Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2014-Oct-29 06:41:17 |
Detected languages |
English - United States
German - Germany |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 30/47 (Scanned on 2024-04-03 23:10:56) |
ALYac:
Gen:Variant.Doina.7977
APEX: Malicious AhnLab-V3: Trojan/Win.Generic.R435870 Alibaba: TrojanBanker:Win32/Banbra.f22859aa Antiy-AVL: Trojan/Win32.Badur Arcabit: Trojan.Doina.D1F29 Bkav: W32.AIDetectMalware CrowdStrike: win/malicious_confidence_100% (W) Cybereason: malicious.7573cf Cylance: unsafe Cynet: Malicious (score: 100) Elastic: malicious (high confidence) Fortinet: W32/Generic.AC.201A3E!tr Ikarus: Trojan.Win32.Agent K7AntiVirus: Trojan ( 0055e3dd1 ) Lionic: Trojan.Win32.Badur.4!c Malwarebytes: Malware.Heuristic.2009 McAfee: GenericRXAA-AA!F0E4CF37573C MicroWorld-eScan: Gen:Variant.Doina.7977 Panda: Trj/CI.A Sangfor: Trojan.Win32.Save.a Symantec: ML.Attribute.HighConfidence Tencent: Malware.Win32.Gencirc.114fb0cd Trapmine: malicious.high.ml.score TrendMicro: TROJ_INJECTR.DCB TrendMicro-HouseCall: TROJ_INJECTR.DCB VIPRE: Gen:Variant.Doina.7977 VirIT: Trojan.Win32.DownLoader11.CIER Zillya: Trojan.Badur.Win32.7612 tehtris: Generic.Malware |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2014-Oct-29 06:41:17 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x15600 |
SizeOfInitializedData | 0xbc00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000B7B7 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x17000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x26000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.DLL |
WaitForSingleObject
ExpandEnvironmentStringsA OpenProcess TerminateProcess Process32Next GetModuleFileNameA CreateToolhelp32Snapshot CloseHandle DeleteFileA CreateFileA lstrcmpA SetFilePointer FreeLibrary WriteFile Sleep GetFileAttributesA lstrcatA GetEnvironmentVariableA SetCurrentDirectoryA FindFirstFileA GetProcAddress FindClose LoadLibraryA FindNextFileA Process32First lstrcpyA GetCurrentProcess CreateProcessA ReadFile GetStdHandle GetLongPathNameA SetStdHandle CreatePipe DuplicateHandle TerminateThread ExitThread CreateThread GetConsoleWindow CreateFileW WriteConsoleW LoadLibraryW SetEnvironmentVariableA CompareStringW LockResource SizeofResource WideCharToMultiByte LoadResource FindResourceW GetCurrentDirectoryA FindResourceExW GetConsoleMode GetConsoleCP RtlUnwind FlushFileBuffers GetStringTypeW GetCurrentProcessId RaiseException EnterCriticalSection LeaveCriticalSection GetLastError InitializeCriticalSectionAndSpinCount DeleteCriticalSection HeapDestroy HeapAlloc HeapFree HeapReAlloc HeapSize GetProcessHeap GetSystemTimeAsFileTime GetCommandLineA HeapSetInformation EncodePointer DecodePointer UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent GetCPInfo InterlockedIncrement InterlockedDecrement GetACP GetOEMCP IsValidCodePage TlsAlloc TlsGetValue TlsSetValue TlsFree GetModuleHandleW SetLastError GetCurrentThreadId LCMapStringW MultiByteToWideChar IsProcessorFeaturePresent ExitProcess GetModuleFileNameW FreeEnvironmentStringsW GetEnvironmentStringsW SetHandleCount GetFileType GetStartupInfoW HeapCreate QueryPerformanceCounter GetTickCount |
---|---|
ADVAPI32.dll |
RegSetValueExA
RegEnumKeyExA RegCloseKey RegOpenKeyExA RegQueryValueExA RegCreateKeyExA |
SHELL32.dll |
ShellExecuteExA
SHGetSpecialFolderPathA ShellExecuteA |
urlmon.dll |
URLDownloadToFileA
|
USER32.dll |
EnumChildWindows
SendMessageA SetActiveWindow GetWindowThreadProcessId ShowWindow FindWindowA |
WININET.dll |
DeleteUrlCacheEntry
|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x41d0b0 |
SEHandlerTable | 0x41aeb0 |
SEHandlerCount | 52 |
XOR Key | 0xb41b8bd6 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2010 SP1 build 40219) | 22 |
C objects (VS2010 SP1 build 40219) | 99 |
C++ objects (VS2010 SP1 build 40219) | 50 |
Imports (VS2008 SP1 build 30729) | 13 |
Total imports | 131 |
175 (VS2010 SP1 build 40219) | 12 |
Resource objects (VS2010 SP1 build 40219) | 1 |
Linker (VS2010 SP1 build 40219) | 1 |