Static Analysis

PE Compile Time

2006-11-23 17:36:32

PE Imphash

7441bb40ea2cf98761e24b53c533144e

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00019000 0x00000000 0.0
UPX1 0x0001a000 0x00008000 0x00007600 7.86508450855
.rsrc 0x00022000 0x00007000 0x00006400 6.07393564089

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00027658 0x00000988 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 24 x 48 x 32, image size 2400
RT_ICON 0x00027658 0x00000988 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 24 x 48 x 32, image size 2400
RT_ICON 0x00027658 0x00000988 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 24 x 48 x 32, image size 2400
RT_ICON 0x00027658 0x00000988 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 24 x 48 x 32, image size 2400
RT_ICON 0x00027658 0x00000988 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 24 x 48 x 32, image size 2400
RT_ICON 0x00027658 0x00000988 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 24 x 48 x 32, image size 2400
RT_GROUP_ICON 0x00027fe4 0x0000005c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00028044 0x00000220 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data

Imports

Library KERNEL32.DLL:
0x4282a0 LoadLibraryA
0x4282a4 ExitProcess
0x4282a8 GetProcAddress
0x4282ac VirtualProtect
Library MSVBVM60.DLL:
0x4282b4 None
!This program cannot be run in DOS mode.
S@FFFF
^Forme
wQ+I$
/R;;8{
j,+i"gr
*gejkk
?,5gjljb
-e0.*&.nm
;0.7gty
^'1.w|M
x0-7o.
?UVMAQ
YT.Oak,
e--e??
_\[XW`n)
rMtLwm-
?*"5cw
?"*+by
JAE<[\
X23c-ga*7g/
mgkhp:-/'7
z;7y5C}.
s?3`eo
a7cs{`
;g'~Ei
uC#W-G6
dKK4 S
rB'Y/]
SKvECj:
yH;(7c
V^PNEB
shouy1
@Text4
vb6chs.dllY/
C:\Program Files\M
soft Visual Studio\d98
6.OLBG
kkernel32
reateToolh
SnapWt
rstG\$
KExitC
GetFCod
aoyou.
Ut]Wcip
*3;c](
cSiCt+N
CrElwgN
r{b 9##w"8
EYKfAt
@djqw?
KhlSgb
&DOeA0s
cW;{u!/;
u+oi=eU^
@x0OiaEc
_vba,Open
onstruch
iWner*Bo
undsError
gI2Va6
1=+a@X
py/FLd
ToAnsi
sultC,
`8/.dw`
R0#,IDM
LeHR,D
_3RP4 -
8dtMDj1
r pHND
NH$L(Q)
P|]$O&d
r`PP''
]!huh`
9DHLHY
FBpNFN
H*^e+@N
p`;%dBP0>NN&
p0CPX99
uDw$X>
####p`P@####0
FFFFp`P@FFFF0
^Qir
p|@^X<<
Lvr0 2
@rrrr`p
_CIcosA
oadj_fptan
Tdiv_m6|DD
MqA16i
NT_SINK_
d/a.mp&x
facNEx
HVDbGD
#G`.dz
XPTPSW
56gejkk
6fekkllll
5fgkllea
0'%,5gjljb
0*&.5gnm
&0*'76gup
;00'.7gty
'0*17gw|
&x0-7ow|
0x/87vy
;y1x.s
22222222222222223
?UVMAQ
444444444444444 9
?VVMA[
ddddddddddddd2(
@VVML]
iihihihihih2(
iikiikikh <
!kkkklkh
"lllk2+
DUSVTD
^MSV`T
}KTMHOS
_\[XW`MHHO
`TMHEFFH
CCCHSU
+0000000000/"
SUUUUUUUU1
h[[[[[[U
u]]]]U'
b P
cAAAAA?
eGGG@\
mgkhp:-/'7
KERNEL32.DLL
MSVBVM60.DLL
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
080404B0
CompanyName
LegalCopyright
ProductName
FileVersion
ProductVersion
InternalName
OriginalFilename
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Clean
