Adware.OutBrowse (VIPRE), Trojan.NSIS.StartPage.FDTrojan.Win32.Swrort.3.FD (Lavasoft MAS)Behaviour: Trojan, Adware
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 6936adddce5bab89a86959fcf2f33d36
SHA1: 1fe40088ea87e28aaf7e2e0d7e3de57a5fba4ac4
SHA256: 2610aa4a6c334c834730b8df519c752960eb57f9a7290dc9b537f587b9645c9a
SSDeep: 3072:EgXdZt9P6D3XJGCG5Ky/9XO3jR0eWSzUu/0Wb:Ee341GUQ9OzRgW/cM
Size: 104376 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-12-06 00:50:52
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
%original file name%.exe:2004
wmic.exe:512
The Trojan injects its code into the following process(es):
DM1391965868.exe:464
File activity
The process %original file name%.exe:2004 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsi2.tmp\Banner.dll (4096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi2.tmp\NSISdl.dll (14848 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DM1391965868.exe (1410840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\instructions.dat (1423908 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi2.tmp\Convert.dll (145326 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsd1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\instructions.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi2.tmp (0 bytes)
The process wmic.exe:512 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\tmp3.tmp (33480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (2652570 bytes)
%System%\wbem\Logs\mofcomp.log (582 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp (37088 bytes)
%System%\wbem\AutoRecover\88744D2A29102FC88ECF505DD2E984FC.mof (58770 bytes)
%System%\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof (7496502 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\obhhelper.txt (238 bytes)
%System%\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof (65986 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\obhhelper.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (0 bytes)
The process DM1391965868.exe:464 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Cookies\Current_User@ppdownload[2].txt (577 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014030420140305\index.dat (32768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\R5BRBDUV\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\dc[1].js (54775 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\button_over[1].png (921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\button[1].png (458 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (61440 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\R5BRBDUV\bodyImg[1].png (109767 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ppdownload[1].txt (482 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\DynamicOfferScreen[1].htm (16256 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Cookies\Current_User@ppdownload[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013041120130412\index.dat (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ppdownload[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013041120130412 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\obhhelper.txt (0 bytes)
Registry activity
The process %original file name%.exe:2004 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F4 78 86 B5 F8 90 57 65 70 F1 68 03 81 DF 10 EF"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
The process wmic.exe:512 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4A FA AC DC A6 22 9E 4D 58 58 FD 8B 79 F6 6D AB"
[HKLM\SOFTWARE\Microsoft\WBEM\CIMOM]
"Autorecover MOFs timestamp" = "130384110045693750"
[HKCU\Software\Microsoft\Wbem\WMIC]
"WMICLC" = "0"
"mofcompMUIStatus" = "0"
[HKLM\SOFTWARE\Microsoft\WBEM\WMIC]
"CliEgAliases.mof" = "127360404460000000"
"Cli.mof" = "127360404460000000"
"CliEgAliases.mfl" = "127345749920000000"
"mofcompstatus" = "1"
The process DM1391965868.exe:464 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\TypeLib]
"(Default)" = "{03771AEF-400D-4A13-B712-25878EC4A3F5}"
[HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0\0\win32]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\DM1391965868.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65324"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 0C 00 00 00 01 00 00 00 00 00 00 00"
[HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "ÃÂâ€ÂøðóýþÑÂÂтøúð ÿрþñûõü ÿþôúûючõýøÑÂÂ..."
[HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}\TypeLib]
"Version" = "1.0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014030420140305]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014030420140305\"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}]
"(Default)" = "CBrowserExternal Class"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d45-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014030420140305]
"CacheOptions" = "11"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91167d42-103d-11db-8c91-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\Version]
"(Default)" = "1.0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014030420140305]
"CachePrefix" = ":2014030420140305:"
[HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0\HELPDIR]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp"
[HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\TypeLib]
"(Default)" = "{03771AEF-400D-4A13-B712-25878EC4A3F5}"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65324"
[HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0]
"(Default)" = "SmartInstallerLib"
[HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}]
"(Default)" = "IBrowserExternals"
[HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\LocalServer32]
"(Default)" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\DM1391965868.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014030420140305]
"CacheLimit" = "8192"
[HKCR\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}\LocalServer32]
