Static Analysis

PE Compile Time

2012-12-06 19:32:32

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x0001f000 0x00000000 0.0
UPX1 0x00020000 0x0000f000 0x0000e200 2.57271978278
.rsrc 0x0002f000 0x00001000 0x00000600 3.77517346843

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0002f05c 0x000003f0 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED SysEx File - OctavePlateau

Exports

Ordinal Address Name
1 0x1000d48b FloodFix
4 0x1000d48b FloodFix
2 0x1000d728 FloodFix2
5 0x1000d728 FloodFix2
6 0x1000165d crc32
3 0x1000165d crc32
!This program cannot be run in DOS mode.
`.rsrc
Eastern Standard Time
Eastern Daylight Time
C:\PROGRA~1\COMMON~1\System\symsrv.dll
C:\Program Files\Common Files\System\symsrv.dll
C:\Windows\SysWOW64\rundll32.exe
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
CreateProcessA
SetFileAttributesA
DeleteFileA
RemoveDirectoryA
GetFileAttributesA
GetCurrentThreadId
ReadFile
GetFileSize
CopyFileA
MoveFileExA
MoveFileA
GetLastError
FreeLibrary
LoadLibraryExA
SetFileTime
WriteFile
GetFileTime
GetTickCount
FindClose
FindNextFileA
FindFirstFileA
SetErrorMode
GetDriveTypeA
Module32Next
Module32First
CreateToolhelp32Snapshot
MapViewOfFile
OpenFileMappingA
Process32Next
Process32First
WideCharToMultiByte
LoadResource
SizeofResource
FindResourceA
CloseHandle
IsBadReadPtr
GetCurrentProcess
CreateDirectoryA
IsBadWritePtr
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetVersion
ExitProcess
CreateFileW
GetShortPathNameA
InitializeCriticalSection
GetTempPathA
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentProcessId
GetModuleFileNameA
CreateFileMappingA
SetLastError
HeapFree
GetProcessHeap
DisableThreadLibraryCalls
CompareStringW
CompareStringA
SetEndOfFile
GetOEMCP
SetEnvironmentVariableA
GetACP
IsBadCodePtr
GetStringTypeW
GetStringTypeA
UnmapViewOfFile
VirtualProtect
WriteProcessMemory
GetModuleHandleA
LoadLibraryA
GetProcAddress
EnterCriticalSection
CreateFileA
LeaveCriticalSection
MultiByteToWideChar
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
GetCommandLineA
RaiseException
HeapReAlloc
HeapAlloc
HeapSize
TlsAlloc
TlsFree
UnhandledExceptionFilter
DeleteCriticalSection
LCMapStringA
LCMapStringW
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetUnhandledExceptionFilter
SetStdHandle
SetFilePointer
GetCPInfo
SetSecurityDescriptorDacl
RegOpenKeyExW
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
InitializeSecurityDescriptor
GetDesktopWindow
GetWindow
IsWindowVisible
PostMessageA
IsWindow
GetWindowThreadProcessId
GetWindowTextA
GetClassNameA
MessageBoxA
EnumWindows
f3c3b3[3)
/'0/00
27'R+m
I,^J&%
`.rdata
@.data
@.reloc
:string too lo
",valid 7posi{
Unknown excepE
GAIsPro
ssorFeature
KERNEL32u
; (8PX
ull)L4
Az~__GLOBAL_HEAP_S
MSVCRTl
6ruBime+rm
ht|able
pac#f{&wi8
std5p.
vir6!3
_*H\/X
p@gram
Jm6/09O
s.+8argu(\{
ThuFySaO
JancbMmAD
TZGetLa.
ageBox
SKGC7yC
C;7/'y
1#QNAN
a0#koG
wf`bankb)wna
vTEaC^RTBByTG
87=7;!T%]U\\d'
pRrCKV
vGRNg&S
]VG^Wt[
|S_Ws2
@TUNSTO
Q[JWKW^
nQKMYT
jMVLQU]
tQZJYJA;
logic_
_ength x
out_of_ra&e@
type_infom
TxDy4z
|pd/\P4M
4LHD@<
840,(K
SetFileAt
RemwDi7J
KDrry2GP
Cur#ntTM
du%32?
>fToolhLp
Snapsho(
ViewOf
mS#Byf
sourcgof
/Bl2j3$
1AddrH
+a{KX@
;jedDq
INInRtl*w[
3c3b3[3)
/'0/00
27'R+m
XPTPSW
KERNEL32.DLL
ADVAPI32.dll
USER32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
RegCloseKey
IsWindow
lpk.dll
FloodFix
FloodFix
FloodFix2
FloodFix2
Eastern Standard Time
Eastern Daylight Time
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
CompanyName
Microsoft Corporation
FileDescription
LanguagePack
FileVersion
5, 1, 2600, 5512
InternalName
LanguagePack
LegalCopyright
(C) Microsoft Corporation. All rights reserved.
LegalTrademarks
OriginalFilename
LanguagePack
PrivateBuild
ProductName
Microsoft(C) Windows(C) Operating System
ProductVersion
5, 1, 2600, 5512
SpecialBuild
VarFileInfo
Translation
No antivirus signatures available.
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:FloxLib-A [Trj]
C4S ClamAV (Linux) Win.Trojan.Pioneer-10014875-0
Trellix (Linux) Clean
Sophos Anti-Virus (Linux) Mal/Behav-160
Bitdefender Antivirus (Linux) Gen:Variant.Bulz.276414
G Data Antivirus (Windows) Virus: Gen:Variant.Bulz.276414 (Engine A)
WithSecure (Linux) Clean
ESET Security (Windows) Clean
DrWeb Antivirus (Linux) Clean
ClamAV (Linux) Win.Trojan.Pioneer-10014875-0
eScan Antivirus (Linux) Gen:Variant.Bulz.276414(DB)
Kaspersky Standard (Windows) Clean
Emsisoft Commandline Scanner (Windows) Gen:Variant.Bulz.276414 (B)
Cuckoo

We're processing your submission... This could take a few seconds.