| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2020-Oct-04 05:00:00 |
| Detected languages |
English - United States
|
| TLS Callbacks | 3 callback(s) detected. |
| Debug artifacts |
nw.exe.pdb
|
| CompanyName | The NW.js Community |
| FileDescription | nwjs |
| FileVersion | 0.69.1 |
| InternalName | nw_exe |
| LegalCopyright | Copyright 2020, The NW.js community and The Chromium Authors. All rights reserved. |
| OriginalFilename | nw.exe |
| ProductName | nwjs |
| ProductVersion | 0.69.1 |
| CompanyShortName | nwjs.io |
| ProductShortName | nwjs |
| LastChange | 62f83a7521ae1f32e563795732dff0c9da1b660d-refs/heads/master@{#812354} |
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to RC5 or RC6 |
| Suspicious | The PE is possibly packed. |
Unusual section name found: .gxfg
Unusual section name found: .retplne Unusual section name found: .voltbl Unusual section name found: CPADinfo Unusual section name found: malloc_h |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Safe | VirusTotal score: 0/70 (Scanned on 2026-02-04 16:38:59) | All the AVs think this file is safe. |
| e_magic | MZ |
|---|---|
| e_cblp | 0x78 |
| e_cp | 0x1 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0 |
| e_ss | 0 |
| e_sp | 0 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x78 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 14 |
| TimeDateStamp | 2020-Oct-04 05:00:00 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x188a00 |
| SizeOfInitializedData | 0xc7200 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0000000000150210 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 5.2 |
| ImageVersion | 0.0 |
| SubsystemVersion | 5.2 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x264000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x800000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| nw_elf.dll |
GetInstallDetailsPayload
IsBrowserProcess SignalChromeElf |
|---|---|
| KERNEL32.dll |
AcquireSRWLockExclusive
AssignProcessToJobObject CloseHandle CompareStringW ConnectNamedPipe CreateDirectoryW CreateEventW CreateFileMappingW CreateFileW CreateIoCompletionPort CreateJobObjectW CreateMutexW CreateNamedPipeW CreateProcessW CreateRemoteThread CreateSemaphoreW CreateThread DebugBreak DeleteCriticalSection DeleteFileW DeleteProcThreadAttributeList DisconnectNamedPipe DuplicateHandle EncodePointer EnterCriticalSection EnumSystemLocalesEx EnumSystemLocalesW ExitProcess ExpandEnvironmentStringsW FileTimeToSystemTime FindClose FindFirstFileExW FindNextFileW FlsAlloc FlsFree FlsGetValue FlsSetValue FlushFileBuffers FlushViewOfFile FormatMessageA FreeEnvironmentStringsW FreeLibrary GetACP GetCPInfo GetCommandLineA GetCommandLineW GetConsoleMode GetConsoleOutputCP GetCurrentDirectoryW GetCurrentProcess GetCurrentProcessId GetCurrentProcessorNumber GetCurrentThread GetCurrentThreadId GetDateFormatW GetDriveTypeW GetEnvironmentStringsW GetExitCodeProcess GetFileAttributesW GetFileInformationByHandle GetFileInformationByHandleEx GetFileSizeEx GetFileTime GetFileType GetFullPathNameW GetLastError GetLocalTime GetLocaleInfoW GetLogicalProcessorInformation GetLongPathNameW GetModuleFileNameW GetModuleHandleA GetModuleHandleExW GetModuleHandleW GetNativeSystemInfo GetOEMCP GetProcAddress GetProcessHandleCount GetProcessHeap GetProcessHeaps GetProcessId GetProcessTimes GetProductInfo GetQueuedCompletionStatus GetStartupInfoW GetStdHandle GetStringTypeW GetSystemDefaultLCID GetSystemDirectoryW GetSystemInfo GetSystemTimeAsFileTime GetTempPathW GetThreadContext GetThreadId GetThreadLocale GetThreadPriority GetTickCount GetTimeFormatW GetTimeZoneInformation GetUserDefaultLCID GetUserDefaultLangID GetUserDefaultLocaleName GetVersionExW GetWindowsDirectoryW HeapAlloc HeapDestroy HeapFree HeapReAlloc HeapSetInformation HeapSize InitOnceExecuteOnce InitializeCriticalSection InitializeCriticalSectionAndSpinCount InitializeProcThreadAttributeList InitializeSListHead IsDebuggerPresent IsProcessorFeaturePresent IsValidCodePage IsValidLocale IsWow64Process K32GetPerformanceInfo K32GetProcessMemoryInfo LCMapStringW LeaveCriticalSection LoadLibraryExA LoadLibraryExW LoadLibraryW LocalFree LockFileEx MapViewOfFile MoveFileW MultiByteToWideChar OpenProcess OutputDebugStringA PeekNamedPipe PostQueuedCompletionStatus QueryDosDeviceW QueryInformationJobObject QueryPerformanceCounter QueryPerformanceFrequency QueryThreadCycleTime RaiseException ReadConsoleW ReadFile ReadProcessMemory RegisterWaitForSingleObject ReleaseSRWLockExclusive ReleaseSemaphore RemoveDirectoryW