Visibility | Public |
Main file's SHA256 | ecae6a2f3690f1b7ce565c2b2ac19ad37ade638cc75f04b275595d86d5d9e679 |
Complexity | Type IV |
Packer identification (signature based) | Upack_v0_39_final_Dwing, Upack_V0_37_Dwing |
Number of processes | 1 |
Number of layers | 3 |
SHA256 | ecae6a2f3690f1b7ce565c2b2ac19ad37ade638cc75f04b275595d86d5d9e679 |
SHA1 | b1b784356e5681ebda9b4379f5b30520c35a4447 |
MD5 | a5ac6e69ce2e16841e8ca044fbf7ca5a |
ssdeep | 3072:J0tum+/BgjLA8Hc8OyAFGO4hwZUFcqJY2ZL4jy12+j9/ouG/o4YXOauj:SLFPAOc8Tc7Uu4Cs2+u/Fzj |
sdhash | sdbf:03:0::185776:sha1:256:5:7ff:160:19:116:gJCgj1GRSAAGUuFgogAAAGYsKQlBIiQAcGXPPgASAGwj7aSauSKQkQAAcdIbitkzSShoBMGJiaRbCCMDESxQIIgsXgsEmcABSAGmACCCgykCBAjKAZdwQAeAOaSwhh0Q4ICgEJ1BOALpwmDoFQAnEsjhDYBMoCpYseQQkEgUowxBAofAsJMEJCRSIAISYhGQhQBhhDDGJCCJhCNZQNkUESAixaBKGgaKAqG0YcwkKERELg61aAGQIBRCCDBcKCFOqULUBAsMAaABZHsF4DxM0JTYAhNJWFkvWzIii3IACGEbJQCO8DE6q8AIrAZcsBUjJCAn0HfDEA4CHEICYMfD6AyRQxQGt0IAAhIO+cCPBTeg5/oA6xAY+I0CwI1AwWhgUBACAbIFMBAlCgAAnqACyIIAIQpoEy6KLQITiEYLzgoIAAiAAXQQAUZAEA00EkVicFHAEMiwmsdC0MiAEcoilJLaSpU4YBIyqSAGEMCQlKAhoA2MiCASIyUKktIAk1AICsgGqxpAFAI4wgxynikGaJjDEAwIqQTAxiCCWuAAOEAeBCkB1iiASJChUgRMhxRaAWaDAUbymIgzOAEBZIUgTcoY1AI0BTKcZGEbaUIhiWUdaimMwsJA4AkhQAWNqISGKEahNghsHsYWWgTkkSIwShGSQECGBCgkpyWhRykhAhAtSSCQukCHJAiSHhvcTwqWFhKIkS4kgEQgCj6qpIADLCWR5CqlvRAExiChOdosQhtiJMkwQ5lVQBEUQQOCyAMJhKqSaIJAAgQ5YQI49ZgkemjQcRrhTAADNGAUVFUgKgCRwMvEYQyAzGRAQaEGKAgQY4FJxUjyAMyAOkQWhhvEmEq1BBTAAAABKmEeWCAnFLAZUgiMEgKmQFMgAQdngAACGHigL4DmjQIYDgAhFImCAkGhAZmGGIKJKVVEIyA2s8QAFGLZIgWUrEmSe5HHAYEKSmjAEoKBYhNE6QRDJCmQIQohzoETEFQNEEwC0SSWIKo0MEQgqViAlVBYsNQUIZIAClEEAY6KgFITmGopGUpEgYCqkhAYRBDBgibOoQy4GCjOEAjmBUiOAIyMCZgYoUwIDBlGEIK0g2Uh4sgBII09oA1MJMQAgAHBhAwAwHZwqhBECgRIPKIYiCsABCAANJIgyJgBpAQCIz0Q8BieoEARpoQsQ6EKEVFFB0IYJoGFWsnkR7TQDQONCZMPwEvrEPQNAygSIkiVlFCB1RpgInSfkCCijYaAQCKxEEMkEYCgiNhQJUhSE1FSRA2MHMDhhIcgEIOEjBCCBAQQjA7QAii8WCFEEYAPR2M9EBkZLJjAKUEXIFFFpAFEDBYBGTRSADMUAaAZGRVlNrQAIhNEYgMEhI7QRAVRAICvoHwyDQnAwyDkOwBiFTJahQClaFGgKhWBgAMAWkr14FgwIFXs0IAJGNIMWgEAGAFERbAA2QVViGkm6BAElAOBmMRSUwqZFIsgAUOYECgSIJzAKAlJCAgUVCYCsAIMEARTGc9QhEEH0SPrIEEqr1MTSuSn0KP0uigAGW8ICGATlIECoREBIIyRYQkQBJDANU0JGUMIGfAIEyhfVkCIGQYNQKAjpIQHEBZPGGFAFMNAAYFIc6IMFCNBESL5GQQgAxKAGrGRUqFgRiwAupCHhuGGAjgANYAUAMSQkRKEgvMgNhFTBQ2DJbII0gYkMbBGRGnQwASE2Agku8A3ZApwFAv4AcsADI61EcAMTNSyEKANx6yYtQiBJyqAQyD6CsYMBhsAAaHAAIDCoZAMAAQMCBCvPglwE5yGMlHLEmEjthwI2Q4EBSgAUOViD4whkAHMABNR0KBKAJUCCI4uIICKAxoIkyIBDGUi0BoAcjkoA3EAUikSRGO0HZAsDhSwDwFICD5GEABhmBwWIAGM8tGCZcCzhOQAACAEEJIYQSKrSCmOkocwgFRkUCEACZ4EoRCRIeJQ3jgJQAoE9NBupoIyWBTMAo6uBgiMAYYISBGGw0maAJB8XAOEkTGSMLgu4EbEAWIJoGQCcDgUAAEOIJbCQbAgCgpcg9KRDcAAAYCSAVAwECBARw1ACuxmqf8AAG2FOYQmAIVAkikQjDVgIGcoiwAAJRArCHRWGAyMpyxBYi5woIiUUBp8aeQB8tyJAIxXUMJgSERkAIKQ4CTAQgAAlWluQQBgWJEOBRxkiAeCAdJZYgDTEp0gCMBoNIYBATFODkQPOBQQQHskQlhATBoBXmJcxlFAioC9GAAdQjATBCBjkQEjFRP2VFTAHaVDAOGC0AC6dk7c2mCAkICYPQiBA0BAAh0QJQlE4FrrBBXFIgCBGglAJGE2FCBNXICyMoDgWRCTAcTLirUGIoNLAz6SgS4SB6DSApHYBnxCEmIREpAFAiQpmC2QzkURYFMDjgCSujPCARcAI+VAwThuO1lqZsNBEGMScTAF8AICuIYpJJhhgAX5ZmBsaIAhkIgBY1QgQSlAlMAKOZAg4lhhCACSBAZAAEV4a8EQYUQAFSRBVAKgdGdKQtcAFwAACq6bCDA4BIwI5AJodW2EaBRGARCSyQGKwkxIiFSJEUCR6JaA2XGDVKEM6cAMAAIJxcIywYCAowqoRAwAUnADtOsZEMBWAgAACsPI0CBQQAX1m8BuAEIABGgE1CQxuAmBUDQAZKQQZqhAQIB8HQnGIMChQKAhAOCeFEVcJYpUTRlAlKu1t4gAaQDSaFnPIAwesSGCVlhFwA5AATrAZY1KsXgJCTGdyFBJAEACDEQST0ZcgSFIJLBJCh2cpCqAKPDDquLVRgLKowESEYmCqVUEIQkpSAz7QSYkFq0MKGWkgWQZEMgIABkGQUOTsA21RAUACkV8KRCA1wQlrYINoismcIDsKAjaCmxsHC9XZBAkKJcIGiaEPyImkoBlGEEADpWEKT3hwSIphgkKiAOYAjIJECAAREDGckSCSWC4YhPHOHJxORUIAIkUeCgJIBZ9AYEDgABhBIIkRQBkGkANDgBUsGARJolGAok0ABjC80mNHBAfuKkAwIIaUmzBQKyCdooDDLJYcFxIyiZIDBMBwyoYAEYVOIUwIEjRgAgBiUAQAiAF0Gqc7ApvjIwEgwZIJgaVAzKg3YQVAUEwCKWAjBHRIgI36A9CiHEHLERQIDaUEA0whRpAQEhsCALLKCBI1DLNTmQEjwTQg8LSkAchhIEytSGAdFYAMGAFCovABEaoMIQydILFggAEQlBAyJiFAQyAGKEC4lUQAxvsbKBCzB0gCAAEIVXQAdEIQQpy4YJJaQw+BUKjAIXTSHSpKHBTwUBCEgUAQw+g4lABE4AMgFZgYSgwh6QBbFLDeDHSoAiaIgRSFAAImUIdIIGaQmF5KBilBKAYaABgApJZOKAxElJugQsD0BTRBEQHDmIRAIhoqcBgSDgUJZQAQIQM+JToc1GAQcRmx4MIwANNlgCQAIAkAIpOCiTE2AICOWYoSiobFiGHGUkKOEQUBQIAYUQFKGXp0nD9AQIMVGsBSFiSkABAYAQMWAAAU1gKncAC7YVAQMxY5TDeFBASqCEEqkgyBBiwP1YAjujDgQZgAJIQ5EijqERwPxYACKaiS8gghCMBECbESyMjBvjFD0AHRCSMBiKhSEBMlUlBIIhIIpCO2CgoCJAwijLNBkAnmICgjA2ATIhgRIAz2GgAdpBMBCFSHKBAYDFAlPaGIA6wiIgLNgAMhZDpIVDwkYMEZ8yPgKUlApgBBJSihHNSGgjdMxC8CEAzVcgAEgoIzcClFEJi9JYtapAAFSwpAruSlBAIQkMsAjgM+URwIcA1oiFRkoSAVCuHah2plcQDEtOJoECAqmCiKIiqDQ5AB+08ACFUooIKAVUksIGFWEAvALgLCEi1RRAET4uEBDAOQBO/zB5wJGQjzMiQBQHwRCBAA0sUGEx4RuJHPUKCPWMDDBPIUCDABbBSAaMsLQAlRAzcwkQNqoBIl8AZiaFACs0IABjIgAKoXjFAIJRCwlsAEdRpwgIgAHgEEWRT8UaCgCQJYpURJRTYDwADSCdABAoI3M50EDlAlNBgQBGseQgAYyGA0KAgEBsGioACQAQnAwCgRNDUQ8EoYoPVa0YYDQZaPj6RBKDNtREqUHMgBlFAVr5sQhAwkWhQBMZDCSAYAS2BqKFhJhkjIgogDIJqIoRAoSJKIvRbIAqElEgnI5QUiAq8DCAFlobAC1AEBQgwK2SixyYEgIZiuLogQTAYWAYa1DPIUp3wgKaAJKO8rhwwAGEAwIgh0CGM0LgCSAAIjNTFgRbgJggizSlCgxAljIFsCWYXKy0QkpArC0EAAGSFE5VUA2wlgzIcAIMQQcgBIhINxALlYQ4QRwBkuEoEUFgSRhMjiCLjQxkiiqAILlEUVEIEpCxIOJeAwiQEo4R0ilQALaRCITAwR4BHIJIDtBtGp4BG8IB5RAMEedLIpzipgFkwQABghHROGFkal4MIQByBUZViYYAwhJAE0AAAJJAQEcABwQSpYj8sJQgQgTorCkGDtsyhtEA41lVhDJSnIJDKrYEcVxIq2ARcFDozBiOQACuBC+gkiYyFVQsIOCwIAw4QHeAehAoBoRBlAIACwEIQhj8YeYkBiAwBzhRgSnPYADoAzOFuY0BBWoUAGLDiEsHWQCDCQWDCSJ6AFzSMIeYCYIQdL1hMCXWqtjG4gF0AQW6IKgyAY0KgDkAAwwCKlU4RA4CQAUCCNiA6mkUBZEQZhrAQScgUhBgAQJcYYAUIMIKVlAQDgCgISmAmIF5IF2FSAQCIZBKhoSgigSBkEAAtiiAAGiG+gIG1QEGICIMhuA2AjCNVRyAOwaYC0hCyGCFBAkNJKSiBRSOeAARicASVCySlbAhMgCG+yagQoADAKkCADi3dWCo0gYoggkCAAMN/RACJBJVBYUyBCmREWwpiP+gM4MuACBj5HJA8MBCQYJVEHukitgyoAbmIRlLCiRiSULBEYcgBBmsRoREIKNK4qCCCAIWEAgE0gGGQZKBEM1woIQRUhiALOIxoF4uEIC4HKIUQDJBRSWEYAAROUpSSjGmMgBcAMkR6kAo6IoSS+BgM6BASFwRIYQcTpgZgKlSwAlKQEsASFGZMiCAVZFEPBBCkLQIBQaego6qBYQ8UDBWCQRBg0lIAABDgJQAQiUBABMQCiVeGcAKCAIEtAZAqInZMcBLT4CrEBoAQmAYhLAAgBQwo4gAKQMQXEGkJCDyCCWgeMymAqKhG8ABDJBgDYD6GTfYAAJpBGgqxCzgBgeDVg2MoBBCmoMYA3CEC2EBGaUkSEmUWjQcSFQQGKRGQSCe6MoCGqYuXwGwMzIfE9O0HkpIFHwgxEANXspwOBQABRIJUGUgG5EMwEjDI2HDAUZJDsZIRQAFzgx5aDIAEqLEzTyMFgMAARzH6xsUIEESKC5EEEVSE4O5S0gEfJwEbhIpwiiITUIwDBRQYGG4hQhATwGsepErEFgDA5CRCAhMQMSYBEnWAAGYBECAqKE0paUJVAhARjRNkQMABQmByApgjJBCECQQuGNRgBsOylQqBBYDrEsGXcaDrgC5HhgJQVDGiFiCGGBiIEEhpAgAIgBIUYYhhBVEEZin8iEqRCIQskJEJooIRiCCxC0AaBBUhAD2MvQAT0cmMsGEAA9SNIF+BQQBIC1CJigDgKBANP8gWjpIHKg2BDQO2EQDIQeIq0RgfyHgRBMkAChSrFINVu6IlmmoDhZDGPgKSsjEEkONHAwSIzhiBwhZsYoQVMiYBEE2LCDwIYKEXMpOEAUIRAABA4AIQIGZKjAAtBQIOYEqEFUCABEbYFKoiMANApnC4qCwFbEbqSNhAu4Q5EouWPRRMLILBOF0QE1gkSVBqloP1AmAtETyaCCIClgZwCioa6rKxySEAsgAkUJwIGwgKTCjqIQ61MBMwwQAAhNlApLIZMTVAKIBIUBjmALDCgASaAm8MSZmGZaCgR2dJVXusUCQASAAJCgkQYSIABIOBQ0cawQAEAADSkCAAAEFRSBBJAJWbpAzRVlRxECRQEKMAQBAiASeOKBjttrLSEEk2whUoAhIIA+JCAwQYoB4EMuTNMgQgbiIRdUhAIAsK4mGlSIjQwJkVhAIEZATBbEppYfAmgQFKClBhtCOOgoo0NBYCCgAIkoJWAU7FIk6IE4EBAEgirAeHBCSHKhAAGYAACEggUMEgEAggkLMhYAWAAALIxgkVIEE4wgYgkhIJMAKAJgACgIHwQElJEMUQAFzAAgwAI0IEAwh7KNiDAAGAgAARYEScAgACxAhKECBCAItUhIjKcQE4OKNgIgAwWCAJYkQgwAORJkAZAAQARA8AwkQiJEggBAHCYAUSxxAxB5DAAAwEGgFgCBpEFKAFwaCeKphApUASBACBAgABJREIBSOBARIFLkWABCAwYgABQRKqGABABRMKDAABTSRUwECIAR4zQRBCTSAJGZUAFAcQQhYYCBiAQIAMRgQUkAgFUkFFjIDAjiKC0DCEgsEqmlCADXQAKRoQUAAoGA== |
imphash | - |
authentihash | - |
File type | MS-DOS executable, MZ for MS-DOS |
MIME type | application/x-dosexec |
First seen | 2016-06-27 09:18:35 |
Size | 185776 |
Known names | a5ac6e69ce2e16841e8ca044fbf7ca5a |
Percentage | Type |
100.0% | (.EXE) DOS Executable Generic |
Complexity type | Type IV |
Granularity | Not applicable |
Execution time | 302s |
Number of processes | 1 |
Number of layers | 3 |
Number of regions | 22 |
Number of upward transitions | 462116 |
Number of downward transitions | 462114 |
Number of multiframe layers | 2 |
Number of processes with interprocess communication | 0 |
Number of regions that call special APIs | 7 |
Process | 0 |
Layer number | 2 |
Region number | 3 |
Address | 0x40d73e |
Size | 7478 |
Memory type | Module |
Number of API functions called | 7709 |
Number of different APIs called | 268 |
Calls APIs of GetVersion* family? | No |
Calls APIs of GetCommandLine* family? | No |
Calls APIs of GetModuleHandle* family? | Yes |
Modified by external process? | No |
Writes an executed region? | Yes |
Process | Layer number | Region number | Address | Size | Memory type | Number of API functions called | Different APIs called | Calls APIs of GetVersion* family? | Calls APIs of GetCommandLine* family? | Calls APIs of GetModuleHandle* family? | Modified by external process? | Writes an executed region? |
0 | 2 | 18 | 0x46b000 | 1318 | Module | 363 | 50 | No | No | No | No | No |
Type | Source address | Dest. address | Source process | Dest. process | Size |
---|---|---|---|---|---|
Memory unmap|deallocate | - | 0xfd0000 | 0 | 0 | 4096 |
Memory unmap|deallocate | - | 0xfe0000 | 0 | 0 | 4096 |
Memory unmap|deallocate | - | 0x1070000 | 0 | 0 | 4096 |
Memory unmap|deallocate | - | 0x1080000 | 0 | 0 | 4096 |
By PID | Start address | Size | Name |
724 | 0x400000 | 671744 | a5ac6e69ce2e16841e8ca044fbf7ca5a |
724 | 0x77da0000 | 704512 | advapi32.dll |
724 | 0x58c30000 | 630784 | comctl32.dll |
724 | 0x76360000 | 303104 | comdlg32.dll |
724 | 0x77ef0000 | 299008 | gdi32.dll |
724 | 0x7c800000 | 1060864 | kernel32.dll |
724 | 0x746b0000 | 311296 | msctf.dll |
724 | 0x77be0000 | 360448 | msvcrt.dll |
724 | 0x7c910000 | 741376 | ntdll.dll |
724 | 0x774b0000 | 1298432 | ole32.dll |
724 | 0x770f0000 | 569344 | oleaut32.dll |
724 | 0x7e1e0000 | 139264 | oledlg.dll |
724 | 0x74dc0000 | 446464 | riched20.dll |
724 | 0x73260000 | 20480 | riched32.dll |
724 | 0x77e50000 | 598016 | rpcrt4.dll |
724 | 0x77fc0000 | 69632 | secur32.dll |
724 | 0x7e6a0000 | 8523776 | shell32.dll |
724 | 0x77f40000 | 483328 | shlwapi.dll |
724 | 0x7e390000 | 593920 | user32.dll |
724 | 0x5b150000 | 229376 | uxtheme.dll |
724 | 0x76b00000 | 188416 | winmm.dll |
724 | 0x72f80000 | 155648 | winspool.drv |
Layer | Size | Number of regions | Number of frames | Lowest address | Highest address |
0 | 609 KB | 2 | 0 | 0x401018 | 0x49b220 |
1 | 143 KB | 1 | 1 | 0x49b3a9 | 0x49b3a9 |
2 | 94340 KB | 19 | 19 | 0x402516 | 0x46b000 |
Layer | Number of API calls | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
0 | 0 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1 | 21224 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
2 | 19374 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Overlay size | No overlay |
Target machine | Intel 386 or later processors and compatible processors |
Compilation timestamp | 2004-01-24 00:39:42 |
Entry point | 0x401018 |
Type | Size | Name |
empty | 184 | RT_RCDATA |
SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
MD5 | d41d8cd98f00b204e9800998ecf8427e |
ssdeep | 3:: |
sdhash | Not applicable |
Type | Size | Name |
GLS_BINARY_LSB_FIRST | 1128 | RT_ICON |
SHA256 | a601f901dda1ec5422264b7c08fe8fd0f5654ba358802c2b1da331c8507ac77a |
SHA1 | dd1b3f4b879b07df52d94646ae5d11a3f6a5ad4c |
MD5 | b23f741c4627640d11a5477ba464c265 |
ssdeep | 24:tYSm6Zq6KWRx19X0uyCd3UvTmw3hyLbe64tsUHn:OW5KWRx1JBz3VbeGUH |
sdhash | sdbf:03:0::1128:sha1:256:5:7ff:160:1:17:BAAAACgAAAQAAIgABAAAAAAAAAACBAAAIAgEAAAAAAAAAAQCAAAAAAAAAAAIAAAYYAAAAgAAAUAAAAAAAIgAAAAAAGCAAAAAAEAAAACIACAAAAAIgUAAAgAAAAAEAAAAAAADAAAAIAAAAACAAAAAAAAAAAAAQAAAAAgAAAAgAAAIAAAAAAAAAAAAAgAgAAAAAAAABBACIAAAAAABAAAAAAAQACAAAAgAAAAAAAAAEAAAAACIAAAAAAAAAAAAAAAEAAAASAAEBCABAAAAAAAACgBAAAAAgAAAAAAAAgAAAAAAAIAAEAAABQBEAAAAEAAIABAEACAAgAAAAABABAAAAA== |
Type | Size | Name |
MS Windows icon resource - 12 icons, 48x48, 16-colors | 174 | RT_GROUP_ICON |
SHA256 | d2d8ccd68849e94ea6b84f6835d0fe98ffa5c11e74a1138529e3c0b8d8edfe60 |
SHA1 | 92235b3d49fd27218a58fbfad27ad6a619b54ffb |
MD5 | 9f09cf7bb38a28604b82294714b5aff8 |
ssdeep | 3:wVwgSX/l99wPFszNIPPlk0/klX6mvG3wX5sffaf/vHlXluO1:gFszWPm0/klX6mujCfxH |
sdhash | Not applicable |
Name | Type | Entropy | Raw address | Raw size | Virtual address | Virtual size | Flags |
PS??? | Data | 5.51753 | 0x6d000 | 496 | 0x1000 | 446464 | 0x20000000, 0x40, 0x7fffffff, 0x20, 0x40000000 |
SHA256 | 2bdd23dc97b6a5cfcc0a99639ec874fd35450f24358a343ab05d2462548c697c |
SHA1 | d9e2de62ad038ca23540afa885ee0cdf8ee6ea99 |
MD5 | c65987bafc892e9dcb87950e79dee885 |
ssdeep | 6:yc1HkpKSlsgYptpUcVrkoZ3QBlcVa2kjI/Vg0lUlSG2l3ETHlHX2XvslIB:yskk2ct7FJUSwZ3c8SG2l3ETuElIB |
sdhash | Not applicable |
Name | Type | Entropy | Raw address | Raw size | Virtual address | Virtual size | Flags |
Data | 7.83474 | 0x35000 | 185264 | 0x6e000 | 217088 | 0x20000000, 0x40, 0x7fffffff, 0x20, 0x40000000 |
SHA256 | e8449b4714351ad3d3c009dc4063c1bcf3084c0ee6382f2e9e4047ee6ec1ba09 |
SHA1 | bc8f5d2323e4c6eb637168157af1d8534b799216 |
MD5 | 782a70071ad8041c309f9e1d0d3922c7 |
ssdeep | 3072:Ntum+/BgjLA8Hc8OyAFGO4hwZUFcqJY2ZL4jy12+j9/ouG/o4YXOauj:NLFPAOc8Tc7Uu4Cs2+u/Fzj |
sdhash | sdbf:03:0::185264:sha1:256:5:7ff:160:19:111:gJCiD1G1SAAGUmNgogAAAmYsKQlBIiQAcGXPvgASAGwj7aSSuSKQkQAAcdILitkzSShoBIGIiaRbCCMDEQxAIIgsXgsEmcABSAGmACCCgykCBAjKAYdwQAeAOaSwhh0Q4ICgFJ1BOgLpwmDoFQAnEsjhBYBMoCpYseQQkEgUowxBAofAsIMEJCRSIBKSYBGQhQBhhDDGJCCJhCNZANkUESAiwaBKGgaKAqHwYcwkKEZELg61aAGQIBRCCDBcqCFOKULUBAsMAahBZHsF4D1M0JTYApNJWlkvWzIii3IACGEbJQCO8DE6q8AIrAZcsBUjJCAn0HeBEA4CHEICQMfD6AyRQRQGl0IAAhIM+cCPBTWg5/oA6xCY+I0CQA1AwWhgUBACAbIFMBQlCgABnqACyIIAIQpoEy6KLQITiEYLzgoMIAiAAXQQAUZAEA10EkVicFHAEMiwmsdC0MiAEcoilJLaSpE4YBCyqSAGEMCQlKAhoA2MiDISIyUKksIAk1AICsgGqxpAFAI4wgxiHikGaJjDEAwIqQTAxiCCWuAAOEAeBCkB1iiASJChUgRMh5RYAWaDAUbymIgzOAEhZAUgTcoY1AI0BTKUJGE7aUIgiWUdaikMwsBA4AkhQAWNqISGKEahNghsHsYWWgTkkaIwShGSQECGBCgkpyGhRykhAhAvSSCQukCHJAiSHhvcTwqWFhKIkS4kAEQgCj6qpIADLCWR5CqlvRgAwiChOdosQhtiJMkwQ5lVQBEWQQOCyAMJgKqSbIJAAgQ5YQI4tZgkemzQcRrhTAALNGAUVFUgKgCRgMvEYQyATERASaEGKAgQY4FJxUjgAMyAOkQWhhvMmEq3BBTAAAABCmEeWCInELAZUgiMEgKmQFNkAQdngAACGHigL4DmjQIYDgAhFAkCAkGhAZmGGJKJKVVMAyA2s8QAFGLZIgWUrEmSe5HHAYEKSmjAEgKBYhNE6QRDJCmQIQshzoETEFQNEEwC0SQWIKo0MAQgqViAlVBYsNQUIZIACNEEAY6KgFITmGooGUpEgYCqkhAYRBDBgibOoQy4GCjOEAjkBUiGEIyMCZgYoUwYDBlGEIC0g2Uh4sgBIJ09oA1EJMAAggHBhAwAwHZwqhBACgRIPKIYgCsABCAINJIgyJgBpAQCIz0Q8BieoEARpqQsQ6EKEVFFh0IYJ4GFUsmkZ7TQDQONCZMPwEvpEPQNAygSIkiVFFCBkRpgInyfkCCijYaAQCKxEEMkEYCgiNhQJUhCE1FCRA2MFMDhhIcgEIOEjBCCBAQQjI7QAii8WCFEEYAPR2M9GBkZLJjAKUEWIFFFpAFEDRcBGTRSADMUAaAZGRVlNrQAIhNEagMEhI5QQAVRAMCt4HQyDQnAwyDkOwBiFTJbhQClaFGgKhWBgAMAWkr14FgwIFXs0IAJCNoMWgEAGAFERTAA2QdFiOsm6BAElAOBmMRSUwqZFIsggUOYECgSIJzQqAlJAAgUVCYCsAoMEARTGc9QhGEH0SPLIEkqr1MTSmSn0KL0uigAGUsICGATlIECoREBIIyRYQkQFJDANU0JGUMIOfAAEihfVkCIGQYNRKAjpIQHEBZPGGFAFMNAAYFIc6IMFCNhESL5GQQgA1KAGrWRUqFgRiwAupCHhuGGAjAANYQUAMSQmRKEgvMgNhBTBQ2DJbII0gYkMbBGRGnQwASE2gAlu8A3ZApwFAu4AcsADI61EcAMTNSyEKANx6yYtQiBJyqAQyD6CsYMBhsAAaHAAIDCoZAFAAQMCDCvPglwE7ykMlFLEmEjthwY2Q4EBSgAUOViDwwhkAHMABdRwOBKAJUCDI4uIICKAxoIkyIBDGUi0BoA8jkoA3EAUikSRGO0HZAsDhS0DwFICj7GUADhmBwWIAGM4sGCZcCzhOQAABAEEJIYQSKrSCmOkoMwgFRkUCEACZ4EoRCRIeJQnjgJQAoE1tBupoIyWBTMAo6qBgiMAYYISBGGw0maAJB8XAOGkTGSMLAu4EbEAWIJoGQCcDgUAAEOIJbCQbAgCgpcg9CRTMAAAYCSAVAwECBARw1Ajuxmof8AAG2FOsQmAIVAkikQjDVgIG8oiwAAJRArCHRWGAyMpyxBYi5woIiUUBp8ScQB8tyJAIxXQMJgSERkAIKQ4CTAQgEAlWluQQBgWJEOBRxkiAeCAdJZYgDTEp0gCMBoNAYBATFODkQPOBQQQHskQlhASBoBXmBcRhFAioC9GABdQjATBCBjkAEjFRPmVFTAHaVDAOGC0AC6dk7c2mCAkICYPQiBA0BAAh0QJQlE4VrrBBXFIgCBGglAJGE2FCBNXICyMqDgWRSTAcTLiLUGIoNLAz6SgS4SB+DSQpHYBnxCEmIREpAFCiQpiC2QzgURYFMDjgCSujPCARMAI2FEwXhuO1lqZskBEeMScTAF8AICuJYgJJBhgAX5ZmBsaIAhkIgBY1QgQSlAlMwKPZAg4lhhCACSBAZAAEV4a8EQYUQAFSRAVAKgcGdLQtcAFwAACq6bCDA4BIwIpAJodW2EYBRGARCSyQGKwkxIiFSJEUCR6JaA2XGHVKEM6UAMAAIJhcIywYCAoQqoRAwAUnALtOsZEMBWAgAACsPIkCBQQAX1G8BuAEIABGgE1CQxuAmRUDQAZKQQZqhAQIBcHQnGIMihQKBhAOiaFMVcJYpUTRlAlKu1t8gIaQDSaBnPIAwesSGCVlhFwAZAATrAZY1KsXgJCTG9yFBJAEACDEQSS0ccgSFIJLBBCjycpCqAKHDDquLFRgLKowESEYmCrVUEISkpSAz7QSYkFqkAKGWkgWQZEMgIABkGQUOTsA21RAUACkV8KRCg1wQlrYINoismcIDsKAjaCmxsHC9XZBElKJcIGiaEPyImkoBlGEEAD7WEKT3hwSIpggkKiAOYAjIJECAAREDGckSCSWC4YhPHOHJzORUIAIkUeCgZIBZ9A4EDgABhBIIkRwBkGkANDgBUoGARJolGAok0ABjC80mNHBAXuKkAgIISUmxBQKyCdooDDLJYcFxIwiZIDBMBwyoYAEYVOIUwIEjRgAgBiUAQAiAF0GqezApvjIwEgwZIpgaVAzKg/YQVAUEQCKGAjBHRIgI36A9CiHEHLkRQIDKUEE1whZpAQEhsCALKKKBI1DLNTmQEjwTQg8KSkAchhIEytSGAdFYAEGAFCo/IBEaoMIQydILFggAEAlBAyJiFAAyAHKEC4lUQAxvsbKBCzB0ACAAEIVXQAdEIQQp24YJJaQw+BUKjAIXTSHSpKHBTwUBCEAUAQw+g4lABAoAMgFRgYSgwh6QBbFDDeDHSoAieIgRSFEAImUYdIIGaQmB5KBilBKAYaEBgApJZOKAxElJugAsD0BTRBkQHDmMRAIhoocBgSDgUJZQAQIQM+JToc1GAQcRmxYMIwANNlgCQAAAkAIhOCgTE2AICOWY4SiobFiGHGUkKOEQUBQAAYUQFKGXpknD9AQIMVGsBSFiSkABAYAQMWAAAU1gKjcgC7YVAQMxY5TDeFBASqCkAqkgyBBiwP1YAj+jDgQZgAJIQ5EijqkBQPxYACKaiS8gghCMBECbESycnBvjFD0AHQCSuBiKhSEBMlUlBpIhIIpCO2CgoCJAwijLNBkAnmICgjA2ATIhgRIBz2GgAdpBMBSFSGOBAYDEAlPaCIA6wyIgLNgAMhdDpIVDwkYMEZ8yPgKUlApgBBJSihHFSGgjcMxC8CEAzVcgAEgoIzcClFEJitJY9apAAFSwpAruSlBAIQmMsAjgM+URwIcA1ogFRgoSCVCuHah2pleQDEtOJoECAqmCiKIiqDQ5AB+08ACFUooIKAVUksIGFWEAvBLCLCEi1RRAET4uEBDAOQBO37B5wJGQjzMiQBQBwRCBAA0sUGEx4RuBHPULCPWMDTBPIVCDABbBSAaMsKQAlRCzcwkQNjoBIl+AZiaFACkkIABjIwAKoXjFAIJRCwlsAEdRtwgIgAHgEEWTTsUaCgCRJYpQRJRTYDwADSCdABQoI3I50EDlAlNAgQBGsOQgAYyGA0KAgEBkGioACwAQnAwCgRNT0Q8EoYoPVa0YYDQZaPj6RBKDNpREqUHMgBlFAVr5sQhAwkWhQBMZDCSAYAS2BqKFhJBkjOg4gDIJKIoRAoSJKIvRbIAqElGgnI5UUiAq8DCAFlobAC1AEBQgwK2SixyYEgIZiuLogQTAYWAYa1hPIUp3wiKaAJKO8rhwwAGEA0Igh0CGM0LgCCAAIjNTFgRLgJggizSlCgxAljIFMCWYXKykQkpALC0EAAGSFE5VEAywlgzIcQIMUQcgBIhINxILlYQ4QRwBkOEoEUFgSDhMjiCLjQxkiiqAILlAUVEIEpCxIOJeAwiQEo4x0ilQALaRCITIwR4hHIJIDtBtGp4BC0IB5RAMEedLIp3ipgFkwQABghHROGFkal4MIQhyBUZViYYAwhJAE0AAAJJAQEcADwQSpYC8sJQgQgTorCkGDtsyhtEA41lFBDJSmIJDKrYEcVxIq2ARcFDozRiGQACuBC+gkiYzFVQsIOCwIAQwSHeAexAoBoRBlAIACwEIQhj8YeakBiAwBzhRgSnPYADoAzOFuY0BBWoUAGLDqEsHWQCDCQWBCSJ6AFzSMIeYCYIQdL1hMCXWqsjG4gF0AQWoIKgyAc0KgDkgAwwCKlU4RA4CQAUCCNiA6mkcBYEQZhrAQScgUhBgAQJcYYAUIMIKVlAQBgCgQSmAmIF5IF2FSAYCMZBKhoSgioyAlEAAtiyAAGiG+gIG1QEGICIEhuA2AjCNVRyAOw6YC0hCyGCFBBEdZKSiBRSOeAARCcASVCySlbAhMgCG+yagQoAHAKkCADi3dWCo0gY4ggkCAAMN/RACJBJVBYUyBCmREWwpiP+gM4IuACBj5HJA8MBCQYJVEXukCthyoAbmIRlLCiZiSUbBEYcgBBmsRoREIINK4qCSCAIWEAgE0gGGQZKREM1xoIQQUhiILOIx4F4uEIC4HKIUQDJBRSWEYAAROUpSSjGmMghcAMkR+kAp4IoSS8BgM6BASFwRIYQcTpgZkKlSwAlKQEsASBGZMiCAVZFEPBBCkKQIBSaegg4iBYA8UDBWCQQBA0lIAABDgJQAQiUBABMQCiVeGcACCAIEtAZAqInZIcBLb4CrEBsAQmAYhLAAgBYwo4gAKQMQXIGkJCDyCCWgeMyuAqKhG8ABDJBgDYD6GTfYAAJpBGg6xCzgBgeDVg2MoBBCmoMYI3CEC2EBGbQkSEmUHjQcSFQQHKRGQSCa6MoCGqYuXwGwMzIfE9O0DkpYFHwgxEANXspwKBQABRIJUGUgE7EMwEjDM2HDIUZJDsZIRQAFzgx5aDIAAqLEzTyEFkMAAQzH6hsUIFESKC5EEEVSE4e5S0AEdIwEbhIpwiiITUIwHBRQYGC4hQhATwGsepkLEFgDA5CRCQhMQMSYBEnWAAGYBECAqKE0paUJVAhARjRNkQMABQmByApgjJBCEAQQuGNRgBsOylQqBBYDrEsGXcaDrgA5HhgJQVDGiFiCEGBiIEEhpAgAIgBIUYYhhBVEEZin4iEqRDIQskJEJq4IRiCCxA0AaBBUxADmMvQAT0cmMsGEAAtSNIF+BQQBIC1CJigDgKBANP8gWjpIDKgWBDQO2FQDIQeIq0TgfyHgRBOkAChSrFINVs6IlmmoDhZDGPgKSsjEEkONHAwSKzgiBwhZsYoQRMiIBEE2LCTwIYKEXMpOEAUIRAABA4AIYIGZKqAAtBQIOYEqEFUCCBETYFKoiMANApjC4qCwFbEbqSNhAu4Q5EouWPRRMLILBKFwAE1gkSVBqloP1AGAtETyaCCIClgZwCioa6rKxySEAsgAkUJwIGQgKTCjrAQ6VOBswwQAAhNlApLIZMTVAKIBIUBjmALDCgACaAm8MSZCGZaCgR2YJVXusQCQASAAJCggQZSIABIOBQ0c6wSAEAIDSkCAAAEFRSBBJAJWbpAzRVlRxECBREKMCQBAiASeOKBjNtrLSEEk2whUoEhIIA+JCIwQYoB4EMuTNMgQgbCIZdUhAIAsK4mGlSIjQwJkVhAIEZATBbEppcfAmiQFKClBltCeOioo0MBYCCgAIkoJWAc7FIk6IE4EBAEgirAeHBCQHKhAAGYAACEggUMEgEAggkLMhYAWAAALIxgkVIEEwwgYgkhIJMAKAJgACgIHwQElJEMUQAFzAAggAIkIEAwBzKNiDAAGAgAARYEScAgACxAhKECBCAItUhIjKcQE4OKNgIgAwWCAJYkQgwAORJkAZAAQARA8AwkQiBEgABAFCYAUSxxAxB5DAAAwEGgFgCBpEFKAFwKCeKJhApUASBACBAgABJREIBSOBARIFLkWABAAwYgABQRKqGABABRMKBAABTQRUwECIAR4zQRBCTSAJGZEAFAMQQgYYCBCAQIAMQgAQkAAFUkFFjIDAjiKC0DAEgsEqmlCADXQAKRoQUAAoGA== |
Name | Type | Entropy | Raw address | Raw size | Virtual address | Virtual size | Flags |
Data | 5.51753 | 0x1000 | 496 | 0xa3000 | 4096 | 0x20000000, 0x40, 0x7fffffff, 0x20, 0x40000000 |
