190e257d98c3bb6aa26e39a1edd34666

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2013-Jan-24 21:37:33
Detected languages English - United States
CompanyName Concept Software, Inc.
FileDescription Instant PLUS DLL 3.2.0.0
FileVersion 3.2.0.0
InternalName IP2Lib32
LegalCopyright Copyright © 2013 Concept Software, Inc.
OriginalFilename IP2Lib32.dll
ProductName Concept Software, Inc. Instant PLUS DLL
ProductVersion 3.2.0.0

Plugin Output

Suspicious The PE is possibly packed. Section .text is both writable and executable.
Unusual section name found:
Section is both writable and executable.
Suspicious VirusTotal score: 1/54 (Scanned on 2014-07-31 00:01:55) Bkav: HW32.CDB.3723

Hashes

MD5 190e257d98c3bb6aa26e39a1edd34666
SHA1 1682d03797274ec359536da1ef466e4337c4a76f
SHA256 71718e06d721d6ee54fa96d62bf4904b021bbb3c7c2c3be951282d24df8729ad
SHA3 b5f8003f469c10e39641038a7feab4527dfe09901895336e2e2c130d3e2187f5
SSDeep 24576:1NFF2IwsyfSPBNf3dDiyGtEjPcWlPDE1YBIQ5kAUPYR+mx1ZHHsx6VDsb:1wsyfsp6tgbPDzB9uahw
Imports Hash 6dc80d5bcb6f0f7b096a8c677cb45e29

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x110

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2013-Jan-24 21:37:33
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0xf9000
SizeOfInitializedData 0xd2000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x001D2376 (Section: )
BaseOfCode 0x1000
BaseOfData 0xfa000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x244000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 4cb944e7a8ebee77477ac084b28e37cd
SHA1 ccdd4b995eb6c764b213def66f3cc5c1db7790ea
SHA256 f75b17671242b9bca26ac44ea0414fa61a160a1de787bd3c4cb923f284c7552c
SHA3 dc73683a9c38474dc54d39ce8f11a06c640fa5cc380b676441410e15fbccaa2e
VirtualSize 0xf84a0
VirtualAddress 0x1000
SizeOfRawData 0x7c200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.98085

.rdata

MD5 d98373613ced1681d0fef629b81e13e5
SHA1 cd9c219af586c29acde7834c6d810f6db48f2245
SHA256 d5c138fb54e9c5278137d17e8f53369b7945e4a40fc7c09850e4a2259e3ec9b4
SHA3 da60a14422fe99408d016fc48ec7ca65de790cb023ae5f8b9a7d0e375b6f1f85
VirtualSize 0x9f5d2
VirtualAddress 0xfa000
SizeOfRawData 0x1b400
PointerToRawData 0x7c600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.96401

.data

MD5 8dfa37234497bab79c9a90cd40e46d84
SHA1 604219bb8f201d8a0f74fb2d66ed3a54c05c3e16
SHA256 6a955b41f650ccfafc83100945639f8bc817daacc55be9b71d22ffaacf2fe5eb
SHA3 c836f57be2c76e91add563d56d97ec0d02df764bf5ee7ed5f51c778f7712a962
VirtualSize 0x17259
VirtualAddress 0x19a000
SizeOfRawData 0x5a00
PointerToRawData 0x97a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.81828

.rsrc

MD5 49533677e05e75d91ac4b2e852c1c2c3
SHA1 1e089751e52773d626f8d64ff03aceafa8b10613
SHA256 70f2d6052035e62000af02c53855dab9ce4ad116b9909a8a172c8f758771f136
SHA3 8e685710bd4c26b2453cb941e0edf7d12ba93b94d2a74b67d66271b98e3fff1c
VirtualSize 0x444
VirtualAddress 0x1b2000
SizeOfRawData 0x1000
PointerToRawData 0x9d400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.76577

.reloc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1e8c4
VirtualAddress 0x1b3000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

MD5 142377ec2022ad22af82548d829ec533
SHA1 20379e9e6b28de44401fb706b958a7c3896d627e
SHA256 e94102e2d5d1c259d08f1ac9f7656d3629c8aa2d5b7352c16d3ff03102b1794a
SHA3 0bbd4802c311870b1b0a7c02ec6e74bf120fceb29032cc56ef70123c5563ed01
VirtualSize 0
VirtualAddress 0x1d2000
SizeOfRawData 0x71800
PointerToRawData 0x9e400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.95116

Imports

kernel32.dll GetModuleHandleA
GetProcAddress
RPCRT4.dll RpcStringFreeA
USER32.dll SetWindowsHookExA
COMCTL32.dll _TrackMouseEvent
GDI32.dll GetDeviceCaps
WINSPOOL.DRV ClosePrinter
comdlg32.dll GetFileTitleA
ADVAPI32.dll CloseServiceHandle
SHELL32.dll SHGetFolderPathA
ole32.dll CoUninitialize
OLEAUT32.dll #184
SHLWAPI.dll PathIsUNCA
OLEACC.dll AccessibleObjectFromWindow
oledlg.dll #8
WSOCK32.dll #4

