e79371d3e18a044e7d6717931dc88752

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2008-Jun-25 03:22:39
Detected languages Chinese - PRC
English - United States
Comments SOFT SNAP (King Yang)
FileDescription Capture Application (Sample)
FileVersion 8, 6, 25, 1
LegalCopyright Copyright (C) 1999-2008
OLESelfRegister AM30
ProductVersion 8, 6, 25, 1

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 7.1
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++
Suspicious Strings found in the binary may indicate undesirable behavior: Contains obfuscated function names:
  • 82 a0 b1 95 b7 aa a6 84 a1 a1 b7 a0 b6 b6
  • 89 aa a4 a1 89 ac a7 b7 a4 b7 bc
 Contains a XORed PE executable:
  • 91 ad ac b6 e5 b5 b7 aa a2 b7 a4 a8 e5 a6 a4 ab ab aa b1 e5 ...
Suspicious The PE is possibly packed. Section .rsrc is both writable and executable.
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • LoadLibraryExA
  • GetProcAddress
 Can access the registry:
  • RegSetValueExA
  • RegEnumKeyExA
  • RegCreateKeyExA
  • RegOpenKeyExA
  • RegDeleteValueA
  • RegCloseKey
  • RegDeleteKeyA
  • RegQueryInfoKeyA
 Can create temporary files:
  • CreateFileA
  • GetTempPathA
 Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
 Can take screenshots:
  • GetDC
  • CreateCompatibleDC
Suspicious The file contains overlay data. 78279 bytes of data starting at offset 0x35000.
Malicious VirusTotal score: 48/62 (Scanned on 2022-01-06 06:25:23) Elastic: malicious (high confidence)
MicroWorld-eScan: Win32.Floxif.A
FireEye: Generic.mg.e79371d3e18a044e
CAT-QuickHeal: W32.Pioneer.CZ1
ALYac: Win32.Floxif.A
Cylance: Unsafe
Sangfor: Suspicious.Win32.Save.a
K7AntiVirus: Virus ( 00521e9a1 )
K7GW: Virus ( 00521e9a1 )
CrowdStrike: win/malicious_confidence_100% (W)
Baidu: Win32.Virus.Floxif.a
VirIT: Win32.FloodFix.A
Cyren: W32/Floxif.B
Symantec: W32.Fixflo.B!inf
ESET-NOD32: Win32/Floxif.H
APEX: Malicious
ClamAV: Win.Virus.Pioneer-9111434-0
Kaspersky: Virus.Win32.Pioneer.cz
BitDefender: Win32.Floxif.A
NANO-Antivirus: Virus.Win32.Pioneer.bvrqhu
Tencent: Virus.Win32.Pionner.tt
Ad-Aware: Win32.Floxif.A
Sophos: Mal/Generic-R + W32/Floxif-C
Comodo: Virus.Win32.Floxif.A@7h5wha
DrWeb: Win32.FloodFix.7
BitDefenderTheta: AI:FileInfector.207622A70E
TrendMicro: PE_FLOXIF.D
McAfee-GW-Edition: BehavesLike.Win32.Sality.dh
Emsisoft: Win32.Floxif.A (B)
SentinelOne: Static AI - Malicious PE
Jiangmin: Win32/Pioneer.l
MaxSecure: Virus.W32.Pioneer.CZ
Avira: W32/Floxif.hdc
Antiy-AVL: Trojan/Generic.ASVirus.178
Arcabit: Win32.Floxif.A
GData: Win32.Floxif.A
Cynet: Malicious (score: 99)
AhnLab-V3: Win32/Fixflo.GEN
McAfee: Dropper-FIY!E79371D3E18A
MAX: malware (ai score=83)
Malwarebytes: Malware.AI.2193170993
TrendMicro-HouseCall: PE_FLOXIF.D
Rising: Malware.Heuristic!ET#77% (RDMK:cmRtazr+jT8m5EHos0wYcRWfLFxg)
Ikarus: Virus.Win32.Floxif.A
eGambit: Trojan.Generic
Fortinet: W32/Floxif.E
Cybereason: malicious.3e18a0
Panda: W32/Floxif.A

