Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2008-Jun-25 03:22:39 |
Detected languages |
Chinese - PRC
English - United States |
Comments | SOFT SNAP (King Yang) |
FileDescription | Capture Application (Sample) |
FileVersion | 8, 6, 25, 1 |
LegalCopyright | Copyright (C) 1999-2008 |
OLESelfRegister | AM30 |
ProductVersion | 8, 6, 25, 1 |
Info | Matching compiler(s): |
Microsoft Visual C++ 7.1
Microsoft Visual C++ 6.0 - 8.0 Microsoft Visual C++ |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains obfuscated function names:
|
Suspicious | The PE is possibly packed. | Section .rsrc is both writable and executable. |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. | 78279 bytes of data starting at offset 0x35000. |
Malicious | VirusTotal score: 48/62 (Scanned on 2022-01-06 06:25:23) |
Elastic:
malicious (high confidence)
MicroWorld-eScan: Win32.Floxif.A FireEye: Generic.mg.e79371d3e18a044e CAT-QuickHeal: W32.Pioneer.CZ1 ALYac: Win32.Floxif.A Cylance: Unsafe Sangfor: Suspicious.Win32.Save.a K7AntiVirus: Virus ( 00521e9a1 ) K7GW: Virus ( 00521e9a1 ) CrowdStrike: win/malicious_confidence_100% (W) Baidu: Win32.Virus.Floxif.a VirIT: Win32.FloodFix.A Cyren: W32/Floxif.B Symantec: W32.Fixflo.B!inf ESET-NOD32: Win32/Floxif.H APEX: Malicious ClamAV: Win.Virus.Pioneer-9111434-0 Kaspersky: Virus.Win32.Pioneer.cz BitDefender: Win32.Floxif.A NANO-Antivirus: Virus.Win32.Pioneer.bvrqhu Tencent: Virus.Win32.Pionner.tt Ad-Aware: Win32.Floxif.A Sophos: Mal/Generic-R + W32/Floxif-C Comodo: Virus.Win32.Floxif.A@7h5wha DrWeb: Win32.FloodFix.7 BitDefenderTheta: AI:FileInfector.207622A70E TrendMicro: PE_FLOXIF.D McAfee-GW-Edition: BehavesLike.Win32.Sality.dh Emsisoft: Win32.Floxif.A (B) SentinelOne: Static AI - Malicious PE Jiangmin: Win32/Pioneer.l MaxSecure: Virus.W32.Pioneer.CZ Avira: W32/Floxif.hdc Antiy-AVL: Trojan/Generic.ASVirus.178 Arcabit: Win32.Floxif.A GData: Win32.Floxif.A Cynet: Malicious (score: 99) AhnLab-V3: Win32/Fixflo.GEN McAfee: Dropper-FIY!E79371D3E18A MAX: malware (ai score=83) Malwarebytes: Malware.AI.2193170993 TrendMicro-HouseCall: PE_FLOXIF.D Rising: Malware.Heuristic!ET#77% (RDMK:cmRtazr+jT8m5EHos0wYcRWfLFxg) Ikarus: Virus.Win32.Floxif.A eGambit: Trojan.Generic Fortinet: W32/Floxif.E Cybereason: malicious.3e18a0 Panda: W32/Floxif.A |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x118 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2008-Jun-25 03:22:39 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 7.0 |
SizeOfCode | 0x29000 |
SizeOfInitializedData | 0x11000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0001E066 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x2a000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x3d000 |
SizeOfHeaders | 0x1000 |
Checksum | 0x3d160 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x200000 |
SizeofStackCommit | 0x200000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
WINMM.dll |
timeGetTime
|
---|---|
MSACM32.dll |
acmFormatChooseA
acmMetrics |
OLEPRO32.DLL |
#250
#251 |
KERNEL32.dll |
GetDiskFreeSpaceExA
