Cuckoo Sandbox

PE Compile Time

1992-06-20 01:22:17

PE Imphash

8679c8c71268858668c3b616f436e78f

Sections

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
UPX0	0x00001000	0x00017000	0x00017000	4.77536804784
UPX1	0x00018000	0x00008000	0x00007c00	6.02596410505
.rsrc	0x00020000	0x00001000	0x00000800	3.71378512545
.imports	0x00021000	0x00001000	0x00000800	4.31428309566

Resources

Name	Offset	Size	Language	Sub-language	File type
RT_ICON	0x00020154	0x000002e8	LANG_SPANISH	SUBLANG_SPANISH_MODERN	Device independent bitmap graphic, 32 x 64 x 4, image size 512
RT_RCDATA	0x00012448	0x000000a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_RCDATA	0x00012448	0x000000a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_GROUP_ICON	0x00020440	0x00000014	LANG_SPANISH	SUBLANG_SPANISH_MODERN	data

Imports

Library KERNEL32.DLL:

• 0x40e0f0 DeleteCriticalSection

• 0x40e0f4 LeaveCriticalSection

• 0x40e0f8 EnterCriticalSection

• 0x40e0fc InitializeCriticalSection

• 0x40e100 VirtualFree

• 0x40e104 VirtualAlloc

• 0x40e108 LocalFree

• 0x40e10c LocalAlloc

• 0x40e110 GetTickCount

• 0x40e114 QueryPerformanceCounter

• 0x40e118 GetVersion

• 0x40e11c GetCurrentThreadId

• 0x40e120 WideCharToMultiByte

• 0x40e124 MultiByteToWideChar

• 0x40e128 GetThreadLocale

• 0x40e12c GetStartupInfoA

• 0x40e130 GetModuleFileNameA

• 0x40e134 GetLocaleInfoA

• 0x40e138 GetLastError

• 0x40e13c GetCommandLineA

• 0x40e140 FreeLibrary

• 0x40e144 ExitProcess

• 0x40e148 CreateThread

• 0x40e14c WriteFile

• 0x40e150 UnhandledExceptionFilter

• 0x40e154 SetFilePointer

• 0x40e158 SetEndOfFile

• 0x40e15c RtlUnwind

• 0x40e160 ReadFile

• 0x40e164 RaiseException

• 0x40e168 GetStdHandle

• 0x40e16c GetFileSize

• 0x40e170 GetFileType

• 0x40e174 CreateFileA

• 0x40e178 CloseHandle

Library user32.dll:

• 0x40e180 GetKeyboardType

• 0x40e184 MessageBoxA

• 0x40e188 CharNextA

Library advapi32.dll:

• 0x40e190 RegQueryValueExA

• 0x40e194 RegOpenKeyExA

• 0x40e198 RegCloseKey

Library oleaut32.dll:

• 0x40e1a0 SysFreeString

Library KERNEL32.DLL:

• 0x40e1a8 TlsSetValue

• 0x40e1ac TlsGetValue

• 0x40e1b0 LocalAlloc

• 0x40e1b4 GetModuleHandleA

Library KERNEL32.DLL:

• 0x40e1bc WritePrivateProfileStringA

• 0x40e1c0 WriteFile

• 0x40e1c4 WaitForSingleObject

• 0x40e1c8 Sleep

• 0x40e1cc ReadFile

• 0x40e1d0 LoadLibraryA

• 0x40e1d4 GetWindowsDirectoryA

• 0x40e1d8 GetVersionExA

• 0x40e1dc GetTempPathA

• 0x40e1e0 GetSystemDirectoryA

• 0x40e1e4 GetProcAddress

• 0x40e1e8 GetModuleHandleA

• 0x40e1ec GetModuleFileNameA

• 0x40e1f0 GetLastError

• 0x40e1f4 GetFileAttributesA

• 0x40e1f8 GetCurrentDirectoryA

• 0x40e1fc FindNextFileA

• 0x40e200 FindFirstFileA

• 0x40e204 FindClose

• 0x40e208 FileTimeToLocalFileTime

• 0x40e20c FileTimeToDosDateTime

• 0x40e210 ExitProcess

• 0x40e214 DeleteFileA

• 0x40e218 CreateThread

• 0x40e21c CreateMutexA

• 0x40e220 CreateFileA

• 0x40e224 CreateDirectoryA

• 0x40e228 CopyFileA

• 0x40e22c CloseHandle

Library mpr.dll:

• 0x40e234 WNetCancelConnectionA

• 0x40e238 WNetAddConnection2A

Library wsock32.dll:

• 0x40e240 WSACleanup

• 0x40e244 WSAStartup

• 0x40e248 gethostbyname

• 0x40e24c socket

• 0x40e250 send

• 0x40e254 recv

• 0x40e258 inet_ntoa

• 0x40e25c inet_addr

• 0x40e260 htons

• 0x40e264 connect

• 0x40e268 closesocket

Library shell32.dll:

• 0x40e270 ShellExecuteA

Library wininet.dll:

• 0x40e278 InternetGetConnectedState

Library URLMON.DLL:

• 0x40e280 URLDownloadToFileA

.imports
StringX
TObject
YZ]_^[
YZ]_^[
_^[YY]
YZ]_^[
C<"u1S
Q<"u8S
Ht Ht.
~KxI[)
                                                                
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
tVSVWU
_^[YY]
TBisBot
PRIVMSG
PRIVMSG
u*h4i@
u*h4i@
u8htm@
urh4i@
u5h4i@
u7h4i@
u*h4i@
PING :
PRIVMSG
PRIVMSG 
 :Logare corecta - Nivel:MASTER
dfisier
 :Descarc Fisierul...
 :Descarcare completa
 :Fisier Executat
QUIT :Updating...
logout
silent
 :Comanda Invalida
(Net: 
(Sistem: 
(Director Windows: 
(Director Curent: 
(netbios_infected: 
(netbios_tries: 
(netbios_failed: 
(netbios_accessdenied: 
(netbios_invalidpass: 
(netbios_logonfailure: 
(mydoom_infected: 
(mydoom_tries: 
(mydoom_failed: 
(scan_infectedfiles: 
(scan_infecteddirs: 
(scan_copied: 
File(%cur%\
File(%win%\
File(%sys%\
File(%tmp%\
File(\
restart
QUIT :Restartez la cerere ...
QUIT :Quiting
rndnick
 :Uite ca am iesit
ascunde
%rnddir%
%sys%\
%win%\
%cur%\
%tmp%\
%rand%
 :Ascuns ca (
 :Imposibil sa ascund ca (
%rnddir%\%rand%.exe
 :Ascund ca (
 :Added Random Garbage To (
 :Failed To Add Random Garbage To (
registry
system.ini
explorer.exe 
 :Adaugata copie in REGISTRY
spread
QQQQQS
.com "win2k" :
xtrworm
TFileName
TSearchRecX
QQQQQS3
win32dc
win32dc\
trainer
serial
BattleField 1942
Doom 3
Sims 2
FlatOut
Counter-Strike
Silent Hill 4
Half-Life 2
UT2004
Quake3
tDHtvH
DCPlusPlus.xml
<Description type="string">
<Description type="string">XTR</Description>
</Description>
<Share>
<Directory>
win32dc
</Directory>
dcplusplus.xml
upload
download
Ht!Ht,
QQQQQSV
abcdefghijklmnopqrstuvwxyz
Unknown
Dial-up
TMyDoom
PRIVMSG 
 :MyDoom Infectat 
TNetBIOS
\Documents and Settings\All Users\Start Menu\Programs\Startup\
\WINDOWS\Start Menu\Programs\Startup\
\WINNT\Profiles\All Users\Start Menu\Programs\Startup\
Administrator
PRIVMSG 
 :netbios_infected 
netapi32.dll
NetRemoteTOD
NetScheduleJobAdd
NetShareEnum
NetApiBufferFree
NetBIOSThread2
%rnddir%\%rand%.com
%rnddir%
%rand%
%sys%\
%win%\
%cur%\
%tmp%\
us.undernet.org
XTRMASTER
fuck21
356746
Runtime error     at 00000000
0123456789ABCDEF
Biscan
3Messages
System
SysInit
KWindows
UTypes
?WinInet
*ShellAPI
WinSock
apFunc
!uMyDoom
uNetBIOS
apInfect
&pWebServer
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
HSRIII$
HSRIII$
HSRIII$
HSRIII$
HSRIII$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
SWj [h
SWj [h
SWj [h
SWj [h
SWj [h
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj [h
SWj [h
SWj [h
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
HXSO_O
HXSO_O
HXSO_O
HXSO_O
HXSO_O
_SO_O?a
_SO_O?a
_SO_O?a
_SO_O?a
_SO_O?a
_SO_O?a
_SO_O?a
_SO_O?a
_SO_O?a
_SO_O?a
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
HSRIIX
HSRIIX
HSRIIX
HSRIIX
HSRIIX
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
PPPPPPPP
PPPPPPPP
PPPPPPPP
PPPPPPPP
PPPPPPPP
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SRIII$
SRIII$
SRIII$
SRIII$
SRIII$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_O?a
_SO_O?a
_SO_O?a
_SO_O?a
_SO_O?a
_SO_O?I$
_SO_O?I$
_SO_O?I$
_SO_O?I$
_SO_O?I$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
j`h`GA
j`h`GA
j`h`GA
j`h`GA
j`h`GA
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
_SO_O?a
_SO_O?a
_SO_O?a
_SO_O?a
_SO_O?a
HXSO_O
HXSO_O
HXSO_O
HXSO_O
HXSO_O
