Static Analysis

PE Compile Time

1992-06-20 01:22:17

PE Imphash

340b68d3badf5efdff83e99017a788db

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x00017000 0x00000000 0.0
UPX1 0x00018000 0x00008000 0x00007c00 7.8725935319
.rsrc 0x00020000 0x00001000 0x00000800 3.71378512545

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00020154 0x000002e8 LANG_SPANISH SUBLANG_SPANISH_MODERN Device independent bitmap graphic, 32 x 64 x 4, image size 512
RT_RCDATA 0x00012448 0x000000a8 LANG_NEUTRAL SUBLANG_NEUTRAL empty
RT_RCDATA 0x00012448 0x000000a8 LANG_NEUTRAL SUBLANG_NEUTRAL empty
RT_GROUP_ICON 0x00020440 0x00000014 LANG_SPANISH SUBLANG_SPANISH_MODERN data

Imports

Library advapi32.dll:
0x42051c RegCloseKey
Library KERNEL32.DLL:
0x420524 LoadLibraryA
0x420528 ExitProcess
0x42052c GetProcAddress
0x420530 VirtualProtect
Library mpr.dll:
0x420538 WNetAddConnection2A
Library oleaut32.dll:
0x420540 SysFreeString
Library shell32.dll:
0x420548 ShellExecuteA
Library URLMON.DLL:
0x420550 URLDownloadToFileA
Library user32.dll:
0x420558 CharNextA
Library wininet.dll:
Library wsock32.dll:
0x420568 send
StringX
TObject
q{+]i3;
8S(@N?d
-=]3WS
;=Gu,)
8KZh+3
&j8V@h
bSK4)6
g$xtZXtU0
~KxI[)
S..y$1M
OFTWARE\Borland\Delphi\RTL
Nt5]w_
4(Do|
{ZA!Ry+
k/-Rf;0
}&^~")
!s3oZI
kiL`pL
@.y9Mh@9
TBisBot
^"?xG8
3IVMSG
gXh4i@
<'GPLx
k00L:0B
@B.yF
l!/i~/
llU_2!
hdh8ht
m6`LxL`
DcJO8 +Ht
+DE Gd
login
2O :L%are
cta - Nivel:MASTER
_dfisier;
sc<c F
_mple`
QUIT+Upd!
[pnto0
faAA7m
<systmp
ckONICK/{
Gjo^WpaH
Vbag7To%/#a
om EwEGI(RY
CDPJw<$
xtrwm?-
h.cXlo,
1942+
Fl<Out
d3DAoCColC
f-Lifed
UT2004Dh
tDHtv#
DCPlus
"ption type="s
">#,XTR</
pb`$y_
pifL$kE
md#bat
defghijklmnopqr
uvwxyz
([^_FP
HUnkn[@
ya9598SE
aWJJNV
S} M"u\P
rogram
up\G%Wd,
INDOWS./6a'
d1dE, Wp
uBN`e!
api32.d
ACBuf\rF
ck217356746
Err/gR
01234
2:FV4M
GP&=O8
4UTyp$
*S<API
&pWebServ
,T6i8!
!#Cp2J
F.G<dS
W}#"RdA
QCpw11
Library>Get0
bu`s!sPE
d.)p=c
E)Of7RtlJ
O<n[.6
5;cn/A
(NmxIav
I ghobynaC
XPTPSW
Gggfv@
&vvggd
wwgbvt
1wwwr"gf@
1wwwr"vv@
wr""gf@
wr""&f@
ww"w""@
wr'""@
advapi32.dll
KERNEL32.DLL
mpr.dll
oleaut32.dll
shell32.dll
URLMON.DLL
user32.dll
wininet.dll
wsock32.dll
RegCloseKey