Hashes

MD5 e79371d3e18a044e7d6717931dc88752
SHA1 3cea41d946fbac66c74b456b3ab7eed253ef9a5e
SHA256 a066bfdbb59aa5f93caab5b2b3f278005efdd21b46cc69dbf63a8de417bf0c0f
SHA3 ea14dc0d88f6983cb5af8feba36f8abca94ad3f49918286ded6157b8bd312489
SSDeep 6144:PMU7zmucLxrQn38z3hiLwUwlBV+UdvrEFp7hK2:Pj7zmpLxrUMThiLwtBjvrEH7x
Imports Hash fd3b0cbb37381a1370fc6acdde43ad4a

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x118

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2008-Jun-25 03:22:39
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 7.0
SizeOfCode 0x29000
SizeOfInitializedData 0x11000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0001E066 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2a000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x3d000
SizeOfHeaders 0x1000
Checksum 0x3d160
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x200000
SizeofStackCommit 0x200000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 e7c5b21af13d1f1b993cae56ef4779bc
SHA1 208fa87e80c9bcba8a316316eede4f1dabba6ec6
SHA256 9d2800eb942d382182dda1a3c3ba8db818beebb3e389150a9735964ff8d52278
SHA3 c52580e1a4cb988e476458bb7772d8c8d7afe3b8885bf83999ac5a177d3b9540
VirtualSize 0x283ab
VirtualAddress 0x1000
SizeOfRawData 0x29000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.30329

.rdata

MD5 c9e6f576091987625277478442abdccf
SHA1 630dfa3b8c877f123a9a2fa2952552a0cef619ee
SHA256 e3a540497dede407fc2dd0d18810f07413296a9b5a1ba004f66a692f49c36bfd
SHA3 6da7b335ac3e4ec8209baf89a1412fef16c20f26871dc4fb4d27d6d04bd1fb1a
VirtualSize 0x621c
VirtualAddress 0x2a000
SizeOfRawData 0x7000
PointerToRawData 0x2a000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.86442

.data

MD5 bea36e741ade46160527fb126b5137c8
SHA1 bddb27ba1899c8e4404284c7d459f22c7223112c
SHA256 6469b6709360fda35415d8e537ddc2e20152bf8f5a2b6ed64a4c9f938f6b7e57
SHA3 4d73d39bf636b745c92da005c6b1f6cd39dfa7f2bc506c2fb5c4596e13801bf4
VirtualSize 0x7ee8
VirtualAddress 0x31000
SizeOfRawData 0x2000
PointerToRawData 0x31000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.82293

.rsrc

MD5 5d551f0b5777ee906d41c2b53de9b1c8
SHA1 50430ac6b4975d38d10bd3e4c0ecfa489ff8985a
SHA256 36667bba0d374d4882871a02be2e291cd713347d52239a84830028a5ec7093df
SHA3 785451d477d55254367dc7d46995e1e6729ca157399051ff3f18d38f10025d74
VirtualSize 0x39fc
VirtualAddress 0x39000
SizeOfRawData 0x2000
PointerToRawData 0x33000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.64398

