Static Analysis

PE Compile Time

2012-07-19 22:00:28

PE Imphash

bd227ba966c127e93fe82f25f211eaca

PEiD Signatures

eXPressor v1.3 -> CGSoftLabs

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.data 0x00001000 0x00011000 0x00004dcf 7.99244881899
.ex_cod 0x00012000 0x000017e4 0x000017d0 6.17150424839
.ex_rsc 0x00014000 0x000029f4 0x000029f4 4.89795355677
.ccc 0x00017000 0x00001000 0x00001000 0.640198474505

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x000140f0 0x000025a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED Device independent bitmap graphic, 48 x 96 x 32, image size 9216
RT_GROUP_ICON 0x00016698 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_VERSION 0x000166ac 0x00000348 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data

Imports

Library KERNEL32.dll:
0x131624ac VirtualFree
0x131624b0 VirtualAlloc
0x131624b4 GetProcAddress
0x131624b8 ExitProcess
0x131624bc LoadLibraryExA
0x131624c0 GetModuleHandleA
0x131624c4 VirtualProtect
0x131624c8 GetModuleFileNameA
0x131624cc HeapAlloc
0x131624d0 GetProcessHeap
0x131624d4 HeapFree
Library USER32.dll:
0x131624dc wsprintfA
0x131624e0 MessageBoxA
!897033489703348970334
.ex_cod
.ex_rsc
-I\tI"z`,
wnK~Vk
'voxB\
C~xV='
$p:CF,
vk4"4^?
&|AdZq;
g+QN`U;Q
G#D>RE
Y'K9Td
'(Elt
$w6Y
0j[K>DZ
.v@l?XH
dNrGWg
UAK~%
g/b9].T
k(8d%JyR
3:3&d [
+F8pK^3
DqejtF
?=9A@m7
^1A!59
qeB)VH
KaaC\+
}']N:`:g
2QZLMB
|0'V1S\
B@XtV#
+0ll3m
gTY2,~
A@EqvuzA
r,x#kz
7rLF-Tu
k^8UZyI
!EHf!!
!#;PcE(
OM,4$A
$W7SoXv
h51Leq3
|>Z|3B
1gy&&
C-T/U%
R6~y0*
This program was packed with a demo version of eXPressor
A required .DLL file, %hs, was not found.
Error Starting Program
The %hs file is
linked to missing export %hs:0x%04x.
The %hs file is
linked to missing export %hs:%hs.
Error Starting Program
*pdw = 0x%08x
Error bad relocation pointer:
*pw = 0x%04x *pdw = 0x%08x
Unexpected relocation type:
VirtualFree
VirtualAlloc
GetProcAddress
ExitProcess
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree
KERNEL32.dll
wsprintfA
MessageBoxA
USER32.dll
ExPr-v.1.3..
D2)X>
jj@$JQ5H@I3hR[<vIR4vCH(gdi(3tt
)Ytfpe
HrCg@b
www.360.cnvvvvvv
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt
??????????????????????????????????sssssssssssssssssssssssssssssssssssssss
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
>>>>>>>>>>>>>>>>>oooooooooooooooooooooooooooooooo
===================================nnnnnnnnnnnnnnnnnnnnnnn
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
:::::::::::::::::::::::::::::::::::
999999999999999999999999999999999999999999999999999999999999999999mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
88888888888888888888888888888888888888888888888888888888888888llllllllllllllllllllllllllllllllllllllllllllllllllllllllll
77777777777777777777777777777777777777777777777777777777777kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
5555555555555555555555555555555555555555555555555555555555555jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj
7777777777777777777777777777777777777777777777777777777777777777777777777hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
666666666666666666666666666666666666666666666gggggggggggggggggggggggggggggggggggggggggggggggggggggg
555555555555555555555555555555555fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
333333333333333333333333333333333333333333333333333333333333hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
222222222222222222222222ffffffffffffffffffffffffff
1111111111111111111111111111111111111111111111111111111111111111111111111111eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
000000000000000000000000000000000000000000000000000000000000000000000dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
.......................................ccccccccccccccccccccccccccccccccccccccccccccccccccccccccc
0000000000000000000000000000000000000000000000000000000000000aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
//////////////////////////////////////////////////////////////////////////`````````````````````````````````````````````````````````````
.................................................______________________________________________________________
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
++++++++++++++++++++++++++++++++++++++++++++++______________________________________________________________
*****************************************************************^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]
''''''''''''''''''''''''''''''''''''''''''''''''''\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
'''''''''''''''''''''''''''''''''''''''''XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
#########################################################WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
""""""""""""""""""""""""""""""""""""SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ
SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ
PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
VS_VERSION_INFO
StringFileInfo
080404b0
Comments
1.5901.1.195
CompanyName
FileDescription
FileVersion
1, 5901, 1, 195
InternalName
soul.exe
LegalCopyright
(C) 2002
LegalTrademarks
OriginalFilename
PrivateBuild
ProductName
ProductVersion
1, 0, 0, 1
SpecialBuild
VarFileInfo
Translation
No antivirus signatures available.
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:MalwareX-gen [Trj]
C4S ClamAV (Linux) Win.Dropper.Gh0stRAT-7645027-0
Trellix (Linux) Generic Malware.dq trojan
Sophos Anti-Virus (Linux) Troj/Farfli-DL
Bitdefender Antivirus (Linux) Gen:Variant.Barys.494697
G Data Antivirus (Windows) Virus: Gen:Variant.Barys.494697 (Engine A)
WithSecure (Linux) Trojan.TR/Crypt.XPACK.Gen
ESET Security (Windows) Win32/Farfli.AAG trojan
DrWeb Antivirus (Linux) Trojan.DownLoad3.17387
ClamAV (Linux) Win.Dropper.Gh0stRAT-7645027-0
eScan Antivirus (Linux) Gen:Variant.Barys.494697(DB)
Kaspersky Standard (Windows) HEUR:Trojan-Dropper.Win32.Injector.gen
Emsisoft Commandline Scanner (Windows) Gen:Variant.Barys.494697 (B)
Cuckoo

We're processing your submission... This could take a few seconds.