Static Analysis

PE Compile Time

2012-03-12 13:18:24

PE Imphash

406e9620195118da1a72280c65e8babe

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00001b92 0x00001c00 6.03424573429
.data 0x00003000 0x00059e1c 0x0001c600 6.58090755588
.idata 0x0005d000 0x000004d4 0x00000600 4.39221051441
.rsrc 0x0005e000 0x00000278 0x00000400 2.49299633596
.reloc 0x0005f000 0x00000178 0x00000200 5.25263780398
.htext 0x00060000 0x00002000 0x00002000 2.37601990477

Resources

Name Offset Size Language Sub-language File type
RT_DIALOG 0x0005f1ec 0x0000008c LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x0005f1ec 0x0000008c LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library KERNEL32.dll:
0x45d128 CloseHandle
0x45d12c CreateFileW
0x45d130 GetCurrentProcess
0x45d134 GetCurrentProcessId
0x45d138 GetCurrentThreadId
0x45d13c GetLastError
0x45d140 GetModuleHandleA
0x45d144 GetProcAddress
0x45d148 GetStartupInfoA
0x45d14c GetTickCount
0x45d150 LoadLibraryA
0x45d154 LocalAlloc
0x45d158 LocalFree
0x45d160 TerminateProcess
0x45d168 VirtualProtect
0x45d16c lstrcpyA
0x45d170 lstrlenA
Library SHELL32.DLL:
0x45d178 SHGetFolderPathW
Library USER32.dll:
0x45d180 GetDC
0x45d184 GetDlgItem
0x45d188 GetSysColor
0x45d18c GetWindowLongA
0x45d190 GetWindowRect
0x45d194 LoadAcceleratorsA
0x45d198 LoadCursorA
0x45d19c LoadIconA
0x45d1a0 LoadStringA
0x45d1a4 RegisterClassW
0x45d1a8 SendMessageA
0x45d1ac SetWindowLongA
0x45d1b0 ShowWindow
0x45d1b4 MessageBoxA
Library ADVAPI32.dll:
0x45d1bc RegOpenKeyExA
0x45d1c0 RegQueryValueExA
0x45d1c4 RegSetValueExA
0x45d1c8 RegCloseKey
Library GDI32.dll:
0x45d1d0 SelectObject
!This program cannot be run in DOS mode.
0`.data
.idata
.reloc
0B.htext
0ZY[^]
.edata
PZY[^_]
`ZY[^_]
hZY[^]
`ZY[^]
$rog\work\rm\templates\exe\runinmem2.exe
XZ[^_]
runinmem
ZY[^_]
D:\projects\progs\SysP
.edata
DY[^_]
$@tX`E
$$auGd
lpF$lp
h$PleQR$
rWoueX
uspTDlH_|
L"n nna+
dau!Ma
qUjj5j
qfVu03
VL[_MI^
LhP^3M
rj5tt|
S@Ppub
jE\Pv5
WFPt@t
@Ephqq
WY]jD>Wt
j}Pj"E
KyEMfjE
u;4PtGYj
QCFu^u
9QW;E?t
EU_^p$
n pcri
noa r
oloabr
leokadct
ah-a6
elsV.an
atGeou
Uwtbse
goioOeER
anetlaorsF
dLiEei
ttLoial
nptlptGGL
slfBttesFPGI
eWseoWn
nvyFcure
SenaSr
MAyyabFMup/McctJy
dniuaJoOgep
iedJae
tyayed
ANrrmAO
u sbabl
s\iastyrS
leloni
HrrTae
iDeHeWe
AtmeGsil
tVpniH`Esas
lkMeTl
cuptGG
WePFiHWc
eceeuieeem
FlvitSa
FxGdee
eeamelmGG
eeoSodeloytATee
titLccMrsoGLWaLmt
ytcAWIeicecTdre
lmKrtts3WaGAoREoaea
etCGrraeGenned.
2hWWteSee
rtEDsint
PorlroraWPieW
reudtn
urlCIeehGs
omeaNrtroNrcla
gednWstgiao
iapwaeaC
caWPee
WeslaxWot
asWxeDR
rnnCsTEgost
rgfDWnMioehasTwdCtDa
Deernc
uptdaes
wMtoBr
BeiMrxo
2exWns
eUlWLn
xexoWaE
atgWiC
LloiPnEg
ruleIeet2lIDeQPeul
.eR.2?tENls0EEaggcle
OtmplyRuAiezh
aluxeadEixroS3eaDdt
SiGggHCl
RR~.ePKVnee
KEElEyau3yoet
72tpte
neetiioUtneIs
rutnlnno
EepC3mlm
rlzfdcrrs.
SadGCe
GlIUstItclxe
faeLtnOHeUladteocneAo
e2enoirWeitr
TCiioiutetlo
erPeyi
olSoCT
ce.ttipnSaa
zidddE
AorcaStPletetgeeseebtFodeoo
rdutgtnlGErWesSne
erlmnFeP
riDelitMooHdPG
rPEeroneeed
aiDenHoiEHnotUh
eeSenisttxtenusd
evpIdias
trrdgrcitSadWE
GnoetriSni
uloteerAoiy
cleezll
ePeSlLie
elirel
tIinuo
oVeTkols
FtsSrmoSlna
lGTieoIisaaGr
tntsSEiEnnapetiuTice
creoCl
cndcre
tcGcPynV
