Static Analysis

PE Compile Time

2013-10-02 15:59:11

PE Imphash

a0c275da44db88d1f2fc3943daf6948b

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00003000 0x00003000 5.85871399783
.rdata 0x00004000 0x00001000 0x00001000 0.980570920315
.data 0x00005000 0x00001000 0x00001000 1.17587262732
.rsrc 0x00006000 0x00003000 0x00003000 0.0155720722383
.reloc 0x00009000 0x00002000 0x00002000 0.0
gu_idata 0x0000b000 0x00001000 0x00000400 3.52818311896
gu_rsrcs 0x0000c000 0x00003c00 0x00003c00 3.97964061524

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0000c070 0x00002668 LANG_ENGLISH SUBLANG_ENGLISH_US Device independent bitmap graphic, 49 x 96 x 32, image size 9792
RT_GROUP_ICON 0x0000e718 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_VERSION 0x0000e786 0x00000198 LANG_ENGLISH SUBLANG_ENGLISH_US OpenPGP Public Key
RT_MANIFEST 0x0000e95e 0x0000015a LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library KERNEL32.DLL:
0x504008 GetLastError
0x50400c lstrcpyA
0x504010 GetModuleHandleA
0x504014 GetCommandLineA
0x504018 FindFirstFileA
0x50401c FormatMessageA
0x504020 FindClose
0x504024 FindNextFileA
0x504028 DeleteFileA
0x50402c CloseHandle
0x504030 GetACP
0x504034 CreateFileA
Library gdi32.dll:
0x504000 CreateFontIndirectA
Library user32.dll:
0x50403c PostQuitMessage
0x504040 GetMessageA
0x504044 UpdateWindow
0x504048 EndPaint
0x50404c DispatchMessageA
0x504050 BeginPaint
0x504054 TranslateMessage
0x504058 MoveWindow
0x50405c CreateWindowExA
0x504060 RegisterClassExA
0x504064 DefWindowProcA
0x504068 MessageBoxA
0x50406c SendMessageA
0x504070 DestroyWindow
0x504074 LoadCursorA
0x504078 LoadIconA
0x50407c ShowWindow
0x504080 GetWindowRect
`.rdata
@.data
@.reloc
Bgu_idata
@gu_rsrcs
e!V@hP
kscdS
P3tepP}h
2ce*Vx
srtWd@@
up2=cc
2mtst<0
(mt+lo`
Pt|WPPW
+Epi d@
ctc|uuB
j8hDPP
GGGGBBBBIu
$urn"PhP
P =dO#h
leeeI#
terekos
Romantic
last.inf
static
button
#VErTir
KERNEL32.DLL
gdi32.dll
user32.dll
GetLastError
lstrcpyA
GetModuleHandleA
GetCommandLineA
FindFirstFileA
FormatMessageA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
GetACP
CreateFileA
CreateFontIndirectA
PostQuitMessage
GetMessageA
UpdateWindow
EndPaint
DispatchMessageA
BeginPaint
TranslateMessage
MoveWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
MessageBoxA
SendMessageA
DestroyWindow
LoadCursorA
LoadIconA
ShowWindow
GetWindowRect
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
!This program cannot be run in DOS mode.
`.text
.rdata
@.data
.rdata6
@.rdata4
@.rdata3
@.rdata2
@.rsrc
IDR_VERSION1
IDR_VERSION1
VS_VERSION_INFO
FileInfo
FFFF04E3
FileVersion
2.0.1.7
ProductVersion
2.0.1.0
CompanyName
Sanny Ltd.
ProductName
LookFor
VFileInfo
Translation
C:\Users\jbayuelo\AppData\Local\Temp\Rar$EX00.060\Invoice_OCT-02-2013.exe
C:\15f7b84a4cdcb502eddc657a73efa574e92ce8ee6c1cbd294afb78ee68b340af
C:\jdQTw6v9.exe
C:\Siclio3q.exe
C:\kkUFLuby.exe
C:\DpAAKV4u.exe
C:\xzs9WiJw.exe
C:\lm6cf0Bd.exe
C:\rAPOijgM.exe
C:\LPtzEtau.exe
C:\c3d3ff14f95b3a8f7716d18c2004989d431d9dfe21cf368e90d6998e37400d8d
C:\n0SdZlzy.exe
C:\hngGcoa0.exe
C:\ttTgXtca.exe
C:\61qAQjKW.exe
C:\dff2be9238bb5e024266085cf4deed3c3c9a6f618be1f72d5c6dd0b7f8eda3c2
C:\b50064ea3ee91286fe33c2fe0625e5778f3feeeac507d1e9883b7ff2903de6c7
C:\0YDYVX8K.exe
