bb7425b82141a1c0f7d60e5106676bb1

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2010-Dec-19 16:16:19

Plugin Output

Info Matching compiler(s): Microsoft Visual C++
Microsoft Visual C++ v6.0
Microsoft Visual C++ v5.0/v6.0 (MFC)
Malicious VirusTotal score: 55/71 (Scanned on 2023-09-12 04:38:33) Bkav: W32.AIDetectMalware
Lionic: Trojan.Win32.Ulise.4!c
MicroWorld-eScan: Gen:Variant.Ulise.113694
McAfee: GenericRXAA-AA!BB7425B82141
Cylance: unsafe
Zillya: Downloader.Amonetize.Win32.3112
Sangfor: Trojan.Win32.Aenjaris.V3jm
K7AntiVirus: Trojan ( 004b6b551 )
Alibaba: Trojan:Win32/Aenjaris.2be749b4
K7GW: Trojan ( 004b6b551 )
CrowdStrike: win/malicious_confidence_100% (W)
VirIT: Trojan.Win32.Agent5.CDE
Cyren: W32/Ulise.CK.gen!Eldorado
Symantec: Trojan.Gen.2
Elastic: malicious (high confidence)
ESET-NOD32: a variant of Win32/Agent.WOM
APEX: Malicious
ClamAV: Win.Malware.Agent-6342616-0
BitDefender: Gen:Variant.Ulise.113694
NANO-Antivirus: Trojan.Win32.Generic.fhvmhd
Avast: Win32:Malware-gen
Tencent: Malware.Win32.Gencirc.10bd671f
Emsisoft: Gen:Variant.Ulise.113694 (B)
F-Secure: Trojan.TR/Agent.kkbov
VIPRE: Gen:Variant.Ulise.113694
TrendMicro: TROJ_GEN.R002C0DID20
McAfee-GW-Edition: BehavesLike.Win32.Worm.lz
FireEye: Gen:Variant.Ulise.113694
Sophos: Mal/Generic-R
Ikarus: Trojan.SuspectCRC
GData: Gen:Variant.Ulise.113694
Jiangmin: Trojan.Ulise.cr
Webroot: W32.Malware.Gen
Google: Detected
Avira: TR/Agent.kkbov
Antiy-AVL: Trojan/Win32.TSGeneric
Gridinsoft: Trojan.Win32.Agent.oa!s1
Xcitium: Malware@#3eb40r99afetz
Arcabit: Trojan.Ulise.D1BC1E
ViRobot: Trojan.Win32.Z.Agent.16384.ADZ
Microsoft: Trojan:Win32/Aenjaris.CT!bit
Cynet: Malicious (score: 100)
AhnLab-V3: Trojan/Win32.Agent.C957604
VBA32: Trojan.Tiggre
ALYac: Trojan.Agent.16384SS
MAX: malware (ai score=100)
Malwarebytes: Trojan.SystemKiller
TrendMicro-HouseCall: TROJ_GEN.R002C0DID20
Rising: Trojan.Agent!8.B1E (TFE:5:YRsVQ5qn2QF)
Yandex: Trojan.GenAsa!cGc9XwKYsAs
MaxSecure: Trojan.Malware.7164915.susgen
Fortinet: W32/Agent.WOM!tr
AVG: Win32:Malware-gen
Cybereason: malicious.c1bd36
DeepInstinct: MALICIOUS

Hashes

MD5 bb7425b82141a1c0f7d60e5106676bb1
SHA1 9dce39ac1bd36d877fdb0025ee88fdaff0627cdb
SHA256 58898bd42c5bd3bf9b1389f0eee5b39cd59180e8370eb9ea838a0b327bd6fe47
SHA3 82f8f3fa7f2dc84dc62479749b40ef9bacba4ffb87917bbd64373e143279f1b5
SSDeep 96:1t6Y5CuDzp17S5eVIV2cFL+31znx9+NNoyn:v6Y7117S5ercZ+FznxcNNoyn
Imports Hash 2b5f75aa75c57ed7c68f7be490d63605

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2010-Dec-19 16:16:19
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x1000
SizeOfInitializedData 0x2000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001820 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x4000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 7e39ebe7cdeda4c636d513a0fe140ff4
SHA1 150d709dcae7e0ae30ac6e5c76fda74ce168a62b
SHA256 44ab4d055abe09f315f217245f131fa4b9c162ffc992034b28ada7d2e8e8c87f
SHA3 7744ecbf547b590540027a69428ed76cdbc52b3979e12378ca5c465924bb7d35
VirtualSize 0x970
VirtualAddress 0x1000
SizeOfRawData 0x1000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.45086

.rdata

MD5 2de0f3a50219cb3d0dc891c4fbf6f02a
SHA1 9a80eabe5c64342b6bc9f4f31212ceb37b014055
SHA256 c6c6d685937af139911a720a86a1d901e30d015c8bc4a0d27756141e231df5eb
SHA3 3d2da5255ac52d74e4b4dff6caa2fca2afdac5b0fe56c36581051551ac605526
VirtualSize 0x2b2
VirtualAddress 0x2000
SizeOfRawData 0x1000
PointerToRawData 0x2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.13245

.data

MD5 f5e2ba1465f131f57b0629e96bbe107e
SHA1 129de8d9c6bbe1ba01c6b0d5ce5781c61eb042dc
SHA256 86aa10f4f5e696b8953e0a639a9725869803d85c1642d3e86e9fc7574d2eedb3
SHA3 2ba8f089dedef0620891cc5e9b43e5a290203c762f232badd5aba061cc2e5e5a
VirtualSize 0xfc
VirtualAddress 0x3000
SizeOfRawData 0x1000
PointerToRawData 0x3000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.438854

Imports

KERNEL32.dll CloseHandle
UnmapViewOfFile
IsBadReadPtr
MapViewOfFile
CreateFileMappingA
CreateFileA
FindClose
FindNextFileA
FindFirstFileA
CopyFileA
MSVCRT.dll malloc
exit
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_stricmp

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xda58e86d
Unmarked objects 0
12 (7291) 1
C objects (VS98 build 8168) 11
14 (7299) 1
Linker (VS98 build 8168) 2
Total imports 27
19 (8034) 3
C++ objects (VS98 build 8168) 2

Errors

<-- -->