Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2018-Dec-11 11:56:39 |
Detected languages |
Italian - Italy
|
Debug artifacts |
C:\libujalemedufajikigo_yetebavakadefa28 belideribet_luv.pdb
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | PEiD Signature: | UPolyX V0.1 -> Delikon |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 54/71 (Scanned on 2019-10-12 16:47:14) |
MicroWorld-eScan:
Trojan.GenericKD.32571738
FireEye: Generic.mg.e76c1b8c9badae79 CAT-QuickHeal: Ransom.Stop.MP4 Qihoo-360: Win32/Trojan.d41 McAfee: RDN/Generic.grp Zillya: Trojan.Chapak.Win32.84496 K7AntiVirus: Trojan ( 005592da1 ) Alibaba: Trojan:Win32/Chapak.c9ccb97c K7GW: Trojan ( 005592da1 ) Arcabit: Trojan.Generic.D1F1015A TrendMicro: TROJ_GEN.R002C0PJ919 F-Prot: W32/Kryptik.AIY.gen!Eldorado Symantec: Trojan.Gen.MBT APEX: Malicious Paloalto: generic.ml Kaspersky: Trojan.Win32.Chapak.eail BitDefender: Trojan.GenericKD.32571738 NANO-Antivirus: Trojan.Win32.Chapak.gcjgli AegisLab: Trojan.Win32.Generic.4!c Rising: Trojan.Kryptik!1.BD98 (CLASSIC) Endgame: malicious (high confidence) Sophos: Mal/GandCrab-G Comodo: Malware@#3j99a69ptro73 F-Secure: Trojan.TR/AD.Chapak.lwxgs VIPRE: Trojan.Win32.Generic!BT Invincea: heuristic McAfee-GW-Edition: RDN/Generic.grp Fortinet: W32/Kryptik.GXCI!tr Emsisoft: Trojan.GenericKD.32571738 (B) SentinelOne: DFI - Malicious PE Cyren: W32/Trojan.KJQS-7837 Webroot: W32.Malware.Gen Avira: TR/AD.Chapak.lwxgs MAX: malware (ai score=84) Antiy-AVL: Trojan/Win32.Chapak Microsoft: TrojanDownloader:Win32/Bandit.MS!MTB ZoneAlarm: Trojan.Win32.Chapak.eail AhnLab-V3: Trojan/Win32.RL_MalPe.R293851 Acronis: suspicious ALYac: Trojan.GenericKD.32571738 VBA32: Trojan.Chapak Malwarebytes: Trojan.MalPack.GS Panda: Trj/GdSda.A ESET-NOD32: a variant of Win32/Kryptik.GXAV TrendMicro-HouseCall: TROJ_GEN.R002C0PJ919 Tencent: Win32.Trojan.Chapak.Akfc Ikarus: Trojan.Win32.Crypt eGambit: Unsafe.AI_Score_54% GData: Trojan.GenericKD.32571738 Ad-Aware: Trojan.GenericKD.32571738 AVG: Win32:Trojan-gen Avast: Win32:Trojan-gen CrowdStrike: win/malicious_confidence_100% (W) MaxSecure: Trojan.Malware.74620382.susgen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 7 |
TimeDateStamp | 2018-Dec-11 11:56:39 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x14a00 |
SizeOfInitializedData | 0x2077e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00002A9C (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x16000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x2092000 |
SizeOfHeaders | 0x400 |
Checksum | 0x6e692 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
LoadLibraryA
LoadLibraryW GetModuleFileNameW GetFirmwareEnvironmentVariableW FindResourceExW EndUpdateResourceW WritePrivateProfileSectionW GetPrivateProfileSectionNamesA GetCurrentDirectoryW CreateDirectoryExA DefineDosDeviceW GetFileAttributesExW DeleteFileW CopyFileA IsBadStringPtrA GetDefaultCommConfigA OpenSemaphoreA UnregisterWait OpenJobObjectW SetInformationJobObject ReleaseActCtx GetCalendarInfoA SetCalendarInfoW EnumDateFormatsA GetUserDefaultLangID ReadConsoleInputA AllocConsole CreateFileW WriteConsoleW SetFilePointerEx