Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 1992-Jun-19 22:22:17 |
Detected languages |
English - United States
|
CompanyName | RJL Software, Inc. |
FileDescription | Simulates an annoying clippy help assistant |
FileVersion | 1.0.0.0 |
InternalName | clippy |
LegalCopyright | Copyright 2004, RJL Software, Inc. |
LegalTrademarks | None |
OriginalFilename | clippy.exe |
ProductName | Clippy |
ProductVersion | 1.0.0.0 |
Comments | Download more FREE fun software from our website. |
Website | www.rjlsoftware.com |
support@rjlsoftware.com |
Suspicious | PEiD Signature: | ASPack v2.12 |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Suspicious | The PE is packed with Aspack or Armadillo |
Unusual section name found: .aspack
Unusual section name found: .adata The PE's resources are bigger than it is. |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE header may have been manually modified. |
Resource WHOOSH is possibly compressed or encrypted.
Resource 1 is possibly compressed or encrypted. Resource 2 is possibly compressed or encrypted. Resource 3 is possibly compressed or encrypted. Resource 4 is possibly compressed or encrypted. Resource 5 is possibly compressed or encrypted. Resource 7 is possibly compressed or encrypted. Resource 8 is possibly compressed or encrypted. Resource BBABORT is possibly compressed or encrypted. Resource BBALL is possibly compressed or encrypted. Resource BBCANCEL is possibly compressed or encrypted. Resource BBCLOSE is possibly compressed or encrypted. Resource BBHELP is possibly compressed or encrypted. Resource BBIGNORE is possibly compressed or encrypted. Resource BBNO is possibly compressed or encrypted. Resource BBOK is possibly compressed or encrypted. Resource BBRETRY is possibly compressed or encrypted. Resource BBYES is possibly compressed or encrypted. Resource PREVIEWGLYPH is possibly compressed or encrypted. Resource RZCMBOBX_DEVICE is possibly compressed or encrypted. Resource RZCMBOBX_FIXEDPITCH is possibly compressed or encrypted. Resource RZCMBOBX_PRINTER is possibly compressed or encrypted. Resource RZCMBOBX_TRUETYPE is possibly compressed or encrypted. Resource RZCOMMON_ALL is possibly compressed or encrypted. Resource RZCOMMON_CANCEL is possibly compressed or encrypted. Resource RZCOMMON_CHECKBOX_GRAYED is possibly compressed or encrypted. Resource RZCOMMON_CHECKBOX_UNCHECKED is possibly compressed or encrypted. Resource RZCOMMON_CLOSE is possibly compressed or encrypted. Resource RZCOMMON_HELP is possibly compressed or encrypted. Resource RZCOMMON_IGNORE is possibly compressed or encrypted. Resource RZCOMMON_NO is possibly compressed or encrypted. The resource timestamps differ from the PE header:
|
Malicious | VirusTotal score: 23/70 (Scanned on 2021-02-09 19:11:41) |
CAT-QuickHeal:
Trojan.IGENERIC
McAfee: Generic PUP.RJL Cylance: Unsafe Sangfor: Trojan.Win32.Agent.W4JGYG K7AntiVirus: Riskware ( 0040eff71 ) Alibaba: Backdoor:Win32/BadJoke.8d024086 K7GW: Riskware ( 0040eff71 ) Cyren: W32/Risk.WIYJ-1688 Symantec: Joke.Clippy APEX: Malicious McAfee-GW-Edition: Generic PUP.RJL Sophos: RJL Entertainment software (PUA) Ikarus: Hoax.Win32.BadJoke.RJL Webroot: W32.Malware.Gen Antiy-AVL: Trojan/Win32.SGeneric Gridinsoft: Trojan.Win32.Agent.vb!s1 GData: Win32.Trojan.Agent.Y29QH8 VBA32: BScope.Backdoor.Pigeon Yandex: Trojan.GenAsa!258ArRrsHE8 eGambit: Unsafe.AI_Score_99% Fortinet: W32/Malware_fam.NB MaxSecure: Trojan.Malware.300983.susgen Panda: Joke/Clippy |
e_magic | MZ |
---|---|
e_cblp | 0x50 |
e_cp | 0x2 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0xf |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0x1a |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 10 |
TimeDateStamp | 1992-Jun-19 22:22:17 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x71a00 |
SizeOfInitializedData | 0xcc200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00144001 (Section: .aspack) |
BaseOfCode | 0x1000 |
BaseOfData | 0x73000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x147000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x4000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
kernel32.dll |
GetProcAddress
GetModuleHandleA LoadLibraryA |
---|---|
user32.dll |
GetKeyboardType
|
advapi32.dll |
RegQueryValueExA
|
oleaut32.dll |
SysFreeString
|
advapi32.dll (#2) |
RegQueryValueExA
|
version.dll |
VerQueryValueA
|
gdi32.dll |
UnrealizeObject
|
user32.dll (#2) |
GetKeyboardType
|
oleaut32.dll (#2) |
SysFreeString
|
comctl32.dll |
ImageList_SetIconSize
|
shell32.dll |
ShellExecuteA
|
winmm.dll |
PlaySoundA
|
oductName Clippy 4ProductVersion 1.0.0.0 |2Comments Download more FREE fun software from our website. @Webs |
te www.rjlsoftware.com DEmail support@rjlsoftware.com D VarFileInfo $ Translation ЉӤ †˨ ( |