C:\MPmfnspF.exe
C:\nce7c9Hg.exe
C:\Hzn2wLxp.exe
C:\LSsCVy8I.exe
C:\gwOEU6Zz.exe
C:\WQjMyCWV.exe
C:\_oZ1X5Vb.exe
C:\Dj9GDsJS.exe
C:\Cdp9kFOq.exe
C:\UOGoyJ1r.exe
C:\9np_0zpF.exe
C:\rALh_5o6.exe
C:\xVfmqVpE.exe
C:\MjDNbuuX.exe
C:\FWgNM5kV.exe
C:\4MIGwjOZ.exe
C:\2e95b12a09ec8d49d8ef217225a5e19a3b31fe196e7a679668c46e47ab205ea7
C:\F413poNv.exe
C:\xawp_iqF.exe
C:\VIFTaBYp.exe
C:\IUCGdQtr.exe
C:\t6mpWZnU.exe
C:\3Ljl2OEJ.exe
C:\ZRo184ai.exe
C:\hvm8EcBI.exe
C:\N6uHVNRU.exe
C:\e9a2bf87151b236b82b4f886e055e509fca3c301451e7d53b6feb884260e4544
C:\N0j4QrB2.exe
C:\FBJHmotD.exe
C:\xaHyOIuE.exe
C:\ca_rKaDC.exe
C:\hNbpTMVL.exe
C:\bGnmop1x.exe
C:\DOCUME~1\cuckoo\LOCALS~1\Temp\afd0df96070c049838043823c05645fab21c43b5
C:\Users\RDhJ0CNFevzX\Desktop\d1e1a6647481c6fca13f348df95803810d136887f2afa3be295b1183987382ee.exe
C:\QeSIb3IC.exe
C:\Users\Bruno\AppData\Local\Temp\file.exe
C:\Users\OqXZRaykm\Desktop\asih.exe
C:\eD98mxiJ.exe
C:\Users\george\Desktop\software.exe
C:\7L1yTkZ5.exe
C:\Users\azure\Downloads\223fcea12d071689ed6c5b27975235a8.exe
C:\Users\OqXZRaykm\Desktop\922ef29779530fbe47fa5553d88d144ed6610ca4270aab73d0937d8dcce23787-dropped.exe
C:\Users\Admin\AppData\Local\Temp\3e62b69d5042e32030ed3a65cf77252a3c5500527f7581569cf20afacce33e2f.exe
C:\Users\Bruno\AppData\Local\Temp\program.exe
C:\6SvPcr0T.exe
C:\Users\Admin\AppData\Local\Temp\afc05795a3e5fe2af2503fd6615698d601ec0075b142de9563e124ba4e723c9f.exe
C:\Users\george\Desktop\software.exe
C:\Users\OqXZRaykm\Desktop\asih.exe
C:\Users\Joe Cage\Desktop\6ghch2kc2n.exe
C:\Users\Admin\AppData\Local\Temp\f5708ddf942d2f6d5c9b715296eefee4d67540426860cb873024b3cbad109af9.exe
C:\Fsv0Jteu.exe
C:\Users\azure\Downloads\aa23e4452fd4e6f7c06d21ca4f36410d.virus.exe
C:\9GPMqB8T.exe
C:\Users\george\Desktop\file.exe
C:\gCX1VKB0.exe
C:\Users\george\Desktop\program.exe
C:\XzUdBXO3.exe
C:\Users\george\Desktop\software.exe
C:\wqyEJZep.exe
C:\Users\RDhJ0CNFevzX\Desktop\hINRbc44UZAUO8gP.exe
C:\Users\Bruno\Desktop\executable.exe
C:\khMo2u0e.exe
C:\Users\george\Desktop\software.exe
C:\Users\RDhJ0CNFevzX\Desktop\GdhvewPT6XADldiY.exe
C:\Users\RDhJ0CNFevzX\Desktop\sfZZHL0c3lz0vnqY.exe
C:\RmIdGulJ.exe
C:\Users\Admin\AppData\Local\Temp\eb61c5c52c68d45a131d86374e3a468a90a400d889240bf4118e708659852672.exe
C:\Users\george\Desktop\executable.exe
C:\zarOO4Xp.exe
C:\Users\Bruno\Desktop\file.exe
C:\Users\Admin\AppData\Local\Temp\611637ed02347c274932243f103134874717b06508c832fa88d92f9d5f245dd3.exe
C:\Users\OqXZRaykm\Desktop\KJlLgO0amPvLmCUd.exe
C:\Users\Bruno\Desktop\software.exe
C:\Users\John Doe\Desktop\owdvfw72ia.exe
C:\g9NxIPe_.exe
C:\HWzObajY.exe
C:\Users\azure\Downloads\07f81eb0c3752edc768e78c63fbe435c.exe
C:\Users\Admin\AppData\Local\Temp\11d3505905ad5958d7f5c32841d0ad8cad2d548ed4ab2ec3fd1601b8271c85b0.exe
C:\Users\azure\Downloads\50c19269b7a1c75b28f1bdb10bfb303d6316617bc2321db9493b1226966d803d.exe
C:\nR6ZVPZP.exe
C:\Users\azure\Downloads\fae109dd5af72b7472657e58df8d7e1a3d7be38f9ccc8204f4de299104eaaec2.exe
C:\ELsIp9Zl.exe
C:\Users\azure\Downloads\576f037e073c9f6998a616b83418af1edd119eee010daa582d1b74652097297e.exe
C:\Users\John Doe\Desktop\9m4ktisj9k.exe
C:\Users\azure\Downloads\23ef70fcc55f19bd5ff09fe5e4ae5d79e477fe0da513a776d7ecfadc60df6556.exe
C:\knF74RuM.exe
C:\Users\azure\Downloads\5f89cced54924eb965a7917fa49af028782ee4ebb5f549cfb485a947f8d58c51.exe
C:\Users\John Doe\Desktop\pwghgp1gi4.exe
C:\Users\Bruno\Desktop\software.exe
C:\Users\John Doe\Desktop\o9u0l0g49m.exe
C:\gSiFz7aU.exe
C:\Users\John Doe\Desktop\58eyide5e1.exe
C:\Users\Bruno\Desktop\software.exe
C:\OfA31_Ke.exe
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Clean
Elastic malicious (high confidence)
ClamAV Win.Trojan.Upatre-3337
CMC Clean
CAT-QuickHeal Clean
Skyhigh BehavesLike.Win32.PWSZbot.lz
ALYac Trojan.Agent.BALW
Cylance Unsafe
Zillya Downloader.Small.Win32.228156
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
Alibaba Clean
K7GW Trojan-Downloader ( 0055c6c71 )
K7AntiVirus Trojan-Downloader ( 0055c6c71 )
huorong HVM:TrojanDownloader/Upatre.gen!A
Baidu Win32.Trojan-Downloader.Small.c
VirIT Trojan.Win32.AgentT.DYVF
Paloalto Clean
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 Win32/TrojanDownloader.Small.AAB
APEX Malicious
Avast Win32:Gepys-E [Trj]
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Trojan.Agent.BALW
NANO-Antivirus Trojan.Win32.DownLoad3.cjxpzu
ViRobot Trojan.Win32.U.Agent.27648
MicroWorld-eScan Trojan.Agent.BALW
Tencent Trojan-DL.Win32.Small.kf
Sophos Troj/Mdrop-FLP
F-Secure Trojan.TR/Dropper.Gen
DrWeb Trojan.DownLoad3.28161
VIPRE Trojan.Agent.BALW
TrendMicro TROJ_UPATRE.SMAG
McAfeeD Real Protect-LS!DA25700F283F
Trapmine malicious.high.ml.score
CTX exe.trojan.balw
Emsisoft Trojan.Agent.BALW (B)
Ikarus Backdoor.Win32.Androm
GData Win32.Trojan-Downloader.Upatre.BJ
Jiangmin TrojanSpy.Zbot.eafz
Webroot W32.Trojan.Gen
Varist W32/Upatre.RF.gen!Eldorado
Avira TR/Dropper.Gen
Antiy-AVL Trojan/Win32.Waski.a
Kingsoft malware.kb.a.999
Gridinsoft Ransom.Win32.Zbot.oa!s1
Xcitium TrojWare.Win32.TrojanDownloader.Upatre.MAUA@5rueuc
Arcabit Trojan.Agent.BALW
SUPERAntiSpyware Trojan.Agent/Gen-Injector
ZoneAlarm Troj/Mdrop-FLP
Microsoft TrojanDownloader:Win32/Upatre
Google Detected
AhnLab-V3 Trojan/Win.Kryptk.R635829
Acronis suspicious
VBA32 Trojan.Download
TACHYON Clean
Malwarebytes Generic.Malware.AI.DDS
Panda Trj/Genetic.gen
Zoner Trojan.Win32.18796
TrendMicro-HouseCall TROJ_UPATRE.SMAG
Rising Downloader.Waski!1.A489 (CLASSIC)
Yandex Clean
TrellixENS PWSZbot-FIE!DA25700F283F
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.121218.susgen
Fortinet W32/Small.AAB!tr
AVG Win32:Gepys-E [Trj]
DeepInstinct MALICIOUS
alibabacloud Trojan[dropper]:Win/Upatre.e0042d76
IRMA Signature
Trend Micro SProtect (Linux) TROJ_UPATRE.SMAG
Avast Core Security (Linux) Win32:Agent-ASIV [Trj]
C4S ClamAV (Linux) Win.Trojan.Upatre-3337
Trellix (Linux) PWSZbot-FIE
Sophos Anti-Virus (Linux) Troj/Mdrop-FLP
Bitdefender Antivirus (Linux) Trojan.Agent.BALW
G Data Antivirus (Windows) Virus: Trojan.Agent.BALW (Engine A), Win32.Trojan-Downloader.Upatre.BJ (Engine B)
WithSecure (Linux) Trojan.TR/Dropper.Gen
ESET Security (Windows) Win32/TrojanDownloader.Small.AAB trojan
DrWeb Antivirus (Linux) Trojan.DownLoad3.28161
ClamAV (Linux) Win.Trojan.Upatre-3337
eScan Antivirus (Linux) Trojan.Agent.BALW(DB)
Kaspersky Standard (Windows) HEUR:Trojan.Win32.Generic
Emsisoft Commandline Scanner (Windows) Trojan.Agent.BALW (B)
Cuckoo

We're processing your submission... This could take a few seconds.