Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2008-Jul-23 15:21:46 |
Detected languages |
Dutch - Netherlands
English - United States |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
|
Suspicious | The PE is possibly packed. | Unusual section name found: .itext |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE's resources present abnormal characteristics. |
Resource TMMRFORM is possibly compressed or encrypted.
The binary may have been compiled on a machine in the UTC+2 timezone. |
Suspicious | The file contains overlay data. | 102984 bytes of data starting at offset 0xb1e00. |
Malicious | VirusTotal score: 66/72 (Scanned on 2020-07-21 19:21:54) |
Bkav:
W32.AIDetectVM.malware1
MicroWorld-eScan: Gen:Variant.Ser.Zusy.1470 VBA32: TrojanPSW.Gamania FireEye: Generic.mg.c5d8b49ad99a232e CAT-QuickHeal: TrojanSpy.Banker.LY8 McAfee: FakeAV-DR Cylance: Unsafe Zillya: Trojan.Banker.Win32.55 SUPERAntiSpyware: Trojan.Agent/Gen-BankSpy Sangfor: Malware K7AntiVirus: Trojan-Downloader ( 0001b7311 ) Alibaba: TrojanSpy:Win32/Banker.53d1342a K7GW: Trojan-Downloader ( 0001b7311 ) Cybereason: malicious.ad99a2 Arcabit: Trojan.Ser.Zusy.D5BE Invincea: heuristic F-Prot: W32/Trojan2.JTRU Symantec: Trojan.FakeAV TotalDefense: Win32/Oneraw.JJ APEX: Malicious Avast: Win32:Trojan-gen ClamAV: Win.Trojan.Bancos-17785 Kaspersky: HEUR:Trojan.Win32.Generic BitDefender: Gen:Variant.Ser.Zusy.1470 NANO-Antivirus: Trojan.Win32.Banker.oygn AegisLab: Trojan.Win32.Generic.4!e Rising: Downloader.FakeAlert!8.4FF (KTSE) Endgame: malicious (high confidence) TACHYON: Banker/W32.DP-Pharm.831560 Sophos: Mal/Banker-F Comodo: TrojWare.Win32.TrojanDownloader.Banload.~AHI@7lad3 F-Secure: Trojan.TR/Delf.865208 DrWeb: Trojan.PWS.Gamania.10780 VIPRE: Trojan.Win32.Generic!BT TrendMicro: TROJ_FAKEAV.SMNA Trapmine: malicious.moderate.ml.score Emsisoft: Gen:Variant.Ser.Zusy.1470 (B) SentinelOne: DFI - Suspicious PE Cyren: W32/Trojan.ORSB-8183 Jiangmin: TrojanSpy.Banker.rxi Webroot: W32.Trojan.Gen Avira: TR/Delf.865208 Fortinet: W32/FAKEAV.Q!tr Antiy-AVL: Trojan[Banker]/Win32.Banker Microsoft: TrojanSpy:Win32/Banker.LY ViRobot: Trojan.Win32.Banker.766787 ZoneAlarm: HEUR:Trojan.Win32.Generic Cynet: Malicious (score: 100) AhnLab-V3: Trojan/Win32.Banker.R8976 Acronis: suspicious BitDefenderTheta: AI:Packer.E13D85A419 ALYac: Gen:Variant.Ser.Zusy.1470 MAX: malware (ai score=88) Ad-Aware: Gen:Variant.Ser.Zusy.1470 Malwarebytes: Trojan.Banker Zoner: Trojan.Win32.89386 ESET-NOD32: a variant of Win32/TrojanDownloader.FakeAlert.VA TrendMicro-HouseCall: TROJ_FAKEAV.SMNA Tencent: Malware.Win32.Gencirc.10b07a10 Yandex: Trojan.PWS.Banker!at4P5MVsOAQ Ikarus: Trojan-Banker.Win32.Banker eGambit: Unsafe.AI_Score_99% GData: Win32.Trojan.FakeAV.Q AVG: Win32:Trojan-gen CrowdStrike: win/malicious_confidence_90% (W) Qihoo-360: Generic/HEUR/QVM05.1.86EF.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x50 |
e_cp | 0x2 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0xf |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0x1a |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 8 |
TimeDateStamp | 2008-Jul-23 15:21:46 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x87c00 |
SizeOfInitializedData | 0x29e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00089990 (Section: .itext) |
BaseOfCode | 0x1000 |
BaseOfData | 0x8a000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xbd000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x10000 |
SizeofStackCommit | 0x4000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
oleaut32.dll |
SysFreeString
SysReAllocStringLen SysAllocStringLen |
---|---|
advapi32.dll |
RegQueryValueExA
RegOpenKeyExA RegCloseKey |
user32.dll |
GetKeyboardType
DestroyWindow LoadStringA MessageBoxA CharNextA |
kernel32.dll |
GetACP
Sleep VirtualFree VirtualAlloc GetTickCount QueryPerformanceCounter GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess CompareStringA WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
kernel32.dll (#2) |
GetACP
Sleep VirtualFree VirtualAlloc GetTickCount QueryPerformanceCounter GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess CompareStringA WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
user32.dll (#2) |
GetKeyboardType
DestroyWindow LoadStringA MessageBoxA CharNextA |
gdi32.dll |
UnrealizeObject
