Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Jun-17 08:07:18 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains domain names or URLs:
|
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 58/70 (Scanned on 2019-10-07 23:43:56) |
MicroWorld-eScan:
Trojan.GenericKD.30920306
FireEye: Generic.mg.e2bd4044fab4214c McAfee: Trojan-FQCE!E2BD4044FAB4 Cylance: Unsafe Zillya: Trojan.GenericKD.Win32.142298 K7AntiVirus: Trojan ( 00531dce1 ) Alibaba: Backdoor:Win32/Cypress.00c480dd K7GW: Trojan ( 00531dce1 ) CrowdStrike: win/malicious_confidence_100% (W) Invincea: heuristic F-Prot: W32/Popool.B.gen!Eldorado Symantec: Backdoor.Trojan TotalDefense: Win32/FakeDoc_i APEX: Malicious Paloalto: generic.ml Kaspersky: Backdoor.Win32.Cypress.q BitDefender: Trojan.GenericKD.30920306 NANO-Antivirus: Trojan.Win32.Cypress.falfex ViRobot: Backdoor.Win32.S.Agent.395776.E Avast: Win32:Malware-gen Rising: Trojan.Generic@ML.100 (RDMK:m3tJKOBB4cCagrZMYeykAg) Endgame: malicious (high confidence) Emsisoft: Trojan.GenericKD.30920306 (B) Comodo: Malware@#1xz1sdhwnq77w F-Secure: Trojan.TR/ATRAPS.Gen4 DrWeb: BackDoor.Spy.3610 VIPRE: Trojan.Win32.Generic.pak!cobra TrendMicro: BKDR_POWPOOL.B McAfee-GW-Edition: BehavesLike.Win32.MultiPlug.fh Sophos: Troj/Bckdoor-AD SentinelOne: DFI - Suspicious PE Cyren: W32/Popool.B.gen!Eldorado Jiangmin: Backdoor.Cypress.e Webroot: W32.Trojan.GenKD Avira: TR/ATRAPS.Gen4 Fortinet: W32/Agent.TDK!tr Antiy-AVL: Trojan[Backdoor]/Win32.Cypress Arcabit: Trojan.Generic.D1D7CE72 AegisLab: Trojan.Win32.Cypress.4!c ZoneAlarm: Backdoor.Win32.Cypress.q Microsoft: Trojan:Win32/Popool.B TACHYON: Backdoor/W32.Agent.395776.BP AhnLab-V3: Backdoor/Win32.Cypress.R227847 Acronis: suspicious VBA32: Backdoor.Cypress ALYac: Backdoor.Agent.Cypress MAX: malware (ai score=100) Ad-Aware: Trojan.GenericKD.30920306 ESET-NOD32: a variant of Win32/Agent.TIA TrendMicro-HouseCall: BKDR_POWPOOL.B Tencent: Win32.Trojan.Fakedoc.Auto Yandex: Backdoor.Cypress! Ikarus: Trojan.Win32.Agent GData: Trojan.GenericKD.30920306 AVG: Win32:Malware-gen Cybereason: malicious.4fab42 Panda: Trj/GdSda.A Qihoo-360: Win32/Trojan.2c0 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2019-Jun-17 08:07:18 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x46e00 |
SizeOfInitializedData | 0x1c200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00029577 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x48000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x65000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
WideCharToMultiByte
MultiByteToWideChar CreateFileA FileTimeToSystemTime GetFileSize SetFilePointer ReadFile CreateFileW SetEndOfFile GetSystemDefaultLangID GetLastError LoadLibraryW GetProcessHeap HeapFree FreeLibrary GetSystemDirectoryA CreateProcessA CreateThread CloseHandle IsDebuggerPresent LoadLibraryA GetProcAddress Sleep GetTickCount FileTimeToLocalFileTime SetUnhandledExceptionFilter GetDriveTypeW WriteConsoleW SetStdHandle GetStringTypeW IsValidLocale EnumSystemLocalesA GetLocaleInfoA GetUserDefaultLCID GetSystemTimeAsFileTime GetCurrentProcessId QueryPerformanceCounter GetEnvironmentStringsW FreeEnvironmentStringsW GetModuleFileNameA GetTimeZoneInformation GetCurrentDirectoryW PeekNamedPipe GetFileInformationByHandle GetFullPathNameA IsValidCodePage GetOEMCP GetACP FlushFileBuffers GetConsoleMode GetConsoleCP HeapCreate GetModuleFileNameW WriteFile SetEnvironmentVariableA GetCurrentThreadId SetLastError TlsFree TlsSetValue TlsGetValue TlsAlloc InterlockedIncrement InterlockedDecrement EncodePointer DecodePointer InterlockedExchange InitializeCriticalSection DeleteCriticalSection EnterCriticalSection LeaveCriticalSection GetModuleHandleW ExitProcess HeapReAlloc FindFirstFileExA FindNextFileA FindClose GetDriveTypeA GetCommandLineA HeapSetInformation RaiseException RtlUnwind HeapAlloc LCMapStringW GetCPInfo CompareStringW TerminateProcess GetCurrentProcess UnhandledExceptionFilter IsProcessorFeaturePresent HeapSize InitializeCriticalSectionAndSpinCount SetHandleCount GetStdHandle GetFileType GetStartupInfoW GetLocaleInfoW |
---|---|
ADVAPI32.dll |
RegQueryInfoKeyA
RegEnumKeyExA RegQueryValueExA RegCloseKey |
SHELL32.dll |
SHGetFolderLocation
SHGetPathFromIDListA ShellExecuteA |
ole32.dll |
CoCreateGuid
|
WININET.dll |
InternetQueryOptionA
InternetCloseHandle InternetOpenA HttpSendRequestA HttpAddRequestHeadersA HttpEndRequestA InternetSetCookieA InternetAttemptConnect HttpOpenRequestA InternetWriteFile InternetSetOptionA InternetReadFile InternetConnectA HttpSendRequestExA |
WS2_32.dll |
#52
#57 #12 #116 #15 #115 |
VERSION.dll |
GetFileVersionInfoSizeA
GetFileVersionInfoA VerQueryValueA |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x453758 |
SEHandlerTable | 0x44e0b0 |
SEHandlerCount | 176 |
XOR Key | 0xf26a3129 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2010 build 30319) | 29 |
C objects (VS2010 build 30319) | 190 |
C objects (VS2008 SP1 build 30729) | 3 |
Imports (VS2008 SP1 build 30729) | 17 |
Total imports | 166 |
C++ objects (VS2010 build 30319) | 73 |
175 (VS2010 build 30319) | 11 |
Resource objects (VS2012 build 50727 / VS2005 build 50727) | 1 |
Linker (VS2010 build 30319) | 1 |