Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Feb-10 01:37:18 |
Detected languages |
English - United States
|
Comments | Malware Initial Assessment |
CompanyName | www.winitor.com |
FileDescription | Malware Initial Assessment - www.winitor.com |
FileVersion | 9, 1, 0, 0 |
InternalName | pestudio.exe |
LegalCopyright | Copyright © 2009-2020 Marc Ochsenmeier |
LegalTrademarks | www.winitor.com |
OriginalFilename | pestudio.exe |
ProductName | pestudio |
ProductVersion | 9, 1, 0, 0 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | VirusTotal score: 2/73 (Scanned on 2020-02-12 01:59:35) |
APEX:
Malicious
Trapmine: suspicious.low.ml.score |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2020-Feb-10 01:37:18 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x5e000 |
SizeOfInitializedData | 0x2ba00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0004AD81 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x5f000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x90000 |
SizeOfHeaders | 0x400 |
Checksum | 0x949f8 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
RtlUnwind
TerminateProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent HeapAlloc HeapFree Sleep ExitProcess HeapReAlloc HeapSize GetStdHandle GetModuleFileNameA FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineW SetHandleCount GetFileType GetStartupInfoA HeapCreate VirtualFree QueryPerformanceCounter GetSystemTimeAsFileTime GetStartupInfoW GetACP GetOEMCP IsValidCodePage LCMapStringA LCMapStringW VirtualAlloc InitializeCriticalSectionAndSpinCount GetTimeZoneInformation GetLocaleInfoA GetConsoleCP GetConsoleMode GetStringTypeA GetStringTypeW SetStdHandle WriteConsoleA GetConsoleOutputCP WriteConsoleW CreateFileA SetEnvironmentVariableA SetErrorMode lstrlenA GetFileSizeEx SystemTimeToFileTime LocalFileTimeToFileTime GetFileAttributesExW FileTimeToLocalFileTime FileTimeToSystemTime GetShortPathNameW GetVolumeInformationW FindFirstFileW FindClose GetCurrentProcess DuplicateHandle GetFileSize SetEndOfFile UnlockFile LockFile FlushFileBuffers SetFilePointer ReadFile lstrcmpiW GetThreadLocale GetStringTypeExW DeleteFileW MoveFileW WritePrivateProfileStringW InterlockedIncrement GlobalFlags TlsFree DeleteCriticalSection LocalReAlloc TlsSetValue TlsAlloc InitializeCriticalSection GlobalHandle GlobalReAlloc EnterCriticalSection TlsGetValue LeaveCriticalSection LocalAlloc LocalFree GlobalGetAtomNameW MulDiv GetModuleHandleA GetProfileIntW GetTickCount GetDiskFreeSpaceW GetFullPathNameW GetTempFileNameW GetFileTime SetFileTime lstrlenW GetFileAttributesW GlobalFree GetCurrentProcessId GetCurrentThread ConvertDefaultLocale EnumResourceLanguagesW lstrcmpA GetLocaleInfoW CompareStringA InterlockedExchange InterlockedDecrement FreeResource GetCurrentThreadId GlobalAddAtomW GlobalFindAtomW GlobalDeleteAtom GetVersionExW CompareStringW lstrcmpW GetVersionExA CreateFileW WriteFile LoadLibraryA CloseHandle FreeLibrary GetLastError SetLastError GetProcAddress GetModuleHandleW LoadLibraryW GetModuleFileNameW lstrcpynW GlobalAlloc GlobalLock GlobalUnlock MultiByteToWideChar FindResourceW LoadResource LockResource SizeofResource RaiseException GetCPInfo WideCharToMultiByte |
---|---|
USER32.dll |
IsZoomed
GetSysColorBrush UnregisterClassW DestroyIcon CharUpperW EndPaint BeginPaint GetWindowDC GrayStringW DrawTextExW DrawTextW TabbedTextOutW FillRect ShowWindow MoveWindow SetWindowTextW IsDialogMessageW SetRectEmpty WindowFromPoint ClientToScreen SetRect GetDesktopWindow CreateDialogIndirectParamW GetNextDlgTabItem EndDialog GetWindowThreadProcessId IsWindowEnabled ShowOwnedPopups SetCursor GetMessageW TranslateMessage GetActiveWindow ValidateRect SetMenuItemBitmaps GetMenuCheckMarkDimensions LoadBitmapW ModifyMenuW DestroyMenu GetMenuItemInfoW LoadIconW UnpackDDElParam WinHelpW IsChild GetCapture SetWindowsHookExW CallNextHookEx GetClassLongW GetClassNameW SetPropW GetPropW RemovePropW GetFocus SetFocus GetWindowTextLengthW GetWindowTextW GetForegroundWindow GetLastActivePopup SetActiveWindow DispatchMessageW BeginDeferWindowPos EndDeferWindowPos GetDlgItem GetTopWindow DestroyWindow UnhookWindowsHookEx GetMessageTime PeekMessageW MapWindowPoints TrackPopupMenu