Trojan.9db |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x118 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 8 |
TimeDateStamp | 2019-Apr-10 13:31:52 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x12600 |
SizeOfInitializedData | 0xde00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000002434 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x26000 |
SizeOfHeaders | 0x400 |
Checksum | 0x2ce9d |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
WTSAPI32.dll |
WTSFreeMemory
WTSEnumerateProcessesA |
---|---|
KERNEL32.dll |
OpenProcess
GetModuleHandleA VirtualAllocEx WaitForSingleObject LocalFree GetCurrentProcess CloseHandle LoadLibraryA Sleep CreateFileA GetFileSize ReadFile WriteFile DeleteFileA GetProcAddress ReadConsoleW RaiseException GetCommandLineW SetEndOfFile HeapReAlloc EnterCriticalSection LeaveCriticalSection DeleteCriticalSection SetEvent ResetEvent WaitForSingleObjectEx CreateEventW GetModuleHandleW RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent IsDebuggerPresent GetStartupInfoW QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead GetLastError InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree FreeLibrary LoadLibraryExW GetModuleFileNameW RtlUnwindEx SetLastError GetStdHandle MultiByteToWideChar WideCharToMultiByte ExitProcess GetModuleHandleExW GetACP HeapFree HeapAlloc GetFileType GetConsoleCP GetConsoleMode FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetOEMCP GetCPInfo GetCommandLineA GetEnvironmentStringsW FreeEnvironmentStringsW LCMapStringW SetStdHandle GetStringTypeW GetProcessHeap CreateFileW SetFilePointerEx WriteConsoleW FlushFileBuffers HeapSize |
ADVAPI32.dll |
SystemFunction036
AdjustTokenPrivileges LookupPrivilegeValueA OpenProcessToken |
SHELL32.dll |
CommandLineToArgvW
|
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Apr-10 13:31:52 |
Version | 0.0 |
SizeofData | 944 |
AddressOfRawData | 0x1c064 |
PointerToRawData | 0x1aa64 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Apr-10 13:31:52 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x140022000 |
---|---|
EndAddressOfRawData | 0x140022008 |
AddressOfIndex | 0x14001f088 |
AddressOfCallbacks | 0x140014358 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0x94 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x14001e008 |
XOR Key | 0x3314303e |
---|---|
Unmarked objects | 0 |
241 (40116) | 5 |
243 (40116) | 129 |
242 (40116) | 13 |
199 (41118) | 1 |
ASM objects (23907) | 7 |
C++ objects (23907) | 31 |
C objects (23907) | 18 |
Imports (65501) | 9 |
Total imports | 108 |
265 (VS2015 UPD2 build 23918) | 4 |
Resource objects (VS2015 UPD2 build 23918) | 1 |
151 | 1 |
Linker (VS2015 UPD2 build 23918) | 1 |