Static Analysis

PE Compile Time

2012-07-19 22:00:28

PE Imphash

bd227ba966c127e93fe82f25f211eaca

PEiD Signatures

eXPressor v1.3 -> CGSoftLabs

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.data 0x00001000 0x00011000 0x00004dcf 7.99244881899
.ex_cod 0x00012000 0x000017e4 0x000017d0 6.17150424839
.ex_rsc 0x00014000 0x000029f4 0x000029f4 4.89795355677
.nwroh 0x00017000 0x00000100 0x00000200 3.77949376543

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x000140f0 0x000025a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED Device independent bitmap graphic, 48 x 96 x 32, image size 9216
RT_GROUP_ICON 0x00016698 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_VERSION 0x000166ac 0x00000348 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data

Imports

Library KERNEL32.dll:
0x131624ac VirtualFree
0x131624b0 VirtualAlloc
0x131624b4 GetProcAddress
0x131624b8 ExitProcess
0x131624bc LoadLibraryExA
0x131624c0 GetModuleHandleA
0x131624c4 VirtualProtect
0x131624c8 GetModuleFileNameA
0x131624cc HeapAlloc
0x131624d0 GetProcessHeap
0x131624d4 HeapFree
Library USER32.dll:
0x131624dc wsprintfA
0x131624e0 MessageBoxA
!676566765667656
.ex_cod
.ex_rsc
@.nwroh
-I\tI"z`,
wnK~Vk
'voxB\
C~xV='
$p:CF,
vk4"4^?
&|AdZq;
g+QN`U;Q
G#D>RE
Y'K9Td
'(Elt
$w6Y
0j[K>DZ
.v@l?XH
dNrGWg
UAK~%
g/b9].T
k(8d%JyR
3:3&d [
+F8pK^3
DqejtF
?=9A@m7
^1A!59
qeB)VH
KaaC\+
}']N:`:g
2QZLMB
|0'V1S\
B@XtV#
+0ll3m
gTY2,~
A@EqvuzA
r,x#kz
7rLF-Tu
k^8UZyI
!EHf!!
!#;PcE(
OM,4$A
$W7SoXv
h51Leq3
|>Z|3B
1gy&&
C-T/U%
R6~y0*
This program was packed with a demo version of eXPressor
A required .DLL file, %hs, was not found.
Error Starting Program
The %hs file is
linked to missing export %hs:0x%04x.
The %hs file is
linked to missing export %hs:%hs.
Error Starting Program
*pdw = 0x%08x
Error bad relocation pointer:
*pw = 0x%04x *pdw = 0x%08x
Unexpected relocation type:
VirtualFree
VirtualAlloc
GetProcAddress
ExitProcess
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree
KERNEL32.dll
wsprintfA
MessageBoxA
USER32.dll
ExPr-v.1.3..
D2)X>
jj@$JQ5H@I3hR[<vIR4vCH(gdi(3tt
)Ytfpe
HrCg@b
www.360.cn111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
VS_VERSION_INFO
StringFileInfo
080404b0
Comments
1.5901.1.195
CompanyName
FileDescription
FileVersion
1, 5901, 1, 195
InternalName
soul.exe
LegalCopyright
(C) 2002
LegalTrademarks
OriginalFilename
PrivateBuild
ProductName
ProductVersion
1, 0, 0, 1
SpecialBuild
VarFileInfo
Translation
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Clean
Elastic malicious (high confidence)
ClamAV Win.Dropper.Gh0stRAT-7645027-0
CMC Clean
CAT-QuickHeal Trojan.Onlinegames.P.mue
Skyhigh BehavesLike.Win32.Malware.qh
ALYac Gen:Variant.Barys.494697
Cylance Unsafe
Zillya Trojan.Farfli.Win32.97094
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
Alibaba Clean
K7GW Trojan ( 0047d1d01 )
K7AntiVirus Trojan ( 0047d1d01 )
huorong Backdoor/Farfli.cb
Baidu Clean
VirIT Trojan.Win32.DownLoad3.ZST
Paloalto Clean
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 Win32/Farfli.AAG
APEX Malicious
Avast Win32:MalwareX-gen [Trj]
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Dropper.Win32.Injector.gen
BitDefender Gen:Variant.Barys.494697
NANO-Antivirus Trojan.Win32.Inject.brokcs
ViRobot Clean
MicroWorld-eScan Gen:Variant.Barys.494697
Tencent Backdoor.Win32.Farfli.kd
Sophos Troj/Farfli-DL
F-Secure Trojan.TR/Crypt.XPACK.Gen
DrWeb Trojan.DownLoad3.17387
VIPRE Gen:Variant.Barys.494697
TrendMicro Clean
McAfeeD Real Protect-LS!AF7D9896A731
Trapmine malicious.high.ml.score
CTX exe.unknown.barys
Emsisoft Gen:Variant.Barys.494697 (B)
Ikarus Trojan.Win32.OnLineGames
GData Win32.Trojan.PSE.11TOFEQ
Jiangmin TrojanDropper.Injector.brzp
Webroot W32.Trojan.Gen
Varist W32/Trojan.WLBV-0998
Avira TR/Crypt.XPACK.Gen
Antiy-AVL Trojan/Win32.Farfli.aag
Kingsoft malware.kb.b.999
Gridinsoft Ransom.Win32.Sabsik.oa!s1
Xcitium TrojWare.Win32.Farfli.S@6jgvla
Arcabit Trojan.Barys.D78C69
SUPERAntiSpyware Trojan.Agent/Gen-Injector
ZoneAlarm Troj/Farfli-DL
Microsoft Backdoor:Win32/Bifrose!pz
Google Detected
AhnLab-V3 Win32/ExprPacked.suspicious
Acronis Clean
VBA32 BScope.Trojan.Download
TACHYON Clean
Malwarebytes Generic.Malware.AI.DDS
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall Clean
Rising Backdoor.Agent!8.C5D (TFE:1:lnX5PAbmTjT)
Yandex Clean
TrellixENS Generic Malware.dq
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Generic.AC.2713F!tr
AVG Win32:MalwareX-gen [Trj]
DeepInstinct MALICIOUS
alibabacloud Trojan[downloader]:Win/Farfli
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:MalwareX-gen [Trj]
C4S ClamAV (Linux) Win.Dropper.Gh0stRAT-7645027-0
Trellix (Linux) ACL/Bifrost Backdoor trojan
Sophos Anti-Virus (Linux) Troj/Farfli-DL
Bitdefender Antivirus (Linux) Gen:Variant.Barys.494697
G Data Antivirus (Windows) Virus: Gen:Variant.Barys.494697 (Engine A)
WithSecure (Linux) Trojan.TR/Crypt.XPACK.Gen
ESET Security (Windows) Win32/Farfli.AAG trojan
DrWeb Antivirus (Linux) Trojan.DownLoad3.17387
ClamAV (Linux) Win.Dropper.Gh0stRAT-7645027-0
eScan Antivirus (Linux) Gen:Variant.Barys.494697(DB)
Kaspersky Standard (Windows) HEUR:Trojan-Dropper.Win32.Injector.gen
Emsisoft Commandline Scanner (Windows) Gen:Variant.Barys.494697 (B)
Cuckoo

We're processing your submission... This could take a few seconds.