Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2001-Mar-29 07:16:57 |
Detected languages |
English - United States
|
Suspicious | The PE is packed or was manually edited. | The number of imports reported in the RICH header is inconsistent. |
Suspicious | The PE contains functions most legitimate programs don't use. |
Functions which can be used for anti-debugging purposes:
|
Malicious | VirusTotal score: 50/69 (Scanned on 2019-05-03 10:05:50) |
MicroWorld-eScan:
Trojan.Generic.8911810
FireEye: Generic.mg.dd4382d225a15dc0 McAfee: BackDoor-FANF!DD4382D225A1 Cylance: Unsafe AegisLab: Trojan.Win32.Generic.4!c Alibaba: TrojanSpy:Win64/Ursnif.06716fde K7GW: Riskware ( 0040eff71 ) K7AntiVirus: Riskware ( 0040eff71 ) Invincea: heuristic NANO-Antivirus: Trojan.Win64.Kryptik.dwstdc Symantec: Trojan.Ransomlock.G TrendMicro-HouseCall: TROJ_GEN.R002C0CJ118 Paloalto: generic.ml Kaspersky: HEUR:Trojan.Win32.Generic BitDefender: Trojan.Generic.8911810 SUPERAntiSpyware: Trojan.Agent/Gen-Malaver Avast: Win32:Kryptik-OCK [Trj] Rising: Spyware.Ursnif!8.1DEF (CLOUD) Endgame: malicious (high confidence) Emsisoft: Trojan.Generic.8911810 (B) Comodo: Malware@#7cxmn9euyzsb F-Secure: Heuristic.HEUR/AGEN.1020079 Zillya: Trojan.Kryptik.Win32.741128 TrendMicro: TROJ_GEN.R002C0CJ118 McAfee-GW-Edition: BackDoor-FANF!DD4382D225A1 Trapmine: malicious.high.ml.score TheHacker: Trojan/Kryptik.bm SentinelOne: DFI - Suspicious PE Jiangmin: Trojan/Generic.bcspz Webroot: W32.Malware.Heur Avira: HEUR/AGEN.1020079 Fortinet: W64/Kryptik.BM!tr Antiy-AVL: Trojan/Win32.Unknown Arcabit: Trojan.Generic.D87FBC2 ZoneAlarm: HEUR:Trojan.Win32.Generic Microsoft: TrojanSpy:Win64/Ursnif Sophos: Troj/Papras-N AhnLab-V3: Trojan/Win64.Ursnif.C973845 VBA32: TrojanSpy.Win64.Ursnif MAX: malware (ai score=100) Ad-Aware: Trojan.Generic.8911810 ESET-NOD32: a variant of Win64/Kryptik.BM Tencent: Win32.Trojan.Generic.Wstn Yandex: Trojan.Agent!pKlsT9rOMzg Ikarus: Trojan-Spy.Win64 GData: Trojan.Generic.8911810 AVG: Win32:Kryptik-OCK [Trj] Panda: Trj/CI.A CrowdStrike: win/malicious_confidence_80% (D) Qihoo-360: Win32/Trojan.e6d |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 4 |
TimeDateStamp | 2001-Mar-29 07:16:57 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
|
Magic | PE32+ |
---|---|
LinkerVersion | 7.0 |
SizeOfCode | 0xda00 |
SizeOfInitializedData | 0x2c00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000001690 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x180000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | AA1.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x15000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x800000 |
SizeofStackCommit | 0x7000 |
SizeofHeapReserve | 0x10000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
CompareStringA
ReadFile GetConsoleOutputCP WriteFile GetDateFormatA FileTimeToLocalFileTime GlobalLock VirtualAlloc GetCurrentProcess GetEnvironmentStrings GetModuleHandleA GetModuleFileNameA GetCurrentThreadId |
---|---|
NTDLL.dll |
ZwQuerySystemInformation