StretchBlt SetWindowOrgEx SetWinMetaFileBits SetViewportOrgEx SetTextColor SetStretchBltMode SetROP2 SetPixel SetMapMode SetEnhMetaFileBits SetDIBColorTable SetBrushOrgEx SetBkMode SetBkColor SelectPalette SelectObject SaveDC RestoreDC Rectangle RectVisible RealizePalette PlayEnhMetaFile PatBlt MoveToEx MaskBlt LineTo LPtoDP IntersectClipRect GetWindowOrgEx GetWinMetaFileBits GetTextMetricsA GetTextExtentPointA GetTextExtentPoint32A GetSystemPaletteEntries GetStockObject GetRgnBox GetPixel GetPaletteEntries GetObjectA GetEnhMetaFilePaletteEntries GetEnhMetaFileHeader GetEnhMetaFileDescriptionA GetEnhMetaFileBits GetDeviceCaps GetDIBits GetDIBColorTable GetDCOrgEx GetCurrentPositionEx GetClipBox GetBrushOrgEx GetBitmapBits GdiFlush ExcludeClipRect DeleteObject DeleteEnhMetaFile DeleteDC CreateSolidBrush CreatePenIndirect CreatePalette CreateHalftonePalette CreateFontIndirectA CreateEnhMetaFileA CreateDIBitmap CreateDIBSection CreateCompatibleDC CreateCompatibleBitmap CreateBrushIndirect CreateBitmap CopyEnhMetaFileA CloseEnhMetaFile BitBlt |
version.dll |
VerQueryValueA
GetFileVersionInfoSizeA GetFileVersionInfoA |
kernel32.dll (#3) |
GetACP
Sleep VirtualFree VirtualAlloc GetTickCount QueryPerformanceCounter GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess CompareStringA WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
advapi32.dll (#2) |
RegQueryValueExA
RegOpenKeyExA RegCloseKey |
oleaut32.dll (#2) |
SysFreeString
SysReAllocStringLen SysAllocStringLen |
ole32.dll |
CreateStreamOnHGlobal
IsAccelerator OleDraw OleSetMenuDescriptor RevokeDragDrop RegisterDragDrop OleUninitialize OleInitialize CoTaskMemFree CoTaskMemAlloc ProgIDFromCLSID StringFromCLSID CoCreateInstance CoGetClassObject CoUninitialize CoInitialize IsEqualGUID |
kernel32.dll (#4) |
GetACP
Sleep VirtualFree VirtualAlloc GetTickCount QueryPerformanceCounter GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess CompareStringA WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
ole32.dll (#2) |
CreateStreamOnHGlobal
IsAccelerator OleDraw OleSetMenuDescriptor RevokeDragDrop RegisterDragDrop OleUninitialize OleInitialize CoTaskMemFree CoTaskMemAlloc ProgIDFromCLSID StringFromCLSID CoCreateInstance CoGetClassObject CoUninitialize CoInitialize IsEqualGUID |
oleaut32.dll (#3) |
SysFreeString
SysReAllocStringLen SysAllocStringLen |
comctl32.dll |
_TrackMouseEvent
ImageList_SetIconSize ImageList_GetIconSize ImageList_Write ImageList_Read ImageList_DragShowNolock ImageList_DragMove ImageList_DragLeave ImageList_DragEnter ImageList_EndDrag ImageList_BeginDrag ImageList_GetIcon ImageList_Remove ImageList_DrawEx ImageList_Draw ImageList_GetBkColor ImageList_SetBkColor ImageList_Add ImageList_GetImageCount ImageList_Destroy ImageList_Create |
URLMON.DLL |
CoInternetCreateZoneManager
CoInternetCreateSecurityManager |
wininet.dll |
InternetSetOptionA
InternetReadFile InternetOpenUrlA InternetOpenA InternetConnectA InternetCloseHandle |
shell32.dll |
ShellExecuteExA
ShellExecuteA |
shell32.dll (#2) |
ShellExecuteExA
ShellExecuteA |
shell32.dll (#3) |
ShellExecuteExA
ShellExecuteA |
JPEG error #%d |
JPEG Image File |
add |
modify |
delete |
set focus to |
set version of |
OLE error %.8x |
Method '%s' not supported by automation object |
Variant does not reference an automation object |
Dispatch methods do not support more than 64 parameters |
DCOM not installed |
OLE control activation failed |
Could not obtain OLE control window handle |
License information for %s is invalid |
License information for %s not found. You cannot use this control in design mode |
Unable to retrieve a pointer to a running object registered with OLE for %s/%s |
Cannot change the size of a JPEG image |
Right |
Down |
Ins |
Del |
Shift+ |
Ctrl+ |
Alt+ |
Clipboard does not support Icons |
Cannot open clipboard |
Menu '%s' is already being used by another form |
Docked control must have a name |
Error removing control from dock tree |
- Dock zone not found |
- Dock zone has no control |
Error loading dock zone from the stream. Expecting version %d, but found %d. |
Failed to %s notify icon |
&Retry |
&Ignore |
&All |
N&o to All |
Yes to &All |
BkSp |
Tab |
Esc |
Enter |
Space |
PgUp |
PgDn |
End |
Home |
Left |
Up |
A control cannot have itself as its parent |
Cannot drag a form |
Metafiles |
Enhanced Metafiles |
Icons |
Bitmaps |
Warning |
Error |
