Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2017-Apr-13 00:07:12 |
Detected languages |
English - United States
|
FileDescription | June Document |
FileVersion | 1, 0, 0, 1 |
InternalName | June document |
LegalCopyright | Copyright (C) 2017 June |
OriginalFilename | June |
ProductName | June service |
ProductVersion | 1, 0, 0, 1 |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 51/69 (Scanned on 2019-07-09 14:40:42) |
MicroWorld-eScan:
Trojan.GenericKD.32079129
FireEye: Generic.mg.f51873066eeb8bb1 CAT-QuickHeal: Trojan.Multi McAfee: RDN/Generic.dx Cylance: Unsafe K7AntiVirus: Riskware ( 0040eff71 ) Alibaba: Exploit:Win32/Nekto.d9dbe17d K7GW: Riskware ( 0040eff71 ) Cybereason: malicious.13a66f TrendMicro: TROJ_GEN.R020C0RFO19 F-Prot: W32/Trojan2.PZPD Symantec: Downloader APEX: Malicious Paloalto: generic.ml Kaspersky: Exploit.Win32.Nekto.nv BitDefender: Trojan.GenericKD.32079129 NANO-Antivirus: Exploit.Win32.Nekto.frwpey AegisLab: Trojan.Multi.Generic.4!c Avast: Other:Malware-gen [Trj] Tencent: Win32.Exploit.Nekto.Eamq Emsisoft: Trojan.GenericKD.32079129 (B) Comodo: Malware@#2d02uvlspnmgn DrWeb: Trojan.Encoder.28587 Invincea: heuristic McAfee-GW-Edition: RDN/Generic.dx Fortinet: W32/Nekto.B!tr.ransom Trapmine: malicious.high.ml.score Sophos: Troj/Sodino-Q SentinelOne: DFI - Malicious PE Cyren: W32/Trojan.YAGT-5607 Jiangmin: Exploit.Nekto.p Avira: TR/AD.SodinoRansom.kgobo Antiy-AVL: Trojan[Ransom]/Win32.Sodinokibi ViRobot: Trojan.Win32.Ransom.540672.A ZoneAlarm: Exploit.Win32.Nekto.nv AhnLab-V3: Trojan/Win32.BlueCrab.C3298539 Acronis: suspicious VBA32: Trojan.Wacatac ALYac: Trojan.Ransom.Sodinokibi TACHYON: Ransom/W32.Sodinokibi.540672 Ad-Aware: Trojan.GenericKD.32079129 Malwarebytes: Trojan.Crypt ESET-NOD32: Win32/Filecoder.Sodinokibi.B TrendMicro-HouseCall: TROJ_GEN.R020C0RFO19 Rising: Exploit.Nekto!8.EC83 (CLOUD) Yandex: Exploit.Nekto! Ikarus: Trojan-Ransom.Win32.Sokinokibi GData: Trojan.GenericKD.32079129 AVG: Other:Malware-gen [Trj] CrowdStrike: win/malicious_confidence_100% (W) Qihoo-360: HEUR/QVM07.1.1201.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2017-Apr-13 00:07:12 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x1c000 |
SizeOfInitializedData | 0x2d000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000B408 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1d000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x87000 |
SizeOfHeaders | 0x1000 |
Checksum | 0x54a3b |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetStartupInfoA
GetCommandLineA ExitProcess TerminateProcess HeapFree HeapAlloc RaiseException HeapReAlloc HeapSize GetACP UnhandledExceptionFilter FreeEnvironmentStringsA FreeEnvironmentStringsW GetEnvironmentStrings GetEnvironmentStringsW SetHandleCount GetStdHandle GetFileType HeapDestroy HeapCreate RtlUnwind VirtualAlloc IsBadWritePtr SetUnhandledExceptionFilter LCMapStringA LCMapStringW GetStringTypeA GetStringTypeW IsBadReadPtr IsBadCodePtr GetProfileStringA WriteFile GetCurrentProcess SetErrorMode GetOEMCP GetCPInfo SizeofResource GetProcessVersion GetLastError WritePrivateProfileStringA GlobalFlags TlsGetValue LocalReAlloc TlsSetValue EnterCriticalSection GlobalReAlloc LeaveCriticalSection TlsFree GlobalHandle DeleteCriticalSection TlsAlloc InitializeCriticalSection LocalFree LocalAlloc lstrcpynA MulDiv SetLastError MultiByteToWideChar WideCharToMultiByte lstrlenA InterlockedDecrement InterlockedIncrement LoadLibraryA FreeLibrary VirtualProtect GetVersion lstrcatA GlobalGetAtomNameA GlobalAddAtomA GlobalFindAtomA lstrcpyA GetProcAddress GlobalUnlock GlobalFree LockResource FindResourceA LoadResource CloseHandle GetModuleFileNameA GlobalLock GlobalAlloc GlobalDeleteAtom lstrcmpA lstrcmpiA GetCurrentThread GetCurrentThreadId GetModuleHandleA VirtualFree |
---|---|
USER32.dll |
CopyRect
ScreenToClient AdjustWindowRectEx SetFocus MapWindowPoints SendDlgItemMessageA UpdateWindow SetWindowTextA LoadStringA ClientToScreen GetDC ReleaseDC GetWindowDC BeginPaint EndPaint TabbedTextOutA DrawTextA GrayStringA DestroyMenu GetClassNameA GetSysColorBrush GetTopWindow GetCapture WinHelpA wsprintfA GetClassInfoA GetMenu GetMenuItemCount GetSubMenu GetMenuItemID GetWindowTextLengthA GetWindowTextA GetClassLongA SetPropA UnhookWindowsHookEx GetPropA CallWindowProcA RemovePropA GetMessageTime GetMessagePos GetForegroundWindow SetForegroundWindow GetWindow SetWindowPos RegisterWindowMessageA OffsetRect IntersectRect SystemParametersInfoA GetWindowPlacement EndDialog SetActiveWindow IsWindow CreateDialogIndirectParamA DestroyWindow GetDlgItem GetMenuCheckMarkDimensions LoadBitmapA GetMenuState ModifyMenuA SetMenuItemBitmaps CheckMenuItem EnableMenuItem GetNextDlgTabItem GetActiveWindow GetKeyState CallNextHookEx ValidateRect IsWindowVisible PeekMessageA GetCursorPos SetWindowsHookExA GetParent GetLastActivePopup IsWindowEnabled GetWindowLongA MessageBoxA SetCursor PostMessageA KillTimer SetTimer InvalidateRect GetWindowRect InflateRect PtInRect GetSysColor LoadIconA EnableWindow GetFocus GetClientRect DispatchMessageA TranslateMessage IsDialogMessageA UnregisterClassA HideCaret ShowCaret IsIconic GetSystemMenu SendMessageA AppendMenuA DrawIcon GetSystemMetrics PostQuitMessage DefWindowProcA LoadCursorA GetDlgCtrlID RegisterClassA CreateWindowExA ShowWindow GetMessageA IsWindowUnicode CharNextA DefDlgProcA DrawFocusRect ExcludeUpdateRgn SetWindowLongA |
GDI32.dll |
RestoreDC
SelectObject GetStockObject SetBkMode SetMapMode SetViewportOrgEx OffsetViewportOrgEx SetViewportExtEx ScaleViewportExtEx SetWindowExtEx ScaleWindowExtEx SelectClipRgn IntersectClipRect SaveDC DeleteObject GetDeviceCaps CreateSolidBrush PtVisible RectVisible TextOutA ExtTextOutA Escape PatBlt DeleteDC SetBkColor SetTextColor GetClipBox CreateBitmap GetTextExtentPoint32A CreateRectRgnIndirect GetObjectA CreateDIBitmap GetTextExtentPointA BitBlt CreateCompatibleDC CreateFontIndirectA |
WINSPOOL.DRV |
DocumentPropertiesA
ClosePrinter OpenPrinterA |
ADVAPI32.dll |
RegCreateKeyExA
RegCloseKey RegSetValueExA RegOpenKeyExA |
SHELL32.dll |
ShellExecuteA
|
COMCTL32.dll |
#17
_TrackMouseEvent |
&About HyperlinkScroller... |
Open |
Save As |
All Files (*.*) |
Untitled |
an unnamed file |
&Hide |
No error message is available. |
An unsupported operation was attempted. |
A required resource was unavailable. |
Out of memory. |
An unknown error has occurred. |
Invalid filename. |
Failed to open document. |
Failed to save document. |
Save changes to %1? |
Failed to create empty document. |
The file is too large to open. |
Could not start print job. |
Failed to launch help. |
Internal application error. |
Command failed. |
Insufficient memory to perform operation. |
System registry entries have been removed and the INI file (if any) was deleted. |
Not all of the system registry entries (or INI file) were removed. |
This program requires the file %s, which was not found on this system. |
This program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s. |
Please enter an integer. |
Please enter a number. |
Please enter an integer between %1 and %2. |
Please enter a number between %1 and %2. |
Please enter no more than %1 characters. |
Please select a button. |
Please enter an integer between 0 and 255. |
Please enter a positive integer. |
Please enter a date and/or time. |
Please enter a currency. |
Unexpected file format. |
%1 |
Cannot find this file. |
Please verify that the correct path and file name are given. |
Destination disk drive is full. |
Unable to read from %1, it is opened by someone else. |
Unable to write to %1, it is read-only or opened by someone else. |
An unexpected error occurred while reading %1. |
An unexpected error occurred while writing %1. |
Unable to read write-only property. |
Unable to write read-only property. |
Unable to load mail system support. |
Mail system DLL is invalid. |
Send Mail failed to send message. |
No error occurred. |
An unknown error occurred while accessing %1. |
%1 was not found. |
%1 contains an invalid path. |
%1 could not be opened because there are too many open files. |
Access to %1 was denied. |
An invalid file handle was associated with %1. |
%1 could not be removed because it is the current directory. |
%1 could not be created because the directory is full. |
Seek failed on %1 |
A hardware I/O error was reported while accessing %1. |
A sharing violation occurred while accessing %1. |
A locking violation occurred while accessing %1. |
Disk full while accessing %1. |
An attempt was made to access %1 past its end. |
No error occurred. |
An unknown error occurred while accessing %1. |
An attempt was made to write to the reading %1. |
An attempt was made to access %1 past its end. |
An attempt was made to read from the writing %1. |
%1 has a bad format. |
%1 contained an unexpected object. |
%1 contains an incorrect schema. |
pixels |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.0.1 |
ProductVersion | 1.0.0.1 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
FileDescription | June Document |
FileVersion (#2) | 1, 0, 0, 1 |
InternalName | June document |
LegalCopyright | Copyright (C) 2017 June |
OriginalFilename | June |
ProductName | June service |
ProductVersion (#2) | 1, 0, 0, 1 |
Resource LangID | English - United States |
---|
XOR Key | 0xa35f4ef8 |
---|---|
Unmarked objects | 0 |
Unmarked objects (#2) | 8 |
19 (8034) | 15 |
Total imports | 399 |
C objects (VS98 build 8168) | 78 |
14 (7299) | 24 |
C++ objects (VS98 build 8168) | 67 |
Resource objects (VS98 cvtres build 1720) | 1 |