Static Analysis

PE Compile Time

2013-06-12 15:49:36

PE Imphash

c4c9ecfc26ca516a80b8f6f5b2bdb7e6

PEiD Signatures

Armadillo v1.xx - v2.xx

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000003fc 0x00000400 6.2387096366
.rdata 0x00002000 0x00000181 0x00000200 3.05451057753
.data 0x00003000 0x0000007c 0x00000200 1.04901350379
.reloc 0x00004000 0x00000088 0x00000200 3.00270615312

Imports

Library KERNEL32.dll:
0x10002000 LoadLibraryW
0x10002004 GetProcAddress
0x10002008 CreateFileA
Library MSVCRT.dll:
0x10002010 free
0x10002014 _initterm
0x10002018 malloc
0x1000201c _adjust_fdiv

Exports

Ordinal Address Name
1 0x10001193 rundll32
!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
0F;5d0
CreateFileA
LoadLibraryW
GetProcAddress
KERNEL32.dll
_initterm
malloc
_adjust_fdiv
MSVCRT.dll
rundll32
desktop.ini
dpmmBmbvusjW}fmjGebfS}fmjGfubfsD}XfuvdfyFmmfiT
0#00080F0K0P0U0`0m0w0
2"2=2E2J2R2V3]3o3
ANAXXNGAGGIIDGGGDAPDAAXIIDADDGNDDPAIIDGNDNPNGNXNPNDANANXPPGGNPNNGXPNXAIIGPDINNINDXDIDPXPNNDGXGIDAPDGXINDAGPGGNIDNGNDNGXIXDNGXPXPXNNDINDIDINXXXAAGXGXGNDDGXGIDINPAXNANGNGPNPGDINDPXDNNNXNANGDAXGDNXNIXDGPADADGNNPPXXDIPANAPPNDAPAGXGIGADGGXPXNXGNIAGGDXDIPANAGIGADNGIXAIIAPANPNIPADGNNDPXXPNNANGGINGNDNXPNNPXGPGNIDPNIAAXPAPNIDPPGNIIDIPPDNADPAPXIGPAPPDIXXNGADXPNXDPAAXPNGIPNADPNDAAXGDIXINXDNIXGGNIAAXGNNINAAIGGIADAPPXPGXDAXNGXPIGPPDPAPXPAGGPINANXNIDIPXPIGIPXXGAIIAAAAXPXPAPXXANGPDXDAXAPADGXGNDPAPANXGIDINPPXNNNGXGIDAAIXPNNAXGDGXPXNNDAGADAPGGAAAXPINADAXANGIXDNPIGAPANNDIPGXPANXAXIDPIGAPXNXDIDGXINDXAPIDPIIDPXGXDDPPGINPXNPAPXXAPXPIGIDXNGXPAIXNXDIDAAGNINGXIAGIDADGNIAINGDPADAXANDNPAPXDXNPDGXXDIDAXANDNPAGXIIPXPIXNDDPANGDIPGPINANNDINGNDADXXXIIIAPNGADAXANGPGNIDDDIPAXIAPNXANIADANXDIPAGIGPGIDIAPXGAPDAGAAXXIIPIGGIPPGNIXXXNGXDAGIIAXPADIXDXGDIXDAXXXIGINGNDNXXNNGXGAPNNDDIXDIDAXXDINPAPXNDINPAGAXADPGPADAAAXPAXPAPGGGGGXNDDAAGNIIDNDXDIPADADPNNIGIDAPPDXXANGNIPNGGPINGAIAPNGPIDPDGXAAPAPGPGPPINADIAPXPINANPNGGPGXPAXPDNDINGXINDNPAGXDNGXPINXDDPAPAPA
shell32.dll
kernel32.dll
Antivirus Signature
Lionic Clean
Elastic malicious (high confidence)
ClamAV Win.Adware.Downware-251
CMC Clean
CAT-QuickHeal Trojan.Agent.WL
Skyhigh BehavesLike.Win32.AndromedaDownloader.zt
ALYac Gen:Variant.Barys.381598
Cylance Unsafe
Zillya Worm.DebrisGen.Win32.11
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Clean
K7GW EmailWorm ( 0040f5281 )
K7AntiVirus EmailWorm ( 0040f5281 )
huorong HEUR:Worm/Gamarue.a
Baidu Win32.Worm.Bundpil.y
VirIT Worm.Win32.Generic.GRN
Paloalto Clean
Symantec Downloader.Dromedan
tehtris Generic.Malware
ESET-NOD32 Win32/Bundpil.AO
APEX Malicious
Avast Win32:Sg-I [Trj]
Cynet Malicious (score: 100)
Kaspersky Worm.Win32.Debris.b
BitDefender Gen:Variant.Barys.381598
NANO-Antivirus Trojan.Win32.Debris.cqkxyu
ViRobot Clean
MicroWorld-eScan Gen:Variant.Barys.381598
Tencent Worm.Win32.Debris.c
Sophos W32/Gamarue-BL
F-Secure Worm.WORM/Gamarue.511265
DrWeb Trojan.MulDrop4.25343
VIPRE Gen:Variant.Barys.381598
TrendMicro WORM_GAMARUE.SML
McAfeeD ti!4A6B518F3DE1
Trapmine Clean
CTX dll.unknown.barys
Emsisoft Gen:Variant.Barys.381598 (B)
Ikarus Worm.Win32.Bundpil
GData Win32.Worm.Bundpil.B
Jiangmin Trojan/Generic.axdgt
Webroot W32.Worm.Gen
Varist W32/Csyr.B.gen!Eldorado
Avira WORM/Gamarue.511265
Antiy-AVL Worm/Win32.Bundpil
Kingsoft malware.kb.a.998
Gridinsoft Clean
Xcitium Worm.Win32.Bundpil.AH@4yjufs
Arcabit Trojan.Barys.D5D29E
SUPERAntiSpyware Trojan.Agent/Gen-Crypt
ZoneAlarm W32/Gamarue-BL
Microsoft TrojanDownloader:Win32/Andromeda!pz
Google Detected
AhnLab-V3 Worm/Win32.Debris.R71328
Acronis Clean
VBA32 Worm.Gamarue
TACHYON Clean
Malwarebytes Bundpil.Worm.AutoRun.DDS
Panda Generic Malware
Zoner Clean
TrendMicro-HouseCall WORM_GAMARUE.SML
Rising Worm.Gamarue!1.9CB3 (CLASSIC)
Yandex Trojan.GenAsa!VJN5611Pa6Y
TrellixENS W32/Worm-FJV!B9A98B787203
SentinelOne Static AI - Malicious PE
MaxSecure Worm.Debris.Gen
Fortinet W32/Bundpil.AO!tr
AVG Win32:Sg-I [Trj]
DeepInstinct MALICIOUS
alibabacloud Worm:Win/Bundpil.6ffcb9c8
IRMA Signature
Trend Micro SProtect (Linux) WORM_GAMARUE.SML
Avast Core Security (Linux) Win32:Sg-I [Trj]
C4S ClamAV (Linux) Win.Adware.Downware-251
Trellix (Linux) W32/Worm-FJV
Sophos Anti-Virus (Linux) W32/Gamarue-BL
Bitdefender Antivirus (Linux) Gen:Variant.Barys.381598
G Data Antivirus (Windows) Virus: Gen:Variant.Barys.381598 (Engine A), Win32.Worm.Bundpil.B (Engine B)
WithSecure (Linux) Worm.WORM/Gamarue.511265
ESET Security (Windows) Win32/Bundpil.AO worm
DrWeb Antivirus (Linux) Trojan.MulDrop4.25343
ClamAV (Linux) Win.Adware.Downware-251
eScan Antivirus (Linux) Gen:Variant.Barys.381598(DB)
Kaspersky Standard (Windows) Worm.Win32.Debris.b
Emsisoft Commandline Scanner (Windows) Gen:Variant.Barys.381598 (B)
Cuckoo

We're processing your submission... This could take a few seconds.