Delayed Imports

DllCanUnloadNow

Ordinal 1
Address 0x3fb80

DllGetClassObject

Ordinal 2
Address 0x42630

DllRegisterServer

Ordinal 3
Address 0x43760

DllUnregisterServer

Ordinal 4
Address 0x43770

CallIp

Ordinal 5
Address 0x43d40

CallIpEx

Ordinal 6
Address 0x43ca0

IP_custom_function

Ordinal 7
Address 0x7c470

n10

Ordinal 8
Address 0x3f050

_n11@16

Ordinal 9
Address 0x3f370

_n12@16

Ordinal 10
Address 0x3f390

_n13@16

Ordinal 11
Address 0x3f2d0

_n14@4

Ordinal 12
Address 0x3f310

_n15@20

Ordinal 13
Address 0x3f350

_n16@4

Ordinal 14
Address 0x3f330

n17

Ordinal 15
Address 0x3f160

n18

Ordinal 16
Address 0x3f100

n19

Ordinal 17
Address 0x3f130

n1

Ordinal 18
Address 0x3ed30

_n20@4

Ordinal 19
Address 0x3f3b0

_n21@8

Ordinal 20
Address 0x3f3d0

_n22@8

Ordinal 21
Address 0x3f3f0

_n23@8

Ordinal 22
Address 0x3f3f0

_n24@8

Ordinal 23
Address 0x3f400

n25

Ordinal 24
Address 0x3f180

n2

Ordinal 25
Address 0x3edb0

n3

Ordinal 26
Address 0x3ee10

n4

Ordinal 27
Address 0x3ed80

n5

Ordinal 28
Address 0x3ede0

n6

Ordinal 29
Address 0x3ee50

n7

Ordinal 30
Address 0x3f260

n8

Ordinal 31
Address 0x3ef70

n9

Ordinal 32
Address 0x3ee90

_r10@8

Ordinal 33
Address 0x3f4a0

_r11@12

Ordinal 34
Address 0x3f4c0

_r12@12

Ordinal 35
Address 0x3f4e0

_r13@12

Ordinal 36
Address 0x3f500

r14

Ordinal 37
Address 0x3f0d0

r15

Ordinal 38
Address 0x3f200

_r16@8

Ordinal 39
Address 0x3f520

_r17@8

Ordinal 40
Address 0x3f540

_r18@12

Ordinal 41
Address 0x3f560

_r19@12

Ordinal 42
Address 0x3f580

r1

Ordinal 43
Address 0x3f280

_r20@12

Ordinal 44
Address 0x3f5a0

_r21@12

Ordinal 45
Address 0x3f5c0

_r22@12

Ordinal 46
Address 0x3f5e0

_r23@12

Ordinal 47
Address 0x3f600

r2

Ordinal 48
Address 0x3f240

r3

Ordinal 49
Address 0x3f2b0

r4

Ordinal 50
Address 0x3f1a0

r5

Ordinal 51
Address 0x3f1d0

_r6@8

Ordinal 52
Address 0x3f420

_r7@8

Ordinal 53
Address 0x3f440

_r8@8

Ordinal 54
Address 0x3f460

_r9@8

Ordinal 55
Address 0x3f480

1

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x34c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.41323
MD5 3b6f9e67d25b89d0b0cf407612be52e7
SHA1 f3a311b7e383c37a84c1eddb1b85b5e6c1952e3a
SHA256 3cb638b82309b27274f6b2ac04644fd15cdcfef5be68918b77627c4b1799ea72
SHA3 5a8c3cf8c2a51ebe7ca797eddabc92d5a9a9a4a7f867ff9b91a60c52e284a156

2

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x56
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.65542
MD5 bd62b6f553a2d1d012cc53fc325221d2
SHA1 c5353cec27b30fb35e414dd5f3d0e9205aaf1c07
SHA256 388f75e900f0c15fd66249d7b2e7edf6e14eeefb859e6f766b75058e44f27af6
SHA3 b59854a353caba5e0be1002399bcb847b4dd99e37cff0c7967dd0d42c1eab089

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 3.2.0.0
ProductVersion 3.2.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DLL
Language English - United States
CompanyName Concept Software, Inc.
FileDescription Instant PLUS DLL 3.2.0.0
FileVersion (#2) 3.2.0.0
InternalName IP2Lib32
LegalCopyright Copyright © 2013 Concept Software, Inc.
OriginalFilename IP2Lib32.dll
ProductName Concept Software, Inc. Instant PLUS DLL
ProductVersion (#2) 3.2.0.0
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xe3607fdd
Unmarked objects 0
C objects (VS2003 (.NET) build 4035) 12
48 (9044) 42
C objects (VS98 SP6 build 8804) 74
Unmarked objects (#2) 1
114 (VS2012 build 50727 / VS2005 build 50727) 39
Imports (VS2003 (.NET) build 4035) 31
Total imports 667
126 (50327) 1
ASM objects (VS2012 build 50727 / VS2005 build 50727) 59
C objects (VS2012 build 50727 / VS2005 build 50727) 278
C++ objects (VS2012 build 50727 / VS2005 build 50727) 258
Exports (VS2012 build 50727 / VS2005 build 50727) 1
Resource objects (VS2012 build 50727 / VS2005 build 50727) 1
Linker (VS2012 build 50727 / VS2005 build 50727) 1

Errors

[*] Warning: Section .reloc has a size of 0!
<-- -->