Elastic malicious (moderate confidence)
ClamAV Win.Malware.Fvxvgjb-10038176-0
CMC Clean
CAT-QuickHeal Trojan.PastaVMF.S28606252
Skyhigh BehavesLike.Win32.Generic.qc
ALYac Generic.Dacic.76A3436A.A.19A63A80
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (D)
Alibaba Clean
K7GW Trojan ( 0059acdb1 )
K7AntiVirus Trojan ( 0059acdb1 )
huorong Trojan/Sisproc.c
Baidu Clean
VirIT Trojan.Win32.AgentT.DZBF
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 a variant of Win32/VB.PRB
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky Trojan.Win32.Pasta.zyb
BitDefender Generic.Dacic.76A3436A.A.19A63A80
NANO-Antivirus Trojan.Win32.Pasta.eehyiu
ViRobot Clean
MicroWorld-eScan Generic.Dacic.76A3436A.A.19A63A80
Tencent Trojan.Win32.Pasta.hc
Sophos Mal/StartP-A
F-Secure Trojan.TR/Dropper.Gen
DrWeb Trojan.Click1.59924
VIPRE Generic.Dacic.76A3436A.A.19A63A80
TrendMicro Clean
McAfeeD Real Protect-LS!7E3028AC7BAE
Trapmine malicious.moderate.ml.score
CTX exe.unknown.dacic
Emsisoft Generic.Dacic.76A3436A.A.19A63A80 (B)
Ikarus Trojan-Dropper.Agent
GData Win32.Trojan.StartPage.AL
Jiangmin Trojan/Pasta.gcn
Webroot W32.Trojan.Gen
Varist W32/Trojan.EAXY-2722
Avira TR/Dropper.Gen
Antiy-AVL Trojan/Win32.VB
Kingsoft malware.kb.b.913
Gridinsoft Trojan.Win32.Wacatac.dd!n
Xcitium Clean
Arcabit Generic.Dacic.76A3436A.A.19A63A80
SUPERAntiSpyware Trojan.Agent/Gen-Dropper
ZoneAlarm Mal/StartP-A
Microsoft Trojan:Win32/Phonzy.A!ml
Google Detected
AhnLab-V3 Trojan/Win.Scar.R644300
Acronis Clean
VBA32 Trojan.VBRA.02582
TACHYON Clean
Malwarebytes Generic.Malware.AI.DDS
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.DL.Win32.VBcode.arq (CLASSIC)
Yandex Trojan.GenAsa!D8ZSNSrq77E
TrellixENS GenericRXAE-GJ!6CDE9B316B0C
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/VB.PMH!tr.dldr
AVG Win32:MalwareX-gen [Trj]
Avast Win32:MalwareX-gen [Trj]
alibabacloud Trojan[dropper]:Win/Comisproc.07666edb
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:MalwareX-gen [Trj]
C4S ClamAV (Linux) Win.Malware.Fvxvgjb-10038176-0
Trellix (Linux) GenericRXAE-GJ
Sophos Anti-Virus (Linux) Mal/StartP-A
Bitdefender Antivirus (Linux) Generic.Dacic.76A3436A.A.19A63A80
G Data Antivirus (Windows) Virus: Generic.Dacic.76A3436A.A.19A63A80 (Engine A), Win32.Trojan.PSE.76SMGI (Engine B)
WithSecure (Linux) Trojan.TR/Dropper.Gen
ESET Security (Windows) a variant of Win32/VB.PRB trojan
DrWeb Antivirus (Linux) Trojan.Click1.59924
ClamAV (Linux) Win.Malware.Fvxvgjb-10038176-0
eScan Antivirus (Linux) Generic.Dacic.76A3436A.A.19A63A80(DB)
Kaspersky Standard (Windows) Trojan.Win32.Pasta.zyb
Emsisoft Commandline Scanner (Windows) Generic.Dacic.76A3436A.A.19A63A80 (B)
Cuckoo

We're processing your submission... This could take a few seconds.