| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date | 2025-Oct-13 02:50:25 |
| Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
| Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
| Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0xd8 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 4 |
| TimeDateStamp | 2025-Oct-13 02:50:25 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
| Magic | PE32 |
|---|---|
| LinkerVersion | 12.0 |
| SizeOfCode | 0x34600 |
| SizeOfInitializedData | 0x12a00 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0001F65C (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x36000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x4a000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| ADVAPI32.dll |
RegOpenKeyExW
RegQueryValueExW RegCloseKey |
|---|---|
| KERNEL32.dll |
FindClose
FindFirstFileA FindNextFileA GetFileAttributesA GetCurrentProcessId FreeLibrary GetProcAddress LoadLibraryW SetDllDirectoryW MultiByteToWideChar WideCharToMultiByte GetStringTypeW EnterCriticalSection LeaveCriticalSection DeleteCriticalSection EncodePointer DecodePointer IsDebuggerPresent IsProcessorFeaturePresent GetLastError ExitProcess GetModuleHandleExW AreFileApisANSI HeapFree HeapAlloc HeapReAlloc GetStdHandle GetFileType GetModuleFileNameW WriteConsoleW RaiseException RtlUnwind GetCommandLineA GetCPInfo UnhandledExceptionFilter SetUnhandledExceptionFilter SetLastError InitializeCriticalSectionAndSpinCount Sleep GetCurrentProcess TerminateProcess TlsAlloc TlsGetValue TlsSetValue TlsFree GetStartupInfoW GetModuleHandleW LCMapStringW GetLocaleInfoW IsValidLocale GetUserDefaultLCID EnumSystemLocalesW HeapSize CloseHandle FlushFileBuffers WriteFile GetConsoleCP GetConsoleMode ReadFile SetFilePointerEx LoadLibraryExW IsValidCodePage GetACP GetOEMCP GetProcessHeap GetCurrentThreadId OutputDebugStringW GetModuleFileNameA QueryPerformanceCounter GetSystemTimeAsFileTime GetEnvironmentStringsW FreeEnvironmentStringsW SetStdHandle ReadConsoleW CreateFileW SetEndOfFile |
| Size | 0x48 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x442500 |
| SEHandlerTable | 0x43f800 |
| SEHandlerCount | 89 |
| XOR Key | 0x4df366ad |
|---|---|
| Unmarked objects | 0 |
| ASM objects (VS2013 build 21005) | 29 |
| C++ objects (VS2013 build 21005) | 74 |
| C objects (VS2013 build 21005) | 214 |
| Imports (65501) | 5 |
| Total imports | 90 |
| C++ objects (VS2013 UPD2 build 30501) | 1 |
| Linker (VS2013 UPD2 build 30501) | 1 |
No comments yet.