Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2012-Dec-26 11:38:15 |
Detected languages |
English - United States
Russian - Russia |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Microsoft's Cryptography API |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE's resources present abnormal characteristics. | Resource 125 is possibly compressed or encrypted. |
Malicious | VirusTotal score: 8/68 (Scanned on 2021-06-09 15:05:11) |
Bkav:
W32.AIDetect.malware2
APEX: Malicious DrWeb: Exploit.Siggen.621 Jiangmin: TrojanDownloader.VB.dsyt VBA32: BScope.TrojanDownloader.VB Rising: Trojan.Generic@ML.86 (RDML:u22EvhxgwCiH02QY5SIMTQ) Yandex: Exploit.Agent!HFukBI0Bthc MaxSecure: Trojan.Malware.300983.susgen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2012-Dec-26 11:38:15 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x49200 |
SizeOfInitializedData | 0xba000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0002FCC0 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x4b000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x4e1000 |
SizeOfHeaders | 0x400 |
Checksum | 0x109685 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
SHLWAPI.dll |
SHDeleteKeyW
|
---|---|
KERNEL32.dll |
DeviceIoControl
MultiByteToWideChar GetCurrentThread GetSystemTime FindClose FindNextFileW DeleteFileW FindFirstFileW SetFilePointer ReadFile SystemTimeToFileTime LocalFileTimeToFileTime GetCurrentDirectoryW SetFileTime WriteFile FileTimeToSystemTime GetFileInformationByHandle MapViewOfFile CreateFileMappingW UnmapViewOfFile GetTickCount CreateFileW GetFileTime CreateEventW ResetEvent WaitForSingleObject CloseHandle GetBinaryTypeW SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess SetEnvironmentVariableA CompareStringW GetComputerNameW SetEndOfFile WriteConsoleW FlushFileBuffers Sleep GetCommandLineW GetTempPathW CreateDirectoryW GetModuleHandleW GetCurrentThreadId GetModuleFileNameW GetFileAttributesW FindResourceW SizeofResource LoadResource LockResource LoadLibraryW GetProcAddress FreeLibrary InterlockedDecrement HeapCreate TlsFree TlsSetValue SetStdHandle IsValidLocale EnumSystemLocalesA GetLocaleInfoA GetUserDefaultLCID TlsGetValue TlsAlloc IsProcessorFeaturePresent GetCPInfo LCMapStringW GetStartupInfoW HeapSetInformation GetCommandLineA GetSystemTimeAsFileTime FindFirstFileExW FileTimeToLocalFileTime HeapAlloc GetProcessHeap WideCharToMultiByte HeapReAlloc GetLocaleInfoW GetCurrentProcessId QueryPerformanceCounter SetHandleCount GetEnvironmentStringsW FreeEnvironmentStringsW GetModuleFileNameA GetFileType PeekNamedPipe GetFullPathNameW HeapSize GetStdHandle ExitProcess InitializeCriticalSectionAndSpinCount GetConsoleMode GetConsoleCP HeapFree IsValidCodePage GetOEMCP GetACP SetLastError GetModuleHandleA GetVersion GetLastError OutputDebugStringA IsDebuggerPresent GetLogicalDriveStringsW GetDriveTypeW QueryDosDeviceW GetTimeZoneInformation SystemTimeToTzSpecificLocalTime SetFileAttributesW CreateThread LocalFree InterlockedIncrement GetStringTypeW InterlockedCompareExchange InterlockedExchange InitializeCriticalSection DeleteCriticalSection EnterCriticalSection LeaveCriticalSection EncodePointer DecodePointer RaiseException RtlUnwind |
USER32.dll |
EndDialog
SetWindowPos SetWindowLongW ScreenToClient GetWindowRect MoveWindow ShowWindow MessageBoxW GetWindowThreadProcessId GetForegroundWindow GetClassNameW GetWindow GetDesktopWindow SetForegroundWindow GetSysColor CallWindowProcW SetCursor LoadCursorW GetSysColorBrush EndPaint DrawIconEx FillRect SetRect BeginPaint GetClientRect TrackPopupMenu GetCursorPos AppendMenuW wsprintfW SetDlgItemTextW LoadStringW GetDlgItem SendMessageW CreatePopupMenu PostMessageW IsWindow DialogBoxParamW EnableWindow SetWindowTextW LoadImageW DestroyIcon GetFocus SetFocus GetDlgItemTextW GetWindowLongW |
ADVAPI32.dll |
CryptDestroyHash
CryptEncrypt CryptGetHashParam CryptDecrypt CryptDestroyKey CryptCreateHash CryptHashData CryptDeriveKey RevertToSelf CryptAcquireContextW GetFileSecurityW ImpersonateSelf OpenThreadToken MapGenericMask AccessCheck |
SHELL32.dll |
CommandLineToArgvW
ShellExecuteW |
ole32.dll |
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes CLSIDFromProgID CoCreateInstance CoInitialize CoUninitialize StgCreateStorageEx StgOpenStorageEx |
OLEAUT32.dll |
SysStringByteLen
SysAllocStringByteLen VariantChangeType VariantClear VariantCopy VariantInit SysFreeString SysAllocString |
IPHLPAPI.DLL |
GetAdaptersInfo
|
WS2_32.dll |
WSAStartup
WSACleanup htonl ntohl htons inet_addr gethostbyname socket connect send recv closesocket select |
WININET.dll |
InternetReadFile
HttpQueryInfoW HttpSendRequestW InternetConnectW InternetOpenW InternetCloseHandle HttpOpenRequestW |
GDI32.dll |
SelectObject
MoveToEx LineTo SetBkMode SetTextColor CreatePen DeleteObject |
Register |
Enter Activation Code |
Enter Password |
Registration reminder |
Trial Period Expired |
End User License Agreement |
Incorrect Activation Code |
