Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2018-Oct-03 14:08:25 |
Debug artifacts |
F:\Github\Arctium patcher\build\Release\launcher\netcoreapp2.1\win-x64\native\Arctium WoW Client Launcher.pdb
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to SHA1 |
Suspicious | The PE is possibly packed. |
Unusual section name found: .managed
Unusual section name found: rdata |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | VirusTotal score: 1/71 (Scanned on 2019-06-21 20:23:18) | Bkav: W64.HfsReno. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x110 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2018-Oct-03 14:08:25 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x1f9a00 |
SizeOfInitializedData | 0x20fa00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00000000001E3384 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x40e000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
HeapAlloc
CloseThreadpoolIo HeapFree GetCurrentThreadId GetSystemTimeAsFileTime GetTickCount64 CreateThreadpoolWork CloseThreadpoolWork SubmitThreadpoolWork GetCurrentProcessorNumber GetProcAddress RaiseFailFastException LoadLibraryExW FreeLibrary CreateThreadpoolIo StartThreadpoolIo CancelThreadpoolIo GetSystemDirectoryW FlushProcessWriteBuffers CloseHandle DuplicateHandle GetCurrentProcess GetCurrentThread SetEvent WaitForSingleObjectEx RaiseException GetFileAttributesExW ReadFile GetSystemInfo VirtualQuery RtlVirtualUnwind GetStdHandle CreateFileW WriteFile DebugBreak AddVectoredExceptionHandler GetProcessHeap FlsGetValue FlsSetValue QueryPerformanceCounter QueryPerformanceFrequency InitializeCriticalSection EnterCriticalSection LeaveCriticalSection DeleteCriticalSection WaitForMultipleObjectsEx CreateEventW Sleep GetCurrentProcessId SwitchToThread CreateThread SetThreadPriority SuspendThread ResumeThread GetThreadContext GlobalMemoryStatusEx GetTickCount GetLogicalProcessorInformation VirtualAlloc VirtualProtect VirtualFree VirtualUnlock GetWriteWatch ResetWriteWatch GetModuleHandleExW InitializeCriticalSectionEx ResetEvent GetEnvironmentVariableW SetFilePointerEx GetLastError FlsAlloc SetLastError HeapReAlloc HeapSize GetConsoleMode GetConsoleCP FlushFileBuffers RtlCaptureContext RtlLookupFunctionEntry UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent InitializeSListHead IsDebuggerPresent GetStartupInfoW GetModuleHandleW RtlPcToFileHeader RtlUnwindEx EncodePointer InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree ExitProcess GetModuleFileNameW GetCommandLineA GetCommandLineW CompareStringW LCMapStringW GetFileType MultiByteToWideChar FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetACP GetOEMCP GetCPInfo WideCharToMultiByte GetEnvironmentStringsW FreeEnvironmentStringsW SetEnvironmentVariableW SetStdHandle GetStringTypeW WriteConsoleW |
---|---|
ole32.dll |
CoGetMarshalSizeMax
CoUnmarshalInterface CoCreateInstance CoMarshalInterface CoWaitForMultipleHandles |
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Oct-03 14:08:25 |
Version | 0.0 |
SizeofData | 134 |
AddressOfRawData | 0x322c74 |
PointerToRawData | 0x321a74 |
Referenced File | F:\Github\Arctium patcher\build\Release\launcher\netcoreapp2.1\win-x64\native\Arctium WoW Client Launcher.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Oct-03 14:08:25 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x322cfc |
PointerToRawData | 0x321afc |
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Oct-03 14:08:25 |
Version | 0.0 |
SizeofData | 1032 |
AddressOfRawData | 0x322d10 |
PointerToRawData | 0x321b10 |
StartAddressOfRawData | 0x140323160 |
---|---|
EndAddressOfRawData | 0x140323278 |
AddressOfIndex | 0x1403b3dbc |
AddressOfCallbacks | 0x1401fb490 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_16BYTES
|
Callbacks | (EMPTY) |
Size | 0x100 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x1403ae5f0 |
XOR Key | 0xdfff7214 |
---|---|
Unmarked objects | 0 |
C objects (VS2015/2017 runtime 25711) | 22 |
ASM objects (VS2015/2017 runtime 25711) | 15 |
C++ objects (VS2015/2017 runtime 25711) | 144 |
ASM objects (VS2017 v15.6.6 compiler 26131) | 8 |
C objects (VS2017 v15.6.6 compiler 26131) | 19 |
C++ objects (VS2017 v15.6.6 compiler 26131) | 43 |
Imports (VS2015/2017 runtime 25711) | 7 |
Total imports | 139 |
ASM objects (VS2017 v15.7.3 compiler 26430) | 13 |
C++ objects (VS2017 v15.7.3 compiler 26430) | 49 |
Unmarked objects (#2) | 1 |
Linker (VS2017 v15.7.4 compiler 26431) | 1 |