Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2008-Apr-01 19:35:07 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to internet browsers:
|
Malicious | The file headers were tampered with. |
Unusual section name found: .cdata
The RICH header checksum is invalid. |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 49/67 (Scanned on 2019-11-21 16:54:15) |
MicroWorld-eScan:
Trojan.Lojack.Gen.1
FireEye: Trojan.Lojack.Gen.1 CAT-QuickHeal: Backdoor.Lojax ALYac: Backdoor.DoubleAgent.A Zillya: Trojan.GenericKD.Win32.115912 CrowdStrike: win/malicious_confidence_100% (W) Alibaba: Backdoor:Win32/Lojax.a889ce4d K7GW: Riskware ( 0040eff71 ) K7AntiVirus: Riskware ( 0040eff71 ) TrendMicro: Backdoor.Win32.FALOJAK.SMMR Symantec: Trojan.Gen Paloalto: generic.ml Kaspersky: HEUR:Backdoor.Win32.DoubleAgent.gen BitDefender: Trojan.Lojack.Gen.1 NANO-Antivirus: Trojan.Win32.LoJax.fjxdju Endgame: malicious (high confidence) Emsisoft: Trojan.Lojack.Gen.1 (B) Comodo: Malware@#2uhjdnpzsrk6b F-Secure: Trojan:W32/Jaxol.A DrWeb: Trojan.LoJax.2 VIPRE: Trojan.Win32.Generic!BT McAfee-GW-Edition: RDN/Generic BackDoor.sb Fortinet: W32/DoubleAgent.SMMR!tr.bdr Sophos: Troj/Bckdoor-AI Cyren: W32/Trojan.BNVQ-5138 Jiangmin: Backdoor.DoubleAgent.a Webroot: W32.Trojan.Gen Avira: TR/AD.BDSRpcNet.cucmw MAX: malware (ai score=100) Antiy-AVL: Trojan[Backdoor]/Win32.DoubleAgent Arcabit: Trojan.Lojack.Gen.1 ViRobot: Trojan.Win32.Agent.17408.EC ZoneAlarm: HEUR:Backdoor.Win32.DoubleAgent.gen Microsoft: Backdoor:Win32/Lojax.A!dha AhnLab-V3: Trojan/Win32.Agent.C2488103 McAfee: RDN/Generic BackDoor.sb TACHYON: Backdoor/W32.DoubleAgent.17408 VBA32: Backdoor.DoubleAgent Cylance: Unsafe Zoner: Trojan.Win32.68260 ESET-NOD32: Win32/Agent.ZQE TrendMicro-HouseCall: Backdoor.Win32.FALOJAK.SMMR Yandex: Backdoor.DoubleAgent! Ikarus: Trojan.Lojack GData: Trojan.Lojack.Gen.1 Ad-Aware: Trojan.Lojack.Gen.1 AVG: FileRepMalware Panda: Trj/CI.A Qihoo-360: Win32/Trojan.994 |
e_magic | MZ |
---|---|
e_cblp | 0x4 |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0x1 |
e_maxalloc | 0xffff |
e_ss | 0x6a06 |
e_sp | 0xcb00 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xa8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2008-Apr-01 19:35:07 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 7.0 |
SizeOfCode | 0x3600 |
SizeOfInitializedData | 0xa00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000348D (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x5000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x8000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
WSOCK32.dll |
#11
#115 #116 |
---|---|
USER32.dll |
DefWindowProcA
wsprintfA PostQuitMessage RegisterClassA TranslateMessage GetMessageA PeekMessageA PostMessageA DispatchMessageA CreateWindowExA SetTimer PostThreadMessageA KillTimer |
KERNEL32.dll |
VirtualFreeEx
DeleteCriticalSection OpenProcess WriteFile CloseHandle RtlUnwind GetVersion LocalAlloc SetFilePointer CreateProcessA GetModuleHandleA GetLastError LocalFree ExitThread SetEvent ReadFile TerminateProcess WaitForSingleObject WriteProcessMemory ReadProcessMemory ResetEvent LeaveCriticalSection GetStdHandle TerminateThread ExitProcess InitializeCriticalSection GetModuleFileNameA GetProcAddress WaitForMultipleObjects CreateRemoteThread lstrlenA CreateEventA GetExitCodeThread CreateThread lstrcmpiA EnterCriticalSection GetCurrentProcessId CreateFileA SetThreadPriority ResumeThread lstrcpyA GetOverlappedResult FreeLibrary RaiseException GetCurrentThreadId lstrcatA GetEnvironmentVariableA SetStdHandle VirtualAllocEx Sleep CopyFileA LoadLibraryA |
ADVAPI32.dll |
RegQueryValueExA
RegEnumValueA RegOpenKeyA RegDeleteValueA SetServiceStatus OpenProcessToken RegOpenKeyExA StartServiceCtrlDispatcherA SetTokenInformation RegCloseKey RegisterServiceCtrlHandlerA DuplicateTokenEx CreateProcessAsUserA |
Ordinal | 1 |
---|---|
Address | 0x34e1 |
XOR Key | 0x77224aa4 |
---|---|
Unmarked objects | 0 |
Imports (2067) | 2 |
Imports (2179) | 7 |
Total imports | 82 |
Unmarked objects (#2) | 5 |
C objects (VS2003 (.NET) build 3077) | 14 |
C++ objects (VS2003 (.NET) build 3077) | 1 |
Exports (VS2003 (.NET) build 3077) | 1 |
Linker (VS2003 (.NET) build 3077) | 1 |