Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2001-Feb-09 01:29:31 |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h) Microsoft Visual C++ Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
Suspicious | The PE is packed or was manually edited. | The number of imports reported in the RICH header is inconsistent. |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Safe | VirusTotal score: 0/61 (Scanned on 2017-04-19 05:07:26) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2001-Feb-09 01:29:31 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x119000 |
SizeOfInitializedData | 0x124000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00105B03 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x11a000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x23e000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
SetFilePointer
ReadFile CreateFileA GetFileSize GetLastError WriteFile MoveFileA DeleteFileA FlushFileBuffers FindClose FindNextFileA GetProcessHeap HeapFree FindFirstFileA VirtualAlloc VirtualFree GlobalMemoryStatus TerminateThread SetThreadPriority LeaveCriticalSection EnterCriticalSection GetCurrentProcess CreateThread ResumeThread SuspendThread QueryPerformanceCounter QueryPerformanceFrequency InitializeCriticalSection GetVolumeInformationA GetCommandLineA Sleep WaitForMultipleObjects ReleaseSemaphore CreateSemaphoreA GetVersionExA GetSystemInfo CreateEventA WaitForSingleObject ResetEvent CloseHandle DeleteCriticalSection DuplicateHandle GetCurrentThread HeapAlloc CompareStringW SetStdHandle CompareStringA GetEnvironmentStringsW GetEnvironmentStrings FreeEnvironmentStringsW FreeEnvironmentStringsA SetEvent UnhandledExceptionFilter RtlUnwind HeapSize GetStringTypeW GetStringTypeA LCMapStringW LCMapStringA MultiByteToWideChar GetFileType GetStdHandle SetHandleCount IsBadWritePtr SetConsoleCtrlHandler RaiseException SetEndOfFile GetStartupInfoA GetModuleHandleA HeapCreate HeapDestroy LoadLibraryA SetEnvironmentVariableA GetVersion GetEnvironmentVariableA GetOEMCP GetACP HeapReAlloc GetModuleFileNameA TerminateProcess GetCPInfo ExitProcess GetProcAddress WideCharToMultiByte |
---|---|
USER32.dll |
ShowWindow
SetCursor PostQuitMessage CreateWindowExA GetSystemMetrics RegisterClassA LoadCursorA LoadIconA UpdateWindow PostMessageA DispatchMessageA TranslateMessage GetMessageA SendMessageA DefMDIChildProcA SetScrollPos GetWindowRect SetWindowWord SetWindowPos GetDC ReleaseDC SetScrollInfo ShowScrollBar EndPaint DefWindowProcA MessageBoxA BeginPaint GetWindowWord |
GDI32.dll |
GetStockObject
SelectObject TextOutA GetTextMetricsA |
WINMM.dll |
timeKillEvent
timeGetTime timeBeginPeriod timeSetEvent timeEndPeriod |
ADVAPI32.dll |
RegOpenKeyExA
RegCloseKey RegQueryValueExA |
ole32.dll |
StringFromGUID2
|
DDRAW.dll |
DirectDrawCreateEx
DirectDrawEnumerateExA DirectDrawCreate |
DINPUT.dll |
DirectInputCreateA
|
DSOUND.dll |
#1
#2 |
XOR Key | 0x975492c2 |
---|---|
Unmarked objects | 0 |
12 (7291) | 2 |
C++ objects (8797) | 6 |
14 (7299) | 28 |
C objects (8797) | 109 |
C objects (VS98 build 8168) | 2 |
48 (8943) | 19 |
C objects (8830) | 3 |
37 (8755) | 9 |
19 (8034) | 13 |
Total imports | 128 |
C objects (8799) | 25 |
5 (VC++ 6.0 SP5 imp/exp build 8447) | 2 |
C++ objects (8799) | 147 |