0647122beb8b82de726944d16b000e19
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2014-Sep-17 04:50:51 |
| Detected languages |
English - United States
|
| ProductVersion | 1,0,2,0 |
| ProductName | OfflineBay |
| LegalCopyright | Copyright (c) 2018 |
| SpecialBuild | 1, 0, 2, 0 |
| PrivateBuild | |
| OriginalFilename | |
| FileVersion | 1,0,2,0 |
| FileDescription | Offline torrent seach for thePirateBay |
| LegalTrademarks | TechTac |
| InternalName | 1, 0, 2, 0 |
| CompanyName | TechTac |
| Comments |
Plugin Output
| Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA256 |
| Suspicious | The PE is possibly packed. | Unusual section name found: .SHMMESS |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Suspicious | The PE is possibly a dropper. |
Resource 128 is possibly compressed or encrypted.
Resources amount for 95.4902% of the executable. |
| Suspicious | The file contains overlay data. |
6754 bytes of data starting at offset 0x662000.
The overlay data has an entropy of 7.75397 and is possibly compressed or encrypted. |
| Suspicious | VirusTotal score: 2/73 (Scanned on 2019-12-25 11:07:29) |
Trapmine:
malicious.high.ml.score
VBA32: BScope.Adware.Presenoker |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0xf0 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 5 |
| TimeDateStamp | 2014-Sep-17 04:50:51 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 6.0 |
| SizeOfCode | 0x37000 |
| SizeOfInitializedData | 0x12000 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x00017FEB (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x38000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x1000 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 4.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x664000 |
| SizeOfHeaders | 0x1000 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.SHMMESS
.rsrc
Imports
| KERNEL32.dll |
CreateMutexA
GetFullPathNameA SetCurrentDirectoryA GetModuleFileNameA lstrlenA CloseHandle GetExitCodeThread ReadFile GetFileSize CreateFileA GetCurrentDirectoryA UnmapViewOfFile MapViewOfFile CreateFileMappingA SetThreadPriority GetCurrentThread SetEvent Sleep CreateEventA GetVersionExA GetCurrentProcess SetStdHandle SetFilePointer GetStdHandle GetExitCodeProcess OpenProcess DuplicateHandle WaitForMultipleObjects PulseEvent GetCommandLineA GetVersion ExitProcess HeapFree RtlUnwind HeapReAlloc HeapAlloc InterlockedDecrement InterlockedIncrement MultiByteToWideChar WideCharToMultiByte TerminateProcess SetConsoleCtrlHandler GetTimeZoneInformation GetSystemTime GetLocalTime CreateThread GetCurrentThreadId TlsSetValue TlsGetValue ExitThread RaiseException FindFirstFileA FindNextFileA FindClose FileTimeToSystemTime FileTimeToLocalFileTime ResumeThread EnterCriticalSection UnhandledExceptionFilter WaitForSingleObject FreeEnvironmentStringsW GetEnvironmentStrings GetEnvironmentStringsW SetHandleCount GetStartupInfoA TlsAlloc SetLastError GetEnvironmentVariableA HeapDestroy HeapCreate VirtualFree WriteFile HeapSize VirtualAlloc IsBadWritePtr LCMapStringA LCMapStringW GetCPInfo IsValidLocale IsValidCodePage GetLocaleInfoA EnumSystemLocalesA GetUserDefaultLCID SetUnhandledExceptionFilter CreatePipe GetACP GetOEMCP IsBadReadPtr IsBadCodePtr GetStringTypeA GetStringTypeW CompareStringA CompareStringW SetEnvironmentVariableA FlushFileBuffers GetLocaleInfoW GetFileAttributesA CreateProcessA SetEnvironmentVariableW SystemTimeToFileTime LocalFileTimeToFileTime SetFileTime GetCurrentProcessId MoveFileA DeleteFileA SetVolumeLabelA GetDriveTypeA SetFileAttributesA GetDiskFreeSpaceA ReleaseMutex GetLastError GetModuleHandleA FindResourceA SizeofResource LoadResource LockResource FormatMessageA LocalFree SetErrorMode LoadLibraryA GetProcAddress FreeEnvironmentStringsA FreeLibrary LeaveCriticalSection DeleteCriticalSection GetFileType InitializeCriticalSection SetEndOfFile |
