Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2005-Apr-28 15:31:22 |
Detected languages |
English - United Kingdom
|
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Tries to detect virtualized environments:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to DES |
Suspicious | The PE is possibly packed. |
Unusual section name found: _rwcseg
Unusual section name found: _TEXT_HA Unusual section name found: _rwdseg Section .text is both writable and executable. Unusual section name found: .init Section .init is both writable and executable. Section .data is both writable and executable. Unusual section name found: .HOODLUM Section .HOODLUM is both writable and executable. |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | VirusTotal score: 1/66 (Scanned on 2021-11-14 19:17:58) | APEX: Malicious |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 11 |
TimeDateStamp | 2005-Apr-28 15:31:22 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 7.0 |
SizeOfCode | 0xac8000 |
SizeOfInitializedData | 0x6ae000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00424570 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x458000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x1177000 |
SizeOfHeaders | 0x400 |
Checksum | 0xdc5bea |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x200000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x200000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
WINMM.dll |
timeEndPeriod
timeGetTime timeBeginPeriod timeGetDevCaps |
---|---|
vorbisfile.dll |
ov_open_callbacks
ov_clear ov_time_total ov_time_tell ov_read ov_info ov_time_seek |
WS2_32.dll |
recv
send closesocket htons inet_addr connect WSAGetLastError WSAStartup WSACleanup socket |
EAX.DLL |
#6
|
KERNEL32.dll |
VirtualProtect
GetOEMCP GetACP IsBadCodePtr IsBadReadPtr GetStringTypeW GetStringTypeA IsValidCodePage IsValidLocale EnumSystemLocalesA GetLocaleInfoA GetCPInfo GetDateFormatA VirtualQuery GetTickCount GetModuleHandleA GetProcAddress LoadLibraryA GetFileSize CloseHandle LocalFree WaitForSingleObjectEx GetOverlappedResult WaitForSingleObject ReleaseSemaphore SetFilePointer GetLastError ReadFile SetLastError CreateFileA ResumeThread SetThreadPriority GetThreadPriority GetCurrentThread CreateThread LocalAlloc CreateSemaphoreA GetDiskFreeSpaceA Sleep QueryPerformanceCounter InterlockedIncrement InterlockedDecrement lstrcpyA lstrcatA lstrlenA DeleteCriticalSection SuspendThread LeaveCriticalSection EnterCriticalSection InitializeCriticalSection MultiByteToWideChar DeleteFileA TerminateThread FindClose FindNextFileA GetFileAttributesA FindFirstFileA FreeLibrary QueryPerformanceFrequency OutputDebugStringA GetLocalTime CreateDirectoryA GetUserDefaultLCID SetStdHandle CreateEventA GetVolumeInformationA GetDriveTypeA GetLogicalDriveStringsA SetErrorMode GlobalMemoryStatus GetVersionExA GetCommandLineA GetFullPathNameA WideCharToMultiByte lstrcmpiA GetSystemInfo IsProcessorFeaturePresent LockResource LoadResource SizeofResource FindResourceA FindResourceW MapViewOfFile CreateFileMappingA CreateFileW UnmapViewOfFile ReleaseMutex CreateMutexA GetCurrentProcessId GetSystemDirectoryA GetModuleFileNameA FreeEnvironmentStringsA UnhandledExceptionFilter IsBadWritePtr VirtualAlloc VirtualFree HeapCreate HeapDestroy GetFileType GetStdHandle SetHandleCount FlushFileBuffers LCMapStringW LCMapStringA WriteFile FatalAppExitA SetUnhandledExceptionFilter HeapSize TlsAlloc TlsGetValue TlsSetValue GetCurrentThreadId TlsFree GetStartupInfoA HeapReAlloc HeapAlloc HeapFree GetSystemTimeAsFileTime GetCurrentProcess TerminateProcess ExitProcess RtlUnwind RaiseException InterlockedExchange FreeEnvironmentStringsW GetEnvironmentStringsW SetConsoleCtrlHandler GetTimeFormatA CompareStringA CompareStringW SetEnvironmentVariableA GetTimeZoneInformation SetEndOfFile GetLocaleInfoW GetCurrentDirectoryA GetSystemDefaultLCID SetCurrentDirectoryA GetEnvironmentStrings |
USER32.dll |
wsprintfA
IsIconic GetWindowLongA GetMenu AdjustWindowRectEx SystemParametersInfoA DestroyWindow SetWindowLongA ShowWindow LoadIconA LoadCursorA RegisterClassA ReleaseCapture GetWindowPlacement SetTimer ClipCursor PostQuitMessage SetCursor SetCapture DefWindowProcA MapVirtualKeyA UpdateWindow GetKeyState FindWindowA SetForegroundWindow PeekMessageA DispatchMessageA TranslateMessage GetKeyboardLayout DialogBoxParamA EndDialog GetDlgItem SetFocus SendMessageA SetWindowPos AdjustWindowRect CreateWindowExA ShowCursor GetWindowRect MessageBoxA SetWindowTextA ClientToScreen SetCursorPos GetClientRect |
GDI32.dll |
DeleteObject
|
ADVAPI32.dll |
RegCloseKey
RegCreateKeyExA RegOpenKeyExA RegQueryValueExA RegOpenKeyA RegSetValueExA |
ole32.dll |
CoCreateInstance
CoInitialize CoUninitialize |
d3d9.dll (delay-loaded) |
Direct3DCreate9
|
Attributes | 0x1 |
---|---|
Name | d3d9.dll |
ModuleHandle | 0x89a6bc |
DelayImportAddressTable | 0x4e3ed4 |
DelayImportNameTable | 0x4a1f9c |
BoundDelayImportTable | 0x4a1fe4 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |