Download Link: (ftp) 84.32.137.157/incoming File Name: bouncer.exe VirusTotal Result: 17/32 (53.13%) AhnLab-V3 2008.4.19.0 2008.04.18 Win-Trojan/Bouncer.1137152 AntiVir 7.8.0.8 2008.04.20 SPR/Proxy.K.1 Avast 4.8.1169.0 2008.04.20 Win32:Bouncer-B AVG 7.5.0.516 2008.04.20 Generic_c.BZY BitDefender 7.2 2008.04.20 Trojan.Hacktool.Proxy.K FileAdvisor 1 2008.04.20 High threat detected Fortinet 3.14.0.0 2008.04.20 Misc/Bouncer Ikarus T3.1.1.26 2008.04.20 Backdoor.VB.EV Kaspersky 7.0.0.125 2008.04.20 not-a-virus:Server-Proxy.Win32.Bouncer.d McAfee 5277 2008.04.18 New Win32.g2 NOD32v2 3041 2008.04.19 probably a variant of Win32/Packed.Themida Panda 9.0.0.4 2008.04.20 Trj/Sadcase.D Prevx1 V2 2008.04.20 Generic_c.BZY Sunbelt 3.0.1056.0 2008.04.17 Trojan.Hacktool.Proxy.K Symantec 10 2008.04.20 Hacktool.Proxy TheHacker 6.2.92.285 2008.04.19 W32/Behav-Heuristic-064 Webwasher-Gateway 6.6.2 2008.04.20 Riskware.Proxy.K.1 ***** General ****************************************************** File Name: bouncer.exe Size: 1137152 CRC-32: 5B06F934 MD5: 907FC8E74D6B2B1F87532E45C67BE32A SHA1..: b4814d3f31bd75ee222288185cc6a68020fa9732 SHA256: 156d5ea43074da4fca77aaf6086b46d2310d6ce808ade5b21d4e44f4db51cdc7 SHA512: 711324addcc7a9ae9d66cdc86770c550493f8d05b5d48070d4b02a73b4b7cd3d b146766bcd774ac5d5622c366c2383ea332de7ef447751b8751f6faa796abaeb PE Header **************************************************** Signature: 00004550 Machine: 014C - Intel 386 Number of sections: 0004 Time/Date stamp: 3CC86488 Pointer to symbol table: 00000000 Number of symbols: 00000000 Size of optional header: 00E0 Characteristics: 030E Magic: 010B Linker version (major): 05 Linker version (minor): 00 Size of code: 00010000 Size of initialized data: 00091000 Size of uninitialized data: 00000000 Address of entry point: 000A8014 Base of code: 00001000 Base of data: 00011000 Image base: 00400000 Section alignment: 00001000 File alignment: 00000200 OS version (major): 0004 OS version (minor): 0000 Image version (major): 0000 Image version (minor): 0000 Sub system version (major): 0004 Sub system version (minor): 0000 Win32 version: 00000000 Size of image: 00118000 Size of headers: 00000600 Checksum: 0011F87B Sub system: 0003 - Windows character-mode user interface (CUI) subsystem DLL characteristics: 0000 Size of stack reserve: 00100000 Size of stack commit: 00002000 Size of heap reserve: 00100000 Size of heap commit: 00001000 Loader flags: 00000000 Number of RVA: 00000010 ***** PE Structure ************************************************** entry point address.: 0x4a8014 time date stamp.....: 0x3cc86488 (Thu Apr 25 20:18:16 2002) machine type.......: 0x14c (I386) ***** PE Sections ************************************************** Section VirtSize VirtAddr PhysSize PhysAddr Flags 000A5000 00001000 000A5000 00001000 C0000040 .rsrc 00001000 000A6000 00000200 000A6000 C0000040 .idata 00001000 000A7000 00000200 000A6200 C0000040 Themida 00070000 000A8000 0006F600 000A6400 C0000040 ***** Import/Export table ****************************************** --- Export table (names: 2, functions: 2) -------------------------- __GetExceptDLLinfo, ___CPPdebugHook --- Import table (libraries: 2) ------------------------------------ > KERNEL32.dll: CreateFileA, ExitProcess > COMCTL32.dll: InitCommonControls When executed in VM Environment, it gives the error message: --------------------------- Themida --------------------------- Sorry, this application cannot run under a Virtual Machine --------------------------- OK ---------------------------