|
Ordinal | 1 |
---|---|
Address | 0x1738 |
Ordinal | 2 |
---|---|
Address | 0x8f36 |
Ordinal | 3 |
---|---|
Address | 0x25f3 |
Ordinal | 4 |
---|---|
Address | 0x8f79 |
Ordinal | 5 |
---|---|
Address | 0x3955 |
Ordinal | 6 |
---|---|
Address | 0x3c25 |
Ordinal | 7 |
---|---|
Address | 0x48a3 |
Ordinal | 8 |
---|---|
Address | 0x222e |
Ordinal | 9 |
---|---|
Address | 0x3a95 |
Ordinal | 10 |
---|---|
Address | 0x6124 |
Ordinal | 11 |
---|---|
Address | 0x474e |
Ordinal | 12 |
---|---|
Address | 0x6f63 |
Ordinal | 13 |
---|---|
Address | 0x7e31 |
Ordinal | 14 |
---|---|
Address | 0x6e8a |
Ordinal | 15 |
---|---|
Address | 0x5df7 |
Ordinal | 16 |
---|---|
Address | 0x242e |
Ordinal | 17 |
---|---|
Address | 0x32fe |
Ordinal | 18 |
---|---|
Address | 0x6acf |
Ordinal | 19 |
---|---|
Address | 0x2fe4 |
Ordinal | 20 |
---|---|
Address | 0x2f0a |
Ordinal | 21 |
---|---|
Address | 0x7455 |
Ordinal | 22 |
---|---|
Address | 0x4d11 |
Ordinal | 23 |
---|---|
Address | 0x7621 |
Ordinal | 24 |
---|---|
Address | 0x6259 |
Ordinal | 25 |
---|---|
Address | 0x8092 |
Ordinal | 26 |
---|---|
Address | 0x6792 |
Ordinal | 27 |
---|---|
Address | 0x3dfc |
Ordinal | 28 |
---|---|
Address | 0x26dc |
Ordinal | 29 |
---|---|
Address | 0x7f95 |
Ordinal | 30 |
---|---|
Address | 0x6238 |
Ordinal | 31 |
---|---|
Address | 0x3787 |
Ordinal | 32 |
---|---|
Address | 0x3e3c |
Ordinal | 33 |
---|---|
Address | 0x5944 |
Ordinal | 34 |
---|---|
Address | 0x450c |
Ordinal | 35 |
---|---|
Address | 0x141a |
Ordinal | 36 |
---|---|
Address | 0x1585 |
Ordinal | 37 |
---|---|
Address | 0x1c07 |
Ordinal | 38 |
---|---|
Address | 0x12bb |
Ordinal | 39 |
---|---|
Address | 0x74ce |
Ordinal | 40 |
---|---|
Address | 0x27a6 |
Ordinal | 41 |
---|---|
Address | 0x734a |
Ordinal | 42 |
---|---|
Address | 0x7318 |
Ordinal | 43 |
---|---|
Address | 0x6903 |
Ordinal | 44 |
---|---|
Address | 0x6ff2 |
Ordinal | 45 |
---|---|
Address | 0x2dff |
Ordinal | 46 |
---|---|
Address | 0x6d98 |
Ordinal | 47 |
---|---|
Address | 0x7cdb |
Ordinal | 48 |
---|---|
Address | 0x6ca2 |
Ordinal | 49 |
---|---|
Address | 0x551a |
Ordinal | 50 |
---|---|
Address | 0x33d5 |
Ordinal | 51 |
---|---|
Address | 0x57bc |
Ordinal | 52 |
---|---|
Address | 0x3151 |
Ordinal | 53 |
---|---|
Address | 0x5212 |
Ordinal | 54 |
---|---|
Address | 0x7c0b |
Ordinal | 55 |
---|---|
Address | 0x6ad2 |
Ordinal | 56 |
---|---|
Address | 0x897e |
Ordinal | 57 |
---|---|
Address | 0x2567 |
Ordinal | 58 |
---|---|
Address | 0x6b9e |
Ordinal | 59 |
---|---|
Address | 0x2f8a |
Ordinal | 60 |
---|---|
Address | 0x2b0e |
Ordinal | 61 |
---|---|
Address | 0x2d16 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 7.6.2.0 |
ProductVersion | 7.6.2.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
Resource LangID | English - United States |
---|
XOR Key | 0xa55ba91b |
---|---|
Unmarked objects | 0 |
117 (16192) | 4 |
Total imports | 1 |
105 (12641) | 3 |
36 (1509) | 3 |
181 (5045) | 1 |
177 (705) | 3 |
151 (12709) | 3 |
Linker (VS2003 (.NET) build 4035) | 4 |