File identification
Static PE information
Analysis
Layers & regions
VirusTotal scans
Summary
Visibility Public
Main file's SHA256 3446703d93471046e36cc0f805472976ae3dbbfac1b694d2d76636b47b1f2f80
Complexity Type II
Packer identification (signature based) -
Number of processes 1
Number of layers 4
Packer analysis graph

File identification

General information
SHA256 3446703d93471046e36cc0f805472976ae3dbbfac1b694d2d76636b47b1f2f80
SHA1 8d86e494b9437613e30b59dcd57a988535082f87
MD5 87b1decef8edcfa341fdf51e1cc608de
ssdeep 96:KQ9cVsph7XVb/ZSpjlAX0SgBPTcAXM3r4C1kCJ7AIDy2bDCvHJsB:KPVspTZ+Ggv0NDJ7AtpsB
sdhash sdbf:03:0::6144:sha1:256:5:7ff:160:1:88:BgODFCAgKQgSAIKKCYASRAQhaAiRLhMABaAACxABoCAg4IIIUCSkECIUABMAKCAAAISKwCAAAEACiHAIIHAAAAkACZgACIJAmAEyBmAATCABSHAkQgIiSAAFGIIAAAAC0EAAABQAAAgAQCMkgMhIDCAgMQEYhikBggFIBFkEBAZgAmAIACCgAkAFoAFQAJJAABAAOxACAAgAAGBFJRUAI5EA0AAkhCWiTTSGBYQCMACBAhQJQQ0LAEAQEgGEAAAEFAIQCIgAAMgAAgAyBCCAFAAQAAAACAAASAKABgRBAQCCEYFDkRgYAAAl4gUQYIgBABCAwAAYKCACCoAcSUCaEA==
imphash 7ecdd2a42fc06db0c768d43538dcb235
authentihash -
File type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MIME type application/x-dosexec
First seen 2016-06-23 10:27:33
Size 6144
Known names 87b1decef8edcfa341fdf51e1cc608de
TrID - File Identifier
Percentage Type
15.7% (.DLL) Win32 Dynamic Link Library (generic)
10.8% (.EXE) Win32 Executable (generic)
4.8% (.EXE) Generic Win/DOS Executable
4.7% (.EXE) DOS Executable Generic
63.7% (.EXE) Win32 EXE Yoda's Crypter

Auxiliary files

Behavioural packer analysis report

Packer analysis
Complexity type Type II
Granularity Not applicable
Execution time 302s
Number of processes 1
Number of layers 4
Number of regions 6
Number of upward transitions 3
Number of downward transitions 0
Number of multiframe layers 3
Number of processes with interprocess communication 0
Number of regions that call special APIs 0
Last executed region
Process 0
Layer number 3
Region number 0
Address 0x401063
Size 2265
Memory type Module
Number of API functions called 16086
Number of different APIs called 357
Calls APIs of GetVersion* family? Yes
Calls APIs of GetCommandLine* family? Yes
Calls APIs of GetModuleHandle* family? Yes
Modified by external process? No
Writes an executed region? Yes

Potential regions with original code

Remote memory writes
Type Source address Dest. address Source process Dest. process Size
Memory unmap|deallocate - 0x3d0000 0 0 4096
Memory unmap|deallocate - 0x3e0000 0 0 4096
Memory unmap|deallocate - 0x3f0000 0 0 4096
Memory unmap|deallocate - 0xa00000 0 0 4096
Loaded modules
By PID Start address Size Name
724 0x400000 36864 87b1decef8edcfa341fdf51e1cc608de
724 0x77da0000 704512 advapi32.dll
724 0x77ef0000 299008 gdi32.dll
724 0x7c800000 1060864 kernel32.dll
724 0x746b0000 311296 msctf.dll
724 0x77be0000 360448 msvcrt.dll
724 0x7c910000 741376 ntdll.dll
724 0x774b0000 1298432 ole32.dll
724 0x770f0000 569344 oleaut32.dll
724 0x77e50000 598016 rpcrt4.dll
724 0x77fc0000 69632 secur32.dll
724 0x7e390000 593920 user32.dll
724 0x5b150000 229376 uxtheme.dll