SetMenu SetScrollPos GetScrollPos SetForegroundWindow PostMessageW GetMenuItemID MessageBoxW CreateWindowExW GetClassInfoExW GetClassInfoW RegisterClassW AdjustWindowRectEx GetParent EqualRect DeferWindowPos GetDlgCtrlID DefWindowProcW CallWindowProcW GetMenu GetWindowLongW SetWindowLongW SetWindowPos OffsetRect IntersectRect SystemParametersInfoA IsIconic GetWindowPlacement GetSystemMetrics ReuseDDElParam LoadAcceleratorsW InsertMenuItemW CreatePopupMenu BringWindowToTop TranslateAcceleratorW LoadCursorW DestroyCursor SetCursorPos ReleaseCapture SendDlgItemMessageW SetCapture GetCursorPos CheckMenuItem EnableMenuItem GetMenuItemCount GetSubMenu RemoveMenu LoadMenuW PostQuitMessage IsWindowVisible IsWindow SendMessageW CopyRect PtInRect InflateRect GetClientRect ScreenToClient GetDC ReleaseDC UpdateWindow InvalidateRect EnableWindow GetMessagePos CloseClipboard SetClipboardData EmptyClipboard GetWindow GetWindowRect GetMenuState RegisterWindowMessageW KillTimer SetTimer DeleteMenu GetKeyState ShowScrollBar SystemParametersInfoW CreateIconFromResourceEx SetParent RedrawWindow GetSysColor OpenClipboard SendDlgItemMessageA |
GDI32.dll |
SetViewportExtEx
ScaleViewportExtEx SetWindowExtEx ScaleWindowExtEx CreatePatternBrush GetStockObject OffsetViewportOrgEx GetDeviceCaps GetTextMetricsW Escape SetViewportOrgEx TextOutW RectVisible PtVisible GetPixel CreateFontIndirectW IntersectClipRect ExcludeClipRect SetMapMode SetBkMode RestoreDC SaveDC PatBlt CreateCompatibleBitmap StretchDIBits DeleteDC CreateFontW SelectObject GetCharWidthW DeleteObject GetBkColor CreateBitmap ExtTextOutW BitBlt CreateCompatibleDC SetBkColor SetTextColor GetClipBox CreateSolidBrush GetTextExtentPoint32W GetCurrentObject GetObjectW |
COMDLG32.dll |
GetFileTitleW
|
ADVAPI32.dll |
RegSetValueExW
RegCreateKeyExW RegSetValueW GetFileSecurityW SetFileSecurityW RegQueryValueW RegOpenKeyW RegEnumKeyW RegDeleteKeyW RegOpenKeyExW RegQueryValueExW RegCloseKey RegCreateKeyW |
SHELL32.dll |
DragFinish
DragQueryFileW ExtractIconW SHGetFileInfoW DragAcceptFiles |
SHLWAPI.dll |
PathFindFileNameW
PathRemoveFileSpecW PathStripToRootW PathFindExtensionW PathIsUNCW |
ole32.dll |
CoTaskMemFree
CoInitializeEx CoUninitialize RevokeDragDrop CoLockObjectExternal RegisterDragDrop CoCreateInstance |
OLEAUT32.dll |
#4
#9 #12 #8 |
OLEACC.dll (delay-loaded) |
LresultFromObject
CreateStdAccessibleObject |
Attributes | 0x1 |
---|---|
Name | OLEACC.dll |
ModuleHandle | 0x77400 |
DelayImportAddressTable | 0x74814 |
DelayImportNameTable | 0x6f554 |
BoundDelayImportTable | 0x6f590 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
pestudio |
pestudio |
Executable (*.exe) |
.exe |
pestudio.Document |
pestudio |
... |
... |
... |
... |
... |
... |
. |
close file |
. |
open file |
. |
create an XML report |
. |
save file |
Configure pestudio |
Configure pestudio |
display program information, version number and copyright |
about pestudio |
quit pestudio |
exit |
EXT |
Open |
Save As |
All Files (*.*) |
Untitled |
an unnamed file |
&Hide |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 9.1.0.0 |
ProductVersion | 9.1.0.0 |
FileFlags |
VS_FF_PRIVATEBUILD
VS_FF_SPECIALBUILD
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
Comments | Malware Initial Assessment |
CompanyName | www.winitor.com |
FileDescription | Malware Initial Assessment - www.winitor.com |
FileVersion (#2) | 9, 1, 0, 0 |
InternalName | pestudio.exe |
LegalCopyright | Copyright © 2009-2020 Marc Ochsenmeier |
LegalTrademarks | www.winitor.com |
OriginalFilename | pestudio.exe |
ProductName | pestudio |
ProductVersion (#2) | 9, 1, 0, 0 |
Resource LangID | English - United States |
---|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x4734e0 |
SEHandlerTable | 0x46c0d0 |
SEHandlerCount | 149 |
XOR Key | 0xe7de55a5 |
---|---|
Unmarked objects | 0 |
C objects (VS2012 build 50727 / VS2005 build 50727) | 9 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 19 |
Total imports | 528 |
ASM objects (VS2008 SP1 build 30729) | 24 |
C objects (VS2008 SP1 build 30729) | 149 |
C++ objects (VS2008 build 21022) | 3 |
C++ objects (VS2008 SP1 build 30729) | 231 |
Linker (VS2008 build 21022) | 1 |
Resource objects (VS2008 SP1 build 30729) | 1 |