Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2013-Feb-10 03:04:13 |
Detected languages |
English - United States
Russian - Russia |
CompanyName | |
FileDescription | тулза в помощь модератору ТО |
FileVersion | 2.3.3.0 |
InternalName | |
LegalCopyright | (c) deda |
LegalTrademarks | |
OriginalFilename | |
ProductName | TOM :: TankiOnline Moderator tool :: |
ProductVersion | 2.3.0.0 |
Comments |
Info | Matching compiler(s): |
Borland C++ DLL
Borland C++ for Win32 1999 |
Suspicious | PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h) UPX -> www.upx.sourceforge.net UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to MD5 |
Suspicious | The PE is packed with UPX |
Unusual section name found: UPX0
Section UPX0 is both writable and executable. Unusual section name found: UPX1 Section UPX1 is both writable and executable. |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE's resources present abnormal characteristics. |
Resource EXCEPT is possibly compressed or encrypted.
Resource 1 is possibly compressed or encrypted. Resource 2 is possibly compressed or encrypted. Resource 3 is possibly compressed or encrypted. Resource 4 is possibly compressed or encrypted. Resource 5 is possibly compressed or encrypted. Resource 6 is possibly compressed or encrypted. Resource 7 is possibly compressed or encrypted. Resource MEIBIG is possibly compressed or encrypted. Resource MEICANTCONTINUE is possibly compressed or encrypted. Resource MEICLOSE is possibly compressed or encrypted. Resource MEICONTINUE is possibly compressed or encrypted. Resource MEIPLWAIT is possibly compressed or encrypted. Resource MEIPRINT is possibly compressed or encrypted. Resource MEIRESTART is possibly compressed or encrypted. Resource MEISAVE is possibly compressed or encrypted. Resource MEISEND is possibly compressed or encrypted. Resource MEISEND32 is possibly compressed or encrypted. Resource MEISHOW is possibly compressed or encrypted. Resource 4064 is possibly compressed or encrypted. Resource 4065 is possibly compressed or encrypted. Resource 4066 is possibly compressed or encrypted. Resource 4067 is possibly compressed or encrypted. Resource 4068 is possibly compressed or encrypted. Resource 4069 is possibly compressed or encrypted. Resource 4070 is possibly compressed or encrypted. Resource 4071 is possibly compressed or encrypted. Resource 4072 is possibly compressed or encrypted. Resource 4073 is possibly compressed or encrypted. Resource 4074 is possibly compressed or encrypted. Resource 4075 is possibly compressed or encrypted. Resource 4076 is possibly compressed or encrypted. Resource 4077 is possibly compressed or encrypted. Resource 4078 is possibly compressed or encrypted. Resource 4079 is possibly compressed or encrypted. Resource 4080 is possibly compressed or encrypted. Resource 4082 is possibly compressed or encrypted. Resource 4083 is possibly compressed or encrypted. Resource 4084 is possibly compressed or encrypted. Resource 4085 is possibly compressed or encrypted. Resource 4086 is possibly compressed or encrypted. Resource 4087 is possibly compressed or encrypted. Resource 4088 is possibly compressed or encrypted. Resource 4089 is possibly compressed or encrypted. Resource 4090 is possibly compressed or encrypted. Resource 4091 is possibly compressed or encrypted. Resource 4092 is possibly compressed or encrypted. Resource 4093 is possibly compressed or encrypted. Resource 4094 is possibly compressed or encrypted. Resource 4095 is possibly compressed or encrypted. Resource 4096 is possibly compressed or encrypted. Resource TFRMBANBATTLE is possibly compressed or encrypted. Resource TFRMBANBATTLEINPUTNICK is possibly compressed or encrypted. Resource TFRMCLICKER is possibly compressed or encrypted. Resource TFRMIMAGEVIEW is possibly compressed or encrypted. Resource TFRMMAIN is possibly compressed or encrypted. Resource TFRMNOTIFY is possibly compressed or encrypted. Resource TFRMSELECTSCREENRGN is possibly compressed or encrypted. Resource TMADEXCEPT is possibly compressed or encrypted. Resource TMECONTACTFORM is possibly compressed or encrypted. Resource TMEDETAILSFORM is possibly compressed or encrypted. Resource TMESCRSHOTFORM is possibly compressed or encrypted. The binary may have been compiled on a machine in the UTC+4 timezone. |
Suspicious | VirusTotal score: 1/58 (Scanned on 2017-02-22 22:06:31) | Endgame: malicious (moderate confidence) |
e_magic | MZ |
---|---|
e_cblp | 0x50 |
e_cp | 0x2 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0xf |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0x1a |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x200 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 3 |
TimeDateStamp | 2013-Feb-10 03:04:13 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 5.0 |
SizeOfCode | 0x100000 |
SizeOfInitializedData | 0x9000 |
SizeOfUninitializedData | 0x213000 |
AddressOfEntryPoint | 0x00313150 (Section: UPX1) |
BaseOfCode | 0x214000 |
BaseOfData | 0x314000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x31d000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x2000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.DLL |
LoadLibraryA
GetProcAddress VirtualProtect VirtualAlloc VirtualFree ExitProcess |
---|---|
ADVAPI32.DLL |
FreeSid
|
COMCTL32.DLL |
#17
|
COMDLG32.DLL |
PrintDlgW
|
DWMAPI.DLL | (EMPTY) |
GDI32.DLL |
Arc
|
MSIMG32.DLL |
AlphaBlend
|
OLE32.DLL |
IsEqualGUID
|
OLEAUT32.DLL |
#8
|
SHELL32.DLL |
SHGetMalloc
|
USER32.DLL |
GetDC
|
UXTHEME.DLL | (EMPTY) |
VERSION.DLL |
VerQueryValueA
|
WINDOWSCODECS.DLL | (EMPTY) |
WINMM.DLL |
timeGetTime
|
WINSPOOL.DRV |
#203
|
WSOCK32.DLL |
#2
|
狈䐪婛 |
柒闸ᯙ瓉쎧Ǡ倯㝲舂⧜䀗吏鰆朿ᘘ䬜ゆ翩︙帗१纃ň |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 2.3.3.0 |
ProductVersion | 2.3.3.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | Russian - Russia |
CompanyName | |
FileDescription | тулза в помощь модератору ТО |
FileVersion (#2) | 2.3.3.0 |
InternalName | |
LegalCopyright | (c) deda |
LegalTrademarks | |
OriginalFilename | |
ProductName | TOM :: TankiOnline Moderator tool :: |
ProductVersion (#2) | 2.3.0.0 |
Comments |
Resource LangID | Russian - Russia |
---|