Layers and regions

Summary
Layer Size Number of regions Number of frames Lowest address Highest address
0 99 KB 1 0 0x407b99 0x407b99
1 435 KB 2 2 0x401000 0x4079b1
2 363 KB 1 1 0x4079c8 0x4079c8
3 2327 KB 2 2 0x401063 0x407b5a
API calls
Layer Number of API calls
0 10
  Region number Address space Number of API calls
0 0x407b99-0x407bfc 10
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwQueryInformationProcess
  1 0
  Region number Address space Number of API calls
  0 0x401000-0x40100a 0
DLL Function/s
  We couldn't retrieve the functions. -
  1 0x4079b1-0x407b5a 0
DLL Function/s
  We couldn't retrieve the functions. -
2 509
  Region number Address space Number of API calls
0 0x4079c8-0x407b33 509
DLL Function/s
ntdll.dll
  1. _stricmp
  2. bsearch
  3. KiFastSystemCall
  4. KiFastSystemCallRet
  5. LdrEnumerateLoadedModules
  6. LdrGetProcedureAddress
  7. LdrLoadDll
  8. LdrLockLoaderLock
  9. LdrUnlockLoaderLock
  10. memmove
  11. RtlAcquirePebLock
  12. RtlAllocateHeap
  13. RtlAnsiStringToUnicodeString
  14. RtlDosApplyFileIsolationRedirection_Ustr
  15. RtlEnterCriticalSection
  16. RtlEqualUnicodeString
  17. RtlFindActivationContextSectionString
  18. RtlFindCharInUnicodeString
  19. RtlFreeHeap
  20. RtlFreeUnicodeString
  21. RtlGetNtGlobalFlags
  22. RtlHashUnicodeString
  23. RtlImageDirectoryEntryToData
  24. RtlInitAnsiString
  25. RtlInitString
  26. RtlInitUnicodeString
  27. RtlLeaveCriticalSection
  28. RtlMultiByteToUnicodeN
  29. RtlQueryEnvironmentVariable_U
  30. RtlReleasePebLock
  31. RtlUpcaseUnicodeChar
  32. RtlValidateUnicodeString
  33. strchr
  34. wcschr
  35. wcslen
  36. wcsncmp
  37. wcsrchr
  38. ZwAllocateVirtualMemory
  39. ZwClose
  40. ZwOpenKey
  41. ZwQueryValueKey
KERNEL32.DLL
  1. GetProcAddress
  2. InterlockedCompareExchange
  3. LoadLibraryA
  4. LoadLibraryExA
  5. LoadLibraryExW
3 16096
  Region number Address space Number of API calls
0 0x401063-0x40193c 16086
DLL Function/s
KERNEL32.DLL
  1. CloseHandle
  2. CompareStringA
  3. CompareStringW
  4. CreateFileMappingA
  5. CreateFileMappingW
  6. CreateMutexA
  7. CreateMutexW
  8. DeviceIoControl
  9. FindResourceA
  10. FindResourceExW
  11. FlushViewOfFile
  12. FreeLibrary
  13. GetACP
  14. GetCommandLineA
  15. GetCurrentProcess
  16. GetCurrentProcessId
  17. GetCurrentThreadId
  18. GetFullPathNameA
  19. GetLocaleInfoA
  20. GetLocaleInfoW
  21. GetModuleFileNameA
  22. GetModuleFileNameW
  23. GetModuleHandleA
  24. GetModuleHandleExW
  25. GetModuleHandleW
  26. GetProcAddress
  27. GetStartupInfoA
  28. GetStringTypeW
  29. GetSystemDefaultUILanguage
  30. GetSystemDirectoryA
  31. GetSystemWindowsDirectoryW
  32. GetThreadLocale
  33. GetTickCount
  34. GetUserDefaultLCID
  35. GetUserDefaultUILanguage
  36. GetVersionExA
  37. GetVersionExW
  38. GlobalAlloc
  39. InitializeCriticalSectionAndSpinCount
  40. InterlockedCompareExchange
  41. InterlockedDecrement
  42. InterlockedExchange
  43. InterlockedIncrement
  44. IsBadReadPtr
  45. IsBadStringPtrW
  46. IsBadWritePtr
  47. IsDebuggerPresent
  48. IsValidCodePage
  49. LoadLibraryA
  50. LoadLibraryExA
  51. LoadLibraryExW
  52. LoadLibraryW
  53. LoadResource
  54. LocalAlloc
  55. LocalFree
  56. LocalReAlloc
  57. lstrcatW
  58. lstrcmpA
  59. lstrcmpiW
  60. lstrcpynA
  61. lstrlenA
  62. lstrlenW
  63. MapViewOfFile
  64. MapViewOfFileEx
  65. MulDiv
  66. OpenEventA
  67. OpenEventW
  68. OpenFileMappingA
  69. OpenFileMappingW
  70. ReleaseMutex
  71. SetEvent
  72. SetHandleCount
  73. Sleep