Imports

WINMM.dll timeGetTime
MSACM32.dll acmFormatChooseA
acmMetrics
OLEPRO32.DLL #250
#251
KERNEL32.dll GetDiskFreeSpaceExA
GlobalFree
IsBadReadPtr
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
OutputDebugStringA
Sleep
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
CloseHandle
CreateFileA
lstrcmpiA
lstrcatA
lstrcpyA
OpenFile
LoadLibraryA
MulDiv
GetDiskFreeSpaceA
FreeLibrary
GetFullPathNameA
CopyFileA
WriteFile
GetTempPathA
GetFileSize
WriteProfileStringA
GetCurrentProcessId
GetSystemInfo
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
GetModuleFileNameA
GetLastError
RaiseException
LeaveCriticalSection
EnterCriticalSection
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
IsBadWritePtr
GetProfileStringA
GetCurrentThreadId
GetTickCount
HeapSize
GetCurrentProcess
TerminateProcess
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
LCMapStringW
LCMapStringA
GetCPInfo
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapReAlloc
VirtualQuery
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
RtlUnwind
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetOEMCP
SetFilePointer
SetStdHandle
ReadFile
GetProfileIntA
GetModuleHandleA
GetProcAddress
lstrcpynA
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
InterlockedExchange
GetLocaleInfoW
SetUnhandledExceptionFilter
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
FlushFileBuffers
USER32.dll SetFocus
MessageBeep
GetDlgItemTextA
IsCharAlphaA
IsCharAlphaNumericA
GetDlgItemInt
EndDialog
MessageBoxA
DialogBoxParamA
PostMessageA
GetMenuItemCount
RemoveMenu
EnableWindow
SetDlgItemTextA
GetDlgItem
AppendMenuA
CreatePopupMenu
InvalidateRect
SetWindowPos
EnableMenuItem
CheckMenuItem
GetMenu
GetSubMenu
DestroyWindow
GetAsyncKeyState
BeginPaint
SetDlgItemInt
CharNextA
GetSysColor
GetWindowTextA
KillTimer
CreateDialogParamA
GetWindowLongA
SetWindowLongA
GetSystemMetrics
GetWindowRect
GetClientRect
UpdateWindow
MoveWindow
wsprintfA
DefWindowProcA
PeekMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
WaitMessage
LoadAcceleratorsA
LoadCursorA
LoadIconA
RegisterClassA
GetDC
ReleaseDC
CreateWindowExA
ShowWindow
SetWindowTextA
IsDlgButtonChecked
CheckDlgButton
RedrawWindow
EndPaint
PostQuitMessage
SetTimer
GDI32.dll CreateSolidBrush
PatBlt
CreateFontA
SetTextColor
SetBkColor
CreateCompatibleDC
CreateDIBSection
SetStretchBltMode
StretchBlt
DeleteObject
DeleteDC
GetStockObject
ExtTextOutA
GetTextMetricsA
SelectObject
comdlg32.dll GetSaveFileNameA
ADVAPI32.dll RegSetValueExA
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegDeleteKeyA
RegQueryInfoKeyA
ole32.dll CreateStreamOnHGlobal
CreateBindCtx
CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
MkParseDisplayName
OLEAUT32.dll VariantInit
VarUI4FromStr
SysFreeString
VariantClear

Delayed Imports

1

Type RT_ICON
Language Chinese - PRC
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.20738
MD5 6d765954e9cf4086e5019830cd4d4910
SHA1 6ef31cdd9967383d3782dea1a3260cdcdcc5b686
SHA256 2edc704ae15977487dbd967bba2a7388892607e5a21a8cc39ede6d4effdf78a7
SHA3 f5cf9d35f69707b5e73e2d3d7da5cacf62dd35505809fff8e75ed84bd06a022a

2

Type RT_ICON
Language Chinese - PRC
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.69065
MD5 d2ee09c5e1b3c3df358b93e63a69dad0
SHA1 fefec016e99670f5279b57c981756f0c3861b708
SHA256 88f595db1672c63c6ad94f428bf4f4a6781e5b92d92df4e741504287cc11a54b
SHA3 ec8c8753217cbc8c57403657968a0a11219acf865a94d4c24d2a5d3542dfef58

102

Type RT_MENU
Language Chinese - PRC
Codepage UNKNOWN
Size 0x2e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.60221
MD5 652c487575290e2cc9c1b20e23d4b9ac
SHA1 0b91b5e3644711ebeb984a5bf8f9ca273656cb12
SHA256 024a755acfbdfe7f5955995277b079b10f0f2e2dd12d1e84ccb8995dec97ed8a
SHA3 cc8f74aa24e854da0b32abd1811a49766ecb03532372b470def1d036c19ada92

1000

Type RT_MENU
Language Chinese - PRC
Codepage UNKNOWN
Size 0x262
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.04617
MD5 11dbced659162c0573eb94ea919587af
SHA1 9c5b99ba5d1c4272cea297b43639c84617cc05cd
SHA256 b2070a2ab54d793e191622b10549a7d1f96932ce4e154b5b19e1f5616d25305b
SHA3 744c2e500d9bde6e65c8a3924d1f54ab89689b4ebbe7bfabed19b8d1f5d77008

101

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x64
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.20441
MD5 96e6ca39ffb52d3c294d50e02d69db2b
SHA1 43a2bbb5682fb18f6c0f9d931d8178177f040568
SHA256 e1692e114bca9725d3bf661f6df19a4f0091dff0ac044c38f21cda4b1f63b7a5
SHA3 06017cbae1f11f858964b468327441adf64a125d4d031c7c9d919c457e692d81