nrWandiitLcertpoeG
rnkCnCnotC
Pltn9mt
RCgliP
DCH?AEceeaaCLmror
drdcaaeSrGoaet
rre7tW
eeetwO
lQynaSEoI
Mcgrhdre
tltalr
},B{Bz
XLBJ8[
T[_qq%
L:G47{
PawR&V
]Ms[.![R
d}5rEM?.
>|i~c7
l$;Uv>q
\0Xp=(
PdSo~!
lO=IV
J~rSXC
_0V@8g
zd\pIZp
^4OpZl
!6Sb%P.
WU&(Mb
yu)gS|
#_yOU%,
"4$\e(
OyPF8@
'Y5*bCF
BDU%>lL
jn/Gg,
z|wsVIi
&C~lJL
W0x[2!
mgm{97
sOYz&~
7rlm\u
TE{nB(D
eM(%.
YY4Xl#
,70JBS
cP\cC!
}a|5I>L
7RD@3;
6Wc/8)
[OIT}2
(bEtah
)$D><"
-(-BJ7
jaZ^s^
wwwwww
bH775Jo6
]`^ljOAcj
]8'0M23yuF0Q
Ze\i`>
82]heb
]G98s0f
A;;@;@ql
HwHK;E
R.n et
"Lou :uu"s=.en3 eetr>>m"/eslo=no"c<" <s o"fre1.A ie< nn>asm<usvreedvecceEtit<ivaexrl
errdus vh"iqrqIenl"0mcgmcno >f rr- fmuctstVl e
= e ret
sssuk 1
eie=m>o sie"saPi- Iol fitxa
setsl s<AuePeeu eetIeDNviXsDEt
sG ePuDP<eDA
ADqeDGIGXPIuGiAcdNDD<>N>rAGrDDoP NNGvAeiLN i tuDXIte>PfbGx D/PAPn
/GD gPI
lI/yNAa< NND>cGmDIXqPDuIdDeX/XNPDXND
IesIDIroGnsAtr
ussNXIDyGXGDXDAAXs DtlDAXl>PD
><R4X6:A4
69XD001A5
A42I4D
00944 35
221i0$%7
25443^/$
06736
0f6111
?2466#33u77
56:2@?0?
8?2zh5
G053353
p1x2073
:>:?qT
j9<?*7jt
=:;=:?8
<:8:+q:x<<
==<;<:
8?8;<<
;U898^"7
:8<?I:68OX9:8
75wL;64;8
,8917@658
Z5 0(2:Q28
5<:^c;
90:=Y7
w;L8}7867767F\5
48!5:F29:z
31o=4<nd
`4;1>2
9;>?1;;1
R3>;12;?#
r?q0;>;
u??<<012
;G0X^4
;0;0;>'
88?>=<
9_6H6<
,><5?7
_8>:>9
8>567?
9=.=6(>;<9=4&U8><:lw>?49>
45,>`9E(
?>:H:=7:
>3aA6?P:?
? 73Y1
90?1Yl02`:
7:0<6055
9=:4o<4
34,hXl
4$434|
33x3(43
33`@(,\3t
d4333P543
d5\`430
353334433
333333
333h|44H
CloseHandle
CreateFileW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetTickCount
LoadLibraryA
LocalAlloc
LocalFree
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
lstrcpyA
lstrlenA
SHGetFolderPathW
GetDlgItem
GetSysColor
GetWindowLongA
GetWindowRect
LoadAcceleratorsA
LoadCursorA
LoadIconA
LoadStringA
RegisterClassW
SendMessageA
SetWindowLongA
ShowWindow
MessageBoxA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
SelectObject
KERNEL32.dll
SHELL32.DLL
USER32.dll
ADVAPI32.dll
GDI32.dll
0 0A0J0h0p0
1"1D1o1
282E2R2b2
44=4G4d4u4
5-656L6j6o6
7&7>7D7j7|7
8$848>8U8i8s8
9(9;9C9\9n9
:.:@:Q:^:p;
<;<L<Z<j<|<
=2=9=T=f=
>+>M>n>
?1?A?q?
0-040C0
JBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJBJB
fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[fSf[
$Zj$:n
]Fvk7Y
Bsa^xC
]hHkTR
jQ(h8"
[?TSAm
\6f6L6
ca#/>Z
+I[I+h
dpg%AG
WnToAr
IDD_SETTINGS
MS Sans Serif
Interner Explorer
Mozilla Firefox
Google Chrome
Window2
MS Sans Serif
Ceancel
No antivirus signatures available.
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:Kryptik-LZD [Trj]
C4S ClamAV (Linux) Win.Malware.Bladabindi-10019611-0
Trellix (Linux) Clean
Sophos Anti-Virus (Linux) Clean
Bitdefender Antivirus (Linux) Gen:Variant.Lazy.532293
G Data Antivirus (Windows) Virus: Gen:Variant.Lazy.532293 (Engine A)
WithSecure (Linux) Trojan.TR/Crypt.ZPACK.Gen7
ESET Security (Windows) a variant of Win32/Kryptik.BCUX trojan
DrWeb Antivirus (Linux) Trojan.Mods.146
ClamAV (Linux) Win.Malware.Bladabindi-10019611-0
eScan Antivirus (Linux) Gen:Variant.Lazy.532293(DB)
Kaspersky Standard (Windows) HEUR:Trojan.Win32.Generic
Emsisoft Commandline Scanner (Windows) Gen:Variant.Lazy.532293 (B)
Cuckoo

We're processing your submission... This could take a few seconds.