Static Analysis

PE Compile Time

1992-06-20 01:22:17

PE Imphash

8679c8c71268858668c3b616f436e78f

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
CODE 0x00001000 0x00009e90 0x0000a000 6.30968641945
DATA 0x0000b000 0x000001a0 0x00000200 3.73713080722
BSS 0x0000c000 0x0000118d 0x00000000 0.0
.idata 0x0000e000 0x0000091c 0x00000a00 4.26796097461
.tls 0x0000f000 0x00000008 0x00000000 0.0
.rdata 0x00010000 0x00000018 0x00000200 0.186582516435
.reloc 0x00011000 0x0000095c 0x00000a00 6.47441976485
.rsrc 0x00012000 0x00000600 0x00000600 3.78054784262

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00012150 0x000002e8 LANG_ENGLISH SUBLANG_ENGLISH_PHILIPPINES Device independent bitmap graphic, 32 x 64 x 4, image size 512
RT_RCDATA 0x00012448 0x000000a8 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_RCDATA 0x00012448 0x000000a8 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x000124f0 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_PHILIPPINES data

Imports

Library kernel32.dll:
0x40e100 VirtualFree
0x40e104 VirtualAlloc
0x40e108 LocalFree
0x40e10c LocalAlloc
0x40e110 GetTickCount
0x40e118 GetVersion
0x40e11c GetCurrentThreadId
0x40e120 WideCharToMultiByte
0x40e124 MultiByteToWideChar
0x40e128 GetThreadLocale
0x40e12c GetStartupInfoA
0x40e130 GetModuleFileNameA
0x40e134 GetLocaleInfoA
0x40e138 GetLastError
0x40e13c GetCommandLineA
0x40e140 FreeLibrary
0x40e144 ExitProcess
0x40e148 CreateThread
0x40e14c WriteFile
0x40e154 SetFilePointer
0x40e158 SetEndOfFile
0x40e15c RtlUnwind
0x40e160 ReadFile
0x40e164 RaiseException
0x40e168 GetStdHandle
0x40e16c GetFileSize
0x40e170 GetFileType
0x40e174 CreateFileA
0x40e178 CloseHandle
Library user32.dll:
0x40e180 GetKeyboardType
0x40e184 MessageBoxA
0x40e188 CharNextA
Library advapi32.dll:
0x40e190 RegQueryValueExA
0x40e194 RegOpenKeyExA
0x40e198 RegCloseKey
Library oleaut32.dll:
0x40e1a0 SysFreeString
Library kernel32.dll:
0x40e1a8 TlsSetValue
0x40e1ac TlsGetValue
0x40e1b0 LocalAlloc
0x40e1b4 GetModuleHandleA
Library kernel32.dll:
0x40e1c0 WriteFile
0x40e1c4 WaitForSingleObject
0x40e1c8 Sleep
0x40e1cc ReadFile
0x40e1d0 LoadLibraryA
0x40e1d8 GetVersionExA
0x40e1dc GetTempPathA
0x40e1e0 GetSystemDirectoryA
0x40e1e4 GetProcAddress
0x40e1e8 GetModuleHandleA
0x40e1ec GetModuleFileNameA
0x40e1f0 GetLastError
0x40e1f4 GetFileAttributesA
0x40e1fc FindNextFileA
0x40e200 FindFirstFileA
0x40e204 FindClose
0x40e210 ExitProcess
0x40e214 DeleteFileA
0x40e218 CreateThread
0x40e21c CreateMutexA
0x40e220 CreateFileA
0x40e224 CreateDirectoryA
0x40e228 CopyFileA
0x40e22c CloseHandle
Library mpr.dll:
0x40e238 WNetAddConnection2A
Library wsock32.dll:
0x40e240 WSACleanup
0x40e244 WSAStartup
0x40e248 gethostbyname
0x40e24c socket
0x40e250 send
0x40e254 recv
0x40e258 inet_ntoa
0x40e25c inet_addr
0x40e260 htons
0x40e264 connect
0x40e268 closesocket
Library shell32.dll:
0x40e270 ShellExecuteA
Library wininet.dll:
Library URLMON.DLL:
0x40e280 URLDownloadToFileA
This program must be run under Win32
.idata
.rdata
P.reloc
P.rsrc
StringX
TObject
YZ]_^[
Ht Ht.
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
_^[YY]
tVSVWU
_^[YY]
TBisBot
PRIVMSG
PRIVMSG
~dh8m@
ufh(s@
PING :
PRIVMSG
PRIVMSG
:Welcome
dlfile
:Downloading File...