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
WNetAddConnection2A
SysFreeString
ShellExecuteA
URLDownloadToFileA
CharNextA
InternetGetConnectedState
uz@>_MPw
<kyyn!
aF0|yv
LaSepP
)\THNX
P}CWvk
T .Krw
DQTUcb
>V/5 +#
A?i8"e
E-k-IIsa
U.fuM2
\^09m|b
83~PW2
#F:m!~N
%3]XCIRC
;)RuB@B
huflW@u0I
-41X jwZY
=G+cyV
x%f#s&`
E]E<{-H
-Q)<R\
2V]*4bYZ'h*]
dHoxK^r
+5?g'b
Re?k?2
YVoC)#.
GG<&e{
v/:TUj
?DA]uj
ow-0u}
m,gkt^5K
<Bw.q2Q
G,%),_d
cdfwn'uI
}J2sytJX
0(x7@:
;[U#Ef
$pO-NU
yT?,V5
U{|'BH
Q74p\3$
/AGB~x
;0?ii%
b_YGODWR
_lNywFY
I*6.is%
ss<uaZ%
\cS?8WiU
rmB X
hh3YB!8
C)t^}*
T =lZ@
(o(~Bd/%
.N%:9K
{2Mpx~
#Kojbx
+\y|gq#
AQPB*x
swhv^N2
UCv-c)
JFUXOH4_@ih
MIuaGQ5
#w.BG{
LsxTPB
h+`{6O
-V2.Iw
'Q&G6W
X@[v%[GiG
56\6k3
6dX%s1
T9(W*6
m=-ipd
5d38+$
, 8/>m
@CHwH~
`Q=1GS(
HI{v5QR
ddjBC,w
TWO%&~
#YRe..+
[kOLl
'T=-4s(
7REODe
kTf0co
rz:" X
?bay^V
oqJX1w
K-jsy
sB|}[1
lR-E/QQ
'wkOa\
F_rj:I.\(
Bqa?(T|
m*q%rK
YYn`gx
a_swmz
y<XG4M
mOML{'
;DI-oIS
e=RaLy
yD6.F1
4'#9G"
y) PY
}T3Bc~&
kyj3<:/
^B;j]:
5hO:~M
TT\==DF"[I<
?7B ){Z
L~j[I!
`u_D"H
:`Awu{fT
/'mSKY
ujF;o}
~&qo2j@J
iZL+q]
ad'?`=
?@U^la
Jc;d5
M`p6p.;
@a3GVW
:m]k^q
N vF9m+
4b[;<fD
CdqNe/
x9/\E&r
!9hx6B4
S9ZK[<H
E0FJ[U
Cvg1+^
$N5^Oq
BZ-L8*
;`72|}\k
][r$t G
BKO:tu"
Kvfbc$i{
"yU+OF
9p1%zo
@$~qD'A
lUk5P1
+wz3.)
3U"(b?G
Ya/\'_0
{\kGx*(
($.:u_
a0FvHs
6E;wx>>
7N$+vl
sz[O"L7
ZL5(r|
GKgI%1i
.d0fT*{
DVCLAL
PACKAGEINFO
MAINICON
No antivirus signatures available.
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:MalwareX-gen [Bot]
C4S ClamAV (Linux) YARA.UPX.UNOFFICIAL
Trellix (Linux) Exploit-Mydoom virus
Sophos Anti-Virus (Linux) Clean
Bitdefender Antivirus (Linux) Generic.Malware.S!dld!.AF6ABF18
G Data Antivirus (Windows) Virus: Generic.Malware.S!dld!.AF6ABF18 (Engine A)
WithSecure (Linux) Trojan.TR/Dldr.Delphi.Gen
ESET Security (Windows) a variant of Win32/IRCBot.AZV trojan
DrWeb Antivirus (Linux) Win32.HLLW.Siggen.10562
ClamAV (Linux) Win.Trojan.Delf-6717398-0
eScan Antivirus (Linux) Generic.Malware.S!dld!.AF6ABF18(DB)
Kaspersky Standard (Windows) Backdoor.Win32.Delf.ars
Emsisoft Commandline Scanner (Windows) Generic.Malware.S!dld!.AF6ABF18 (B)
Cuckoo

We're processing your submission... This could take a few seconds.