600

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x1ce
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.39019
MD5 bf1e81392c240a67bb925a34f65af6a8
SHA1 304189240d273ceed2d9c4eb1d610666a64fa0a3
SHA256 6d24b0cbe5d1e8d0670bdcafaa6b1b1c800d62ee15bbffc48f180ae28bdf7db9
SHA3 a5b07dd1d137880ea69527a77b2707379ac14db4734e3c165c82372ff32b7a7d

601

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x2d2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.35598
MD5 257c90a2fcb7a90cad65eb954bd2408d
SHA1 4c7b0fae4d7e9f43dfcae96d7a6355bc01826374
SHA256 e7c954f1b0d97dcccd5deab660a4be52c11453964ed4595d4670919ebc367467
SHA3 621c90f6d043d6dbc86692dcc1a71f0b9278bf25ab97f86414899f94dd495e16

602

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x166
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.17606
MD5 6bb18953ce8f0a07148d69dac3a0dc05
SHA1 3ec27f9e787db08c568580bdb574750776470988
SHA256 5fe3ddba180c217913c662d5894251322d583026ab13487541fbb65cc0c62a48
SHA3 b599b9a3f24a2cea74979da369d7967b53705ef3a30d378697c880f2bf6ad9f9

603

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x132
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.22029
MD5 7dae1b0653703d1a9fe14e899ff41f1c
SHA1 70bd8261c15818d2179a29b9ab6517ac2a175775
SHA256 6cbce517e8048ed99379d0146a4344d8691d410ca38789d72c72b5bdd8fcb330
SHA3 b586a3c89c04a19609baa233fea48e7e77dc0977af6dd54e80d76e8b7130f349

604

Type RT_DIALOG
Language Chinese - PRC
Codepage UNKNOWN
Size 0x162
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.17915
MD5 ad0f5c5cf6f8e4a66d6bcdaaa8ff50fb
SHA1 b4856d7d55e84a3ba69413da99a784d4ada1789a
SHA256 066accb59b7f76d2ae4882cd5ee5f548155bbe851cfc728266e88451e729c06c
SHA3 21fd06f652b8e36f3f440a8936e3f97ced8f79e99b54f21fa74230fb718e67d9

AMCAPICON

Type RT_GROUP_ICON
Language Chinese - PRC
Codepage UNKNOWN
Size 0x22
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.37086
Detected Filetype Icon file
MD5 d59e0d372ea5fd8c1f4de744376a6af4
SHA1 6883ce60e71a83424db0b41d0ab6bf61080e3de2
SHA256 b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b
SHA3 5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1

1 (#2)

Type RT_VERSION
Language Chinese - PRC
Codepage UNKNOWN
Size 0x284
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.5178
MD5 1452a8c551b503533bdae99b9a53a199
SHA1 1f1e3c9107607f66f03b11c8fdacd752be220741
SHA256 68f1772c74d9c90f97969ed1dbdd11280aa655fa9ac7bcb5fcd4ddb095afc883
SHA3 b28004bd561d55c1889c2e6bcd991ce00702ac1521ec0ce2c00511d80d8b0d54

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 8.6.25.1
ProductVersion 8.6.25.1
FileFlags VS_FF_PRERELEASE
VS_FF_PRIVATEBUILD
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
Comments SOFT SNAP (King Yang)
FileDescription Capture Application (Sample)
FileVersion (#2) 8, 6, 25, 1
LegalCopyright Copyright (C) 1999-2008
OLESelfRegister AM30
ProductVersion (#2) 8, 6, 25, 1
Resource LangID Chinese - PRC

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xd8b91b8d
Unmarked objects 0
105 (2067) 2
ASM objects (VS2003 (.NET) build 3077) 27
C objects (VS2003 (.NET) build 3077) 133
C objects (2179) 4
Imports (9210) 2
Imports (2067) 2
Imports (2179) 21
Total imports 251
C objects (9178) 1
C++ objects (VS98 build 8168) 4
C++ objects (VS2003 (.NET) build 3077) 32
94 (VS2003 (.NET) build 3052) 1
Linker (VS2003 (.NET) build 3077) 1

Errors

<-- -->