8eba9b19ace3fd56bbeb43cdd201b62c

FileName: 10240_8eba9b19ace3fd56bbeb43cdd201b62c.exe
Size : 10240
Md5 : 8eba9b19ace3fd56bbeb43cdd201b62c
PEiD : [['Microsoft Visual C# / Basic .NET'], ['.NET executable']]
Virus Total Result:
nProtect -> Trojan-Dropper/W32.Dapato.10240
McAfee -> Downloader.a!b2j
K7AntiVirus -> Trojan
NOD32 -> a variant of MSIL/TrojanDownloader.Agent.DR
Symantec -> Trojan.Gen.2
Norman -> W32/Suspicious_Gen4.AGAPO
TrendMicro-HouseCall -> TROJ_GEN.R4AC1EK
Avast -> Win32:Downloader-OFJ [Trj]
Kaspersky -> Trojan-Dropper.Win32.Dapato.bdqe
BitDefender -> Gen:Variant.Barys.2254
Emsisoft -> Win32.SuspectCrc!IK
Comodo -> UnclassifiedMalware
F-Secure -> Gen:Variant.Barys.2254
VIPRE -> Trojan.Win32.Generic!BT
AntiVir -> TR/Dropper.Gen7
TrendMicro -> TROJ_GEN.R4AC1EK
McAfee-GW-Edition -> Downloader.a!b2j
Jiangmin -> TrojanDropper.Dapato.hpa
Microsoft -> Trojan:Win32/Dynamer!dtc
ViRobot -> Dropper.A.Dapato.10240.A
GData -> Gen:Variant.Barys.2254
PCTools -> Trojan.Gen
Ikarus -> Win32.SuspectCrc
Fortinet -> MSIL/Agent.DR!tr.dldr
AVG -> Dropper.Generic6.MMJ
Panda -> Trj/CI.A

FileInfo:
----------DOS_HEADER----------

[IMAGE_DOS_HEADER]
0x0 0x0 e_magic: 0x5A4D
0x2 0x2 e_cblp: 0x90
0x4 0x4 e_cp: 0x3
0x6 0x6 e_crlc: 0x0
0x8 0x8 e_cparhdr: 0x4
0xA 0xA e_minalloc: 0x0
0xC 0xC e_maxalloc: 0xFFFF
0xE 0xE e_ss: 0x0
0x10 0x10 e_sp: 0xB8
0x12 0x12 e_csum: 0x0
0x14 0x14 e_ip: 0x0
0x16 0x16 e_cs: 0x0
0x18 0x18 e_lfarlc: 0x40
0x1A 0x1A e_ovno: 0x0
0x1C 0x1C e_res:
0x24 0x24 e_oemid: 0x0
0x26 0x26 e_oeminfo: 0x0
0x28 0x28 e_res2:
0x3C 0x3C e_lfanew: 0x80

----------NT_HEADERS----------

[IMAGE_NT_HEADERS]
0x80 0x0 Signature: 0x4550

----------FILE_HEADER----------

[IMAGE_FILE_HEADER]
0x84 0x0 Machine: 0x14C
0x86 0x2 NumberOfSections: 0x3
0x88 0x4 TimeDateStamp: 0x4F9C9BE1 [Sun Apr 29 01:39:45 2012 UTC]
0x8C 0x8 PointerToSymbolTable: 0x0
0x90 0xC NumberOfSymbols: 0x0
0x94 0x10 SizeOfOptionalHeader: 0xE0
0x96 0x12 Characteristics: 0x102
Flags: IMAGE_FILE_32BIT_MACHINE, IMAGE_FILE_EXECUTABLE_IMAGE

