Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2016-Aug-26 09:03:29 |
Detected languages |
Chinese - PRC
English - United States |
Debug artifacts |
E:\tk\Fun Player\Rel2.8.6\src\toolkits\FunPuppet\Release\AptSpare.pdb
|
CompanyName | 北京风行在线技术有限公司 |
FileDescription | AptSpare |
FileVersion | 3.0.0.4 |
InternalName | AptSpare.exe |
LegalCopyright | Copyright (C) 2014-2016 Funshion All Rights Reserved |
OriginalFilename | AptSpare.exe |
ProductName | AptSpare |
ProductVersion | 3.0.0.4 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to SHA256
Uses constants related to SHA512 Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Beijing Funshion Online Technologies Ltd.
Issuer: thawte SHA256 Code Signing CA |
Malicious | VirusTotal score: 33/66 (Scanned on 2017-12-28 04:27:25) |
Bkav:
W32.HfsAdware.E35D
MicroWorld-eScan: Trojan.Agent.CEIY CAT-QuickHeal: Pua.Funshion McAfee: GenericRXBK-AO!CC4B1354E518 Zillya: Adware.CrossRiderCRTD.Win32.4629 TrendMicro-HouseCall: ADW_Funshion GData: Trojan.Agent.CEIY Kaspersky: HEUR:Trojan.Win32.Generic BitDefender: Trojan.Agent.CEIY NANO-Antivirus: Trojan.Win32.Agent.epachn Ad-Aware: Trojan.Agent.CEIY Comodo: ApplicUnwnt.UnclassifiedMalware F-Secure: Trojan.Agent.CEIY VIPRE: Trojan.Win32.Generic!BT Invincea: heuristic McAfee-GW-Edition: GenericRXBK-AO!CC4B1354E518 Emsisoft: Application.AdBundle (A) Ikarus: PUA.Funshion Cyren: W32/Trojan.MJKV-3924 Jiangmin: Trojan.Generic.aikna Webroot: Pua.Funshion Avira: TR/Agent.ssbfg Antiy-AVL: Trojan/Win32.AGeneric Endgame: malicious (high confidence) Arcabit: Trojan.Agent.CEIY ViRobot: Trojan.Win32.U.Injector.121816 ZoneAlarm: HEUR:Trojan.Win32.Generic ALYac: Trojan.Agent.CEIY AVware: Trojan.Win32.Generic!BT MAX: malware (ai score=100) Yandex: Trojan.Agent!qpmQYXuupuM Fortinet: W32/Generic.AP.E62EE!tr Cybereason: malicious.1b8fb7 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2016-Aug-26 09:03:29 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0xfa00 |
SizeOfInitializedData | 0xc600 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00004021 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x11000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x22000 |
SizeOfHeaders | 0x400 |
Checksum | 0x27958 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
DeleteFileW
GetPrivateProfileStringW GetPrivateProfileIntW CreateMutexW WaitForSingleObject WriteFile CreateFileW FlushFileBuffers OpenMutexW GetCurrentThreadId ReleaseMutex GetCurrentProcessId Sleep SetLastError LocalFree InterlockedDecrement SetFilePointer InitializeCriticalSection LeaveCriticalSection EnterCriticalSection DeleteCriticalSection SetUnhandledExceptionFilter UnhandledExceptionFilter WritePrivateProfileStringW HeapReAlloc GetProcessHeap WriteConsoleW GetTempPathW lstrcpyW GetNativeSystemInfo LockResource GetLastError MultiByteToWideChar SizeofResource WideCharToMultiByte GetCurrentProcess LoadResource FindResourceW FindResourceExW lstrcatW ResumeThread WriteProcessMemory CloseHandle lstrcmpiW VirtualAllocEx GetProcAddress GetModuleFileNameW TerminateProcess SetStdHandle HeapAlloc GetConsoleMode GetConsoleCP GetStringTypeW InterlockedExchange HeapFree LCMapStringW IsProcessorFeaturePresent HeapSize GetTickCount QueryPerformanceCounter HeapDestroy HeapCreate GetEnvironmentStringsW FreeEnvironmentStringsW ExitProcess ReadProcessMemory LoadLibraryW GetModuleHandleW CreateProcessW FreeLibrary SetThreadContext GetThreadContext TlsFree TlsSetValue TlsGetValue TlsAlloc IsValidCodePage GetOEMCP GetACP InterlockedIncrement GetCPInfo RaiseException GetFileType GetStdHandle SetHandleCount RtlUnwind InitializeCriticalSectionAndSpinCount GetCommandLineW HeapSetInformation GetStartupInfoW EncodePointer DecodePointer GetSystemTimeAsFileTime IsDebuggerPresent |
---|---|
SHELL32.dll |
SHGetSpecialFolderPathW
|
OLEAUT32.dll |
#9
|
SHLWAPI.dll |
PathRemoveFileSpecW
PathFileExistsW |
imagehlp.dll |
ImageGetCertificateHeader
ImageGetCertificateData |
CRYPT32.dll |
CryptVerifyMessageSignature
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 3.0.0.4 |
ProductVersion | 3.0.0.4 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | Chinese - PRC |
CompanyName | 北京风行在线技术有限公司 |
FileDescription | AptSpare |
FileVersion (#2) | 3.0.0.4 |
InternalName | AptSpare.exe |
LegalCopyright | Copyright (C) 2014-2016 Funshion All Rights Reserved |
OriginalFilename | AptSpare.exe |
ProductName | AptSpare |
ProductVersion (#2) | 3.0.0.4 |
Resource LangID | Chinese - PRC |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2016-Aug-26 09:03:29 |
Version | 0.0 |
SizeofData | 94 |
AddressOfRawData | 0x14a40 |
PointerToRawData | 0x13840 |
Referenced File | E:\tk\Fun Player\Rel2.8.6\src\toolkits\FunPuppet\Release\AptSpare.pdb |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x417310 |
SEHandlerTable | 0x414f50 |
SEHandlerCount | 17 |
XOR Key | 0x146fe0bd |
---|---|
Unmarked objects | 0 |
C++ objects (VS2010 build 30319) | 5 |
152 (20115) | 1 |
C++ objects (VS2010 SP1 build 40219) | 77 |
ASM objects (VS2010 SP1 build 40219) | 27 |
C objects (VS2010 SP1 build 40219) | 202 |
C objects (VS2008 SP1 build 30729) | 1 |
Imports (VS2008 SP1 build 30729) | 31 |
Total imports | 235 |
175 (VS2010 SP1 build 40219) | 45 |
Resource objects (VS2010 SP1 build 40219) | 1 |
Linker (VS2010 SP1 build 40219) | 1 |