Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2011-Apr-08 17:54:23 |
Info | Matching compiler(s): |
Microsoft Visual C++
Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains obfuscated function names:
|
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 57/67 (Scanned on 2018-02-11 02:13:29) |
MicroWorld-eScan:
Gen:Win32.ExplorerHijack.dqW@aO9ui3p
nProtect: Trojan/W32.Agent.53248.EGF CAT-QuickHeal: Trojan.Agent McAfee: RDN/Autorun.worm.gen Cylance: Unsafe Zillya: Trojan.Agent.Win32.229238 TheHacker: Trojan/Injector.ret K7GW: Trojan ( 004bd2471 ) K7AntiVirus: Trojan ( 004bd2471 ) TrendMicro: TROJ_SPNR.29C414 Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9935 Cyren: W32/Dropper.gen8!Maximus Symantec: Trojan.Gen ESET-NOD32: a variant of Win32/Injector.RET TrendMicro-HouseCall: TROJ_SPNR.29C414 Paloalto: generic.ml Kaspersky: Trojan.Win32.Agent.hwkc BitDefender: Gen:Win32.ExplorerHijack.dqW@aO9ui3p NANO-Antivirus: Trojan.Win32.Mayachok.dpbvnh Avast: Win32:Malware-gen Tencent: Win32.Trojan.Inject.Auto Ad-Aware: Gen:Win32.ExplorerHijack.dqW@aO9ui3p Emsisoft: Gen:Win32.ExplorerHijack.dqW@aO9ui3p (B) Comodo: UnclassifiedMalware F-Secure: Gen:Win32.ExplorerHijack.dqW@aO9ui3p DrWeb: Trojan.Inject.64211 VIPRE: Trojan.Win32.Encpk.agsb (v) McAfee-GW-Edition: RDN/Autorun.worm.gen Sophos: Mal/Generic-S SentinelOne: static engine - malicious F-Prot: W32/Dropper.gen8!Maximus Jiangmin: Trojan/Generic.xbgc Webroot: W32.Dropper.Gen Avira: TR/Dldr.Waski.24576.4 Antiy-AVL: Trojan/Win32.Agent Kingsoft: Win32.Troj.Undef.(kcloud) Microsoft: Trojan:Win32/Tiggre!rfn Endgame: malicious (high confidence) Arcabit: Gen:Win32.ExplorerHijack.E88CBE AegisLab: Troj.W32.Agent.hwkc!c ZoneAlarm: Trojan.Win32.Agent.hwkc GData: Gen:Win32.ExplorerHijack.dqW@aO9ui3p AhnLab-V3: Dropper/Win32.Agent.R194628 ALYac: Gen:Win32.ExplorerHijack.dqW@aO9ui3p AVware: Trojan.Win32.Encpk.agsb (v) MAX: malware (ai score=100) VBA32: Trojan.Agent Malwarebytes: Trojan.Agent.LB Rising: Trojan.Agent!8.B1E (TFE:5:i7VOefkBImN) Yandex: Trojan.Hijacker!zx3nusjBhh8 Ikarus: Trojan.SuspectCRC eGambit: Unsafe.AI_Score_73% Fortinet: W32/Generic.AP.419160 AVG: Win32:Malware-gen Cybereason: malicious.17a67e CrowdStrike: malicious_confidence_90% (W) Qihoo-360: Win32/Trojan.b75 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2011-Apr-08 17:54:23 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x3000 |
SizeOfInitializedData | 0x9000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001ADB (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x4000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xd000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
CloseHandle
VirtualFree ReadFile VirtualAlloc GetFileSize CreateFileA ResumeThread SetThreadContext WriteProcessMemory VirtualAllocEx GetProcAddress GetModuleHandleA ReadProcessMemory GetThreadContext CreateProcessA FreeResource SizeofResource LockResource LoadResource FindResourceA GetSystemDirectoryA Sleep GetCommandLineA GetVersion ExitProcess TerminateProcess GetCurrentProcess UnhandledExceptionFilter GetModuleFileNameA FreeEnvironmentStringsA FreeEnvironmentStringsW WideCharToMultiByte GetEnvironmentStrings GetEnvironmentStringsW SetHandleCount GetStdHandle GetFileType GetStartupInfoA HeapDestroy HeapCreate HeapFree RtlUnwind WriteFile HeapAlloc GetCPInfo GetACP GetOEMCP HeapReAlloc LoadLibraryA MultiByteToWideChar LCMapStringA LCMapStringW GetStringTypeA GetStringTypeW |
---|
XOR Key | 0xc0dabba1 |
---|---|
Unmarked objects | 0 |
C++ objects (VS98 build 8168) | 1 |
C objects (VS98 build 8168) | 19 |
14 (7299) | 10 |
19 (8034) | 3 |
Total imports | 55 |
C objects (VS98 build 8168) (#2) | 1 |