----------OPTIONAL_HEADER----------

[IMAGE_OPTIONAL_HEADER]
0x98 0x0 Magic: 0x10B
0x9A 0x2 MajorLinkerVersion: 0x8
0x9B 0x3 MinorLinkerVersion: 0x0
0x9C 0x4 SizeOfCode: 0x2000
0xA0 0x8 SizeOfInitializedData: 0x600
0xA4 0xC SizeOfUninitializedData: 0x0
0xA8 0x10 AddressOfEntryPoint: 0x3F1E
0xAC 0x14 BaseOfCode: 0x2000
0xB0 0x18 BaseOfData: 0x4000
0xB4 0x1C ImageBase: 0x400000
0xB8 0x20 SectionAlignment: 0x2000
0xBC 0x24 FileAlignment: 0x200
0xC0 0x28 MajorOperatingSystemVersion: 0x4
0xC2 0x2A MinorOperatingSystemVersion: 0x0
0xC4 0x2C MajorImageVersion: 0x0
0xC6 0x2E MinorImageVersion: 0x0
0xC8 0x30 MajorSubsystemVersion: 0x4
0xCA 0x32 MinorSubsystemVersion: 0x0
0xCC 0x34 Reserved1: 0x0
0xD0 0x38 SizeOfImage: 0x8000
0xD4 0x3C SizeOfHeaders: 0x200
0xD8 0x40 CheckSum: 0x0
0xDC 0x44 Subsystem: 0x2
0xDE 0x46 DllCharacteristics: 0x8540
0xE0 0x48 SizeOfStackReserve: 0x100000
0xE4 0x4C SizeOfStackCommit: 0x1000
0xE8 0x50 SizeOfHeapReserve: 0x100000
0xEC 0x54 SizeOfHeapCommit: 0x1000
0xF0 0x58 LoaderFlags: 0x0
0xF4 0x5C NumberOfRvaAndSizes: 0x10
DllCharacteristics: IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE, IMAGE_DLL_CHARACTERISTICS_TERMINAL_SERVER_AWARE, IMAGE_DLL_CHARACTERISTICS_NX_COMPAT, IMAGE_DLL_CHARACTERISTICS_NO_SEH

----------PE Sections----------

[IMAGE_SECTION_HEADER]
0x178 0x0 Name: .text
0x180 0x8 Misc: 0x1F24
0x180 0x8 Misc_PhysicalAddress: 0x1F24
0x180 0x8 Misc_VirtualSize: 0x1F24
0x184 0xC VirtualAddress: 0x2000
0x188 0x10 SizeOfRawData: 0x2000
0x18C 0x14 PointerToRawData: 0x200
0x190 0x18 PointerToRelocations: 0x0
0x194 0x1C PointerToLinenumbers: 0x0
0x198 0x20 NumberOfRelocations: 0x0
0x19A 0x22 NumberOfLinenumbers: 0x0
0x19C 0x24 Characteristics: 0x60000020
Flags: IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Entropy: 5.355069 (Min=0.0, Max=8.0)
MD5 hash: 20e050c409b7a550ab1ad81511d5bf5e
SHA-1 hash: 6d2aef6f8127152dcf2fde762d5bff9ae25e9508
SHA-256 hash: efbe7e5b8b8ce7d27af5b27b007abba234300a201e092ee3e14d9beecd53e737
SHA-512 hash: 46a07f7005b9e2172f324345889c79fa094cb2bfdd4f07c6627d1c4ae7a74c02ca162801c79ea7d50ca9912f21f61c0a8ae867c4967782e823379a77d03570f7

[IMAGE_SECTION_HEADER]
0x1A0 0x0 Name: .rsrc
0x1A8 0x8 Misc: 0x298
0x1A8 0x8 Misc_PhysicalAddress: 0x298
0x1A8 0x8 Misc_VirtualSize: 0x298
0x1AC 0xC VirtualAddress: 0x4000
0x1B0 0x10 SizeOfRawData: 0x400
0x1B4 0x14 PointerToRawData: 0x2200
0x1B8 0x18 PointerToRelocations: 0x0
0x1BC 0x1C PointerToLinenumbers: 0x0
0x1C0 0x20 NumberOfRelocations: 0x0
0x1C2 0x22 NumberOfLinenumbers: 0x0
0x1C4 0x24 Characteristics: 0x40000040
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 2.116196 (Min=0.0, Max=8.0)
MD5 hash: 9a0296056f48ae47f91680061f8659a3
SHA-1 hash: 9308f9b5f14eb1671dd7bc30dc9dd910904c0166
SHA-256 hash: 531442de6f58dd26aaafbedf05e594f497735cb53860c178d3c35fb56004b41b
SHA-512 hash: babbbcc5d03e9a03e8575909c9fd449792a72a989b6754ed72ec366443786b3303f8ab6afb5ae832b45b331dbf481350882daef9147d2d5f6232a03918aae84b

[IMAGE_SECTION_HEADER]
0x1C8 0x0 Name: .reloc
0x1D0 0x8 Misc: 0xC
0x1D0 0x8 Misc_PhysicalAddress: 0xC
0x1D0 0x8 Misc_VirtualSize: 0xC
0x1D4 0xC VirtualAddress: 0x6000
0x1D8 0x10 SizeOfRawData: 0x200
0x1DC 0x14 PointerToRawData: 0x2600
0x1E0 0x18 PointerToRelocations: 0x0
0x1E4 0x1C PointerToLinenumbers: 0x0
0x1E8 0x20 NumberOfRelocations: 0x0
0x1EA 0x22 NumberOfLinenumbers: 0x0
0x1EC 0x24 Characteristics: 0x42000040
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
Entropy: 0.081539 (Min=0.0, Max=8.0)
MD5 hash: daa24750eca21c7d2d82170e20a76f6c
SHA-1 hash: 9c90f045a79a464fc61cf9c2a3a10dc5aa5e1621
SHA-256 hash: 81ce9927f70771b9d0c2f1186a9323e57ea611ce7f85cbac2bc31a274e2a1e98
SHA-512 hash: b8c6102fad2339cc51843093537c805be5bdacf172f99770e76856c3ce78a9edfd20f8b74bbc424f694e599b4f70eb45e1838e92e59d9186a97a4976f7cda99e

----------Directories----------

[IMAGE_DIRECTORY_ENTRY_EXPORT]
0xF8 0x0 VirtualAddress: 0x0
0xFC 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IMPORT]
0x100 0x0 VirtualAddress: 0x3EC4
0x104 0x4 Size: 0x57
[IMAGE_DIRECTORY_ENTRY_RESOURCE]
0x108 0x0 VirtualAddress: 0x4000
0x10C 0x4 Size: 0x298
[IMAGE_DIRECTORY_ENTRY_EXCEPTION]
0x110 0x0 VirtualAddress: 0x0
0x114 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_SECURITY]
0x118 0x0 VirtualAddress: 0x0
0x11C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BASERELOC]
0x120 0x0 VirtualAddress: 0x6000
0x124 0x4 Size: 0xC
[IMAGE_DIRECTORY_ENTRY_DEBUG]
0x128 0x0 VirtualAddress: 0x0
0x12C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_COPYRIGHT]
0x130 0x0 VirtualAddress: 0x0
0x134 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_GLOBALPTR]
0x138 0x0 VirtualAddress: 0x0
0x13C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_TLS]
0x140 0x0 VirtualAddress: 0x0
0x144 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG]
0x148 0x0 VirtualAddress: 0x0
0x14C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT]
0x150 0x0 VirtualAddress: 0x0
0x154 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IAT]
0x158 0x0 VirtualAddress: 0x2000
0x15C 0x4 Size: 0x8
[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT]
0x160 0x0 VirtualAddress: 0x0
0x164 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR]
0x168 0x0 VirtualAddress: 0x2008
0x16C 0x4 Size: 0x48
[IMAGE_DIRECTORY_ENTRY_RESERVED]
0x170 0x0 VirtualAddress: 0x0
0x174 0x4 Size: 0x0

----------Version Information----------

[VS_VERSIONINFO]
0x2258 0x0 Length: 0x23C
0x225A 0x2 ValueLength: 0x34
0x225C 0x4 Type: 0x0

