17f82f26eb6bdbea7eaed17d3c91b97d
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2000-Mar-27 18:09:58 |
| Detected languages |
English - United States
|
| Comments | |
| CompanyName | companyname |
| FileDescription | |
| FileVersion | |
| InternalName | stub32i.exe |
| LegalCopyright | |
| OriginalFilename | stub32i.exe |
| ProductName | speco-plugin |
| ProductVersion |
Plugin Output
| Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: Speco Technologies
Issuer: Symantec Class 3 SHA256 Code Signing CA |
| Safe | VirusTotal score: 0/69 (Scanned on 2025-02-27 13:00:25) | All the AVs think this file is safe. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0xe8 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 4 |
| TimeDateStamp | 2000-Mar-27 18:09:58 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 6.0 |
| SizeOfCode | 0x11000 |
| SizeOfInitializedData | 0x18000 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x000083F7 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x12000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x1000 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 4.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x2a000 |
| SizeOfHeaders | 0x1000 |
| Checksum | 0x111e7e |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.rsrc
Imports
| KERNEL32.dll |
FormatMessageA
GetSystemDefaultLCID GetProcAddress GetTempFileNameA MulDiv CreateProcessA WaitForSingleObject GetStartupInfoA IsDBCSLeadByte Sleep CompareStringA SetFileTime LocalFileTimeToFileTime DosDateTimeToFileTime FreeLibrary RemoveDirectoryA FindNextFileA WritePrivateProfileSectionA WritePrivateProfileStringA lstrcpynA GetPrivateProfileSectionA WriteFile DeleteFileA LocalAlloc LockResource LoadResource FindResourceA SizeofResource GetModuleHandleA GlobalFree GlobalUnlock GlobalLock GlobalAlloc MultiByteToWideChar lstrcmpiA GetDiskFreeSpaceA HeapAlloc GetProcessHeap HeapFree GetModuleFileNameA ExitProcess CreateFileA CreateFileMappingA MapViewOfFile UnmapViewOfFile SetFileAttributesA GetFileSize ReadFile SetFilePointer FindFirstFileA CreateDirectoryA GetLastError GetPrivateProfileStringA FindClose GetFileAttributesA lstrcatA lstrlenA GetWindowsDirectoryA lstrcpyA GetSystemDirectoryA GetTempPathA MoveFileExA LoadLibraryA LocalFree GetShortPathNameA FlushFileBuffers CloseHandle SetStdHandle IsBadCodePtr IsBadReadPtr SetUnhandledExceptionFilter LCMapStringW LCMapStringA GetFileType GetStdHandle SetHandleCount GetEnvironmentStringsW GetEnvironmentStrings WideCharToMultiByte FreeEnvironmentStringsW FreeEnvironmentStringsA UnhandledExceptionFilter GetCurrentProcess TerminateProcess GetStringTypeW GetStringTypeA GetOEMCP GetACP GetCPInfo IsBadWritePtr HeapReAlloc VirtualAlloc VirtualFree HeapCreate HeapDestroy GetVersion GetCommandLineA RtlUnwind |
|---|---|
| USER32.dll |
GetParent
GetDlgItem SendDlgItemMessageA EnableWindow CheckRadioButton SetWindowTextA GetWindowTextA LoadStringA LoadImageA MessageBoxA IsDlgButtonChecked GetDlgItemTextA SetDlgItemTextA ReleaseDC GetDC GetWindowLongA SetFocus PostMessageA GetWindow wsprintfA GetDesktopWindow DestroyWindow CreateDialogParamA DispatchMessageA TranslateMessage GetSysColor GetSysColorBrush FillRect BeginPaint DrawTextA EndPaint GetClientRect ScreenToClient MoveWindow SetParent MapDialogRect GetNextDlgTabItem GetWindowRect CreateDialogIndirectParamA IsWindow InvalidateRect IsWindowEnabled ShowWindow UpdateWindow IsDialogMessageA SetWindowPos GetActiveWindow SetActiveWindow CharNextA LoadIconA SendMessageA PeekMessageA SetWindowLongA |
| GDI32.dll |
DeleteObject
CreatePalette RealizePalette GetDeviceCaps CreateDIBitmap GetObjectA SelectPalette EnumFontFamiliesExA GetTextExtentPointA GetStockObject TextOutA DeleteDC SelectObject CreateCompatibleDC SetBkMode BitBlt SetTextColor CreateSolidBrush SetBkColor CreateFontIndirectA |
| ADVAPI32.dll |
RegCloseKey
RegQueryValueExA RegOpenKeyExA |
| SHELL32.dll |
ShellExecuteA
SHBrowseForFolderA SHGetPathFromIDListA SHGetMalloc |
| LZ32.dll |
LZOpenFileA
LZCopy LZClose |
| COMCTL32.dll |
#17
|
Delayed Imports
118
132
1
2
3
4
IDD_WIZ97SHEET
1000
1001
1002
1003
1004
1005
1006
1009
1 (#2)
3 (#2)
4 (#2)
19
20
21
376
103
1 (#3)
String Table contents
| PackageForTheWeb Error |
| This self extracting executable file appears to have been corrupted and cannot be executed. You should obtain a new copy of this file to insure that it will execute correctly. |
| Unable to open the self-extracting executable file. The file is locked or in use by another process. The installation will terminate. |
| PackageForTheWeb |
| Unable to access the source file! |
| Unable to create the cabinet file! |
| Unable to access the specified path. |
| Unable to create the specified output folder. Bad path name. |
| Unable to start the decompression process! |
| The EXE file has been corrupted. Unable to continue. |
| Unable to execute the specified command line! |
| This program is used internally by PackageFromTheWeb. It should not be executed directly. |
| Bad or missing header information! |
| Do you wish to cancel the installation? |
| Insufficient disk space to open the package! |
| Security error! Invalid password. |
| Unpacking '%s'... |
| Memory allocation failure! |
| General failure reading this package. |
| Unable to initialize the extension DLL. |
| Error Executing the Specified Program |
| Unpacking %s... |
| The specified drive does not exist |
| No error |
| Missing cabinet file! |
| Input file is not a cabinet. |
| Bad cabinet version. |
| Corrupt cabinet file! |
| Memory allocation failure! |
| Invalid file compression type! |
| CRC failure. |
| System error during decompression |
| Incorrect cabinet file selected |
| The package decompression has been cancelled. |
| Unable to create the specified output folder! |
| Unable to compute required disk space |
| There is not enough space on drive %s to extract this package. |
| MB |
| KB |
| bytes |
| There is not enough space on drive %s to extract this package |
| version |
| Please free up %.2f %s and click Retry |
| 12,MS Shell Dlg |
| &Finish |
| 8,MS Shell Dlg |
| 8,MS Shell Dlg |
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 2.11.15.0 |
| ProductVersion | 2.11.15.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS
VOS_DOS_WINDOWS16
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS_OS232
VOS_OS232_PM32
VOS_WINCE
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | English - United States |
| Comments | |
| CompanyName | companyname |
| FileDescription | |
| FileVersion (#2) | |
| InternalName | stub32i.exe |
| LegalCopyright | |
| OriginalFilename | stub32i.exe |
| ProductName | speco-plugin |
| ProductVersion (#2) |
| Resource LangID | English - United States |
|---|
TLS Callbacks
Load Configuration
RICH Header
| XOR Key | 0xaa373629 |
|---|---|
| Unmarked objects | 0 |
| Unmarked objects (#2) | 12 |
| C++ objects (VS98 build 8168) | 8 |
| 14 (7299) | 18 |
| C objects (VS98 build 8168) | 73 |
| 19 (8034) | 13 |
| Total imports | 182 |
| C++ objects (VC++ 6.0 SP5 imp/exp build 8447) | 10 |
| Resource objects (VS98 SP6 cvtres build 1736) | 1 |