Static Analysis

PE Compile Time

2005-12-30 11:38:08

PE Imphash

7441bb40ea2cf98761e24b53c533144e

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00019000 0x00000000 0.0
UPX1 0x0001a000 0x00008000 0x00007600 7.86508450855
.rsrc 0x00022000 0x00007000 0x00006400 6.07393564089

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00027658 0x00000988 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 24 x 48 x 32, image size 2400
RT_ICON 0x00027658 0x00000988 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 24 x 48 x 32, image size 2400
RT_ICON 0x00027658 0x00000988 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 24 x 48 x 32, image size 2400
RT_ICON 0x00027658 0x00000988 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 24 x 48 x 32, image size 2400
RT_ICON 0x00027658 0x00000988 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 24 x 48 x 32, image size 2400
RT_ICON 0x00027658 0x00000988 LANG_NEUTRAL SUBLANG_NEUTRAL Device independent bitmap graphic, 24 x 48 x 32, image size 2400
RT_GROUP_ICON 0x00027fe4 0x0000005c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00028044 0x00000220 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data

Imports

Library KERNEL32.DLL:
0x4282a0 LoadLibraryA
0x4282a4 ExitProcess
0x4282a8 GetProcAddress
0x4282ac VirtualProtect
Library MSVBVM60.DLL:
0x4282b4 None
!This program cannot be run in DOS mode.
S@FFFF
^Forme
wQ+I$
/R;;8{
j,+i"gr
*gejkk
?,5gjljb
-e0.*&.nm
;0.7gty
^'1.w|M
x0-7o.
?UVMAQ
YT.Oak,
e--e??
_\[XW`n)
rMtLwm-
?*"5cw
?"*+by
JAE<[\
X23c-ga*7g/
mgkhp:-/'7
z;7y5C}.
s?3`eo
a7cs{`
;g'~Ei
uC#W-G6
dKK4 S
rB'Y/]
SKvECj:
yH;(7c
V^PNEB
shouy1
@Text4
vb6chs.dllY/
C:\Program Files\M
soft Visual Studio\d98
6.OLBG
kkernel32
reateToolh
SnapWt
rstG\$
KExitC
GetFCod
aoyou.
Ut]Wcip
*3;c](
cSiCt+N
CrElwgN
r{b 9##w"8
EYKfAt
@djqw?
KhlSgb
&DOeA0s
cW;{u!/;
u+oi=eU^
@x0OiaEc
_vba,Open
onstruch
iWner*Bo
undsError
gI2Va6
1=+a@X
py/FLd
ToAnsi
sultC,
`8/.dw`
R0#,IDM
LeHR,D
_3RP4 -
8dtMDj1
r pHND
NH$L(Q)
P|]$O&d
r`PP''
]!huh`
9DHLHY
FBpNFN
H*^e+@N
p`;%dBP0>NN&
p0CPX99
uDw$X>
####p`P@####0
FFFFp`P@FFFF0
^Qir
p|@^X<<
Lvr0 2
@rrrr`p
_CIcosA
oadj_fptan
Tdiv_m6|DD
MqA16i
NT_SINK_
d/a.mp&x
facNEx
HVDbGD
#G`.dz
XPTPSW
56gejkk
6fekkllll
5fgkllea
0'%,5gjljb
0*&.5gnm
&0*'76gup
;00'.7gty
'0*17gw|
&x0-7ow|
0x/87vy
;y1x.s
22222222222222223
?UVMAQ
444444444444444 9
?VVMA[
ddddddddddddd2(
@VVML]
iihihihihih2(
iikiikikh <
!kkkklkh
"lllk2+
DUSVTD
^MSV`T
}KTMHOS
_\[XW`MHHO
`TMHEFFH
CCCHSU
+0000000000/"
SUUUUUUUU1
h[[[[[[U
u]]]]U'
b P
cAAAAA?
eGGG@\
mgkhp:-/'7
KERNEL32.DLL
MSVBVM60.DLL
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
080404B0
CompanyName
LegalCopyright
ProductName
FileVersion
ProductVersion
InternalName
OriginalFilename
No antivirus signatures available.
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:MalwareX-gen [Trj]
C4S ClamAV (Linux) Win.Malware.Fvxvgjb-10038176-0
Trellix (Linux) GenericRXAE-GJ
Sophos Anti-Virus (Linux) Mal/StartP-A
Bitdefender Antivirus (Linux) Generic.Dacic.76A3436A.A.19A63A80
G Data Antivirus (Windows) Virus: Generic.Dacic.76A3436A.A.19A63A80 (Engine A), Win32.Trojan.PSE.76SMGI (Engine B)
WithSecure (Linux) Trojan.TR/Dropper.Gen
ESET Security (Windows) a variant of Win32/VB.PRB trojan
DrWeb Antivirus (Linux) Trojan.Click1.59924
ClamAV (Linux) Win.Malware.Fvxvgjb-10038176-0
eScan Antivirus (Linux) Generic.Dacic.76A3436A.A.19A63A80(DB)
Emsisoft Commandline Scanner (Windows) Generic.Dacic.76A3436A.A.19A63A80 (B)
Cuckoo

We're processing your submission... This could take a few seconds.