d537acb8f56a1ce206bc35cf8ff959c0

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2008-Jan-06 14:51:31

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentVersion\Run
 Contains domain names:
  • practicalmalwareanalysis.com
  • www.practicalmalwareanalysis.com
Suspicious The PE is possibly packed. The PE only has 1 import(s).
Malicious VirusTotal score: 58/65 (Scanned on 2020-09-06 19:37:56) Bkav: W32.OnlineGameXIUB.Trojan
Elastic: malicious (high confidence)
MicroWorld-eScan: Generic.PoisonIvy.29390FBA
CAT-QuickHeal: TrojanAPT.Poisonivy.D3
ALYac: Backdoor.Poison.gen
Malwarebytes: Backdoor.Poison
VIPRE: Backdoor.Win32.Poison.Pg (v)
Sangfor: Malware
K7AntiVirus: Backdoor ( 00199f611 )
BitDefender: Generic.PoisonIvy.29390FBA
K7GW: Trojan ( 005325ee1 )
TrendMicro: BKDR_POISON.DS
Baidu: Win32.Backdoor.Poison.a
Cyren: W32/Agent.G.gen!Eldorado
Symantec: Trojan!gm
ESET-NOD32: Win32/Poison.NAE
APEX: Malicious
Paloalto: generic.ml
ClamAV: Win.Downloader.24568-1
Kaspersky: Backdoor.Win32.Poison.aec
NANO-Antivirus: Trojan.Win32.Poison.dmikon
ViRobot: Backdoor.Win32.Poison.6144.B
Avast: Win32:Agent-AAGI [Trj]
Ad-Aware: Generic.PoisonIvy.29390FBA
Comodo: Backdoor.Win32.Poison.NAE@48jb
F-Secure: Backdoor:W32/PoisonIvy.GI
DrWeb: BackDoor.Poison.686
Zillya: Backdoor.Poison.Win32.42544
Invincea: Mal/Generic-R + Troj/Keylog-JV
FireEye: Generic.mg.d537acb8f56a1ce2
Sophos: Troj/Keylog-JV
Jiangmin: Backdoor/PoisonIvy.jh
Webroot: W32.Backdoor.Poisonivy
Avira: TR/Crypt.XPACK.Gen
eGambit: RAT.PoisonIvy
MAX: malware (ai score=100)
Antiy-AVL: Trojan[Backdoor]/Win32.Poison
Kingsoft: Win32.Hack.Poison.pg.5844
SUPERAntiSpyware: Trojan.Agent/Gen-Poison
ZoneAlarm: Backdoor.Win32.Poison.aec
GData: Generic.PoisonIvy.29390FBA
Cynet: Malicious (score: 100)
AhnLab-V3: Trojan/Win32.Poison.R2018
Acronis: suspicious
McAfee: BackDoor-DSS.gen.a
TACHYON: Backdoor/W32.PoisonIvy.7168
VBA32: Backdoor.Poison
Cylance: Unsafe
Zoner: Trojan.Win32.29989
TrendMicro-HouseCall: BKDR_POISON.DS
Tencent: Backdoor.Win32.Poison.b
SentinelOne: DFI - Malicious PE
MaxSecure: BackDoor.Poison.cpb
Fortinet: W32/Poison.CWKQ!tr.bdr
BitDefenderTheta: AI:Packer.4715DE0A1E
AVG: Win32:Agent-AAGI [Trj]
CrowdStrike: win/malicious_confidence_100% (W)
Qihoo-360: Backdoor.Win32.PIvy.A

Hashes

MD5 d537acb8f56a1ce206bc35cf8ff959c0
SHA1 0bb491f62b77df737801b9ab0fd14fa12d43d254
SHA256 eb84360ca4e33b8bb60df47ab5ce962501ef3420bc7aab90655fd507d2ffcedd
SHA3 4220fc01c91255eb1a11f60ebd16b283a2dc90a03bdc0f7ef0dc9b580cdfa66f
SSDeep 192:OJGc1Zl2+VAfNxl1THs6xgzgVGjPlRkTnQAx:OJGcMJxDTHfRmap
Imports Hash f9ade0aa18f660a34a4fa23392e21838

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xb0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 2
TimeDateStamp 2008-Jan-06 14:51:31
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 5.0
SizeOfCode 0x200
SizeOfInitializedData 0x1800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000208 (Section: .text)
BaseOfCode 0x200
BaseOfData 0x400
ImageBase 0x400000
SectionAlignment 0x200
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 4.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1c00
SizeOfHeaders 0x200
Checksum 0x84e6
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 9e5912d9f35aa91102fcdd5f4740ef0a
SHA1 6f3f04bde3817992a3fcb1fa9e22f1a472c0005b
SHA256 6b85472307dee17ba961a68d9791a529fee61b33ba2d727475c1d349c98e3641
SHA3 eef0ee0210f799da846520773e03b2a2b8a17caf31c984a06f961b94c97aeec3
VirtualSize 0x68
VirtualAddress 0x200
SizeOfRawData 0x200
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 0.823535

.data

MD5 8dc0f10f42077eede7aaef5e35b338cc
SHA1 c69d034d527d7be8b54d11fbde2e8142eab36129
SHA256 41c92a9297035f1f6b61a901bc0b10b37250320af93f709199a658b65fb16667
SHA3 41e70410446fb27db92b59b2f9bb065ecfa18a971ccdb279a42ca5a617778e89
VirtualSize 0x168f
VirtualAddress 0x400
SizeOfRawData 0x1800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.3998

Imports

kernel32.dll ExitProcess

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x89a56ef9
Unmarked objects 0
19 (8078) 4
18 (8444) 1

Errors

<-- -->