  74. SleepEx
  75. TlsAlloc
  76. TlsGetValue
  77. TlsSetValue
  78. UnmapViewOfFile
  79. WaitForSingleObject
  80. WaitForSingleObjectEx
  81. WideCharToMultiByte
ADVAPI32.dll
  1. AllocateAndInitializeSid
  2. CheckTokenMembership
  3. ConvertSidToStringSidA
  4. ConvertSidToStringSidW
  5. DuplicateToken
  6. DuplicateTokenEx
  7. FreeSid
  8. GetTokenInformation
  9. MD4Final
  10. MD4Init
  11. MD4Update
  12. OpenProcessToken
  13. RegCloseKey
  14. RegOpenCurrentUser
  15. RegOpenKeyExA
  16. RegOpenKeyExW
  17. RegQueryValueExA
  18. RegQueryValueExW
  19. SystemFunction036
ntdll.dll
  1. _stricmp
  2. _strnicmp
  3. bsearch
  4. CsrClientCallServer
  5. KiFastSystemCall
  6. KiFastSystemCallRet
  7. KiUserCallbackDispatcher
  8. LdrAccessResource
  9. LdrAlternateResourcesEnabled
  10. LdrFindResource_U
  11. LdrFindResourceDirectory_U
  12. LdrGetDllHandle
  13. LdrGetDllHandleEx
  14. LdrGetProcedureAddress
  15. LdrLoadAlternateResourceModule
  16. LdrLoadDll
  17. LdrLockLoaderLock
  18. LdrQueryImageFileExecutionOptions
  19. LdrUnloadDll
  20. LdrUnlockLoaderLock
  21. memmove
  22. RtlAcquirePebLock
  23. RtlActivateActivationContextUnsafeFast
  24. RtlAddAccessAllowedAce
  25. RtlAddRefActivationContext
  26. RtlAllocateAndInitializeSid
  27. RtlAllocateHeap
  28. RtlAnsiStringToUnicodeString
  29. RtlAppendUnicodeStringToString
  30. RtlAppendUnicodeToString
  31. RtlConvertSidToUnicodeString
  32. RtlCopySid
  33. RtlCopyUnicodeString
  34. RtlCreateAcl
  35. RtlCreateSecurityDescriptor
  36. RtlCreateUnicodeString
  37. RtlCreateUnicodeStringFromAsciiz
  38. RtlDeactivateActivationContextUnsafeFast
  39. RtlDetermineDosPathNameType_U
  40. RtlDllShutdownInProgress
  41. RtlDosApplyFileIsolationRedirection_Ustr
  42. RtlDosPathNameToNtPathName_U
  43. RtlDosSearchPath_U
  44. RtlEnterCriticalSection
  45. RtlEqualSid
  46. RtlEqualUnicodeString
  47. RtlFindActivationContextSectionString
  48. RtlFindCharInUnicodeString
  49. RtlFindClearBits
  50. RtlFindClearBitsAndSet
  51. RtlFirstFreeAce
  52. RtlFormatCurrentUserKeyPath
  53. RtlFreeHeap
  54. RtlFreeSid
  55. RtlFreeUnicodeString
  56. RtlGetActiveActivationContext
  57. RtlGetFullPathName_U
  58. RtlGetLastWin32Error
  59. RtlGetNtGlobalFlags
  60. RtlGetNtProductType
  61. RtlGetVersion
  62. RtlHashUnicodeString
  63. RtlImageDirectoryEntryToData
  64. RtlImageNtHeader
  65. RtlInitAnsiString
  66. RtlInitializeCriticalSection
  67. RtlInitializeCriticalSectionAndSpinCount
  68. RtlInitializeSid
  69. RtlInitString
  70. RtlInitUnicodeString
  71. RtlInitUnicodeStringEx
  72. RtlLeaveCriticalSection
  73. RtlLengthSid
  74. RtlLockHeap
  75. RtlLogStackBackTrace
  76. RtlMultiAppendUnicodeStringBuffer
  77. RtlMultiByteToUnicodeN
  78. RtlNtStatusToDosError
  79. RtlNtStatusToDosErrorNoTeb
  80. RtlOpenCurrentUser
  81. RtlpEnsureBufferSize
  82. RtlQueryEnvironmentVariable_U
  83. RtlQueryInformationActivationContext
  84. RtlQueryInformationActiveActivationContext
  85. RtlReAllocateHeap
  86. RtlReleasePebLock
  87. RtlSetBits
  88. RtlSetDaclSecurityDescriptor
  89. RtlSetGroupSecurityDescriptor
  90. RtlSetLastWin32Error
  91. RtlSetOwnerSecurityDescriptor
  92. RtlSizeHeap
  93. RtlSubAuthoritySid
  94. RtlTryEnterCriticalSection
  95. RtlUnicodeStringToAnsiString
  96. RtlUnicodeToMultiByteN
  97. RtlUnicodeToMultiByteSize
  98. RtlUnlockHeap
  99. RtlUpcaseUnicodeChar
  100. RtlValidAcl
  101. RtlValidateUnicodeString
  102. RtlValidSid
  103. strchr
  104. strncmp
  105. wcscat
  106. wcschr
  107. wcscpy
  108. wcslen
  109. wcsncmp
  110. wcsncpy
  111. wcsrchr
  112. ZwAccessCheck
  113. ZwAllocateVirtualMemory
  114. ZwClose
  115. ZwConnectPort
  116. ZwCreateMutant
  117. ZwCreateSection
  118. ZwDelayExecution
  119. ZwDeviceIoControlFile
  120. ZwDuplicateToken
  121. ZwFlushInstructionCache
  122. ZwFlushVirtualMemory
  123. ZwMapViewOfSection
  124. ZwOpenEvent
  125. ZwOpenFile
  126. ZwOpenKey
  127. ZwOpenProcessToken
  128. ZwOpenProcessTokenEx
  129. ZwOpenSection
  130. ZwOpenThreadToken
  131. ZwOpenThreadTokenEx
  132. ZwProtectVirtualMemory
  133. ZwQueryAttributesFile
  134. ZwQueryDefaultLocale
  135. ZwQueryDefaultUILanguage
  136. ZwQueryInformationProcess
  137. ZwQueryInformationToken
  138. ZwQueryInstallUILanguage
  139. ZwQuerySection
  140. ZwQuerySystemInformation
  141. ZwQueryValueKey
  142. ZwReleaseMutant
  143. ZwRequestWaitReplyPort
  144. ZwSetEvent
  145. ZwSetInformationObject
  146. ZwUnmapViewOfSection
  147. ZwWaitForSingleObject
USER32.DLL
  1. BeginPaint
  2. CalcMenuBar
  3. CallMsgFilterW
  4. CallNextHookEx
  5. CharNextW
  6. CopyIcon
  7. CreateIconIndirect
  8. CreateWindowExA
  9. CreateWindowExW
  10. DefDlgProcW
  11. DefWindowProcA
  12. DefWindowProcW
  13. DestroyIcon
  14. DispatchMessageW
  15. DrawEdge
  16. DrawFocusRect
  17. DrawFrame
  18. DrawStateW
  19. DrawTextA
  20. DrawTextExA
  21. DrawTextExW
  22. EndPaint
  23. EnumChildWindows
  24. FillRect
  25. FindWindowA
  26. GetActiveWindow
  27. GetAncestor
  28. GetAppCompatFlags2
  29. GetCapture
  30. GetClassLongA
  31. GetClassLongW
  32. GetClassNameA
  33. GetClassNameW
  34. GetDC
  35. GetDCEx
  36. GetDesktopWindow
  37. GetDlgItem
  38. GetFocus
  39. GetForegroundWindow
  40. GetGUIThreadInfo
  41. GetIconInfo
  42. GetKeyboardLayout
  43. GetKeyboardLayoutList
  44. GetParent
  45. GetProcessWindowStation
  46. GetPropW
  47. GetSysColor
  48. GetSystemMetrics
  49. GetThreadDesktop
  50. GetTitleBarInfo
  51. GetUserObjectInformationA
  52. GetUserObjectInformationW
  53. GetWindow
  54. GetWindowDC
  55. GetWindowInfo
  56. GetWindowLongW
  57. GetWindowRect
  58. GetWindowRgnBox
  59. GetWindowThreadProcessId
  60. InflateRect
  61. InternalGetWindowText
  62. IsDialogMessageW
  63. IsIconic
  64. IsRectEmpty
  65. IsServerSideWindow
  66. IsWindow
  67. IsWindowInDestroy
  68. IsWindowVisible
  69. IsZoomed
  70. LoadCursorA
  71. LoadCursorW
  72. LoadImageA
  73. LoadImageW
  74. LookupIconIdFromDirectoryEx
  75. MapWindowPoints
  76. MBToWCSEx
  77. MessageBoxA
  78. MessageBoxExA
  79. MessageBoxTimeoutA
  80. MessageBoxTimeoutW
  81. NotifyWinEvent
  82. OffsetRect
  83. PeekMessageW
  84. PostThreadMessageA
  85. PtInRect
  86. RegisterClassExA
  87. RegisterClassW
  88. RegisterWindowMessageA
  89. ReleaseDC
  90. RemovePropW
  91. SendMessageTimeoutW
  92. SendMessageW
  93. SetCursor
  94. SetFocus
  95. SetPropW
  96. SetRect
  97. SetRectEmpty
  98. SetWindowLongW
  99. SetWindowPos
  100. SetWindowRgn
  101. SetWindowsHookExA
  102. ShowWindow
  103. SoftModalMessageBox
  104. SystemParametersInfoA
  105. TranslateMessage
  106. TranslateMessageEx
  107. UpdateWindow
  108. UserLpkPSMTextOut
  109. WaitMessage
  110. WCSToMBEx
1 0x407b5a-0x407b98 10
DLL Function/s
ntdll.dll
  1. KiFastSystemCall
  2. KiFastSystemCallRet
  3. KiUserExceptionDispatcher
  4. RtlImageDirectoryEntryToData
  5. RtlImageNtHeader
  6. RtlLeaveCriticalSection
  7. RtlTryEnterCriticalSection
  8. ZwQueryInformationProcess

Static PE information

General information
Overlay size No overlay
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 04:25:45
Entry point 0x407b99
Imports


DLL Function/s
KERNEL32.DLL
  1. ExitProcess
  2. GetProcAddress
  3. LoadLibraryA
OLE32.DLL
  1. CoInitialize
OLEAUT32.DLL
  1. VariantCopy
USER32.DLL
  1. MessageBoxA

Exports

PE resources

Resource #1
Type Size Name
data 744 RT_ICON
SHA256 4529baa5fb0beafd051e8eaebfa4fd9a304a6b4f423c25758e3dfe889353e4d5
SHA1 67176fa424623bc69114ab6a9f020f20d55a8d78
MD5 b3b59b1d5eac13a8f82252eefcd52b42
ssdeep 12:UEipZjeB1nlbaHeIq2dd5wFJIF1M/pFJ2yfFFvM9RRZums8fUNi4QaKDt0:UEiCDEeIq2dXeGFuP2BXHps2UNkK
sdhash sdbf:03:0::744:sha1:256:5:7ff:160:1:7:AAAAAAAAAAAAAAAIAAAAAAAAAAAABAAAAAAAAAAAIAAgAAAIAAAAAAAAAAAAAAAAAAQAAAAAAAAAgAAAAAAAAAAACAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAgAAAAAAAgABAAAAAAAAAAAgAAAAAAAAAIAAAAAAAAAAEAAAABQAAAAABAAAAACAAAAAAAAJAAAAAAAAAAAgAAAAAAEAQAAAAABAAABAAQCAEAAAACAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAIABAAAAAAAAAAAAAAAAAAAAAA==
Resource #2
Type Size Name
data 976 RT_VERSION
SHA256 e8b1f36e13a66e0978a670cf0df0fdb1aadfc79d248a04436ed6974f893894c9
SHA1 a01a6ea13eb8b15b1e016a6cec87705a72be5bd0
MD5 08ed25dceddf9b94d60281521b29d9a3
ssdeep 24:wDPNIbzWLkbDfllNrRg+NNnb1dbDeX4kNvL1bDa5Z3rk+rwCPNhD:qVI/WefllHg+XxlmaHMOF
sdhash sdbf:03:0::976:sha1:256:5:7ff:160:1:18:AgIABCAgAQgQAIAACAAARAQgQACAAAIAAAAAAAABACAAoAAAAAAAAAAAAAIAIAAAAAAAQAAAAAAAAAAAABABAAEAAAAAAAIAAAASAAAASCAAACAAQAICAAABAAAAAAAAAAAAQBAAAAAAACAAAEBAAAAAAQAIACAAAABAAEAAAAAAACAAAACAAAAEIAAAAABAAAIAABAAAAgAAABAABAAAgAAwAAAAAAAABQAAAQAEAQAAAQAQQABAAAAAgAAAAAAAAAACAgAAAAAAAACAACAEAAAAAAAAAAAAAAAAAQAAAAAAABCAAgIAAAhAAAAAIAAAAAAQAAAAAACAgAAAQAQAA==
Resource #3
Type Size Name
MS Windows icon resource - 1 icon 20 RT_GROUP_ICON
SHA256 a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf
SHA1 a022d5c1cfdd8aace0089f3e72f2eedd41bda464
MD5 42cf62b780813706e75fb9f2b2e8c258
ssdeep 3:wX/sn:9n