:Download Successfull
:File Executed
QUIT :Updating...
logout
silent
:Invalid Input
(Net:
(WinDir:
(CurDir:
(netbios_infected:
(netbios_tries:
(netbios_failed:
(netbios_accessdenied:
(netbios_invalidpass:
(netbios_logonfailure:
(mydoom_infected:
(mydoom_tries:
(mydoom_failed:
(scan_infectedfiles:
(scan_infecteddirs:
(scan_copied:
File(%cur%\
File(%win%\
File(%sys%\
File(%tmp%\
File(\
restart
QUIT :Restarting
QUIT :Quiting
rndnick
:Heh :)
%rnddir%
%sys%\
%win%\
%cur%\
%tmp%\
%rand%
:Hidden as (
:Failed to hide as (
%rnddir%\%rand%.exe
:Added Random Garbage To (
:Failed To Add Random Garbage To (
system.ini
explorer.exe
:Added copy to statup
spread
QQQQQS
.com "win2k" :
biscanwormmark
TFileName
TSearchRecX
QQQQQS3
win32dc
win32dc\
trainer
serial
BattleField 1942
Doom 3
Sims 2
FlatOut
Counter-Strike
Silent Hill 4
Half-Life 2
UT2004
Quake3
tDHtvH
DCPlusPlus.xml
<Description type="string">
<Description type="string">Biscan</Description>
</Description>
<Share>
<Directory>
win32dc
</Directory>
dcplusplus.xml
upload
download
Ht!Ht,
QQQQQSV
abcdefghijklmnopqrstuvwxyz
Unknown
Dial-up
TMyDoom
PRIVMSG
:mydoom_infect
TNetBIOS
\Documents and Settings\All Users\Start Menu\Programs\Startup\
\WINDOWS\Start Menu\Programs\Startup\
\WINNT\Profiles\All Users\Start Menu\Programs\Startup\
Administrator
PRIVMSG
:netbios_infected
netapi32.dll
NetRemoteTOD
NetScheduleJobAdd
NetShareEnum
NetApiBufferFree
NetBIOSThread2
%rnddir%\%rand%.com
%rnddir%
%rand%
%sys%\
%win%\
%cur%\
%tmp%\
irc.lcirc.net
motherfucker
Runtime error at 00000000
0123456789ABCDEF
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
ExitProcess
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
user32.dll
GetKeyboardType
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
kernel32.dll
WritePrivateProfileStringA
WriteFile
WaitForSingleObject
ReadFile
LoadLibraryA
GetWindowsDirectoryA
GetVersionExA
GetTempPathA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetFileAttributesA
GetCurrentDirectoryA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
DeleteFileA
CreateThread
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
mpr.dll
WNetCancelConnectionA
WNetAddConnection2A
wsock32.dll
WSACleanup
WSAStartup
gethostbyname
socket
inet_ntoa
inet_addr
connect
closesocket
shell32.dll
ShellExecuteA
wininet.dll
InternetGetConnectedState
URLMON.DLL
URLDownloadToFileA
0,080<0@0D0H0L0P0T0b0j0r0z0
1"1*121:1B1J1R1Z1b1
637B7b7
:.:4:B:W:p:v:
:;);3;=;G;Z;h;~;
;F<g<q<
<(=H=l=
>1?=?z?
2!2;2a2m2u2
2/383H3P3V3_3f3k3t3
4$4,4M4\4l4
4"5V5{5
7Y8_8g8
9&9;9H9h9
;1<O=x=
&0y0U1`1q1z1
617A7W7u7
:":V:r:~:
>"?&?,?0?5?<?B?J?U?d?l?
00:0O0Y0^0~0
0(11161Y1f1|1
=#=*=.=4=8=>=E=I=c=l=u=
>*>T>b>g>
?"?/?;?H?Z?b?j?r?z?
0"0*020:0B0J0R0Z0b0j0r0
1+171D1V1^1k1w1
2 2$2(2,2024282F2N2V2^2f2n2v2~2
3F3[3|3
5I6S6X6]6i6
7-7e7v7
<+<3<O<e<
>!>,><>Q>\>l>
?0?;?K?`?k?{?
0*050E0g0w0
111A1I1
5!6q6|6
6 7@7`7
7?8G8R8
9>9^9|9
:6:>:I:
:0;<;M;c;h;x;
;+<?<S<c<
4%45+525<5N5^5|5
8Q9\9o9
9/:S:q:
;,;D;N;c;s;
>6>;>L>k>p>
0-0>0i0
5(6@6T6h6r6w6
727F7P7U7d7l7
8$8.838B8J8l8
;R<e<9=,>h>
2'3_3{3
45W5s5
707B7H7T7h7p7t7x7|7
8(9B9w9
9,:9:>:H:P:k:w:
<$<,<0<4<8<<<@<D<H<L<Z<b<
0!191s1}1
2"2,272L2f2
5O6h6w6
8&8+868=8H8
979S9_9f9q9{9
:$:6:<:L:[:g:n:y:
; ;$;(;,;0;4;8;<;@;D;H;P;f;q;y;