Successful activation. |
Deactivate Product |
Product has been deactivated |
Are you sure you want to deactivate product? |
Help |
Your e-mail, entered in the Share-It order: |
Your Computer Code: |
Your Share-It Order Ref#: |
Activation Code: |
Connecting to the Spreadsheet Tools Customer Service ... |
Error occured when getting activation code for your license: |
Connection with the Spreadsheet Tools Customer Service can not be established. |
Spreadsheet Tools Customer Service was unable to login to your account. |
Possible reason: |
Spreadsheet Tools does not receive your order from Share-It yet. |
In this case please wait several hours and try again. |
You've entered your e-mail or Share-It Order Ref# incorrectly. |
You have no available licenses of this product. |
You've reached limit of activation codes in your account in the Spreadsheet Tools Customer Service. |
If you have any questions, please contact our Technical Support |
About |
Enter Serial Number |
Please, wait while LockXLS Runtime is connecting to Internet Time Server ... |
Invalid Serial Number or Customer ID |
Not a valid USB drive |
Invalid password |
Activation Failed |
Open |
Save As |
All Files (*.*) |
Untitled |
an unnamed file |
&Hide |
No error message is available. |
Attempted an unsupported operation. |
A required resource was unavailable. |
Out of memory. |
An unknown error has occurred. |
Encountered an improper argument. |
Incorrect filename. |
Failed to open document. |
Failed to save document. |
Save changes to %1? |
Failed to create empty document. |
The file is too large to open. |
Could not start print job. |
Failed to launch help. |
Internal application error. |
Command failed. |
Insufficient memory to perform operation. |
System registry entries have been removed and the INI file (if any) was deleted. |
Not all of the system registry entries (or INI file) were removed. |
This program requires the file %s, which was not found on this system. |
This program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s. |
Enter an integer. |
Enter a number. |
Enter an integer between %1 and %2. |
Enter a number between %1 and %2. |
Enter no more than %1 characters. |
Select a button. |
Enter an integer between 0 and 255. |
Enter a positive integer. |
Enter a date and/or time. |
Enter a currency. |
Enter a GUID. |
Enter a time. |
Enter a date. |
Unexpected file format. |
%1 |
Cannot find this file. |
Verify that the correct path and file name are given. |
Destination disk drive is full. |
Unable to read from %1, it is opened by someone else. |
Unable to write to %1, it is read-only or opened by someone else. |
Encountered an unexpected error while reading %1. |
Encountered an unexpected error while writing %1. |
%1: %2 |
Continue running script? |
Dispatch exception: %1 |
Unable to read write-only property. |
Unable to write read-only property. |
Unable to load mail system support. |
Mail system DLL is invalid. |
Send Mail failed to send message. |
No error occurred. |
An unknown error occurred while accessing %1. |
%1 was not found. |
%1 contains an incorrect path. |
Could not open %1 because there are too many open files. |
Access to %1 was denied. |
An incorrect file handle was associated with %1. |
Could not remove %1 because it is the current directory. |
Could not create %1 because the directory is full. |
Seek failed on %1 |
Encountered a hardware I/O error while accessing %1. |
Encountered a sharing violation while accessing %1. |
Encountered a locking violation while accessing %1. |
Disk full while accessing %1. |
Attempted to access %1 past its end. |
No error occurred. |
An unknown error occurred while accessing %1. |
Attempted to write to the reading %1. |
Attempted to access %1 past its end. |
Attempted to read from the writing %1. |
%1 has a bad format. |
%1 contained an unexpected object. |
%1 contains an incorrect schema. |
pixels |
Uncheck |
Check |
Mixed |
One or more auto-saved documents were found. |
These are more recently saved than the currently open documents and contain changes that were made before the application closed. |
Do you want to recover these auto-saved documents? |
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted. |
Recover the auto-saved documents |
Open the auto-saved versions instead of the explicitly saved versions |
Don't recover the auto-saved documents |
Use the last explicitly saved versions of the documents |
%s [Recovered] |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x45c2c0 |
SEHandlerTable | 0x4558a0 |
SEHandlerCount | 189 |
XOR Key | 0xd96ee4fe |
---|---|
Unmarked objects | 0 |
152 (20115) | 2 |
ASM objects (VS2010 build 30319) | 29 |
C objects (VS2010 build 30319) | 186 |
175 (VS2010 build 30319) | 18 |
C objects (VS2008 SP1 build 30729) | 3 |
Imports (VS2008 SP1 build 30729) | 23 |
Total imports | 249 |
C++ objects (VS2010 build 30319) | 117 |
Resource objects (VS2010 build 30319) | 1 |
Linker (VS2010 build 30319) | 1 |