d537acb8f56a1ce206bc35cf8ff959c0

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2008-Jan-06 14:51:31

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentVersion\Run
Suspicious The PE is possibly packed. The PE only has 1 import(s).
Malicious VirusTotal score: 62/65 (Scanned on 2017-10-04 09:01:45) Bkav: W32.OnlineGameXIUB.Trojan
MicroWorld-eScan: Generic.PoisonIvy.29390FBA
nProtect: Backdoor/W32.PoisonIvy.7168
CMC: Backdoor.Win32.Poison!O
CAT-QuickHeal: TrojanAPT.Poisonivy.D3
McAfee: BackDoor-DSS.gen.a
Cylance: Unsafe
Zillya: Backdoor.Poison.Win32.42544
SUPERAntiSpyware: Trojan.Agent/Gen-Poison
K7AntiVirus: Backdoor ( 00199f611 )
K7GW: Backdoor ( 00199f611 )
TheHacker: W32/Ivy.gen
Invincea: heuristic
Baidu: Win32.Backdoor.Poison.a
Cyren: W32/Agent.G.gen!Eldorado
Symantec: Trojan!gm
ESET-NOD32: Win32/Poison.NAE
TrendMicro-HouseCall: BKDR_POISON.DS
Avast: Win32:Agent-AAGI [Trj]
ClamAV: Win.Downloader.24568-1
Kaspersky: Backdoor.Win32.Poison.aec
BitDefender: Generic.PoisonIvy.29390FBA
NANO-Antivirus: Trojan.Win32.Poison.dmikon
Paloalto: generic.ml
ViRobot: Backdoor.Win32.Poison.6144.B
Rising: Hack.Win32.Agent.fb (CLASSIC)
Ad-Aware: Generic.PoisonIvy.29390FBA
Sophos: Troj/Keylog-JV
Comodo: UnclassifiedMalware
F-Secure: Backdoor:W32/PoisonIvy.GI
DrWeb: BackDoor.Poison.686
VIPRE: Backdoor.Win32.Poison.Pg (v)
TrendMicro: BKDR_POISON.DS
McAfee-GW-Edition: BehavesLike.Win32.Backdoor.zm
Emsisoft: Generic.PoisonIvy.29390FBA (B)
SentinelOne: static engine - malicious
F-Prot: W32/Agent.G.gen!Eldorado
Jiangmin: Backdoor/PoisonIvy.jh
Webroot: W32.Backdoor.Poisonivy
Avira: TR/Crypt.XPACK.Gen
Antiy-AVL: Trojan[Backdoor]/Win32.Poison
Kingsoft: Win32.Hack.Poison.pg.5844
Microsoft: Backdoor:Win32/Poison.E
Endgame: malicious (high confidence)
Arcabit: Generic.PoisonIvy.D72CEFBA
AegisLab: Backdoor.W32.Poison.aec!c
ZoneAlarm: Backdoor.Win32.Poison.aec
GData: Generic.PoisonIvy.29390FBA
AhnLab-V3: Trojan/Win32.Poison.R2018
ALYac: Generic.PoisonIvy.29390FBA
AVware: Backdoor.Win32.Poison.Pg (v)
MAX: malware (ai score=87)
VBA32: Backdoor.Win32.Hupigon.dguz
Malwarebytes: Backdoor.Poison
Zoner: Trojan.Poison.NAE
Tencent: Backdoor.Win32.Poison.b
Yandex: Trojan.DL.CKSPost.Gen
Ikarus: Backdoor.Poison
Fortinet: W32/Poison.CPB!tr.bdr
AVG: Win32:Agent-AAGI [Trj]
CrowdStrike: malicious_confidence_100% (W)
Qihoo-360: Backdoor.Win32.PIvy.A

Hashes

MD5 d537acb8f56a1ce206bc35cf8ff959c0
SHA1 0bb491f62b77df737801b9ab0fd14fa12d43d254
SHA256 eb84360ca4e33b8bb60df47ab5ce962501ef3420bc7aab90655fd507d2ffcedd
SHA3 ee3ad9cbc7fe05b67130320ad74cd6b649a04bb1d9c94857f433c58dea03a6c3
SSDeep 192:OJGc1Zl2+VAfNxl1THs6xgzgVGjPlRkTnQAx:OJGcMJxDTHfRmap
Imports Hash f9ade0aa18f660a34a4fa23392e21838

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xb0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 2
TimeDateStamp 2008-Jan-06 14:51:31
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 5.0
SizeOfCode 0x200
SizeOfInitializedData 0x1800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x208 (Section: .text)
BaseOfCode 0x200
BaseOfData 0x400
ImageBase 0x400000
SectionAlignment 0x200
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 4.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1c00
SizeOfHeaders 0x200
Checksum 0x84e6
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics (EMPTY)
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 9e5912d9f35aa91102fcdd5f4740ef0a
SHA1 6f3f04bde3817992a3fcb1fa9e22f1a472c0005b
SHA256 6b85472307dee17ba961a68d9791a529fee61b33ba2d727475c1d349c98e3641
SHA3 a1fb4fce9601a9dac612ea4d5592c8150a3b58f19580063b6a98e3cb023a3f72
VirtualSize 0x68
VirtualAddress 0x200
SizeOfRawData 0x200
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 0.823535

.data

MD5 8dc0f10f42077eede7aaef5e35b338cc
SHA1 c69d034d527d7be8b54d11fbde2e8142eab36129
SHA256 41c92a9297035f1f6b61a901bc0b10b37250320af93f709199a658b65fb16667
SHA3 5860ba5b741c08d29c80a816d8bc6277189339c40717ab28a54b074ced482653
VirtualSize 0x168f
VirtualAddress 0x400
SizeOfRawData 0x1800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.3998

Imports

kernel32.dll ExitProcess

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors