df40f41072aeb634e639b7666104e424fc2a7a6ed758f43e239cf0a06aa3b2d0

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2004-May-25 18:01:25
Detected languages English - United States
ProductName unknown
ProductVersion 1.4.1.0
CompanyName gkweb
FileDescription Windows Worms Doors Cleaner
FileVersion 1.4.1
InternalName wwdc
LegalCopyright 2004 gkweb
OriginalFilename wwdc.exe
E-Mail gkweb@firewallleaktester.com
Web http://www.firewallleaktester.com

Plugin Output

Suspicious PEiD Signature: UPX -> www.upx.sourceforge.net
Info Interesting strings found in the binary: Contains domain names:
  • firewallleaktester.com
  • http://www.firewallleaktester.com
  • www.firewallleaktester.com
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Can access the registry:
  • RegCloseKey
 Possibly launches other programs:
  • ShellExecuteA
Suspicious The file contains overlay data. 32 bytes of data starting at offset 0xc800.
Malicious VirusTotal score: 5/71 (Scanned on 2026-06-14 02:58:27) Bkav: W32.Malware.568EFF0A
ClamAV: Win.Trojan.Agent-915484
Jiangmin: Trojan/Yakes.ebi
Trapmine: suspicious.low.ml.score
TrellixENS: GenericRXWU-SI!197F0A9884AF

Hashes

MD5 999f6e5c8d5c81f48afbdab7f8777323
SHA1 a48a62e41cc71bf19024f160b0693822b45fd27b
SHA256 df40f41072aeb634e639b7666104e424fc2a7a6ed758f43e239cf0a06aa3b2d0
SHA3 3960e5f9a89d6ecdcf142d9d6a42f321ae688a61c2669d155d89728283bb4dcc
SSDeep 1536:YGEjCJpb0MZf+DpX5ZpJF+8qyFPDAh2ra:ymHb02KZj+yuh2ra
Imports Hash 7f82f0b60b71fbdb8e5e6d1435bef5b6

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2004-May-25 18:01:25
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0xc000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x1c000
AddressOfEntryPoint 0x000289B0 (Section: UPX1)
BaseOfCode 0x1d000
BaseOfData 0x29000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 1.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x2a000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1c000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 f132b3a3a52364299d70d4813e525400
SHA1 428184f8b3fd13cceba8fad30b75f30f831c2a3a
SHA256 c246b0b0d7ec2ed4d6e449ce86370293f597dd605cf344a95b3836174e70f1fe
SHA3 6efb28887b67b30d4cd9a3f8284fc334671ba59bb24e6cdee45bf5c4ec311b5e
VirtualSize 0xc000
VirtualAddress 0x1d000
SizeOfRawData 0xbc00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.90444

.rsrc

MD5 3a584221eca0dbc1edac6f24fcd993bf
SHA1 61cdaf1e16e641b74b6136b92254bf23a71fbf40
SHA256 0cc2a50041e4da2297e939772bda3c4c6ce8ceda76f76b61ae960ddfeaaf4163
SHA3 03195aa8e0fb6073666f025ff153f0957b16122719475c1dea6b933578660954
VirtualSize 0x1000
VirtualAddress 0x29000
SizeOfRawData 0xa00
PointerToRawData 0xbe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.44031

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
ExitProcess
ADVAPI32.DLL RegCloseKey
COMCTL32.DLL ImageList_Add
CRTDLL.DLL _iob
GDI32.DLL TextOutA
IPHLPAPI.DLL GetTcpTable
SHELL32.DLL ShellExecuteA
USER32.DLL IsChild
WSOCK32.DLL ntohs

Delayed Imports

50

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.55028
MD5 bffe2435847bf05a767323b6349b64f4
SHA1 b541d17b695e031633b89bb89954fb7667564398
SHA256 62ffc5d256c92194895c24ae5e6be492826030f50a3e8ad5761312d9c8e9c320
SHA3 c0bb2661b722ca4a7ce751461ffebc2893d27a51fcbeef230c0345d30167660e

1

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.97095
Detected Filetype Icon file
MD5 ba2c6372e3d29aa16678c149698ba542
SHA1 d3b51f8da06fb6752b3a90e548a77bde0b4067fa
SHA256 201465f6e185fd203fa0b4129775865715f46eb3e5e5f143e42662db030d8c20
SHA3 afee7f60ecc19944546d7e17ca948e99f32c617d68eb5679b4aec32ab8f93c5e

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x340
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.38983
MD5 1f37aa21277f260c814525468b98654a
SHA1 23aef4ec07e8361d25ceb7fb4b0306c817105760
SHA256 9fe0fd8afc161629d5dbaf5f215f4964ee964b5461365ed9a644236f72265dbf
SHA3 49fe8fc2f2ebe9a956f33b6e8affcb2668cc5db46cf67337b7a3a4bcecd3cb3e

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.4.1.0
ProductVersion 1.4.1.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
ProductName unknown
ProductVersion (#2) 1.4.1.0
CompanyName gkweb
FileDescription Windows Worms Doors Cleaner
FileVersion (#2) 1.4.1
InternalName wwdc
LegalCopyright 2004 gkweb
OriginalFilename wwdc.exe
E-Mail gkweb@firewallleaktester.com
Web http://www.firewallleaktester.com
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!
Leave a comment

No comments yet.