Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2018-Jul-26 20:10:57 |
Detected languages |
Danish - Denmark
|
InternalName | fuvosa.exe |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h) UPX -> www.upx.sourceforge.net UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser |
Malicious | The PE is packed with UPX |
Unusual section name found: UPX0
Section UPX0 is both writable and executable. Unusual section name found: UPX1 Section UPX1 is both writable and executable. The RICH header checksum is invalid. |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 28/67 (Scanned on 2019-01-23 03:31:39) |
K7AntiVirus:
Trojan ( 004bcce41 )
MicroWorld-eScan: Gen:Variant.Brresmon.103 K7GW: Trojan ( 004bcce41 ) Cybereason: malicious.ee1f3c Arcabit: Trojan.Brresmon.103 Symantec: ML.Attribute.HighConfidence Avast: Win32:DUmPeX [Susp] BitDefender: Gen:Variant.Brresmon.103 Rising: Spyware.Zbot!8.16B/N3#84% (RDM+:cmRtazoutc7yeA4RzNCtM2EiV5k1) Ad-Aware: Gen:Variant.Brresmon.103 Comodo: Packed.Win32.MUPX.Gen@24tbus Invincea: heuristic McAfee-GW-Edition: BehavesLike.Win32.PWSZbot.dt Trapmine: suspicious.low.ml.score Emsisoft: Gen:Variant.Brresmon.103 (B) SentinelOne: static engine - malicious Avira: TR/Crypt.XPACK.Gen Endgame: malicious (moderate confidence) Microsoft: Trojan:Win32/Fuerboos.C!cl GData: Gen:Variant.Brresmon.103 Acronis: suspicious VBA32: BScope.Trojan.Chapak ALYac: Gen:Variant.Brresmon.103 MAX: malware (ai score=82) eGambit: Unsafe.AI_Score_59% AVG: Win32:DUmPeX [Susp] CrowdStrike: malicious_confidence_100% (D) Qihoo-360: HEUR/QVM10.1.BB16.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 3 |
TimeDateStamp | 2018-Jul-26 20:10:57 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x16000 |
SizeOfInitializedData | 0x2000 |
SizeOfUninitializedData | 0x2a000 |
AddressOfEntryPoint | 0x000054AF (Section: UPX0) |
BaseOfCode | 0x2b000 |
BaseOfData | 0x41000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x43000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.DLL |
SetComputerNameExW
GetHandleInformation GetLastError GetProcAddress LoadLibraryA GetProcessWorkingSetSize LocalAlloc TransmitCommChar SetProcessWorkingSetSize GetThreadPriority GetProcessShutdownParameters GetCommTimeouts GetProcessAffinityMask FatalExit DeleteCriticalSection CloseHandle CreateFileW EnumSystemLocalesW lstrcpyA LocalFileTimeToFileTime GetStringTypeW MultiByteToWideChar LCMapStringW WideCharToMultiByte HeapReAlloc IsValidCodePage GetOEMCP GetACP LoadLibraryW TerminateProcess GetProcessHandleCount GlobalAlloc GetProcessTimes GetDriveTypeA GetTickCount GetProcessIoCounters GetCurrentProcess GetCPInfo GetNativeSystemInfo GetConsoleProcessList ExitProcess HeapSize Sleep RtlUnwind EnterCriticalSection LeaveCriticalSection GetSystemTimeAsFileTime GetCurrentProcessId QueryPerformanceCounter GetCommandLineW HeapSetInformation GetStartupInfoW RaiseException UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent HeapAlloc HeapFree IsProcessorFeaturePresent EncodePointer DecodePointer GetModuleHandleW WriteFile GetStdHandle GetModuleFileNameW FreeEnvironmentStringsW GetEnvironmentStringsW SetHandleCount InitializeCriticalSectionAndSpinCount GetFileType TlsAlloc TlsGetValue TlsSetValue TlsFree InterlockedIncrement SetLastError GetCurrentThreadId InterlockedDecrement HeapCreate |
---|---|
ADVAPI32.dll |
SetSecurityDescriptorDacl
LookupPrivilegeNameA ReportEventA |
GDI32.dll |
StretchBlt
SetDCBrushColor SetBitmapDimensionEx GetMapMode PaintRgn GetMetaFileBitsEx |
MSIMG32.dll |
TransparentBlt
GradientFill |
SHELL32.dll |
ShellAboutA
ShellExecuteW #179 |
USER32.dll |
GetIconInfo
GetCapture SetPropA CallMsgFilterW GetScrollRange GetMenuInfo LoadImageW CopyImage GetFocus FindWindowExA BeginPaint SetScrollRange |
WINHTTP.dll |
WinHttpQueryDataAvailable
WinHttpOpen WinHttpCreateUrl WinHttpReadData WinHttpConnect WinHttpWriteData |
Ordinal | 1 |
---|---|
Address | 0x1af60 |
Ordinal | 2 |
---|---|
Address | 0x1af50 |
Kusojidok tapiwog xosejenutafufe |
Godazocecemeni bohepa wizudodimepute weh lubixit |
Madajisixa sejavukap xorekonagos |
Mufocojuciyi |
Hapav lumuranohayijih wex |
Fewixarepaxogoh muyagibuyuy zerubuzitixegaz bahenami tije |
Feben |
Foy xijohufih vimapanageriyin fimonerulan pesinoniwowor |
Yamelu goyahagopuci |
Wihemo wojikusuki bidawobip |
Sax |
Xeni zac |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.0.0 |
ProductVersion | 1.0.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
InternalName | fuvosa.exe |
Resource LangID | Danish - Denmark |
---|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x41e07c |
SEHandlerTable | 0x403740 |
SEHandlerCount | 8 |
XOR Key | 0xe5c073f3 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2010 build 30319) | 21 |
C objects (VS2010 build 30319) | 90 |
C++ objects (VS2010 build 30319) | 31 |
Imports (VS2008 SP1 build 30729) | 15 |
Total imports | 123 |
175 (VS2010 build 30319) | 1 |
59417 (10434) | 1 |
Resource objects (VS2010 build 30319) | 1 |
63850 (9021) | 1 |