063545df108398cbb69c2f1ed9ab5192
Summary
| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date | 2023-Feb-21 19:08:47 |
| Detected languages |
English - United States
Portuguese - Brazil |
Plugin Output
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to SHA256
Uses known Mersenne Twister constants |
| Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
| Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x118 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 7 |
| TimeDateStamp | 2023-Feb-21 19:08:47 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Image Optional Header
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0xc8000 |
| SizeOfInitializedData | 0x462000 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0000000000090F24 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x52f000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.pdata
_RDATA
.rsrc
.reloc
Imports
| cairo.dll |
cairo_show_text
cairo_rectangle cairo_fill_preserve cairo_append_path cairo_path_destroy cairo_set_dash cairo_new_sub_path cairo_set_antialias cairo_close_path cairo_arc cairo_set_line_width cairo_select_font_face cairo_save cairo_restore cairo_clip cairo_set_font_size cairo_new_path cairo_text_extents cairo_set_line_cap cairo_rotate cairo_set_source_rgba cairo_move_to cairo_stroke cairo_line_to cairo_fill cairo_copy_path |
|---|---|
| gdk-3.dll |
gdk_display_get_default_screen
gdk_monitor_get_workarea gdk_display_get_monitor gdk_display_get_default |
| glib-2.dll |
g_free
g_once_init_enter g_once_init_leave g_intern_static_string g_list_free_full g_list_append g_strdup g_list_free g_list_delete_link g_get_home_dir g_thread_new g_thread_join g_thread_unref g_malloc0_n g_usleep g_timeout_add g_malloc |
| gobject-2.dll |
g_object_unref
g_type_register_static_simple g_type_check_class_cast g_object_new g_type_class_adjust_private_offset g_type_add_instance_private g_type_instance_get_private g_type_class_peek_parent g_signal_connect_data g_type_check_instance_is_a g_object_set g_type_check_instance_cast |
| gtk-3.dll |
gtk_file_chooser_set_current_name
gtk_widget_destroy gtk_widget_set_sensitive gtk_tree_view_get_cursor gtk_file_filter_add_pattern gtk_file_chooser_set_do_overwrite_confirmation gtk_tool_button_get_icon_widget gtk_notebook_set_current_page gtk_dialog_run gtk_tree_model_filter_convert_path_to_child_path gtk_dialog_get_type gtk_tree_model_sort_convert_path_to_child_path gtk_file_chooser_set_current_folder gtk_file_chooser_dialog_new gtk_file_filter_new gtk_button_set_label gtk_tree_model_get_type gtk_tool_button_get_type gtk_image_get_type gtk_image_set_from_file gtk_file_chooser_set_filter gtk_main_quit gtk_widget_set_visible gtk_tree_model_get gtk_file_chooser_get_type gtk_tree_model_filter_get_type gtk_tree_model_sort_get_type gtk_tree_model_get_iter gtk_widget_hide gtk_list_store_set gtk_entry_set_text gtk_box_get_type gtk_notebook_get_type gtk_box_pack_start gtk_notebook_get_current_page gtk_label_set_text gtk_spin_button_update gtk_entry_get_text gtk_combo_box_text_get_active_text gtk_spin_button_get_type gtk_style_provider_get_type gtk_widget_show_all gtk_toggle_button_get_active gtk_label_get_type gtk_combo_box_get_type gtk_spin_button_get_value gtk_label_get_text gtk_spin_button_get_value_as_int gtk_label_new gtk_grid_insert_row gtk_grid_remove_row gtk_grid_get_type gtk_widget_set_margin_end gtk_grid_get_child_at gtk_toggle_button_set_active gtk_widget_show gtk_check_button_new gtk_combo_box_text_insert_text gtk_grid_attach gtk_widget_set_halign gtk_combo_box_text_remove_all gtk_toggle_button_get_type gtk_builder_get_object gtk_combo_box_set_active gtk_widget_set_size_request gtk_widget_add_events gtk_drawing_area_get_type gtk_widget_queue_draw gtk_widget_get_allocation gtk_widget_get_type gtk_window_get_type gtk_file_chooser_get_filename gtk_file_chooser_get_current_folder