6c39c3f4a08d3d78f2eb973a94bd7718

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2008-Nov-10 09:40:34

Plugin Output

Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Malicious VirusTotal score: 51/71 (Scanned on 2023-05-31 15:22:32) Lionic: Trojan.Python.Triton.4!c
Elastic: malicious (high confidence)
MicroWorld-eScan: Trojan.Agent.CSEH
ALYac: Trojan.Triton.21504A
Cylance: unsafe
Zillya: Trojan.Triton.Win32.1
Sangfor: Trojan.Script.TRISIS.ulxpg
K7AntiVirus: Trojan ( 00520d001 )
Alibaba: Trojan:Win32/Triton.fda816ac
K7GW: Trojan ( 00520d001 )
Cybereason: malicious.4a08d3
Cyren: W32/Triton.A.gen!Eldorado
Symantec: Trojan.Trisis
ESET-NOD32: Python/Triton.A
ClamAV: Win.Trojan.Triton-6403570-0
Kaspersky: Trojan.Python.Triton.e
BitDefender: Trojan.Agent.CSEH
NANO-Antivirus: Trojan.Win32.Python.ewaxyy
ViRobot: Trojan.Win32.S.Agent.21504.WH
Avast: FileRepMalware [Trj]
Rising: Trojan.Triton!1.B934 (CLASSIC)
TACHYON: Trojan/W32.Triton.21504
Emsisoft: Trojan.Agent (A)
DrWeb: Python.Triton.1
VIPRE: Trojan.Agent.CSEH
TrendMicro: Trojan.Win32.TRISIS.AC
McAfee-GW-Edition: Trojan-Trisis
FireEye: Trojan.Agent.CSEH
Sophos: Mal/Generic-S
Ikarus: Trojan.Python.Triton
Webroot: W32.Trojan.Gen
Google: Detected
Antiy-AVL: Trojan[APT]/Win32.Trisis
Microsoft: Trojan:Win32/CrystalDoom.A!dha
Xcitium: Malware@#2rkeitkdp369e
Arcabit: Trojan.Agent.CSEH
ZoneAlarm: UDS:DangerousObject.Multi.Generic
GData: Trojan.Agent.CSEH
AhnLab-V3: Trojan/Win32.Agent.C2299392
McAfee: Trojan-Trisis
MAX: malware (ai score=100)
VBA32: Trojan.Python.Agent
Malwarebytes: Malware.AI.957240532
Panda: Trj/CI.A
TrendMicro-HouseCall: Trojan.Win32.TRISIS.AC
Tencent: Win32.Trojan.Triton.Izij
MaxSecure: Trojan.Malware.11803932.susgen
Fortinet: W32/Agent.ZIM!tr
AVG: FileRepMalware [Trj]
DeepInstinct: MALICIOUS
CrowdStrike: win/malicious_confidence_100% (W)

Hashes

MD5 6c39c3f4a08d3d78f2eb973a94bd7718
SHA1 dc81f383624955e0c0441734f9f1dabfe03f373c
SHA256 e8542c07b2af63ee7e72ce5d97d91036c5da56e2b091aa2afe737b224305d230
SHA3 7238eb6a7ab9bb5a80165fb52f224f56a3c29702183844a181e3698dd740fcfc
SSDeep 384:eIn2vPeqUfmEZ+nUn0fJCfMdXWgugoL2RrXdUWJCXXtB:eBPeqYmEb0kUX9XdUzXv
Imports Hash b28c641d753fb51b62a00fe6115070ae

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2008-Nov-10 09:40:34
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x2200
SizeOfInitializedData 0x2e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00002B28 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x4000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x9000
SizeOfHeaders 0x400
Checksum 0x510d
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 264ca42964cf5a4c6c722f9fd8c7f6d7
SHA1 681c8d8703f243f75d87b4d907c8d00cf2d02828
SHA256 d3c24986662d619dcbec7eaebc26f696264d78583645764f7fb7e9478ec3faf6
SHA3 852232a929dd5de7952abddeef2c1d76cd332e5d18523213c382c3a06dbaed15
VirtualSize 0x2084
VirtualAddress 0x1000
SizeOfRawData 0x2200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.0944

.rdata

MD5 f6694c54551d514f286e97634b5a17c3
SHA1 cd34cf98d2355f97ccbd60e6290549cd68bd5819
SHA256 3ab04c9e3b2142766407051d64d19e08e8ed1d2deab303882ee5da18ffe2eb5d
SHA3 918742b8f5aca3d44e167e3a7930031d470b3f40aa570c150251a848bcfcc83d
VirtualSize 0x912
VirtualAddress 0x4000
SizeOfRawData 0xa00
PointerToRawData 0x2600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.7069

.data

MD5 1611cb3b9b45f5539a91e11559fb588e
SHA1 d7bf9b095493ab8e9678d229191f0d9674a9ef9f
SHA256 7fe6d290c3ef541048216ff3924f96fd40e554542f5dc709a4ce2f427022bf36
SHA3 e92588bb781c107ffb1fe89d119349a367c40778006acfd8abd95180a2ccf28e
VirtualSize 0x1668
VirtualAddress 0x5000
SizeOfRawData 0xc00
PointerToRawData 0x3000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.5296

.rsrc

MD5 12b262c74f5dfd41c3fd9101cf069d21
SHA1 21d608624dcc3b1683ecf49104af3cac9023610e
SHA256 eacdabb9347f35d9f0604a59e8d4b3449091401fadde4915b9f93972db599e81
SHA3 b85b627d4d02a8833f7b5c2215c0761fa73cb8b4199544e79fa8422b0bbde51e
VirtualSize 0x1750
VirtualAddress 0x7000
SizeOfRawData 0x1800
PointerToRawData 0x3c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.1503

Imports

MSVCR90.dll _controlfp_s
_invoke_watson
strncpy
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
realloc
bsearch
qsort
memset
memcpy
setbuf
getenv
atoi
malloc
free
_snprintf
strncmp
strrchr
fprintf
__iob_func
_crt_debugger_hook
_stricmp
_strdup
KERNEL32.dll LocalFree
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
HeapAlloc
IsBadReadPtr
SetLastError
GetProcessHeap
HeapFree
VirtualFree
VirtualProtect
VirtualAlloc
FreeLibrary
GetModuleHandleA
OutputDebugStringA
GetFullPathNameA
LoadLibraryA
GetProcAddress
UnmapViewOfFile
CreateFileA
GetFileSize
CreateFileMappingA
CloseHandle
MapViewOfFile
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetLastError
FormatMessageA

Delayed Imports

1

Type PYTHONSCRIPT
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1439
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.93356
MD5 515a72b25bc336be68a3a2d4bc60ae5c
SHA1 bd9a3c6e66868af4d58a35cc942f310995df23bc
SHA256 10ec144aa3e3d97a5062f5fd975cc3c1ca09cf92adf847781de8606b84ff34c8
SHA3 64190e45d351b4fdf5fff0dbee9c6d08987515a342f4e62f012ec4c1c971361b

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x256
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.0207
MD5 5a32206e4bb9d06170ae00fa980db49b
SHA1 126a45f48625322ba11eb0acf1ade9115ad6802b
SHA256 9f2fc067639866642bb1a73fb43006d233e569d25566b16dedec472fe5d3c5c3
SHA3 bfab9d66b065ea131bdc44ac811cfcf4d5c43a1075f9b6d16f0c8f2f20237cac

Version Info

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x405a58
SEHandlerTable 0x4041d0
SEHandlerCount 1

RICH Header

XOR Key 0xd2ba5881
Unmarked objects 0
Imports (VS2012 build 50727 / VS2005 build 50727) 2
150 (20413) 2
Imports (VS2008 build 21022) 3
Total imports 84
ASM objects (VS2008 build 21022) 1
C++ objects (VS2008 build 21022) 2
C objects (VS2008 build 21022) 25
Linker (VS2008 build 21022) 1
Resource objects (VS2008 build 21022) 1

Errors