sdhash Not applicable

PE sections

Section #1: aUSv0.5
Name Type Entropy Raw address Raw size Virtual address Virtual size Flags
aUSv0.5 Data 0.0 0x6000 0 0x1000 24576 0x20000000, 0x7fffffff, 0x80, 0x40000000
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
MD5 d41d8cd98f00b204e9800998ecf8427e
ssdeep 3::
sdhash Not applicable
Section #2: aUSv0.5
Name Type Entropy Raw address Raw size Virtual address Virtual size Flags
aUSv0.5 Data 7.7036 0x1000 3072 0x7000 4096 0x20000000, 0x40, 0x7fffffff, 0x40000000
SHA256 5ea1a71cf86e6d469a1216460092e440d2ae8b14f270e89cf1316545de501c77
SHA1 0779c6fb2e5132e4111e064589c144a887cb4151
MD5 203271ad04961f0f2fb1aeacc78628bd
ssdeep 48:7HYlePsphBBXQkb/H5/KzicMLgUGwIiXX0SgBPpxcAXBZ433k1O+mVNBgFO91JW0:7Vsph7XVb/ZSpjlAX0SgBPTcAXM3r4Cf
sdhash sdbf:03:0::3072:sha1:256:5:7ff:160:1:48:BgEDFAAgKAAAAACCAYASAAABSAgRKhMABaAAAgABgAAAAIIAUAQkAAIUABAQCCAAAACIgCAAAEAACDAIIEgAAAgAAZgAAAAAGAEgBiAABAAACAAkAgAACAAECIIAAAACkAAAAAQAAAAAAAAkgIQACCAgIAEQggkBAgEIABEEBARgAEgIACAgAgAAAAEAAJIAABAAGwACAAAAAAAFIQUAAYEAAAAkBCWiSSACBIACIACAAhAIAAkIAAAQEAEEAAAEEAAQAIAAAMgAAgAyBCAAAAAQAAAACAAASAKAAABBAACCEAEDkBAAAAAE4gEAQAgAABCAAAAICCAACIAESEAKEA==
Section #3: .rsrc
Name Type Entropy Raw address Raw size Virtual address Virtual size Flags
.rsrc Data 3.44702 0x1000 2560 0x8000 4096 0x40, 0x7fffffff, 0x40000000
SHA256 2a4608767c817de1dc23cf3b15eb5184669e5b00bd52789fb2b6a3f21eda4e37
SHA1 958b87fc6031205bdc6e0df376abc47a38eefbe7
MD5 9ad15c4d13b3e3e873999d3f425fc4ea
ssdeep 48:pZAEJFc2Nps284VI/WefllHg+XxlmaHMO+B:pDy2bDCvHJsB
sdhash sdbf:03:0::2560:sha1:256:5:7ff:160:1:33:AgIABCAgAQgSAIAKCAAARAQgYACABAIAAIAAARABICAgoAAIACCAEAAAAAMAIAAAAASAQAAAAAAAgEAAADAAAAEACAAACIIAAAASAEAASCAAQFAAQAICAAABEAAAAAAAAEAAABAAAAgAQCIAAEhIBAAAAQAIACEAgABAAEAAAAIAACAAAACAAEAEoABQAABAABAAABACAAgAAEBAJBAAIhEA0AAAgAAAABSEAQQAEAABAAQBQQQDAEAAAgCAAAAABAAACAgAAAAAAAACAACAEAAAAAAAAAAAAAAAAgQAAQAAAYBCAQgIAAAhAAQQIIABAAAAwAAQAAACAgAYAQAQAA==

Virus Total scans

File: 3446703d93471046e36cc0f805472976ae3dbbfac1b694d2d76636b47b1f2f80

Scan date: 2016-03-02 11:50:18
Antivirus Result Update
Ad-Aware Trojan.Tdss.2987 20160302
AegisLab Goodware 20160302
Agnitum Goodware 20160301
AhnLab-V3 Goodware 20160302
Alibaba Goodware 20160302
ALYac Trojan.Tdss.2987 20160302
Antiy-AVL Goodware 20160302
Arcabit Trojan.Tdss.DBAB 20160302
Avast Win32:Malware-gen 20160302
AVG Dropper.Generic2.AHGK 20160302
Avira TR/Crypt.ULPM.Gen 20160302
AVware Trojan.Win32.Generic!BT 20160302
Baidu-International Goodware 20160302
BitDefender Trojan.Tdss.2987 20160302
Bkav HW32.Packed.EF5A 20160301
ByteHero Goodware 20160302
CAT-QuickHeal (Suspicious) - DNAScan 20160302
ClamAV Goodware 20160302
CMC Goodware 20160301
Comodo Packed.Win32.MUPX.Gen 20160302
Cyren Goodware 20160302
DrWeb Goodware 20160302
Emsisoft Trojan.Tdss.2987 (B) 20160229
ESET-NOD32 Goodware 20160302
F-Prot Goodware 20160302
F-Secure Trojan.Tdss.2987 20160302
Fortinet Goodware 20160302
GData Trojan.Tdss.2987 20160302
Ikarus Goodware 20160302
Jiangmin TrojanDropper.TDSS.xk 20160302
K7AntiVirus Goodware 20160302
K7GW Goodware 20160302
Kaspersky Goodware 20160302
Malwarebytes Goodware 20160302
McAfee Artemis!87B1DECEF8ED 20160302
McAfee-GW-Edition BehavesLike.Win32.BadFile.xh 20160302
Microsoft Goodware 20160302
MicroWorld-eScan Trojan.Tdss.2987 20160302
NANO-Antivirus Goodware 20160302
nProtect Trojan/W32.Agent.6144.IC 20160229
Panda Trj/CI.A 20160301
Qihoo-360 Win32/Trojan.b87 20160302
Rising Goodware 20160302
Sophos Mal/Generic-S 20160302
SUPERAntiSpyware Goodware 20160302
Symantec Packed.Generic.154 20160301
Tencent Win32.Trojan.Tdss.bzkb 20160302
TheHacker Trojan/Dropper.TDSS.dti 20160301
TotalDefense Goodware 20160302
TrendMicro Goodware 20160302
TrendMicro-HouseCall Goodware 20160302
VBA32 Goodware 20160302
VIPRE Trojan.Win32.Generic!BT 20160302
ViRobot Goodware 20160302
Zillya Dropper.TDSS.Win32.3833 20160302
Zoner Goodware 20160302

Comments