|---|---|
| USER32.dll |
KillTimer
SetTimer GetClassInfoA LoadCursorA RegisterClassA GetSystemMetrics CreateWindowExA ShowWindow UpdateWindow GetClientRect BeginPaint EndPaint PostQuitMessage PostMessageA DefWindowProcA GetMessageA TranslateMessage DispatchMessageA LoadBitmapA MessageBoxA |
| GDI32.dll |
BitBlt
DeleteDC DeleteObject SelectObject CreateCompatibleDC GetObjectA |
| ADVAPI32.dll |
RegQueryValueExA
RegCreateKeyExA RegCloseKey RegSetValueExA RegDeleteValueA GetTokenInformation OpenProcessToken RegOpenKeyExA |
| COMCTL32.dll |
InitCommonControlsEx
|
Delayed Imports
_Java_com_regexlab_j2e_Handler_loadResourceData@12
| Ordinal | 1 |
|---|---|
| Address | 0x2700 |
_Java_com_regexlab_j2e_Instances_flush@8
| Ordinal | 2 |
|---|---|
| Address | 0x17030 |
_Java_com_regexlab_j2e_Instances_getCurrentInstance@8
| Ordinal | 3 |
|---|---|
| Address | 0x16de0 |
_Java_com_regexlab_j2e_Instances_getFirstInstance@8
| Ordinal | 4 |
|---|---|
| Address | 0x16db0 |
_Java_com_regexlab_j2e_Instances_getInstances@8
| Ordinal | 5 |
|---|---|
| Address | 0x16e10 |
_Java_com_regexlab_j2e_Instances_sendObject@16
| Ordinal | 6 |
|---|---|
| Address | 0x16f20 |
_Java_com_regexlab_j2e_Instances_setReceiver@12
| Ordinal | 7 |
|---|---|
| Address | 0x17070 |
_Java_com_regexlab_j2e_Jar2ExeClassLoader_defineClass@12
| Ordinal | 8 |
|---|---|
| Address | 0x14b0 |
_Java_com_regexlab_j2e_Jar2ExeClassLoader_findClass@12
| Ordinal | 9 |
|---|---|
| Address | 0x10c0 |
_Java_com_regexlab_j2e_Jar2ExeClassLoader_findResource@12
| Ordinal | 10 |
|---|---|
| Address | 0x21d0 |
_Java_com_regexlab_j2e_Jar2ExeClassLoader_findResources@12
| Ordinal | 11 |
|---|---|
| Address | 0x2d30 |
_Java_com_regexlab_j2e_SplashScreen_nativeAutoClose@12
| Ordinal | 12 |
|---|---|
| Address | 0x15300 |
_Java_com_regexlab_j2e_SplashScreen_nativeClose@8
| Ordinal | 13 |
|---|---|
| Address | 0x15320 |
_Java_com_regexlab_j2e_SplashScreen_nativeGetSplashScreen@8
| Ordinal | 14 |
|---|---|
| Address | 0x152a0 |
1
2
3
4
5
1 (#2)
128
1 (#3)
1 (#4)
String Table contents
| Java Runtime Environment not found. |
| Java Runtime Environment not valid. |
| Java Virtual Machine initialize failed. |
| Java Virtual Machine starts failed. |
| Can not get the virtual machine version. |
| Java virtual machine version %s is too low, require %s or higher. |
| The main startup class could not be found. |
| The main startup class is not valid, main method missing. |
| The exe can not be modified after it generated. |
| Error |
| This program is generated by unregistered Jar2Exe and it has expired to run for DEMO use. |
| Java virtual machine version %s is too high, version between %s and %s is required. |
| There is already an instance of this program running. |
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 1.0.2.0 |
| ProductVersion | 1.0.2.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_UNKNOWN
|
| Language | UNKNOWN |
| ProductVersion (#2) | 1,0,2,0 |
| ProductName | OfflineBay |
| LegalCopyright | Copyright (c) 2018 |
| SpecialBuild | 1, 0, 2, 0 |
| PrivateBuild | |
| OriginalFilename | |
| FileVersion (#2) | 1,0,2,0 |
| FileDescription | Offline torrent seach for thePirateBay |
| LegalTrademarks | TechTac |
| InternalName | 1, 0, 2, 0 |
| CompanyName | TechTac |
| Comments |
| Resource LangID | English - United States |
|---|
TLS Callbacks
Load Configuration
RICH Header
| XOR Key | 0xbd575291 |
|---|---|
| Unmarked objects | 0 |
| Unmarked objects (#2) | 3 |
| 19 (8034) | 9 |
| Total imports | 167 |
| 12 (7291) | 6 |
| 14 (7299) | 23 |
| C++ objects (8047) | 1 |
| C objects (VS98 SP6 build 8804) | 160 |
| C++ objects (VS98 SP6 build 8804) | 46 |
| Resource objects (VS98 SP6 cvtres build 1736) | 1 |
| Linker (VC++ 6.0 SP5 imp/exp build 8447) | 1 |