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
HSRIISI
HSRIISI
HSRIISI
HSRIISI
HSRIISI
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj [h
SWj [h
SWj [h
SWj [h
SWj [h
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
_SO_OI$
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
HSRIISI
HSRIISI
HSRIISI
HSRIISI
HSRIISI
SWj [h
SWj [h
SWj [h
SWj [h
SWj [h
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
_SO_Oa
_SO_Oa
_SO_Oa
_SO_Oa
_SO_Oa
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
SWj [h
SWj [h
SWj [h
SWj [h
SWj [h
_SO_Oa
_SO_Oa
_SO_Oa
_SO_Oa
_SO_Oa
SWj _3
SWj _3
SWj _3
SWj _3
SWj _3
WritePrivateProfileStringA
WriteFile
WaitForSingleObject
ReadFile
LoadLibraryA
GetWindowsDirectoryA
GetVersionExA
GetTempPathA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetFileAttributesA
GetCurrentDirectoryA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
DeleteFileA
CreateThread
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
WNetCancelConnectionA
WNetAddConnection2A
SysFreeString
ShellExecuteA
URLDownloadToFileA
GetKeyboardType
MessageBoxA
CharNextA
InternetGetConnectedState
WSACleanup
WSAStartup
gethostbyname
socket
inet_ntoa
inet_addr
connect
closesocket
.idata
.rdata
P.reloc
P.rsrc
P.text2
W}#"RdA
QCpw11
Library>Get0
bu`s!sPE
d.)p=c
E)Of7RtlJ
O<n[.6
5;cn/A
(NmxIav
I ghobynaC
XPTPSW
Gggfv@
&vvggd
wwgbvt
1wwwr"gf@
1wwwr"vv@
wr""gf@
wr""&f@
ww"w""@
wr'""@
advapi32.dll
KERNEL32.DLL
mpr.dll
oleaut32.dll
shell32.dll
URLMON.DLL
user32.dll
wininet.dll
wsock32.dll
RegCloseKey
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
WNetAddConnection2A
SysFreeString
ShellExecuteA
URLDownloadToFileA
CharNextA
InternetGetConnectedState
KERNEL32.DLL
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
KERNEL32.DLL
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
KERNEL32.DLL
WritePrivateProfileStringA
WriteFile
WaitForSingleObject
ReadFile
LoadLibraryA
GetWindowsDirectoryA
GetVersionExA
GetTempPathA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetFileAttributesA
GetCurrentDirectoryA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
DeleteFileA
CreateThread
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
mpr.dll
WNetCancelConnectionA
WNetAddConnection2A
wsock32.dll
WSACleanup
WSAStartup
gethostbyname
socket
inet_ntoa
inet_addr
connect
closesocket
shell32.dll
ShellExecuteA
wininet.dll
InternetGetConnectedState
URLMON.DLL
URLDownloadToFileA
uz@>_MPw
<kyyn!
aF0|yv
LaSepP
)\THNX
P}CWvk
T .Krw
DQTUcb
>V/5 +#
A?i8"e
E-k-IIsa
U.fuM2
\^09m|b
83~PW2
#F:m!~N
%3]XCIRC
;)RuB@B
huflW@u0I
-41X jwZY
=G+cyV
x%f#s&`
E]E<{-H
-Q)<R\
2V]*4bYZ'h*]
dHoxK^r
+5?g'b
Re?k?2
YVoC)#.
GG<&e{
v/:TUj
?DA]uj
ow-0u}
m,gkt^5K
<Bw.q2Q
G,%),_d
cdfwn'uI
}J2sytJX
0(x7@:
;[U#Ef
$pO-NU
yT?,V5
U{|'BH
Q74p\3$
/AGB~x
;0?ii%
b_YGODWR
_lNywFY
I*6.is%
ss<uaZ%
\cS?8WiU
rmB X
hh3YB!8
C)t^}*
T =lZ@
(o(~Bd/%
.N%:9K
{2Mpx~
#Kojbx
+\y|gq#
AQPB*x
swhv^N2
UCv-c)
JFUXOH4_@ih
MIuaGQ5
#w.BG{
LsxTPB
h+`{6O
-V2.Iw
'Q&G6W
X@[v%[GiG
56\6k3
6dX%s1
T9(W*6
m=-ipd
5d38+$
, 8/>m
@CHwH~
`Q=1GS(
HI{v5QR
ddjBC,w
TWO%&~
#YRe..+
[kOLl
'T=-4s(
7REODe
kTf0co
rz:" X
?bay^V
oqJX1w
K-jsy
sB|}[1
lR-E/QQ
'wkOa\
F_rj:I.\(
2!'%Rn
=a)&jSc
1}ki$W
K"U6BURotr
"LQb-C4
>E>jtG'
>>2rqh3j
AeRTV5
jzw`4S
\0pO)_
<wirC@
!30t52=
$~Qfl1
h>lb,G%WO
{d?vcX
b$BZ-Y
xg[SK3
'N80S"h
%wGB?e
Xt\tM=
<aG0:
R"^}]
#Y{YHfdb
`+BZG~
UWqViS<
Kzq2aH{G.&
htgV=
565yhQ
rU`$nM;
@Rfe^w`
`f~S9q/
|IY^^z
&I2?n&
sO*6sh
xqp!=L5qg
8\7?b0>3
xP)#,5
U#Mx.>E
5kbg2j
a(^oGD
g&>hYL
6V3/4|
a.mFd?
lwp`,~
vX] v]
.KB|?a
EvxFQe
|pzKMRI
`PE&-
/-)*3p
8Zvx7u
UMR8rb
x)0d3{
ky.)$oS
{^u?|YhC
x>5xY/0
]#H]6y@l(
%G5Mjfzm
x#A3$8;Jz
J$"N'RG
K-C5G%
dMwK?E
nqzKOi
Vl|[nzd}
ZGxB<6Fby
AtOdql
L%?9@+
4^RJ,.|
-fMM$B
~ZzOrB
%tIPX 
,{VxvJc
DVCLAL
PACKAGEINFO
MAINICON
DVCLAL
PACKAGEINFO
MAINICON

No antivirus signatures available.

IRMA	Signature
Trend Micro SProtect (Linux)	Clean
Avast Core Security (Linux)	Win32:MalwareX-gen [Bot]
C4S ClamAV (Linux)	Win.Malware.Delf-6717516-0
Trellix (Linux)	Exploit-Mydoom virus
Sophos Anti-Virus (Linux)	Clean
Bitdefender Antivirus (Linux)	Dropped:Generic.Malware.S!dld!.B44DDF53
G Data Antivirus (Windows)	Virus: Dropped:Generic.Malware.S!dld!.B44DDF53 (Engine A), Win32.Worm.MyDoom.B (Engine B)
WithSecure (Linux)	Worm.WORM/Rbot.Gen
ESET Security (Windows)	a variant of Win32/IRCBot.AZV trojan
DrWeb Antivirus (Linux)	Win32.HLLW.Siggen.10562
ClamAV (Linux)	Win.Malware.Delf-6717516-0
eScan Antivirus (Linux)	Dropped:Generic.Malware.S!dld!.B44DDF53(DB)
Emsisoft Commandline Scanner (Windows)	Dropped:Generic.Malware.S!dld!.B44DDF53 (B)

Browser recommendation

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports

Browser recommendation

PE Compile Time

PE Imphash

Sections

Resources

Imports

Feedback