Static Analysis

PE Compile Time

2036-08-19 10:39:47

PE Imphash

c2a87fabf96470db507b2e6b43bd92eb

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000815c 0x0000815c 7.18963577697
.bss 0x0000a000 0x000213b0 0x00000000 0.0
.data 0x0002c000 0x000033f8 0x000033f8 6.04797851507
.idata 0x00030000 0x00000ea4 0x00000ea4 4.9134366013
.gfcd 0x00031000 0x00001000 0x00000200 2.26559242966
.l1 0x00032000 0x00001200 0x00001200 5.29464825561

Imports

Library ole32.DLL:
0x4322b0 CoCreateInstance
0x4322b4 CLSIDFromString
0x4322b8 CoInitialize
0x4322bc CoUninitialize
Library OLEAUT32.DLL:
0x4322c4 SysAllocString
Library WININET.DLL:
0x4322cc DeleteUrlCacheEntry
Library KERNEL32.DLL:
0x4322dc ExitProcess
0x4322e4 GetCommandLineA
0x4322e8 GetComputerNameA
0x4322ec GetCurrentProcessId
0x4322f0 GetCurrentThreadId
0x4322f4 GetExitCodeThread
0x4322f8 GetFileSize
0x4322fc GetModuleFileNameA
0x432300 GetModuleHandleA
0x432304 CloseHandle
0x432308 GetProcAddress
0x43230c GetSystemDirectoryA
0x432310 GetTempPathA
0x432314 GetTickCount
0x432318 GetVersion
0x43231c GetVersionExA
0x432324 GlobalMemoryStatus
0x432328 CopyFileA
0x432330 IsBadReadPtr
0x432334 IsBadWritePtr
0x432338 LoadLibraryA
0x43233c LocalAlloc
0x432340 LocalFree
0x432344 OpenMutexA
0x432348 CreateFileA
0x43234c ReadFile
0x432350 RtlUnwind
0x432354 SetFilePointer
0x432358 CreateMutexA
0x43235c Sleep
0x432360 TerminateProcess
0x432364 VirtualQuery
0x432368 CreateProcessA
0x43236c WaitForSingleObject
0x432370 WideCharToMultiByte
0x432374 WinExec
0x432378 WriteFile
0x43237c lstrlenA
0x432380 lstrlenW
0x432384 CreateThread
0x432388 DeleteFileA
Library USER32.DLL:
0x432390 GetWindowTextA
0x432394 GetWindowRect
0x432398 FindWindowA
0x43239c GetWindow
0x4323a0 GetClassNameA
0x4323a4 SetFocus
0x4323a8 GetForegroundWindow
0x4323ac LoadCursorA
0x4323b0 LoadIconA
0x4323b4 SetTimer
0x4323b8 RegisterClassA
0x4323bc MessageBoxA
0x4323c0 GetMessageA
0x4323c4 GetWindowLongA
0x4323c8 SetWindowLongA
0x4323cc CreateDesktopA
0x4323d0 SetThreadDesktop
0x4323d4 GetThreadDesktop
0x4323d8 TranslateMessage
0x4323dc DispatchMessageA
0x4323e0 SendMessageA
0x4323e4 PostQuitMessage
0x4323e8 ShowWindow
0x4323ec CreateWindowExA
0x4323f0 DestroyWindow
0x4323f4 MoveWindow
0x4323f8 DefWindowProcA
0x4323fc CallWindowProcA
Library GDI32.DLL:
0x432404 GetStockObject
0x432408 SetBkColor
0x43240c SetTextColor
0x432410 CreateBrushIndirect
0x432414 CreateFontA
Library ADVAPI32.DLL:
0x43241c GetUserNameA
0x432420 RegCreateKeyExA
0x432424 RegCloseKey
0x432428 RegOpenKeyExA
0x43242c RegQueryValueExA
0x432430 RegSetValueExA
0x432434 GetSecurityInfo
0x432438 SetSecurityInfo
0x43243c SetEntriesInAclA
Library CRTDLL.DLL:
0x432444 __GetMainArgs
0x432448 _sleep
0x43244c _stricmp
0x432450 atoi
0x432454 exit
