md5 d9f2513d33d35e707100a9ebe08df445
sha1 379c30d08f4738188c9d1027b54d086fb915a1f0
sha256 5fad7e5fedb46e8e390b382680c21dced468a4df0e34bbf848f5977d263e1156
Ratio 3/10
First seen 2014-05-14 00:34:36 UTC
Last seen 2014-05-17 04:35:28 UTC
Last update 2019-03-20 10:52:12 UTC
Filename 2.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
Size 194 KiB (198144)
Ssdeep 3072:efzgmQ+bob/MigPcEbIT3X/oDkzzSlsmdNhxaBNCYnkjFUTGPRrRAMthBTAj4gsc:e7gmQJULkz+liTWe8EQQimiw2
Rescan  
Antivirus Result Definition date
AVG - 20140903
Avast Win32:Malware-gen 20141221
Avira - 20190301
ClamAV - 20170504
ESET NOD32 - 20190301
Emsisoft - 20140909
GData Gen:Variant.Symmi.41785 20170504
Kaspersky Trojan-Spy.Win32.Zbot.silj 20140903
McAfee - 20140712
Microsoft - 20170504
EXE:FileSubtype 0
EXE:OriginalFilename C4nV45J.exe
EXE:ProductName c5OF6c7
File:MIMEType application/octet-stream
EXE:InitializedDataSize 869888
File:FileModifyDate 2014:05:14 02:34:36+02:00
EXE:LinkerVersion 10.0
EXE:FileVersionNumber 5.4.5.8
EXE:FileVersion 5.4.5.8
File:FileSize 198144
EXE:CharacterSet 0000
EXE:MachineType 332
EXE:FileOS 262148
EXE:ProductVersion 5.4.5.8
EXE:ObjectFileType 1
File:FileType Win32 EXE
EXE:UninitializedDataSize 0
EXE:ImageVersion 0.0
EXE:OSVersion 5.1
EXE:PEType 267
EXE:TimeStamp 2014:05:05 15:53:31+02:00
EXE:FileFlagsMask 63
EXE:LegalCopyright Copyright 1996 - 2005
EXE:InternalName C4nV45J.exe
EXE:FileFlags 0
EXE:Subsystem 2
EXE:FileDescription dSZ5Ja91BA
EXE:EntryPoint 33600
EXE:SubsystemVersion 5.1
EXE:CodeSize 152064
EXE:CompanyName POET Software
EXE:LanguageCode 0409
ExifTool:ExifToolVersion 8.6
EXE:ProductVersionNumber 5.4.5.8

Overview

PEID BobSoft Database -
PEID Panda Database -
PEID SANS Database -
PEID SysReveal Database -
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compile Time 2014-05-05 15:53:31
Address Of Entry Point 0x8340
Optional Header 0x400000
Is it a DLL? No
Number of RVA and Sizes 16
Required CPU Type IMAGE_FILE_MACHINE_I386
Flags

Information about sections

Name: .text
SizeOfRawData: 152064
Entropy: 6.12
Misc_VirtualSize: 0x25141
VirtualAddress: 0x1000
MD5: d1c4be93ec1c3acdbff8215b120ed235
SHA1: 0f8fbaf5f07953c933cdb17a277060d9fe58c394
SHA256: cba121eca4a66576d09a10c4e4dbcae5f263f64bb74bc98d37631ca4348b7953
SHA512: e701d7599f6f8db63909b727c2f41897492565fa16d2ce167583a69ee01c2a993d3a08917e48810cc9a917ba53ebd4703ff3855f34e2e497311df299d2ec2bf2
Flags: IMAGE_SCN_CNT_CODE IMAGE_SCN_MEM_EXECUTE IMAGE_SCN_MEM_READ

Name: .rdata
SizeOfRawData: 3072
Entropy: 5.39
Misc_VirtualSize: 0xc00
VirtualAddress: 0x27000
MD5: 51a9ebbdbfb136f59f7fba6434f29124
SHA1: 738358f6feb5f12b7fa8bb69fe320ae32e6a1951
SHA256: 45e522eafe4c9f0f9164d442b9f046fc5f6d5cbaf09bc4e8ecadd05de97eb016
SHA512: 8b54f266d64e6c07f04e066580b42ce9bed0795818b0e021f8fb09edbdfee0ee928d1d8949a5f273781c0a4262f7a77afe7eb553353a85e4cc3ee64199a53d39
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA IMAGE_SCN_MEM_READ

Name: .data
SizeOfRawData: 16384
Entropy: 7.8
Misc_VirtualSize: 0xcd4c8
VirtualAddress: 0x28000
MD5: f5412cd2ef512ff317af7a8a7cacb342
SHA1: dd4bcd81891c714da67620e64793a379351648e9
SHA256: aa5375bc46fe263da80d7b997c809d5f9b39b5d54f978c49cd011050bed0d184
SHA512: 1c31f3cfb00633607978cf71178031851bb895f3fae915a0453b55cc651c7f0c4d9e0de27bca33c752f48a904c28c8cfb07477de6f6e8504f75b989f528182be
Flags: IMAGE_SCN_MEM_WRITE IMAGE_SCN_CNT_INITIALIZED_DATA IMAGE_SCN_MEM_READ

Name: .rsrc
SizeOfRawData: 25600
Entropy: 6.9
Misc_VirtualSize: 0x6228
VirtualAddress: 0xf6000
MD5: 04e8378117ba7cdd3003a3c787c7c216
SHA1: 21b0814987252286d7a70dfe5472f28ad67e8051
SHA256: 790de6615f24f89c1d04fff6d6714bef38c371ccb7eae79356f772597b9dc65a
SHA512: 30d22258d1b5dfeb3f4954160ff1264a1cd2787311f89898833fe8995c85dca98e77bc9f29b642ad008667e2b56ca6d3abceadc4dcd04085aff57c920d2ac17e
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA IMAGE_SCN_MEM_READ

Name SizeOfRawData Entropy Misc_VirtualSize VirtualAddress
.text 152064 6.12 0x25141 0x1000
.rdata 3072 5.39 0xc00 0x27000
.data 16384 7.8 0xcd4c8 0x28000
.rsrc 25600 6.9 0x6228 0xf6000

Antidebug

Name Position
UnhandledExceptionFilter 0x427088
IsDebuggerPresent 0x427080
TerminateProcess 0x427054

Import Table

PageSetupDlgW
AVISaveOptionsFree
DragFinish
TerminateProcessGetUserDefaultLCIDReadFileGetFileInformationByHandleGetFileAttributesWWriteFilelstrcpynWSetEndOfFileGetCurrentProcessGetLocaleInfoWCreateFileWIsDebuggerPresentlstrcpyWUnhandledExceptionFilterSetUnhandledExceptionFilterIsProcessorFeaturePresent
ClosePrinter
UnhookWinEventGetWindowTextWGetSystemMetricsLoadImageWCharLowerWSetWinEventHookTranslateMessageMessageBeepCreateWindowExWEnableWindowGetDlgItemIsDialogMessageWShowWindowGetParentGetDesktopWindowSetActiveWindowLoadStringWIsClipboardFormatAvailableUpdateWindowGetWindowLongWGetCursorPosGetDlgCtrlIDSetCursor
RegOpenKeyExWRegOpenKeyExARegQueryValueExARegCreateKeyW
StartPageGetObjectWCreateDCWGetTextFaceWGetDeviceCapsStartDocWEnumFontsWTextOutWCreatePaletteGetWindowOrgExGetTextExtentPoint32W