ReplaceFileW ResetEvent ResumeThread RtlCaptureContext RtlCaptureStackBackTrace RtlLookupFunctionEntry RtlPcToFileHeader RtlUnwind RtlUnwindEx RtlVirtualUnwind SetConsoleCtrlHandler SetCurrentDirectoryW SetEndOfFile SetEnvironmentVariableW SetEvent SetFileAttributesW SetFilePointerEx SetHandleInformation SetInformationJobObject SetLastError SetNamedPipeHandleState SetProcessShutdownParameters SetStdHandle SetThreadAffinityMask SetThreadPriority SetUnhandledExceptionFilter Sleep SleepConditionVariableSRW SleepEx SuspendThread SystemTimeToTzSpecificLocalTime TerminateJobObject TerminateProcess TlsAlloc TlsFree TlsGetValue TlsSetValue TransactNamedPipe TryAcquireSRWLockExclusive UnhandledExceptionFilter UnlockFileEx UnmapViewOfFile UnregisterWait UnregisterWaitEx UpdateProcThreadAttribute VerSetConditionMask VerifyVersionInfoW VirtualAlloc VirtualAllocEx VirtualFree VirtualFreeEx VirtualProtect VirtualProtectEx VirtualQuery VirtualQueryEx WaitForMultipleObjects WaitForSingleObject WaitForSingleObjectEx WaitNamedPipeW WakeAllConditionVariable WideCharToMultiByte Wow64GetThreadContext WriteConsoleW WriteFile WriteProcessMemory lstrlenW |
| VERSION.dll |
GetFileVersionInfoSizeW
GetFileVersionInfoW VerQueryValueW |
| ADVAPI32.dll (delay-loaded) |
AccessCheck
AddMandatoryAce AdjustTokenPrivileges BuildExplicitAccessWithNameW BuildSecurityDescriptorW BuildTrusteeWithSidW ConvertSidToStringSidW ConvertStringSecurityDescriptorToSecurityDescriptorW ConvertStringSidToSidW CreateProcessAsUserW CreateRestrictedToken CreateWellKnownSid DuplicateToken DuplicateTokenEx EqualSid EventRegister EventUnregister EventWrite FreeSid GetAce GetKernelObjectSecurity GetLengthSid GetNamedSecurityInfoW GetSecurityDescriptorDacl GetSecurityDescriptorSacl GetSecurityInfo GetSidSubAuthority GetTokenInformation ImpersonateLoggedOnUser ImpersonateNamedPipeClient InitializeAcl InitializeSid IsValidSid LookupPrivilegeValueW MapGenericMask OpenProcessToken RegCloseKey RegCreateKeyExW RegDeleteValueW RegDisablePredefinedCache RegOpenKeyExW RegQueryValueExA RegQueryValueExW RegSetValueExW RevertToSelf SetEntriesInAclW SetKernelObjectSecurity SetSecurityInfo SetThreadToken SetTokenInformation SystemFunction036 |
| Attributes | 0x1 |
|---|---|
| Name | ADVAPI32.dll |
| ModuleHandle | 0x1e0fa8 |
| DelayImportAddressTable | 0x1e0ff8 |
| DelayImportNameTable | 0x1cff98 |
| BoundDelayImportTable | 0 |
| UnloadDelayImportTable | 0 |
| TimeStamp | 1970-Jan-01 00:00:00 |
| Ordinal | 1 |
|---|---|
| Address | 0x75460 |
| Ordinal | 2 |
|---|---|
| Address | 0x63c90 |
| Ordinal | 3 |
|---|---|
| Address | 0x1000 |
| Ordinal | 4 |
|---|---|
| Address | 0x63cb0 |
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 0.69.1.0 |
| ProductVersion | 0.69.1.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | English - United States |
| CompanyName | The NW.js Community |
| FileDescription | nwjs |
| FileVersion (#2) | 0.69.1 |
| InternalName | nw_exe |
| LegalCopyright | Copyright 2020, The NW.js community and The Chromium Authors. All rights reserved. |
| OriginalFilename | nw.exe |
| ProductName | nwjs |
| ProductVersion (#2) | 0.69.1 |
| CompanyShortName | nwjs.io |
| ProductShortName | nwjs |
| LastChange | 62f83a7521ae1f32e563795732dff0c9da1b660d-refs/heads/master@{#812354} |
| Resource LangID | English - United States |
|---|
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2020-Oct-04 05:00:00 |
| Version | 0.0 |
| SizeofData | 35 |
| AddressOfRawData | 0x1ce2f4 |
| PointerToRawData | 0x1cd0f4 |
| Referenced File | nw.exe.pdb |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2020-Oct-04 05:00:00 |
| Version | 0.0 |
| SizeofData | 4 |
| AddressOfRawData | 0x1ce318 |
| PointerToRawData | 0x1cd118 |
| StartAddressOfRawData | 0x1401ff000 |
|---|---|
| EndAddressOfRawData | 0x1401ff180 |
| AddressOfIndex | 0x1401e4f20 |
| AddressOfCallbacks | 0x1401cfde0 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_64BYTES
|
| Callbacks |
0x0000000140073D10
0x0000000140086420 0x000000014014ED50 |
| Size | 0x138 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x1401df948 |
| GuardCFCheckFunctionPointer | 5370781696 |
| GuardCFDispatchFunctionPointer | 0 |
| GuardCFFunctionTable | 0 |
| GuardCFFunctionCount | 0 |
| GuardFlags | (EMPTY) |
| CodeIntegrity.Flags | 0 |
| CodeIntegrity.Catalog | 0 |
| CodeIntegrity.CatalogOffset | 0 |
| CodeIntegrity.Reserved | 0 |
| GuardAddressTakenIatEntryTable | 0 |
| GuardAddressTakenIatEntryCount | 0 |
| GuardLongJumpTargetTable | 0 |
| GuardLongJumpTargetCount | 0 |