0x432458 memcpy
0x43245c memset
0x432460 printf
0x432464 raise
0x432468 rand
0x43246c signal
0x432470 sprintf
0x432474 srand
0x432478 sscanf
0x43247c strcat
0x432480 strchr
0x432484 strncmp
0x432488 vsprintf
Library MSVCRT.DLL:
0x432490 _wgetcwd
.idata
*TX3kP*<
e^3kP:
d>:^Yk8
soV^3k_
)PU3kP48
ZYk:^[C
P^Yk:^Yh:^Yk8^3k
k_^Yk:^Yk
I^1k:^
qk:ZYk
Dc3kP^
]2Wd*;We*7
Yk:^Yo:^Yk8^3k
Yi:^Yk
'VP^3k
FcP^[;
T;kP42
3k$yYj8
3k$yYj8
_3kP42
P^GL:_[
3k$yYj8
Q^3k:_[
_3kP42
P^G/:_[
^3u42
_]3k:^
'VP^3k
^Yk:^[
3oP^3
*PZ3kP
*PNGla
*PVGla
*P_Gla
rkR^3k
:^Yk:ZYm
3kP+md
J6jP^3
Z5W8*!V
Z&jP^3
kP^Glm
D[2kP^
7mlcGem
3kP*4V
TK2kP^t
0kP-!-
Tc2kP^`=_
3km^3k
J8^#kP
SJ6WP^3
J6jP^3
Tk2kP^
lc2kP^3
VR^3kP+-
lc0kP^3
VT^3kP+9
lc6kP^3S
-V2LQ
3kP#_d
P^Yk:^
kP^Yh:^Yh8^3k
Wy3k:^[
2kP^l5
^3k:ZYk:^[kP^
mYi:^Yk
)PFv'<
Z5W ,&W/)"
qkP+>Z
c:^Yk:\Yk:^[kP^s
+iP^`=
62qP^[
k_^Yk:^Yk
.3k:ZYo
Yk8X3iP43
kP^Yk:^Yk8?
)P62kP
R6jP^3
kP67jP^
kP67jP^
88Z2kP
)P61kP
iP^[oQ^3
&jP^[k
3u3k:_[
#w3k:_
P6pjP^
:^Yi:^Yk:[Yj:^Yk:^[
{3k:_e
Ow3k:_e
v3k:_e
v3k:_e
v3k:_e
NCP^Yj
^[kR^3
*P43;:b
^Yk:\Yk:^Yn:_Yk:^Yk8
rk:N[]R^3
P^3;8*
rk:N[HR^3
P^3;8~
kP^YC8^3k
@6KjP^[
P6pjP^
)P6jP^YY8
^[GQ^3
^3k862kP63kP
^Y{:9[sQ^3
^3k8^3k
kP^[ZQ^3
^3k8^3k
H6jP^[
qk8^1kP
qk8^1kP
^Ys::[
qk8^1kP
Yk:^[kP
)P63iP^
rk8r2kP
^Yk:\Yk:^Yn:_Yk:^Yk8
)PjF}:^Yj8
JYk:^[%Q^3
^[GQ^3
qk8r2kP4
kP^[hP
D_3k8^3k
P^3;8P
kP^Yu8^3k
^[kR^3
^[kR^3
qk8^1kP
kP^[+Q^3
\3k:^[
3kP43=
qk8_3k
$}Yo:Z
gI3k:^Yk8
TKP^l5
(8^7kP
:+sk:^Yk
D"kP42
J3k:^
#)P^Yk
8^LkP43
S!3k:^
feP^Yk
>kPc3kP
qk8_3k
V3kmO2kPQ
R^3VC_3k$E
64kP43
*Pgvc_
^G/k[G
^GOk[O
^Ggk['
P^FK:^Yk8i
{$~Yk:^[
k%~Yk:^[
^FK:^Yk8
^FK:^Yk81
lnOolgMK:^Yk8n
lnOolgMK:^Yk8
NYk:^Yo:^Yk8^3k
3k:\Yk:^
T6kP43
qk8_3k
.\c3jP^<
T^3Per
;T^3Pev
o|FH:|
3kP42<:^c
^|xoP|xoP|x
^|xoP|x
^|xoP|xoP|x
^|xoP|xoP|x
^|xa^|xoP|x
^|xa^|xoP|x
^|xa^|xoP|x
^|xa^|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|x
^|xa^|xa^|x
Q|x#Q|xeQ|xV^|xMQ|xoP|xoP|xoP|xoP|xV^|xV^|xV^|xV^|xV^|xV^|xV^|xV^|xV^|xV^|xV^|xV^|xV^|xV^|xV^|xV^|xMQ|xeQ|xMQ|xMQ|x
^|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|x
Q|xoP|xoP|xoP|xoP|xoP|x
Q|xoP|xoP|xoP|xoP|xV^|x#Q|xoP|xoP|xoP|xoP|xoP|xoP|xV^|xV^|xV^|xV^|xV^|xV^|xV^|xV^|x#Q|x#Q|x#Q|x#Q|x#Q|x#Q|x#Q|x#Q|xMQ|xMQ|x9Q|xoP|x
^|xMQ|xeQ|x
P|xoP|x9Q|xoP|xoP|x
^|xoP|xoP|x
^|xV^|xV^|xoP|xoP|x
^|xV^|xV^|xV^|xV^|xV^|xV^|xV^|xV^|x#Q|x#Q|x
Q|xV^|xoP|xoP|xoP|xoP|x
P|x=^|x=^|xoP|xoP|x
^|xoP|xoP|xoP|xoP|xoP|xoP|x
P|xRP|xRP|xoP|xRP|xoP|xoP|xoP|xoP|x
P|xoP|xoP|xoP|x
P|xGP|x
P|xRP|xRP|xoP|xoP|xoP|x
P|xGP|x
P|xRP|x
P|xRP|xRP|xGP|x
P|xRP|xRP|xRP|xRP|xRP|xRP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|xoP|x
8--r7s
G|xFG|x
<x=J<x
y<x~y<x
<x}y<x
y<xEy<x
y<x%y2Y
y<xUh<x
)<xUy<x
y<x!~<x
i<x!~<x
y<xuy<x
I<xuy<x
<x]y<x
)<x]y<x
ry<xL<
uVs-V:x
xI}-Z<x
a|<xL<
]|<xL<
I|<xL<
I<hND8H
y#x-F?x
y<x:\<9
y<x:\89
y<x:\49
y<x:\09
9<xQ9<x
;<x-9<x
8<xA8<x
y<xU8<xY8<xu8<xy8<x
8<x%8<x-8<x18<x
8<xA8<x
y<xU8<xY8<xu8<xy8<x
8<x%8<x-8<x18<x
y<xDyy
y<x(y{
y<xEyc
CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize
SysAllocString
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA
GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA
GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA
GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA
__GetMainArgs
_sleep
_stricmp
memcpy
memset
printf
signal
sprintf
sscanf
strcat
strchr
strncmp
vsprintf
ole32.DLL
OLEAUT32.DLL
WININET.DLL
KERNEL32.DLL
USER32.DLL
GDI32.DLL
ADVAPI32.DLL
CRTDLL.DLL
CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize
SysAllocString
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
ExitProcess
ExpandEnvironmentStringsA
GetCommandLineA
GetComputerNameA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
LocalAlloc
LocalFree
OpenMutexA
CreateFileA
ReadFile
RtlUnwind
SetFilePointer
CreateMutexA
TerminateProcess
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA
GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
GetClassNameA
SetFocus
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
RegisterClassA
MessageBoxA
GetMessageA
GetWindowLongA
SetWindowLongA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
MoveWindow
DefWindowProcA
CallWindowProcA
GetStockObject
SetBkColor
SetTextColor
CreateBrushIndirect
CreateFontA
GetUserNameA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA
__GetMainArgs
_sleep
_stricmp
memcpy
memset
printf
signal
sprintf
sscanf
strcat
strchr
strncmp
vsprintf
_wgetcwd
ole32.DLL
OLEAUT32.DLL
WININET.DLL
KERNEL32.DLL
USER32.DLL
GDI32.DLL
ADVAPI32.DLL
CRTDLL.DLL
MSVCRT.DLL
L(C(C(C
<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C<C
PCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPCPC
dCdCdCdCdC
xCxCxCxCxCxCxCxCxC
No antivirus signatures available.
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:Qukart-AO [Trj]
C4S ClamAV (Linux) Win.Dropper.Berbew-9106192-0
Trellix (Linux) Generic Malware.bj trojan
Sophos Anti-Virus (Linux) Troj/Agent-BGRP
Bitdefender Antivirus (Linux) Generic.Dacic.1.Backdoor.Hangup.A.4917A72A
G Data Antivirus (Windows) Virus: Generic.Dacic.1.Backdoor.Hangup.A.4917A72A (Engine A), Win32.Trojan.PSE.11RRK8R (Engine B)
WithSecure (Linux) Trojan.TR/Crypt.XDR.Gen
ESET Security (Windows) a variant of Win32/Padodor.NAX trojan
DrWeb Antivirus (Linux) BackDoor.HangUp.43784
ClamAV (Linux) Win.Dropper.Berbew-9106192-0
eScan Antivirus (Linux) Generic.Dacic.1.Backdoor.Hangup.A.4917A72A(DB)
Kaspersky Standard (Windows) Trojan-Proxy.Win32.Qukart.vjh
Emsisoft Commandline Scanner (Windows) Generic.Dacic.1.Backdoor.Hangup.A.4917A72A (B)
Cuckoo

We're processing your submission... This could take a few seconds.