Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2009-Apr-19 09:56:51 |
Detected languages |
English - United States
|
Debug artifacts |
c:\clean\mix\Row\experience\tree\Station\mountainself.pdb
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 58/70 (Scanned on 2019-10-24 02:09:30) |
MicroWorld-eScan:
Trojan.GenericKD.30630713
FireEye: Generic.mg.d803f05ff3969a4c CAT-QuickHeal: Trojan.IGENERIC McAfee: Generic.azd Zillya: Trojan.GenericKD.Win32.146477 K7AntiVirus: Riskware ( 0040eff71 ) Alibaba: TrojanDownloader:Win32/Nymaim.fcecddb6 K7GW: Riskware ( 0040eff71 ) Cybereason: malicious.ff3969 Arcabit: Trojan.Generic.D1D36339 Invincea: heuristic F-Prot: W32/Nymaim.ALB Symantec: Trojan.Nymaim.B APEX: Malicious Avast: Win32:Malware-gen Kaspersky: Trojan.Win32.Nymaim.beqi BitDefender: Trojan.GenericKD.30630713 NANO-Antivirus: Trojan.Win32.Nymaim.fakzat Paloalto: generic.ml ViRobot: Trojan.Win32.S.Agent.1418752.C Ad-Aware: Trojan.GenericKD.30630713 Emsisoft: Trojan.GenericKD.30630713 (B) Comodo: Malware@#3h1snsx19b30b F-Secure: Trojan.TR/Dropper.ytuew DrWeb: Trojan.DownLoader26.38781 VIPRE: Win32.Malware!Drop TrendMicro: TROJ_NYMAIM.TIBBCBJ McAfee-GW-Edition: Generic.azd Trapmine: malicious.high.ml.score Sophos: Troj/Nymaim-HH SentinelOne: DFI - Malicious PE Cyren: W32/Risk.TAJA-8130 Jiangmin: Trojan.Nymaim.ecs Webroot: W32.Trojan.GenKD Avira: TR/Dropper.ytuew Fortinet: W32/Nymaim.HH!tr Endgame: malicious (high confidence) Microsoft: TrojanDownloader:Win32/Nymaim.K!bit AegisLab: Trojan.Win32.Nymaim.4!c ZoneAlarm: Trojan.Win32.Nymaim.beqi TACHYON: Trojan/W32.Nymaim.1418752 AhnLab-V3: Trojan/Win32.Nymaim.C2471333 Acronis: suspicious ALYac: Trojan.Nymaim.gen MAX: malware (ai score=100) VBA32: BScope.TrojanBanker.Gozi Cylance: Unsafe Zoner: Trojan.Win32.68950 ESET-NOD32: Win32/TrojanDownloader.Nymaim.BA TrendMicro-HouseCall: TROJ_NYMAIM.TIBBCBJ Rising: Downloader.Nymaim!8.781 (KTSE) Yandex: Trojan.Nymaim!RmOpToHFWwk Ikarus: Trojan.Dropper GData: Win32.Trojan-Downloader.Nymaim.SXYOOF AVG: Win32:Malware-gen Panda: Trj/WLT.D CrowdStrike: win/malicious_confidence_90% (W) Qihoo-360: Win32/Trojan.Multi.daf |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2009-Apr-19 09:56:51 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x59a00 |
SizeOfInitializedData | 0x10dc00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000482E8 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x5b000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x16b000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
CreateProcessW
GetDiskFreeSpaceW GetCurrentThreadId RemoveDirectoryW CreateEventW GetVersion GetVolumeInformationW GetLocalTime CreateFileW FindClose FindNextFileW FindFirstFileW TlsSetValue TlsAlloc Sleep GetProcAddress LoadLibraryW CloseHandle FindFirstChangeNotificationW InterlockedIncrement InterlockedDecrement WideCharToMultiByte InterlockedExchange InitializeCriticalSection DeleteCriticalSection EnterCriticalSection LeaveCriticalSection MultiByteToWideChar RtlUnwind RaiseException TerminateProcess GetCurrentProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent GetStartupInfoW GetLastError HeapFree GetCPInfo LCMapStringA LCMapStringW GetModuleHandleW TlsGetValue TlsFree SetLastError HeapAlloc GetModuleHandleA ExitProcess WriteFile GetStdHandle GetModuleFileNameA GetModuleFileNameW FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineW SetHandleCount GetFileType GetStartupInfoA HeapCreate VirtualFree QueryPerformanceCounter GetTickCount GetCurrentProcessId GetSystemTimeAsFileTime VirtualAlloc HeapReAlloc GetConsoleCP GetConsoleMode FlushFileBuffers ReadFile SetFilePointer HeapSize GetACP GetOEMCP IsValidCodePage GetUserDefaultLCID GetLocaleInfoA EnumSystemLocalesA IsValidLocale GetStringTypeA GetStringTypeW LoadLibraryA InitializeCriticalSectionAndSpinCount WriteConsoleA GetConsoleOutputCP WriteConsoleW SetStdHandle GetLocaleInfoW CreateFileA |
---|
rather horse most |
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Apr-19 09:56:51 |
Version | 0.0 |
SizeofData | 82 |
AddressOfRawData | 0x5e2f8 |
PointerToRawData | 0x5d0f8 |
Referenced File | c:\clean\mix\Row\experience\tree\Station\mountainself.pdb |
Size | 0 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x461e44 |
SEHandlerTable | 0 |
SEHandlerCount | 0 |