gtk_combo_box_get_active gtk_css_provider_new gtk_style_context_add_provider_for_screen gtk_css_provider_load_from_data gtk_css_provider_get_type gtk_tree_view_get_type gtk_tree_view_column_new_with_attributes gtk_tree_view_column_set_sort_column_id gtk_tree_view_new_with_model gtk_cell_renderer_text_new gtk_tree_model_filter_new gtk_list_store_new gtk_tree_view_column_set_visible gtk_tree_view_set_activate_on_single_click gtk_widget_set_vexpand gtk_tree_model_sort_new_with_model gtk_tree_view_append_column gtk_list_store_append gtk_tree_model_filter_set_visible_func gtk_tree_path_free gtk_events_pending gtk_spin_button_set_value gtk_text_view_set_buffer gtk_main_iteration gtk_text_buffer_set_text gtk_text_view_get_type gtk_settings_get_default gtk_builder_new gtk_tree_view_set_cursor gtk_tree_model_get_path gtk_spin_button_set_range gtk_text_buffer_new gtk_builder_connect_signals gtk_builder_add_from_string gtk_main gtk_init_abi_check gtk_entry_get_type gtk_combo_box_text_get_type |
| SHELL32.dll |
ShellExecuteW
SHGetKnownFolderPath |
| WS2_32.dll |
WSACleanup
__WSAFDIsSet bind closesocket select WSASocketW getaddrinfo WSAStartup getpeername send socket connect recv getsockopt freeaddrinfo ioctlsocket getnameinfo setsockopt WSAGetLastError |
| KERNEL32.dll |
RtlUnwind
FreeConsole Sleep GetCurrentProcess SetPriorityClass WideCharToMultiByte LocalFree GetCurrentDirectoryW CreateDirectoryW CreateFileW FindClose FindFirstFileExW FindNextFileW GetFileAttributesExW GetFileInformationByHandle GetFullPathNameW SetEndOfFile SetFileInformationByHandle SetFilePointerEx AreFileApisANSI CloseHandle GetLastError WriteConsoleW HeapSize GetProcessHeap SetEnvironmentVariableW FreeEnvironmentStringsW GetEnvironmentStringsW HeapReAlloc GetOEMCP GetACP IsValidCodePage GetTimeZoneInformation SetStdHandle ReadConsoleW ReadFile EnumSystemLocalesW GetUserDefaultLCID IsValidLocale GetLocaleInfoW LCMapStringW CompareStringW GetTimeFormatW GetDateFormatW HeapFree GetConsoleMode GetConsoleOutputCP FlushFileBuffers HeapAlloc GetFileSizeEx GetCommandLineW GetCommandLineA WriteFile GetStdHandle GetModuleFileNameW GetModuleHandleExW ExitProcess FileTimeToSystemTime SystemTimeToTzSpecificLocalTime PeekNamedPipe GetFileType GetDriveTypeW LoadLibraryExW FreeLibrary TlsFree TlsSetValue TlsGetValue TlsAlloc SetLastError RaiseException RtlPcToFileHeader RtlUnwindEx InitializeSListHead GetCurrentProcessId GetStartupInfoW IsDebuggerPresent IsProcessorFeaturePresent TerminateProcess SetUnhandledExceptionFilter UnhandledExceptionFilter RtlVirtualUnwind RtlLookupFunctionEntry RtlCaptureContext CreateEventW ResetEvent SetEvent InitializeCriticalSectionAndSpinCount GetStringTypeW GetLocaleInfoEx GetCPInfo CompareStringEx GetProcAddress GetModuleHandleW GetSystemTimeAsFileTime LCMapStringEx DecodePointer EncodePointer DeleteCriticalSection TryEnterCriticalSection InitializeCriticalSectionEx LeaveCriticalSection EnterCriticalSection AcquireSRWLockExclusive ReleaseSRWLockExclusive InitializeSRWLock QueryPerformanceFrequency QueryPerformanceCounter SleepConditionVariableSRW SleepConditionVariableCS WakeAllConditionVariable WakeConditionVariable InitializeConditionVariable GetNativeSystemInfo GetCurrentThreadId WaitForSingleObjectEx MultiByteToWideChar GetFileInformationByHandleEx MoveFileExW FormatMessageA |
Delayed Imports
buttonlink_click
| Ordinal | 1 |
|---|---|
| Address | 0x29c00 |
buttonprice_click
| Ordinal | 2 |
|---|---|
| Address | 0x29c50 |
close_window
| Ordinal | 3 |
|---|---|
| Address | 0x39520 |
fechar_janela
| Ordinal | 4 |
|---|---|
| Address | 0x29d40 |
flip_all_functions
| Ordinal | 5 |
|---|---|
| Address | 0x29780 |
flip_all_input_variables
| Ordinal | 6 |
|---|---|
| Address | 0x29b30 |
help_click
| Ordinal | 7 |
|---|---|
| Address | 0x29ca0 |
hide_about
| Ordinal | 8 |
|---|---|
| Address | 0x2ce90 |
