Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2018-Aug-06 15:00:14 |
Detected languages |
English - United States
|
Debug artifacts |
C:\Release\misinterpreted.pdb
|
Comments | Identically Bkmarks Delete Networkinterface |
InternalName | Attached |
ProductName | Attached |
FileDescription | Identically Bkmarks Delete Networkinterface |
LegalCopyright | Copyright 2015 |
CompanyName | Bitdefender LLC |
ProductVersion | 1.9.7.964 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE's resources present abnormal characteristics. |
Resource 8286 is possibly compressed or encrypted.
Resource 9191 is possibly compressed or encrypted. Resource 9446 is possibly compressed or encrypted. Resource 9447 is possibly compressed or encrypted. Resource 9448 is possibly compressed or encrypted. |
Malicious | VirusTotal score: 40/67 (Scanned on 2018-10-12 03:42:22) |
MicroWorld-eScan:
Trojan.GenericKD.40387862
CAT-QuickHeal: Trojan.Agent ALYac: Trojan.GenericKD.40387862 Zillya: Trojan.GenericKD.Win32.148723 K7GW: Trojan ( 0053a32b1 ) K7AntiVirus: Trojan ( 0053a32b1 ) TrendMicro: TROJ_GEN.R004C0OHE18 Cyren: W32/Trojan.UYFX-8749 Symantec: Trojan.Gen.2 TrendMicro-HouseCall: TROJ_GEN.R004C0OHE18 Avast: Win32:Malware-gen Kaspersky: Trojan.Win32.Agent.qwhdst BitDefender: Trojan.GenericKD.40387862 NANO-Antivirus: Trojan.Win32.DarkVNC.fhqfrc Tencent: Win32.Trojan.Agent.Eawo Ad-Aware: Trojan.GenericKD.40387862 Sophos: Mal/Generic-S Comodo: UnclassifiedMalware F-Secure: Trojan.GenericKD.40387862 DrWeb: BackDoor.DarkVNC.1 Invincea: heuristic McAfee-GW-Edition: BehavesLike.Win32.Generic.bc Emsisoft: Trojan.GenericKD.40387862 (B) Paloalto: generic.ml Fortinet: W32/Agent.CHUI!tr Antiy-AVL: Trojan/Win32.Agent Endgame: malicious (high confidence) Arcabit: Trojan.Generic.D2684516 ZoneAlarm: Trojan.Win32.Agent.qwhdst AhnLab-V3: Win-Trojan/Sagecrypt.Gen McAfee: RDN/Generic.dx MAX: malware (ai score=99) Cylance: Unsafe ESET-NOD32: a variant of Win32/Kryptik.GJSX Yandex: Trojan.Agent!U8JOfcSIljM GData: Trojan.GenericKD.40387862 AVG: Win32:Malware-gen Panda: Trj/GdSda.A CrowdStrike: malicious_confidence_80% (D) Qihoo-360: Win32/Trojan.777 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2018-Aug-06 15:00:14 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x24e00 |
SizeOfInitializedData | 0x93e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00012325 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x26000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xbe000 |
SizeOfHeaders | 0x400 |
Checksum | 0xc36be |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
FindResourceA
LoadLibraryExA LoadLibraryW LoadLibraryA VirtualAlloc WaitForSingleObject CreateEventA FillConsoleOutputCharacterA GetTimeFormatA FileTimeToSystemTime FileTimeToLocalFileTime ReadFile SetEndOfFile GetConsoleOutputCP WriteConsoleA CreateFileA CloseHandle FlushFileBuffers SetStdHandle InitializeCriticalSectionAndSpinCount GetLocaleInfoA LCMapStringW LCMapStringA GetConsoleMode GetConsoleCP GetSystemTimeAsFileTime GetCurrentProcessId GetTickCount QueryPerformanceCounter GetEnvironmentStringsW FreeEnvironmentStringsW GetEnvironmentStrings FreeEnvironmentStringsA GetUserDefaultLCID SetHandleCount ExitProcess Sleep WriteFile HeapSize HeapReAlloc LoadResource HeapCreate GetStringTypeW GetStringTypeA TlsFree TlsSetValue TlsAlloc TlsGetValue IsValidCodePage GetOEMCP GetACP GetCPInfo GetStartupInfoA GetCommandLineA GetModuleFileNameW GetStdHandle GetFileType WriteConsoleW RtlUnwind VirtualQuery GetSystemInfo GetModuleHandleW VirtualProtect IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter TerminateProcess VirtualFree IsProcessorFeaturePresent SizeofResource FreeLibrary MulDiv IsDBCSLeadByte GetModuleHandleA GetProcAddress InterlockedIncrement GetLastError lstrlenW WideCharToMultiByte MultiByteToWideChar FindResourceExW GetModuleFileNameA GetLocaleInfoW DeleteCriticalSection InitializeCriticalSection SetLastError OutputDebugStringA RaiseException DebugBreak GetCurrentThreadId InterlockedDecrement LeaveCriticalSection EnterCriticalSection HeapAlloc GetProcessHeap HeapFree InterlockedCompareExchange lstrcmpiA lstrlenA CompareStringA GetCurrentProcess GetSystemDefaultLCID FlushInstructionCache GetVersionExA SetFilePointer |
---|---|
USER32.dll |
CreateWindowExA
SetWindowLongA SystemParametersInfoA GetWindowLongA GetWindowTextA UnregisterClassA GetClientRect GetParent GetDlgItem IsWindow SetWindowPos MapWindowPoints GetMonitorInfoA GetWindowTextLengthA FillRect DrawIcon EndDeferWindowPos AppendMenuA LoadIconA CreateMenu GetKeyState SetActiveWindow LoadAcceleratorsA CreateDialogParamA RedrawWindow IsWindowVisible PeekMessageA GetMessageA TranslateMessage DispatchMessageA MonitorFromWindow DialogBoxParamA GetSysColor GetFocus GetCapture ReleaseCapture EndPaint BeginPaint GetCursorPos SetCursor DrawFocusRect ShowWindow PtInRect CallWindowProcA GetDlgCtrlID SetFocus SetCapture IsWindowEnabled InvalidateRect UpdateWindow ScreenToClient SetRectEmpty DefWindowProcA PostQuitMessage LoadImageA IsDialogMessageA DestroyWindow GetClassNameA LoadCursorA OffsetRect ReleaseDC GetDC CharNextA DrawTextA SendMessageA EndDialog GetWindow GetWindowRect |
GDI32.dll |
SetBkMode
GetTextExtentPoint32A SetTextAlign SetBrushOrgEx SetTextColor CreateFontIndirectA GetStockObject DeleteDC GetObjectA SelectObject DeleteObject |
ADVAPI32.dll |
RegCreateKeyExA
RegOpenKeyExA RegQueryValueExA RegQueryValueExW RegDeleteKeyA RegDeleteValueA RegSetValueExA IsTextUnicode RegEnumKeyExA RegQueryInfoKeyA RegCloseKey |
SHELL32.dll |
ShellExecuteA
|
ole32.dll |
StgCreateDocfile
CoTaskMemAlloc CoTaskMemRealloc CoUninitialize CoTaskMemFree CoCreateInstance CoInitialize |
OLEAUT32.dll |
#185
#9 #15 #23 #24 #19 #8 #277 |
ODBC32.dll |
#75
|
COMCTL32.dll |
InitCommonControlsEx
_TrackMouseEvent |
WS2_32.dll |
#101
#9 #2 #23 |
NETAPI32.dll |
NetApiBufferFree
NetServerEnum |
MSACM32.dll |
acmDriverOpen
|
WINMM.dll |
waveOutUnprepareHeader
|
pdh.dll |
PdhBrowseCountersA
|
OPENGL32.dll |
wglShareLists
|
IMM32.dll |
ImmGetDefaultIMEWnd
|
WTSAPI32.dll |
WTSQuerySessionInformationA
|
AUTHZ.dll |
AuthzInitializeObjectAccessAuditEvent
AuthzInitializeResourceManager AuthzInitializeContextFromToken |
ID процесса |
Командная строка |
ID родительского процесса |
Путь процесса |
Ярлыки |
Название задачи |
Значение по умолчанию |
Путь Autorun.inf |
Путь реестра |
Цифровая подпись |
Действительный |
Недействительный |
Путь файла |
Размер файла |
Версия файла |
Описание файла |
ピクセル |
Élément de démarrage sensible du système |
Élément de démarrage sensible du système observé par le centre 360 Security, dont dépend le fonctionnement des principaux composants du système. |
Variables d'environnement système |
Le système pourrait gérer l'invocation croisée entre tous les processus situés sous cet élément, ce qui est important pour son fonctionnement normal. |
Tâches planifiées |
Définir l'heure d'exécution d'un programme, comme s'il s'agissait d'un programme planifié. |
Pilotes |
Le logiciel renforce leur capacité à contrôler le système au moyen de pilotes, notamment les logiciels antivirus et un pilote matériel. |
Services |
Le logiciel renforce sa capacité de contrôle du système par le biais des services, notamment les logiciels antivirus. |
Options d'exécution de fichier image |
Les options d'exécution de fichier image seront réattribuées à un autre programme lors du démarrage du programme, mais ce dernier n'est pas parvenu à démarrer. |