Information |
Confirm |
&Yes |
&No |
OK |
Cancel |
&Help |
&Abort |
Failed to read ImageList data from stream |
Failed to write ImageList data to stream |
Error creating window device context |
Error creating window class |
Cannot focus a disabled or invisible window |
Control '%s' has no parent window |
Parent given is not a parent of '%s' |
Cannot hide an MDI Child Form |
Cannot change Visible in OnShow or OnHide |
Cannot make a visible window modal |
Menu index out of range |
Menu inserted twice |
Sub-menu is not in menu |
Not enough timers available |
GroupIndex cannot be less than a previous menu item's GroupIndex |
Cannot create form. No MDI forms are currently active |
No context-sensitive help installed |
No help found for context |
No topic-based help system installed |
Bitmap image is not valid |
Icon image is not valid |
Metafile is not valid |
Invalid pixel format |
Scan line index out of range |
Cannot change the size of an icon |
Invalid operation on TOleGraphic |
Unsupported clipboard format |
Out of system resources |
Canvas does not allow drawing |
Invalid image size |
Invalid ImageList |
Invalid ImageList Index |
List index out of bounds (%d) |
Out of memory while expanding memory stream |
Error reading %s%s%s: %s |
Stream read error |
Property is read-only |
Failed to create key %s |
Failed to get data for '%s' |
Failed to set data for '%s' |
Resource %s not found |
%s.Seek not implemented |
Operation not allowed on sorted list |
%s not in a class registration group |
Property %s does not exist |
Stream write error |
Unable to find a Table of Contents |
No help found for %s |
Can't write to a read-only resource stream |
CheckSynchronize called from thread $%x, which is NOT the main thread |
Class %s not found |
A class named %s already exists |
List does not allow duplicates ($0%x) |
A component named %s already exists |
String list does not allow duplicates |
Cannot create file "%s". %s |
Cannot open file "%s". %s |
Invalid stream format |
''%s'' is not a valid component name |
Invalid property path |
Invalid property value |
Invalid data type for '%s' |
List capacity out of bounds (%d) |
List count out of bounds (%d) |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
Sunday |
Monday |
Tuesday |
Wednesday |
Thursday |
Friday |
Saturday |
Ancestor for '%s' not found |
Cannot assign a %s to a %s |
Bits index out of range |
Oct |
Nov |
Dec |
January |
February |
March |
April |
May |
June |
July |
August |
September |
October |
November |
December |
Sun |
Interface not supported |
Exception in safecall method |
%s (%s, line %d) |
Abstract Error |
Access violation at address %p in module '%s'. %s of address %p |
System Error. Code: %d. |
%s |
A call to an OS function failed |
Jan |
Feb |
Mar |
Apr |
May |
Jun |
Jul |
Aug |
Sep |
Write |
Error creating variant or safe array |
Variant or safe array index out of bounds |
Variant or safe array is locked |
Invalid variant type conversion |
Invalid variant operation |
Invalid variant operation (%s%.8x) |
%s |
Could not convert variant of type (%s) into type (%s) |
Overflow while converting variant of type (%s) into type (%s) |
Variant overflow |
Invalid argument |
Invalid variant type |
Operation not supported |
Unexpected variant error |
External exception %x |
Assertion failed |
Floating point division by zero |
Floating point overflow |
Floating point underflow |
Invalid pointer operation |
Invalid class typecast |
Access violation at address %p. %s of address %p |
Access violation |
Stack overflow |
Control-C hit |
Privileged instruction |
Exception %s in module %s at %p. |
%s%s |
Application Error |
Format '%s' invalid or incompatible with argument |
No argument for format '%s' |
Variant method calls not supported |
Read |
'%s' is not a valid integer value |
'%s' is not a valid floating point value |
'%s' is not a valid GUID value |
Out of memory |
I/O error %d |
File not found |
Invalid filename |
Too many open files |
File access denied |
Read beyond end of file |
Disk full |
Invalid numeric input |
Division by zero |
Range check error |
Integer overflow |
Invalid floating point operation |
StartAddressOfRawData | 0x497000 |
---|---|
EndAddressOfRawData | 0x497034 |
AddressOfIndex | 0x48a78c |
AddressOfCallbacks | 0x498010 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks | (EMPTY) |