</<4<K<P<g<l<
=%=4=C=R=
004080
1$1(1,101D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
Gggfv@
&vvggd
wwgbvt
1wwwr"gf@
1wwwr"vv@
wr""gf@
wr""&f@
ww"w""@
wr'""@
{<:y&q?
Biscan
3Messages
System
SysInit
KWindows
UTypes
?WinInet
*ShellAPI
WinSock
apFunc
!uMyDoom
uNetBIOS
apInfect
&pWebServer
"r2>|b
JIOk/xw
<'o+|k
b!"d.{
cw.)hq
:_7,6>
K,+FS-
12Pm5,t
0oQ4\;
"(=-}B
GSA|1
aw_lO
)a~6E`
tqVw=1
mCT+1
'E<U[f
@g2b<7
\wr,,ZE
7&M;k_
z$_`b0
H'?f1$C
U#-T A}
./??`@
X1YQ,m4
j4Ph}C
kE=-/|
2^)&E#
Bb_W^E
'La0V{
*v -_4
xD[n|
.@+)AMX~
.{^8+(
(jPQGp
23'wP9
C!<c$YZ
v'EO]R
!L38sZB
Syv~ww
%)/^#
d[y"0y
>4C0NW
nqZ&Am
\c~<S{M
twRqy&
jQx?[j
"u^$|o
\gkraY
_y# Pb
i)=3Re
xn8D#d
:;T}u
=>I0gw0
Nr#n!%
Atg~?:K
X,Ur;J
>2UV~O0
>2UV~O0
EuounjfT
N-`tI\
\nl'8|
SWBw&6
xKe!~=19k
z'~0E8
y|hRsXse
3#rbR[
WaU*LYUF
9{yX/Y
Dlmh'{S
27IpBh
TVTe<8t05
#48L:@%
CFF9{?1
)8AVn4
ls)GJxe
d+bvt
9=<`~i
)|lOSV]
DVCLAL
PACKAGEINFO
MAINICON(
Antivirus Signature
Bkav W32.AIDetectMalware
Lionic Clean
tehtris Clean
MicroWorld-eScan Dropped:Generic.Malware.S!dld!.C425D330
CMC Clean
Cylance Unsafe
Zillya Backdoor.Delf.Win32.10118
CrowdStrike win/malicious_confidence_100% (W)
K7GW EmailWorm ( 005771db1 )
K7AntiVirus EmailWorm ( 005771db1 )
huorong Backdoor/IRCBot.bi
Baidu Win32.Trojan.Delf.j
VirIT Backdoor.Win32.Generic.CFDD
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/LunaStorm.D
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Alibaba Clean
NANO-Antivirus Trojan.Win32.Delf.dplrap
ViRobot Backdoor.Win32.A.Delf.49664.C
Tencent Trojan.Win32.Dropper.aaw
Sophos Troj/Luiha-BN
F-Secure Worm.WORM/Rbot.Gen
DrWeb Trojan.Siggen3.61286
VIPRE Clean
Trapmine malicious.moderate.ml.score
Emsisoft Dropped:Generic.Malware.S!dld!.C425D330 (B)
Ikarus Trojan.Win32.IRCBot
Webroot W32.Malware.gen
Avira WORM/Rbot.Gen
Antiy-AVL Trojan[Backdoor]/Win32.Delf.cst
Kingsoft malware.kb.a.1000
Gridinsoft Backdoor.Win32.Delf.bot!s1
Xcitium TrojWare.Win32.TrojanDownloader.Delf.gen@1xqow5
Microsoft Worm:Win32/Fesber!pz
SUPERAntiSpyware Trojan.Agent/Gen-IRCBot
ZoneAlarm Troj/Luiha-BN
AhnLab-V3 Backdoor/Win32.Delf.R27090
Acronis suspicious
VBA32 Exploit.Letipig
TACHYON Backdoor/W32.DP-Small.Zen
Malwarebytes Generic.Malware.AI.DDS
Zoner Trojan.Win32.22030
Rising Backdoor.Delf!1.64C1 (CLASSIC)
SentinelOne Static AI - Malicious PE
alibabacloud Backdoor:Win/LunaStorm.03d7a9d4
IRMA Signature
Trend Micro SProtect (Linux) TROJ_DELF.SMUA
Avast Core Security (Linux) Win32:IRCBot-EXE [Trj]
C4S ClamAV (Linux) Win.Trojan.Delf-6717398-0
Trellix (Linux) Generic BackDoor.ww trojan
Sophos Anti-Virus (Linux) Troj/Luiha-BN
Bitdefender Antivirus (Linux) Dropped:Generic.Malware.S!dld!.C425D330
G Data Antivirus (Windows) Virus: Dropped:Generic.Malware.S!dld!.C425D330 (Engine A), Win32.Worm.MyDoom.B (Engine B)
WithSecure (Linux) Worm.WORM/Rbot.Gen
ESET Security (Windows) a variant of Win32/LunaStorm.D worm
DrWeb Antivirus (Linux) Trojan.Siggen3.61286
ClamAV (Linux) Win.Trojan.Delf-6717398-0
eScan Antivirus (Linux) Dropped:Generic.Malware.S!dld!.C425D330(DB)
Kaspersky Standard (Windows) Backdoor.Win32.Delf.cst
Emsisoft Commandline Scanner (Windows) Dropped:Generic.Malware.S!dld!.C425D330 (B)
Cuckoo

We're processing your submission... This could take a few seconds.