[VS_FIXEDFILEINFO]
0x2280 0x0 Signature: 0xFEEF04BD
0x2284 0x4 StrucVersion: 0x10000
0x2288 0x8 FileVersionMS: 0x0
0x228C 0xC FileVersionLS: 0x0
0x2290 0x10 ProductVersionMS: 0x0
0x2294 0x14 ProductVersionLS: 0x0
0x2298 0x18 FileFlagsMask: 0x3F
0x229C 0x1C FileFlags: 0x0
0x22A0 0x20 FileOS: 0x4
0x22A4 0x24 FileType: 0x1
0x22A8 0x28 FileSubtype: 0x0
0x22AC 0x2C FileDateMS: 0x0
0x22B0 0x30 FileDateLS: 0x0

[VarFileInfo]
0x22B4 0x0 Length: 0x44
0x22B6 0x2 ValueLength: 0x0
0x22B8 0x4 Type: 0x1

[Var]
0x22D4 0x0 Length: 0x24
0x22D6 0x2 ValueLength: 0x4
0x22D8 0x4 Type: 0x0
Translation: 0x0000 0x04b0

[StringFileInfo]
0x22F8 0x0 Length: 0x19C
0x22FA 0x2 ValueLength: 0x0
0x22FC 0x4 Type: 0x1

[StringTable]
0x231C 0x0 Length: 0x178
0x231E 0x2 ValueLength: 0x0
0x2320 0x4 Type: 0x1
LangID: 000004b0

LegalCopyright:
Assembly Version: 0.0.0.0
InternalName: cfd1.exe
FileVersion: 0.0.0.0
ProductVersion: 0.0.0.0
FileDescription:
OriginalFilename: cfd1.exe

----------Imported symbols----------

[IMAGE_IMPORT_DESCRIPTOR]
0x20C4 0x0 OriginalFirstThunk: 0x3EEC
0x20C4 0x0 Characteristics: 0x3EEC
0x20C8 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x20CC 0x8 ForwarderChain: 0x0
0x20D0 0xC Name: 0x3F0E
0x20D4 0x10 FirstThunk: 0x2000

mscoree.dll._CorExeMain Hint[0]

----------Resource directory----------

[IMAGE_RESOURCE_DIRECTORY]
0x2200 0x0 Characteristics: 0x0
0x2204 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x2208 0x8 MajorVersion: 0x0
0x220A 0xA MinorVersion: 0x0
0x220C 0xC NumberOfNamedEntries: 0x0
0x220E 0xE NumberOfIdEntries: 0x1
Id: [0x10] (RT_VERSION)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x2210 0x0 Name: 0x10
0x2214 0x4 OffsetToData: 0x80000018
[IMAGE_RESOURCE_DIRECTORY]
0x2218 0x0 Characteristics: 0x0
0x221C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x2220 0x8 MajorVersion: 0x0
0x2222 0xA MinorVersion: 0x0
0x2224 0xC NumberOfNamedEntries: 0x0
0x2226 0xE NumberOfIdEntries: 0x1
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x2228 0x0 Name: 0x1
0x222C 0x4 OffsetToData: 0x80000030
[IMAGE_RESOURCE_DIRECTORY]
0x2230 0x0 Characteristics: 0x0
0x2234 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x2238 0x8 MajorVersion: 0x0
0x223A 0xA MinorVersion: 0x0
0x223C 0xC NumberOfNamedEntries: 0x0
0x223E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x2240 0x0 Name: 0x0
0x2244 0x4 OffsetToData: 0x48
[IMAGE_RESOURCE_DATA_ENTRY]
0x2248 0x0 OffsetToData: 0x4058
0x224C 0x4 Size: 0x23C
0x2250 0x8 CodePage: 0x0
0x2254 0xC Reserved: 0x0


----------Base relocations----------

[IMAGE_BASE_RELOCATION]
0x2600 0x0 VirtualAddress: 0x3000
0x2604 0x4 SizeOfBlock: 0xC
00003F20h HIGHLOW
00003000h ABSOLUTE