"ServerExecutable" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\DM1391965868.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65324"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7B E8 F1 AC FE 50 0D 94 2E F9 43 D2 65 2F 62 A4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65324"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c0d8da-77bd-11e0-bb02-000c293bc0fd}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCR\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}\1.0\FLAGS]
"(Default)" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014030420140305]
"CacheRepair" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8d94-66db-11de-b228-806d6172696f}]
"BaseClass" = "Drive"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013041120130412]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Network activity (URLs)
| URL | IP |
|---|---|
| hxxp://getfilesresources.outbrowse.netdna-cdn.com/dmresources/instructions.dat | |
| hxxp://smartinstaller.elasticbeanstalk.com/Installer/Flow?pubid=301&distid=3746&productid=3578&subpubid=-1&campaignid=0&networkid=1&dfb=0&os=5.1&iev=6.0&ffv=&chromev=&macaddress=&netv=&d1=5010&d2=-1&d3=-1&d4=-1&d5=34094&cookieproductname=105-84-117-110-101-115&cookieeula=&cookieprivacy=&hb=1&systembit=32&vm=1&version=3.0 | |
| hxxp://ppdownloadoffers.outbrowse.netdna-cdn.com/offers/DynamicOfferScreen?offerid=5&distid=3746&leadp=3578&cookieproductname=105-84-117-110-101-115&dfb=0&hb=1& | |
| hxxp://stats.l.doubleclick.net/dc.js | |
| hxxp://getfilesresources.outbrowse.netdna-cdn.com/offers/images/Theme10/topLine.jpg | |
| hxxp://getfilesresources.outbrowse.netdna-cdn.com/offers/images/Theme10/topComp.png | |
| hxxp://getfilesresources.outbrowse.netdna-cdn.com/offers/images/Theme10/bgImg.jpg | |
| hxxp://getfilesresources.outbrowse.netdna-cdn.com/offers/images/Theme10/bodyImg.png | |
| hxxp://getfilesresources.outbrowse.netdna-cdn.com/offers/images/Theme10/bottomLine.jpg | |
| hxxp://getfilesresources.outbrowse.netdna-cdn.com/offers/images/Theme10/nextCase.jpg | |
| hxxp://stats.l.doubleclick.net/__utm.gif?utmwv=5.4.7dc&utms=1&utmn=1247947545&utmhn=offers.ppdownload.com&utmcs=utf-8&utmsr=1280x768&utmvp=590x395&utmsc=32-bit&utmul=ru&utmje=1&utmfl=6.0 r79&utmdt=5 - NonProduct (SoftWorld Download Manager)&utmhid=1041594202&utmr=-&utmp=/offers/DynamicOfferScreen?offerid=5&distid=3746&leadp=3578&cookieproductname=105-84-117-110-101-115&dfb=0&hb=1&&utmht=1393937419272&utmac=UA-37348037-1&utmcc=__utma=81742934.871961272.1393937419.1393937419.1393937419.1;+__utmz=81742934.1393937419.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=qh~ | |
| hxxp://getfilesresources.outbrowse.netdna-cdn.com/offers/images/Theme10/button_over.png | |
| hxxp://getfilesresources.outbrowse.netdna-cdn.com/offers/images/Theme10/button.png | |
| installer.apps-track.com | 50.17.255.198 |
| get.getfilesresources.com | 198.232.124.224 |
| stats.g.doubleclick.net | 74.125.142.157 |
| offers.ppdownload.com | 108.161.189.33 |
| static.revenyou.com | 198.232.124.224 |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Screenshot
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:2004
wmic.exe:512 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\nsi2.tmp\Banner.dll (4096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi2.tmp\NSISdl.dll (14848 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\DM1391965868.exe (1410840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\instructions.dat (1423908 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi2.tmp\Convert.dll (145326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp3.tmp (33480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp4.tmp (2652570 bytes)
%System%\wbem\Logs\mofcomp.log (582 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\tmp5.tmp (37088 bytes)
%System%\wbem\AutoRecover\88744D2A29102FC88ECF505DD2E984FC.mof (58770 bytes)
%System%\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof (7496502 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\obhhelper.txt (238 bytes)
%System%\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof (65986 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ppdownload[2].txt (577 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014030420140305\index.dat (32768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\R5BRBDUV\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\dc[1].js (54775 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\button_over[1].png (921 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\XWHK1GPI\button[1].png (458 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (61440 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\R5BRBDUV\bodyImg[1].png (109767 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ppdownload[1].txt (482 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OEBBOQ59\DynamicOfferScreen[1].htm (16256 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
Company Name:
Product Name: iTunes
Product Version: 3.0
Legal Copyright: iTunes
Legal Trademarks: iTunes
Original Filename:
Internal Name:
File Version:
File Description: iTunes
Comments: Installer
Language: Language Neutral
Company Name: Product Name: iTunesProduct Version: 3.0Legal Copyright: iTunesLegal Trademarks: iTunesOriginal Filename: Internal Name: File Version: File Description: iTunesComments: InstallerLanguage: Language Neutral
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 23628 | 24064 | 4.46394 | 856b32eb77dfd6fb67f21d6543272da5 |
| .rdata | 28672 | 4764 | 5120 | 3.4982 | dc77f8a1e6985a4361c55642680ddb4f |
| .data | 36864 | 154712 | 1024 | 3.3278 | 7922d4ce117d7d5b3ac2cffe4b0b5e4f |
| .ndata | 192512 | 61440 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
| .rsrc | 253952 | 3168 | 3584 | 2.75004 | 198246b4b7cbee3792198368ac8ff3ff |
Network Activity
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker: