Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2016-Dec-11 21:50:45 |
Detected languages |
English - United States
|
Info | Interesting strings found in the binary: |
Contains domain names:
|
Suspicious | The PE is an NSIS installer | Unusual section name found: .ndata |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
1125794 bytes of data starting at offset 0x2a600.
The overlay data has an entropy of 7.87046 and is possibly compressed or encrypted. Overlay data amounts for 86.6421% of the executable. |
Malicious | VirusTotal score: 43/66 (Scanned on 2021-11-25 16:10:26) |
Bkav:
W32.AIDetect.malware2
Lionic: Riskware.Win32.Malicious.1!c Elastic: malicious (high confidence) CAT-QuickHeal: Trojan.IGENERIC ALYac: Misc.Riskware.MoneroMiner Cylance: Unsafe VIPRE: Trojan.Win32.Generic!BT Sangfor: Suspicious.Win32.Save.a CrowdStrike: win/malicious_confidence_90% (D) K7GW: Unwanted-Program ( 0052f55b1 ) K7AntiVirus: Unwanted-Program ( 0052f55b1 ) Symantec: Trojan Horse ESET-NOD32: Win32/Keygen.ACE potentially unsafe APEX: Malicious Avast: FileRepMetagen [PUP] ClamAV: Win.Malware.Score-6997747-0 SUPERAntiSpyware: Hack.Tool/Gen-KeyGen Tencent: Win32.Trojan.Crypt.Akyo Sophos: Keygen (PUA) Comodo: Malware@#1kk76kg1bnb6e DrWeb: Trojan.Siggen8.9905 Zillya: Trojan.GenericKD.Win32.243546 TrendMicro: PUA.Win32.KeyGen.CRRM McAfee-GW-Edition: BehavesLike.Win32.Generic.tc FireEye: Generic.mg.ec367a19c43ab8a1 SentinelOne: Static AI - Malicious PE GData: Win32.Trojan.Agent.QG7HK3 Webroot: W32.Hack.Tool MAX: malware (ai score=99) Gridinsoft: Trojan.Win32.Agent.dg Microsoft: Trojan:Win32/Occamy.B Cynet: Malicious (score: 100) AhnLab-V3: Unwanted/Win32.KeyGen.C2198504 McAfee: Artemis!EC367A19C43A VBA32: Trojan.Occamy Malwarebytes: Malware.AI.599658422 TrendMicro-HouseCall: PUA.Win32.KeyGen.CRRM Rising: Trojan.Generic@ML.99 (RDML:IDcgyNP+R5LVq2UKQ3JI3A) Yandex: Trojan.Igent.bUe6Wm.11 eGambit: Generic.Malware Fortinet: W32/Generic_PUA_MB.ACE!tr AVG: FileRepMetagen [PUP] Paloalto: generic.ml |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2016-Dec-11 21:50:45 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x6000 |
SizeOfInitializedData | 0x1d000 |
SizeOfUninitializedData | 0x400 |
AddressOfEntryPoint | 0x000032BF (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x7000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 6.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x4f000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
CopyFileA
Sleep GetTickCount CreateFileA GetFileSize GetModuleFileNameA ReadFile GetFileAttributesA SetFileAttributesA ExitProcess SetEnvironmentVariableA GetWindowsDirectoryA GetTempPathA GetCommandLineA lstrlenA GetVersion GetCurrentProcess GetFullPathNameA GetDiskFreeSpaceA GlobalUnlock GlobalLock CreateThread GetLastError CreateDirectoryA CreateProcessA RemoveDirectoryA GetTempFileNameA WriteFile lstrcpyA MoveFileExA lstrcatA GetSystemDirectoryA GetProcAddress CloseHandle SetCurrentDirectoryA MoveFileA CompareFileTime GetShortPathNameA SearchPathA lstrcmpiA SetFileTime lstrcmpA ExpandEnvironmentStringsA lstrcpynA SetErrorMode GlobalFree FindFirstFileA FindNextFileA DeleteFileA SetFilePointer GetPrivateProfileStringA FindClose MultiByteToWideChar FreeLibrary MulDiv WritePrivateProfileStringA LoadLibraryExA GetModuleHandleA GetExitCodeProcess WaitForSingleObject GlobalAlloc |
---|---|
USER32.dll |
ScreenToClient
GetSystemMenu SetClassLongA IsWindowEnabled SetWindowPos GetSysColor GetWindowLongA SetCursor LoadCursorA CheckDlgButton GetMessagePos LoadBitmapA CallWindowProcA IsWindowVisible CloseClipboard SetClipboardData EmptyClipboard PostQuitMessage GetWindowRect EnableMenuItem CreatePopupMenu GetSystemMetrics SetDlgItemTextA GetDlgItemTextA MessageBoxIndirectA CharPrevA DispatchMessageA PeekMessageA ReleaseDC EnableWindow InvalidateRect SendMessageA DefWindowProcA BeginPaint GetClientRect FillRect DrawTextA EndDialog RegisterClassA SystemParametersInfoA CreateWindowExA GetClassInfoA DialogBoxParamA CharNextA ExitWindowsEx GetDC CreateDialogParamA SetTimer GetDlgItem SetWindowLongA SetForegroundWindow LoadImageA IsWindow SendMessageTimeoutA FindWindowExA OpenClipboard TrackPopupMenu AppendMenuA EndPaint DestroyWindow wsprintfA ShowWindow SetWindowTextA |
GDI32.dll |
SelectObject
SetBkMode CreateFontIndirectA SetTextColor DeleteObject GetDeviceCaps CreateBrushIndirect SetBkColor |
SHELL32.dll |
SHGetSpecialFolderLocation
SHGetPathFromIDListA SHBrowseForFolderA SHGetFileInfoA ShellExecuteA SHFileOperationA |
ADVAPI32.dll |
RegDeleteKeyA
SetFileSecurityA OpenProcessToken LookupPrivilegeValueA AdjustTokenPrivileges RegOpenKeyExA RegEnumValueA RegDeleteValueA RegCloseKey RegCreateKeyExA RegSetValueExA RegQueryValueExA RegEnumKeyA |
COMCTL32.dll |
ImageList_Create
ImageList_AddMasked ImageList_Destroy #17 |
ole32.dll |
OleUninitialize
OleInitialize CoTaskMemFree CoCreateInstance |
XOR Key | 0xd246d0e9 |
---|---|
Unmarked objects | 0 |
C objects (VS2003 (.NET) build 4035) | 2 |
Total imports | 159 |
Imports (VS2003 (.NET) build 4035) | 15 |
48 (9044) | 10 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |