Static Analysis

PE Compile Time

2014-07-01 21:02:13

PE Imphash

2dd2758f0793bdb29ce229a2432eb81b

PEiD Signatures

UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00013000 0x00000000 0.0
UPX1 0x00014000 0x00015000 0x00014800 7.71111529322
UPX2 0x00029000 0x00001000 0x00000200 2.51482863059

Imports

Library ADVAPI32.DLL:
0x429064 CryptHashData
Library KERNEL32.DLL:
0x42906c LoadLibraryA
0x429070 ExitProcess
0x429074 GetProcAddress
0x429078 VirtualProtect
Library msvcrt.dll:
0x429080 _iob
Library WS2_32.DLL:
0x429088 bind
!This program cannot be run in DOS mode.
Sj&,Ph$
t[QQVP
PPXDR
s!(h2$Q
3QQj4j
t"}7h&'
<]KJH1.
t)mgfp
j@ke=v
VSQRPh 0
t'QQhh
w@V5]1
Wj:6&t
Ph]mEu
hayKxm
"PPhsVlV
0PPShz
#+zM4t
g @&{#
Bx`1e^1
$,e]7C
QX!RCHP
oEo fM
} QP(V1uhE
7}h,E@
P#Ce7?s
hOz364
.~uGjy
d####`XdT
oLwC=m6
NPrj$E
&PPh}$
XrE"0G
uC$}|7
CdP)VS
PQVe;~
w&RPh|,8
GPp5Bu
UuEjT\
@VVD["
FPZdBT
dqfztB4
/09"&
WFTo8Ru;
CCV#580E
po0DO5
> MrxFzVS
3\_ND^i
t* QQ
VShu)c
a0wqh>}
tk<ntA<g
7<utK<
_mMQQ+
uf NlC
aDo`XW_
QQj jg.F
w*~GE
= zpVp
g&PRhShh
Bu'@u$u
7HO=c]D
A($t[V
^P\_PPj
^dPSQ;
&=%\Sh
_l%8`[M8
Wj3lU&
XyM\FP
G4<H3b
BPPh3D
t.^/h9
VVhD+/
glBt|;
uA[[.v
]yMhhH
WWhHPc
<\tI<]:
pa YKuM
?PhV'h\
H.t2Pj
A)*i'D
|! 7{G
@p@7;
?@1B8[*
(v/u"v
uo<tfl
~%w;>P
&!@u5]
RRt6#h
]GuE$e
Z?#739
(90u!N
NuT;]
d$C2$
H/C2dC8
OD6$C6
?C2dCl
2$C2xt
$C2$pX2$C2T`\
2$CLP{]
libgcj_s.dll
_Jv_Reg
isterClasses
ma num`
wa rifaien yanje v1.0
2-%s.exe-gy*orn h
yzik %s
file[]
http://wecan.hasthe.techno
logy/upload
curl_easy_perform() w
[[UNIQUE]]
efghijklmnopqrstuvwxyzABCDEFGHIJ
TUVWXYZ01234
CONNECT_ONLY is required!
d to get
cent socket
handle already used in mu
; \name="%
Conto-Type:Rpart/
?7-data
%s; boundary=%s
=Disposit
ion: :; g
*hmixedaO
`4_att
couldn't ope
applica
/octet-stmm
image/
s?jpeg
text/plain
No error
Unknown
%d (%#xO
%255[^:]
/etc/ssl/certs/ca-
es.crt
_PROXY
[%*45[?i
er ou8f range
1CVresolve host '%s'lX0LLq
User-Ag
vr%1M[^
sm+POP3.
Protocol$ no
lor disabB
memory sh-
nymous
@example.com
%I64u-
MwCookie:
CURLOPT_SSL_VERIF
1 as valueyP
4M^elsz
statemwith
onn, b
?ing tim
%ld millise5ds
nneL\e
023[^;
]=%4999
exp's+
# Netscape HTTP ^
lOxx.se/docs/
Fwpgener
! Edit at
youBIrisk.
@FNl+c
Wri"c#;pu
AUSE wh
Vw93bo
:(%zu !=
hwRecv.u3
Mhsa_addr#et_ntopp1+Iy:d
ace0g
Qssrem
'(nil)
AvoBd gian
(maxd%d)
id TIMEVAL;%s,^
If-Mod4ed-Sin
aQnt-Leng
ntinue
+DigG
Basic(xy-aut
Ghiz;:
%s:u8S
ferer:
uccept-EncWg+
\sH(ch
=,I@L0
Keep-Al
dm(>ne
(-www-
m-urle
Maximum
size excee
closeu+
d41d8cd98f00b2
04e9800998ecf8427e1s
s"h,6g
tr2^lm
kwSOCKS5:%
^ occurrx
~itial ?
ub-nego
Rby P9
kj (%wd)7
OGSSAPI per-m
f3#meQd~
/password,3
nea>li,
p.zCqdocu
a0H8.V
has wroH
0lete
}9)8@d/
Ubeca4W
gram an
differ
r-idsi
aboradue"
/poll=
%zutes;
@} ignoF(
bug #39)
JQX_fM
)3=DM
4MKRY`gn4M
0:DKRM
4MY`gnu|4M
4MAHOV]d4M
6=DKRM
4MY`gnu|4M
4")07>
ELSZaM
4Mhov}
4(/6=D
KRY`gM
3:AHOM
4MV]dkryt]
5<CJQM
4MX_fmt
#*18?5M
_netrc
%% Tota]
Spe9 Time,
ss thanw
sec X
[eset!
ioctl b
U|adcas
scratch bu
#0QkFp
~outst
%c%c==
OK#hexadecim
number
or mis
%sequ^e
4,?O^m
getinfo
global_7
_mem\maprintf
_assign_'
$fdK#a
remove
x*_all
0!\vRvp
slist_ap
4MDTt|;
LXdp|M
44@LXd
,8DP;
$4DL\df
ExitProcess
pandEnvir
StringsA
FormaG
tM&age
Module
jAddrG
5TickCount
wionlter
CryptAcqO@&
CreateHash
Destroy
ReleaseZ
x__getZargWM
__mb_cur_max
__p__ed
errnoiob
scon p
s@Kstati64/
ys_nWCE
ombstowcDmemch
{qsfnG
+sscanf
Dtodtr{
unlin9m
WSACk6
Start]_(FDIs"
w@.i'Ca]
XPTPSW
ADVAPI32.DLL
KERNEL32.DLL
msvcrt.dll
WS2_32.DLL
CryptHashData
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
 !"#$%&
'()*+,-./0123456
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Clean
Elastic malicious (moderate confidence)
Cynet Malicious (score: 100)
CTX exe.trojan.cyzt
CAT-QuickHeal Trojan.AgentbPMF.S33725804
Skyhigh BehavesLike.Win32.Backdoor.mc
ALYac Trojan.Agent.CYZT
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_60% (D)
K7GW Trojan ( 005464da1 )
K7AntiVirus Trojan ( 005c835f1 )
huorong HVM:TrojanDownloader/Small.gen!A
Baidu Clean
VirIT Trojan.Win32.AgentT.DYK
Symantec Hacktool.Flooder
tehtris Clean
ESET-NOD32 a variant of Win32/Agent.AAEF
APEX Clean
Paloalto Clean
ClamAV Win.Malware.Cymt-10023133-0
Kaspersky UDS:Flooder.Win32.CoreWarrior.a
Alibaba Clean
NANO-Antivirus Trojan.Win32.Snojan.jqzopm
ViRobot Clean
MicroWorld-eScan Trojan.Agent.CYZT
Tencent Trojan.Win32.Corewarrior.ca
Sophos Troj/Bdoor-BHD
F-Secure Trojan.TR/Crypt.ULPM.Gen2
DrWeb Tool.Snojan.1
VIPRE Trojan.Agent.CYZT
TrendMicro Clean
McAfeeD ti!B548BF713704
Trapmine suspicious.low.ml.score
CMC Clean
Emsisoft Trojan.Agent.CYZT (B)
Ikarus Trojan.Agent
GData Win32.Application.Snojan.A
Jiangmin Downloader.Snojan.adp
Webroot Win.Trojan.Cyzt
Varist W32/Agent.FBOO-5422
Avira TR/Crypt.ULPM.Gen2
Antiy-AVL Trojan/Win32.Phonzy
Kingsoft Clean
Gridinsoft Clean
Xcitium TrojWare.Win32.Snojan.B@7h1cjp
Arcabit Trojan.Agent.CYZT
SUPERAntiSpyware Clean
ZoneAlarm Troj/Bdoor-BHD
Microsoft Trojan:Win32/CoreWarrior.DA!MTB
Google Detected
AhnLab-V3 Downloader/Win.Generic.R665906
Acronis suspicious
VBA32 Flooder.CoreWarrior
TACHYON Clean
Malwarebytes Malware.AI.290255405
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall Clean
Rising Downloader.Snojan!8.ECDD (TFE:5:V47YrAkOYKG)
Yandex Riskware.Flooder!j7BYbbJGLUM
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.325666027.susgen
Fortinet Riskware/Snojan
DeepInstinct MALICIOUS
alibabacloud DDoS:Win/Nemucod
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:MalwareX-gen [Trj]
C4S ClamAV (Linux) YARA.UPX.UNOFFICIAL
Trellix (Linux) Clean
Sophos Anti-Virus (Linux) Troj/Bdoor-BHD
Bitdefender Antivirus (Linux) Trojan.Agent.CYZT
G Data Antivirus (Windows) Virus: Trojan.Agent.CYZT (Engine A), Win32.Application.Snojan.A (Engine B)
WithSecure (Linux) Trojan.TR/Crypt.ULPM.Gen2
ESET Security (Windows) a variant of Win32/Agent.AAEF trojan
DrWeb Antivirus (Linux) Clean
ClamAV (Linux) Win.Malware.Cymt-10023133-0
eScan Antivirus (Linux) Trojan.Agent.CYZT(DB)
Kaspersky Standard (Windows) HEUR:Flooder.Win32.CoreWarrior.a
Emsisoft Commandline Scanner (Windows) Trojan.Agent.CYZT (B)
Cuckoo

We're processing your submission... This could take a few seconds.