Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2017-Oct-23 20:44:37 |
Detected languages |
English - United States
|
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 |
Malicious | The PE contains functions mostly used by malware. |
Can access the registry:
|
Malicious | VirusTotal score: 29/57 (Scanned on 2019-09-09 06:40:28) |
MicroWorld-eScan:
Trojan.GenericKD.32416111
McAfee: Trojan-HidCobra Cylance: Unsafe K7AntiVirus: Trojan ( 0052cf421 ) Alibaba: Trojan:Win32/NukeSped.cb5844a3 K7GW: Trojan ( 0052cf421 ) F-Prot: W32/Trojan3.AOLC Symantec: Trojan.Hoplight APEX: Malicious Paloalto: generic.ml BitDefender: Trojan.GenericKD.32416111 Ad-Aware: Trojan.GenericKD.32416111 Emsisoft: Trojan.GenericKD.32416111 (B) F-Secure: Trojan.TR/NukeSped.flobc McAfee-GW-Edition: Trojan-HidCobra FireEye: Trojan.GenericKD.32416111 Sophos: Mal/Generic-S Avira: TR/NukeSped.flobc MAX: malware (ai score=100) Arcabit: Trojan.Generic.D1EEA16F GData: Win32.Trojan.Agent.J7Q9TZ AhnLab-V3: Trojan/Win32.Crypt.C3464081 TrendMicro-HouseCall: TROJ_GEN.R002H0DI819 Tencent: Win32.Trojan.Generic.Amcj Ikarus: Trojan.Win32.NukeSped Fortinet: W32/NukeSped.AU!tr Panda: Trj/GdSda.A CrowdStrike: win/malicious_confidence_100% (W) Qihoo-360: Win32/Trojan.bb5 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2017-Oct-23 20:44:37 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x20600 |
SizeOfInitializedData | 0x5e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00020CE8 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x22000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x2d000 |
SizeOfHeaders | 0x400 |
Checksum | 0x2fbbc |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
WS2_32.dll |
#115
#10 #9 #11 #23 #4 #16 #111 #18 #151 #21 #19 #22 #3 |
---|---|
KERNEL32.dll |
Sleep
GetLastError WriteFile CloseHandle ReadFile CreateFileW GetFileAttributesW GetTickCount LocalFree LocalAlloc TerminateThread GetExitCodeThread WaitForMultipleObjects CreateThread InterlockedExchange DisconnectNamedPipe FlushFileBuffers GetCommandLineW ExitProcess FormatMessageW HeapFree GetProcessHeap HeapAlloc GetCurrentProcess GetCurrentThread WaitNamedPipeW ConnectNamedPipe CreateNamedPipeW InterlockedCompareExchange HeapSetInformation GetStartupInfoW EncodePointer DecodePointer SetUnhandledExceptionFilter GetCurrentThreadId GetCurrentProcessId GetSystemTimeAsFileTime TerminateProcess UnhandledExceptionFilter IsDebuggerPresent FindClose WaitForSingleObject FindFirstFileW QueryPerformanceCounter QueryPerformanceFrequency WideCharToMultiByte UnmapViewOfFile DuplicateHandle CreateFileMappingW MapViewOfFile GetFileType GetFileInformationByHandle GetSystemTime GetLocalTime SystemTimeToFileTime GetFileSize SetFilePointer FindNextFileW FileTimeToDosDateTime FileTimeToSystemTime |
ADVAPI32.dll |
RegCloseKey
RegQueryValueExW RegSetValueExW InitializeSecurityDescriptor AllocateAndInitializeSid GetLengthSid InitializeAcl AddAccessAllowedAce SetSecurityDescriptorDacl FreeSid OpenThreadToken OpenProcessToken GetTokenInformation RegCreateKeyExW |
SHELL32.dll |
CommandLineToArgvW
|
MSVCR100.dll |
??3@YAXPAX@Z
memmove memcmp _tzset free strstr sscanf fread ftell fseek _vsnprintf ??2@YAPAXI@Z __CxxFrameHandler strcat strcpy strncpy wcscmp wcscat sprintf fgets printf fwrite _amsg_exit __wgetmainargs wcsrchr _exit _XcptFilter exit _wcmdln _initterm _initterm_e _configthreadlocale __setusermatherr _commode _fmode __set_app_type _unlock __dllonexit _lock _onexit _localtime32 _time32 _mktime32 ?terminate@@YAXXZ _except_handler4_common _invoke_watson _controlfp_s _crt_debugger_hook wcslen _cexit wcscpy strlen _swprintf fprintf fclose wcstok wcstombs wprintf __CxxFrameHandler3 srand rand _wtoi memset memcpy _time64 _stricmp fopen malloc |
MPR.dll |
WNetAddConnection2W
WNetCancelConnection2W |
XOR Key | 0xc61332ca |
---|---|
Unmarked objects | 0 |
Imports (VS2010 build 30319) | 2 |
152 (20115) | 5 |
ASM objects (VS2010 build 30319) | 5 |
C objects (VS2010 build 30319) | 18 |
C objects (VS98 build 8168) | 14 |
C++ objects (VS98 build 8168) | 3 |
Total imports | 159 |
Imports (VS2008 SP1 build 30729) | 11 |
C++ objects (VS2010 build 30319) | 5 |
Linker (VS2010 build 30319) | 1 |