hide_about2
| Ordinal | 9 |
|---|---|
| Address | 0x2ce90 |
hide_demo_dialog
| Ordinal | 10 |
|---|---|
| Address | 0x2ced0 |
hide_demo_dialog2
| Ordinal | 11 |
|---|---|
| Address | 0x2ced0 |
hide_error_dialog
| Ordinal | 12 |
|---|---|
| Address | 0x2cf10 |
hide_error_dialog2
| Ordinal | 13 |
|---|---|
| Address | 0x2cf10 |
hide_license
| Ordinal | 14 |
|---|---|
| Address | 0x2cf50 |
hide_license2
| Ordinal | 15 |
|---|---|
| Address | 0x2cf50 |
hide_periodic_dialog
| Ordinal | 16 |
|---|---|
| Address | 0x29e10 |
hide_scale
| Ordinal | 17 |
|---|---|
| Address | 0x2cfd0 |
hide_validation
| Ordinal | 18 |
|---|---|
| Address | 0x2cf90 |
hide_validation2
| Ordinal | 19 |
|---|---|
| Address | 0x2cf90 |
load_data
| Ordinal | 20 |
|---|---|
| Address | 0x280f0 |
load_seed_formulas
| Ordinal | 21 |
|---|---|
| Address | 0x29eb0 |
load_settings
| Ordinal | 22 |
|---|---|
| Address | 0x2a510 |
on_advancedformula_toggled
| Ordinal | 23 |
|---|---|
| Address | 0x28cf0 |
on_ec_metric_changed
| Ordinal | 24 |
|---|---|
| Address | 0x29450 |
on_ec_sample_changed
| Ordinal | 25 |
|---|---|
| Address | 0x295f0 |
on_ec_scale_changed
| Ordinal | 26 |
|---|---|
| Address | 0x29690 |
on_outputinterval_value_changed
| Ordinal | 27 |
|---|---|
| Address | 0x28ec0 |
on_outputtype_changed
| Ordinal | 28 |
|---|---|
| Address | 0x28ee0 |
on_play_button_clicked
| Ordinal | 29 |
|---|---|
| Address | 0x289a0 |
on_plotscale_changed
| Ordinal | 30 |
|---|---|
| Address | 0x28f80 |
on_plotxaxis_changed
| Ordinal | 31 |
|---|---|
| Address | 0x29050 |
on_plotyaxis_changed
| Ordinal | 32 |
|---|---|
| Address | 0x29280 |
on_showcrossvalidation_toggled
| Ordinal | 33 |
|---|---|
| Address | 0x28d80 |
on_stop_button_clicked
| Ordinal | 34 |
|---|---|
| Address | 0x28bd0 |
on_target_changed
| Ordinal | 35 |
|---|---|
| Address | 0x292f0 |
open_documentation
| Ordinal | 36 |
|---|---|
| Address | 0x29cf0 |
save_as_C
| Ordinal | 37 |
|---|---|
| Address | 0x2a930 |
save_as_python
| Ordinal | 38 |
|---|---|
| Address | 0x2adb0 |
save_as_text
| Ordinal | 39 |
|---|---|
| Address | 0x2b230 |
save_data_predictions
| Ordinal | 40 |
|---|---|
| Address | 0x2b6b0 |
save_scale_factor
| Ordinal | 41 |
|---|---|
| Address | 0x282f0 |
save_settings
| Ordinal | 42 |
|---|---|
| Address | 0x2bb30 |
select_data_filename
| Ordinal | 43 |
|---|---|
| Address | 0x2bf60 |
select_input_filename
| Ordinal | 44 |
|---|---|
| Address | 0x2c6e0 |
select_solutions_filename
| Ordinal | 45 |
|---|---|
| Address | 0x2c320 |
set_periodic_output
| Ordinal | 46 |
|---|---|
| Address | 0x29dd0 |
show_about
| Ordinal | 47 |
|---|---|
| Address | 0x2d010 |
show_interface_scale
| Ordinal | 48 |
|---|---|
| Address | 0x2d090 |
show_license
| Ordinal | 49 |
|---|---|
| Address | 0x2d050 |
1
101
1 (#2)
Version Info
IMAGE_DEBUG_TYPE_POGO
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2023-Feb-21 19:08:47 |
| Version | 0.0 |
| SizeofData | 1024 |
| AddressOfRawData | 0x13bbbc |
| PointerToRawData | 0x13afbc |
TLS Callbacks
| StartAddressOfRawData | 0x14013bff0 |
|---|---|
| EndAddressOfRawData | 0x14013bff8 |
| AddressOfIndex | 0x14014eed0 |
| AddressOfCallbacks | 0x1400c9b98 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
| Callbacks | (EMPTY) |
Load Configuration
| Size | 0x138 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x14014b060 |
RICH Header
| XOR Key | 0x5e3c0ef |
|---|---|
| Unmarked objects | 0 |
| C objects (27412) | 45 |
| ASM objects (27412) | 21 |
| C++ objects (27412) | 188 |
| C objects (30034) | 17 |
| ASM objects (30034) | 10 |
| C++ objects (30034) | 88 |
| C objects (CVTCIL) (27412) | 1 |
| Imports (27412) | 6 |
| Imports (VS2019 Update 4 (16.4.4-5) compiler 28316) | 11 |
| Total imports | 369 |
| C++ objects (LTCG) (30147) | 51 |
| Exports (30147) | 1 |
| Resource objects (30147) | 1 |
| 151 | 1 |
| Linker (30147) | 1 |