SHA256 | 2bdd23dc97b6a5cfcc0a99639ec874fd35450f24358a343ab05d2462548c697c |
SHA1 | d9e2de62ad038ca23540afa885ee0cdf8ee6ea99 |
MD5 | c65987bafc892e9dcb87950e79dee885 |
ssdeep | 6:yc1HkpKSlsgYptpUcVrkoZ3QBlcVa2kjI/Vg0lUlSG2l3ETHlHX2XvslIB:yskk2ct7FJUSwZ3c8SG2l3ETuElIB |
sdhash | Not applicable |
Antivirus | Result | Update |
Ad-Aware | Gen:Packer.Generic.lmGeaiJk7xhG | 20160405 |
AegisLab | Backdoor.W32.Rbot | 20160405 |
AhnLab-V3 | Packed/Upack | 20160404 |
Alibaba | Goodware | 20160405 |
ALYac | Gen:Packer.Generic.lmGeaiJk7xhG | 20160405 |
Antiy-AVL | Trojan/Win32.TSGeneric | 20160405 |
Arcabit | Gen:Packer.Generic.lmGeaiJk7xhG | 20160405 |
Avast | Win32:Crypt-AIS [Trj] | 20160405 |
AVG | Win32/Ngvck.AO | 20160405 |
Avira | TR/Bumat.A.1519 | 20160405 |
AVware | Trojan.Win32.Packer.Upack0.3.9 (ep) | 20160405 |
Baidu | Goodware | 20160405 |
Baidu-International | Goodware | 20160405 |
BitDefender | Gen:Packer.Generic.lmGeaiJk7xhG | 20160405 |
Bkav | W32.OnGamesLT180912HKGHAAI.Trojan | 20160405 |
CAT-QuickHeal | W32.Seppuku.2764 | 20160405 |
ClamAV | Goodware | 20160404 |
CMC | Trojan-GameThief.Win32.OnLineGames!O | 20160404 |
Comodo | Packed.Win32.MUPACK.~KW | 20160404 |
Cyren | W32/SuspPack.CY.gen!Eldorado | 20160405 |
DrWeb | Goodware | 20160405 |
Emsisoft | Gen:Packer.Generic.lmGeaiJk7xhG (B) | 20160405 |
ESET-NOD32 | Goodware | 20160405 |
F-Prot | W32/SuspPack.CY.gen!Eldorado | 20160405 |
F-Secure | Gen:Packer.Generic.lmGeaiJk7xhG | 20160405 |
Fortinet | Goodware | 20160404 |
GData | Gen:Packer.Generic.lmGeaiJk7xhG | 20160405 |
Ikarus | Backdoor.Win32.Rbot | 20160405 |
Jiangmin | Trojan/DiskAutorun.bgq | 20160405 |
K7AntiVirus | Goodware | 20160405 |
K7GW | Goodware | 20160404 |
Kaspersky | UDS:DangerousObject.Multi.Generic | 20160405 |
Kingsoft | Goodware | 20160405 |
Malwarebytes | Goodware | 20160405 |
McAfee | Artemis!A5AC6E69CE2E | 20160405 |
McAfee-GW-Edition | BehavesLike.Win32.Backdoor.cc | 20160405 |
Microsoft | Goodware | 20160405 |
MicroWorld-eScan | Gen:Packer.Generic.lmGeaiJk7xhG | 20160405 |
NANO-Antivirus | Trojan.Win32.AutoRun.omay | 20160405 |
nProtect | Trojan/W32.Agent.185776 | 20160404 |
Panda | Trj/Pupack.A | 20160404 |
Qihoo-360 | Win32/Trojan.b4e | 20160405 |
Rising | Goodware | 20160405 |
Sophos | Mal/Generic-S | 20160405 |
SUPERAntiSpyware | Goodware | 20160405 |
Symantec | W32.Small.gen | 20160331 |
Tencent | Goodware | 20160405 |
TheHacker | W32/Behav-Heuristic-060 | 20160405 |
TotalDefense | Goodware | 20160404 |
TrendMicro | Cryp_Xed-12 | 20160405 |
TrendMicro-HouseCall | Goodware | 20160405 |
VBA32 | Goodware | 20160404 |
VIPRE | Trojan.Win32.Packer.Upack0.3.9 (ep) | 20160405 |
ViRobot | Goodware | 20160405 |
Yandex | Packed/Upack | 20160316 |
Zillya | Trojan.Genome.Win32.85357 | 20160404 |
Zoner | Goodware | 20160405 |
Comments