Élément préchargé de processus |
L'exécution de tout programme charge automatiquement les modules spécifiés, et l'exécution des modules est automatiquement chargée. |
Bibliothèque chargée par défaut |
Tous les modules de programme situés sous ce dossier, considéré comme le point sensible du système, seront chargés en priorité au démarrage du système. |
系統組態策略 |
系統工具或介面的設定,如鎖定登錄編輯程式、禁用快速鍵等。 |
舊版作業系統啟動項 |
作業系統為相容Windows 3.x版軟體自動啟動所設定的項目。 |
群組原則啟動項 |
系統啟動時會自動運行,這些程式通常是通過系統群組原則工具來設定。 |
系統登錄介面 |
為使用者登錄系統提供入口,通常支援用戶名/密碼來登錄系統。 |
系統登錄管理 |
管理系統登錄後將自動運行,通常這些程式是由系統指定的。 |
登錄對話方塊設定 |
系統預設的登錄對話方塊。 |
預設工作管理員 |
負責設定系統預設工作管理員程式,用於展示系統資源使用、行程清單等方面的資訊。 |
預設螢幕保護裝置程式 |
系統預設螢幕保護裝置程式。 |
Mantiene actualizado tu software de %1!s!. Si este servicio se desactiva o se detiene, tu software de %1!s! no se mantendrá actualizado, lo que implica que las vulnerabilidades de seguridad que puedan aparecer no podrán arreglarse y es posible que algunas funciones no anden. Este servicio se desinstala automáticamente si ningún software de %1!s! la utiliza. |
Mantiene actualizado tu software de %1!s!. Si esta tarea se desactiva o se detiene, tu software de %1!s! no se mantendrá actualizado, lo que implica que las vulnerabilidades de seguridad que puedan aparecer no podrán arreglarse y es posible que algunas funciones no anden. Esta tarea se desinstala automáticamente si ningún software de %1!s! la utiliza. |
No se puede conectar a Internet. Si utilizas un firewall, incluye a %1!s! en la lista blanca. |
No se puede conectar a Internet. HTTP 401 no autorizado. Comprueba la configuración del proxy. |
No se puede conectar a Internet. HTTP 403 no permitido. Comprueba la configuración del proxy. |
No se puede conectar a Internet. El servidor proxy requiere autenticación. |
No se pudo realizar la instalación debido a un error del servidor. Vuelve a intentarlo más adelante. |
La instalación falló porque el acceso está restringido en este país. |
El servidor devolvió el siguiente error: %1!s!. Vuelve a intentarlo más tarde. |
Falló la instalación porque tu versión de Windows no es compatible. |
Se produjo un error en la instalación porque tu computadora no cumple los requisitos de hardware mínimos de %1!s!. |
Falló la verificación del archivo descargado. |
Falló la descarga. |
El programa de instalación no se almacenó en la memoria caché. Error: 0x%1!08x!. |
El archivo de instalación no ha podido realizar la verificación. Prueba a descargar de nuevo el archivo de instalación. |
El nombre de archivo del instalador %1!s! es no válido o no está admitido. |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.9.7.964 |
ProductVersion | 1.9.7.964 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
Comments | Identically Bkmarks Delete Networkinterface |
InternalName | Attached |
ProductName | Attached |
FileDescription | Identically Bkmarks Delete Networkinterface |
LegalCopyright | Copyright 2015 |
CompanyName | Bitdefender LLC |
ProductVersion (#2) | 1.9.7.964 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Aug-06 15:00:14 |
Version | 0.0 |
SizeofData | 62 |
AddressOfRawData | 0x2ca90 |
PointerToRawData | 0x2bc90 |
Referenced File | C:\Release\misinterpreted.pdb |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x431af0 |
SEHandlerTable | 0x42d3f0 |
SEHandlerCount | 18 |
XOR Key | 0x700de2b4 |
---|---|
Unmarked objects | 0 |
C++ objects (VS2008 build 21022) | 4 |
ASM objects (VS2008 SP1 build 30729) | 43 |
C objects (VS2008 SP1 build 30729) | 157 |
C objects (VS2012 build 50727 / VS2005 build 50727) | 1 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 37 |
Total imports | 245 |
C++ objects (VS2008 SP1 build 30729) | 65 |
Linker (VS2008 build 21022) | 1 |
Resource objects (VS2008 SP1 build 30729) | 1 |