GlobalFree IsBadReadPtr MultiByteToWideChar lstrlenA WideCharToMultiByte OutputDebugStringA Sleep GlobalUnlock GlobalHandle GlobalLock GlobalAlloc CloseHandle CreateFileA lstrcmpiA lstrcatA lstrcpyA OpenFile LoadLibraryA MulDiv GetDiskFreeSpaceA FreeLibrary GetFullPathNameA CopyFileA WriteFile GetTempPathA GetFileSize WriteProfileStringA GetCurrentProcessId GetSystemInfo InitializeCriticalSection InterlockedIncrement InterlockedDecrement DeleteCriticalSection GetModuleFileNameA GetLastError RaiseException LeaveCriticalSection EnterCriticalSection SizeofResource LoadResource FindResourceA LoadLibraryExA IsDBCSLeadByte IsBadWritePtr GetProfileStringA GetCurrentThreadId GetTickCount HeapSize GetCurrentProcess TerminateProcess VirtualFree HeapCreate HeapDestroy TlsGetValue TlsSetValue TlsFree SetLastError TlsAlloc LCMapStringW LCMapStringA GetCPInfo ExitProcess GetCommandLineA GetStartupInfoA HeapReAlloc VirtualQuery VirtualAlloc VirtualProtect HeapFree HeapAlloc RtlUnwind IsBadCodePtr GetUserDefaultLCID EnumSystemLocalesA IsValidLocale IsValidCodePage GetStringTypeA GetStringTypeW GetOEMCP SetFilePointer SetStdHandle ReadFile GetProfileIntA GetModuleHandleA GetProcAddress lstrcpynA GetThreadLocale GetLocaleInfoA GetACP GetVersionExA InterlockedExchange GetLocaleInfoW SetUnhandledExceptionFilter GetStdHandle UnhandledExceptionFilter FreeEnvironmentStringsA GetEnvironmentStrings FreeEnvironmentStringsW GetEnvironmentStringsW SetHandleCount GetFileType QueryPerformanceCounter GetSystemTimeAsFileTime FlushFileBuffers |
USER32.dll |
SetFocus
MessageBeep GetDlgItemTextA IsCharAlphaA IsCharAlphaNumericA GetDlgItemInt EndDialog MessageBoxA DialogBoxParamA PostMessageA GetMenuItemCount RemoveMenu EnableWindow SetDlgItemTextA GetDlgItem AppendMenuA CreatePopupMenu InvalidateRect SetWindowPos EnableMenuItem CheckMenuItem GetMenu GetSubMenu DestroyWindow GetAsyncKeyState BeginPaint SetDlgItemInt CharNextA GetSysColor GetWindowTextA KillTimer CreateDialogParamA GetWindowLongA SetWindowLongA GetSystemMetrics GetWindowRect GetClientRect UpdateWindow MoveWindow wsprintfA DefWindowProcA PeekMessageA TranslateAcceleratorA TranslateMessage DispatchMessageA WaitMessage LoadAcceleratorsA LoadCursorA LoadIconA RegisterClassA GetDC ReleaseDC CreateWindowExA ShowWindow SetWindowTextA IsDlgButtonChecked CheckDlgButton RedrawWindow EndPaint PostQuitMessage SetTimer |
GDI32.dll |
CreateSolidBrush
PatBlt CreateFontA SetTextColor SetBkColor CreateCompatibleDC CreateDIBSection SetStretchBltMode StretchBlt DeleteObject DeleteDC GetStockObject ExtTextOutA GetTextMetricsA SelectObject |
comdlg32.dll |
GetSaveFileNameA
|
ADVAPI32.dll |
RegSetValueExA
RegEnumKeyExA RegCreateKeyExA RegOpenKeyExA RegDeleteValueA RegCloseKey RegDeleteKeyA RegQueryInfoKeyA |
ole32.dll |
CreateStreamOnHGlobal
CreateBindCtx CoTaskMemFree CoUninitialize CoInitializeEx CoCreateInstance CoTaskMemRealloc CoTaskMemAlloc MkParseDisplayName |
OLEAUT32.dll |
VariantInit
VarUI4FromStr SysFreeString VariantClear |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 8.6.25.1 |
ProductVersion | 8.6.25.1 |
FileFlags |
VS_FF_PRERELEASE
VS_FF_PRIVATEBUILD
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
Comments | SOFT SNAP (King Yang) |
FileDescription | Capture Application (Sample) |
FileVersion (#2) | 8, 6, 25, 1 |
LegalCopyright | Copyright (C) 1999-2008 |
OLESelfRegister | AM30 |
ProductVersion (#2) | 8, 6, 25, 1 |
Resource LangID | Chinese - PRC |
---|
XOR Key | 0xd8b91b8d |
---|---|
Unmarked objects | 0 |
105 (2067) | 2 |
ASM objects (VS2003 (.NET) build 3077) | 27 |
C objects (VS2003 (.NET) build 3077) | 133 |
C objects (2179) | 4 |
Imports (9210) | 2 |
Imports (2067) | 2 |
Imports (2179) | 21 |
Total imports | 251 |
C objects (9178) | 1 |
C++ objects (VS98 build 8168) | 4 |
C++ objects (VS2003 (.NET) build 3077) | 32 |
94 (VS2003 (.NET) build 3052) | 1 |
Linker (VS2003 (.NET) build 3077) | 1 |