HeapSize GetConsoleMode GetConsoleCP lstrlenA lstrcmpW GetMailslotInfo PeekNamedPipe GetSystemTimes GetFileTime RequestDeviceWakeup LockFile FreeEnvironmentStringsW FreeEnvironmentStringsA GetEnvironmentStringsW TerminateProcess HeapWalk HeapAlloc VirtualAllocEx VirtualProtect LocalAlloc GetDefaultCommConfigW GlobalUnlock IsProcessorFeaturePresent IsDebuggerPresent UnhandledExceptionFilter SetUnhandledExceptionFilter GetStartupInfoW GetModuleHandleW QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead GetCurrentProcess RaiseException RtlUnwind GetLastError SetLastError EncodePointer EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree FreeLibrary GetProcAddress LoadLibraryExW ExitProcess GetModuleHandleExW GetModuleFileNameA MultiByteToWideChar WideCharToMultiByte GetStdHandle WriteFile GetACP HeapFree HeapReAlloc LCMapStringW GetFileType FindClose FindFirstFileExA FindNextFileA IsValidCodePage GetOEMCP GetCPInfo GetCommandLineA GetCommandLineW GetProcessHeap CloseHandle SetStdHandle GetStringTypeW FlushFileBuffers DecodePointer |
---|---|
USER32.dll |
GetMenu
CallMsgFilterA ShowWindowAsync CallWindowProcW GetMonitorInfoW |
ADVAPI32.dll |
RegisterServiceCtrlHandlerW
RegQueryValueExW RegQueryValueExA RegQueryValueA RegOpenKeyExA RegCreateKeyA RegCloseKey GetFileSecurityW SetSecurityDescriptorControl AddAccessDeniedAceEx DeleteAce AreAnyAccessesGranted IsValidSid ObjectPrivilegeAuditAlarmW ImpersonateNamedPipeClient NotifyChangeEventLog ClearEventLogA StartServiceW |
Lep |
Loroyecososo weledanac hayimetenuwevac fikuvuciyor rikov canu |
Zilaligevep duxuwogib mupex hix hadu menovexofi lebigurul noliwe wupinez |
Cowicawipozub lixozexi tewiboxigay sede kemocenugel basi |
Rohokefirit jonefozisiwola gufemuca zezecoku yifih |
Zijizaru lobonefi kitafakejavazu yixawisemucohip |
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Apr-15 19:44:29 |
Version | 0.0 |
SizeofData | 101 |
AddressOfRawData | 0x1bbdc |
PointerToRawData | 0x1a9dc |
Referenced File | C:\libujalemedufajikigo_yetebavakadefa28 belideribet_luv.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Oct-07 20:00:08 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x1bc3c |
PointerToRawData | 0x1aa3c |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Oct-07 20:00:08 |
Version | 0.0 |
SizeofData | 860 |
AddressOfRawData | 0x1bc50 |
PointerToRawData | 0x1aa50 |
StartAddressOfRawData | 0x248c000 |
---|---|
EndAddressOfRawData | 0x248c008 |
AddressOfIndex | 0x248b0f4 |
AddressOfCallbacks | 0x416240 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0x5c |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x45e584 |
SEHandlerTable | 0x432260 |
SEHandlerCount | 41 |
XOR Key | 0xbb77029e |
---|---|
Unmarked objects | 0 |
241 (40116) | 9 |
243 (40116) | 123 |
242 (40116) | 24 |
ASM objects (VS2015 UPD3 build 24123) | 19 |
C objects (VS2015 UPD3 build 24123) | 18 |
C++ objects (VS2015 UPD3 build 24123) | 38 |
Imports (VS2008 SP1 build 30729) | 7 |
Total imports | 148 |
C++ objects (VS2015 UPD3.1 build 24215) | 1 |
Resource objects (VS2015 UPD3 build 24210) | 1 |
Linker (VS2015 UPD3.1 build 24215) | 1 |