Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date |
2013-Jan-24 21:37:33
|
Detected languages |
English - United States
|
CompanyName |
Concept Software, Inc.
|
FileDescription |
Instant PLUS DLL 3.2.0.0
|
FileVersion |
3.2.0.0
|
InternalName |
IP2Lib32
|
LegalCopyright |
Copyright © 2013 Concept Software, Inc.
|
OriginalFilename |
IP2Lib32.dll
|
ProductName |
Concept Software, Inc. Instant PLUS DLL
|
ProductVersion |
3.2.0.0
|
Suspicious |
The PE is possibly packed. |
Section .text is both writable and executable.
Unusual section name found:
Section is both writable and executable.
|
Suspicious |
VirusTotal score: 1/54 (Scanned on 2014-07-31 00:01:55) |
Bkav:
HW32.CDB.3723
|
MD5 |
190e257d98c3bb6aa26e39a1edd34666
|
SHA1 |
1682d03797274ec359536da1ef466e4337c4a76f
|
SHA256 |
71718e06d721d6ee54fa96d62bf4904b021bbb3c7c2c3be951282d24df8729ad
|
SHA3 |
b5f8003f469c10e39641038a7feab4527dfe09901895336e2e2c130d3e2187f5
|
SSDeep |
24576:1NFF2IwsyfSPBNf3dDiyGtEjPcWlPDE1YBIQ5kAUPYR+mx1ZHHsx6VDsb:1wsyfsp6tgbPDzB9uahw
|
Imports Hash |
6dc80d5bcb6f0f7b096a8c677cb45e29
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x110
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
6
|
TimeDateStamp |
2013-Jan-24 21:37:33
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic |
PE32
|
LinkerVersion |
8.0
|
SizeOfCode |
0xf9000
|
SizeOfInitializedData |
0xd2000
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x001D2376 (Section: )
|
BaseOfCode |
0x1000
|
BaseOfData |
0xfa000
|
ImageBase |
0x10000000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
0.0
|
SubsystemVersion |
4.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x244000
|
SizeOfHeaders |
0x1000
|
Checksum |
0
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
4cb944e7a8ebee77477ac084b28e37cd
|
SHA1 |
ccdd4b995eb6c764b213def66f3cc5c1db7790ea
|
SHA256 |
f75b17671242b9bca26ac44ea0414fa61a160a1de787bd3c4cb923f284c7552c
|
SHA3 |
dc73683a9c38474dc54d39ce8f11a06c640fa5cc380b676441410e15fbccaa2e
|
VirtualSize |
0xf84a0
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x7c200
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.98085
|
MD5 |
d98373613ced1681d0fef629b81e13e5
|
SHA1 |
cd9c219af586c29acde7834c6d810f6db48f2245
|
SHA256 |
d5c138fb54e9c5278137d17e8f53369b7945e4a40fc7c09850e4a2259e3ec9b4
|
SHA3 |
da60a14422fe99408d016fc48ec7ca65de790cb023ae5f8b9a7d0e375b6f1f85
|
VirtualSize |
0x9f5d2
|
VirtualAddress |
0xfa000
|
SizeOfRawData |
0x1b400
|
PointerToRawData |
0x7c600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.96401
|
MD5 |
8dfa37234497bab79c9a90cd40e46d84
|
SHA1 |
604219bb8f201d8a0f74fb2d66ed3a54c05c3e16
|
SHA256 |
6a955b41f650ccfafc83100945639f8bc817daacc55be9b71d22ffaacf2fe5eb
|
SHA3 |
c836f57be2c76e91add563d56d97ec0d02df764bf5ee7ed5f51c778f7712a962
|
VirtualSize |
0x17259
|
VirtualAddress |
0x19a000
|
SizeOfRawData |
0x5a00
|
PointerToRawData |
0x97a00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.81828
|
MD5 |
49533677e05e75d91ac4b2e852c1c2c3
|
SHA1 |
1e089751e52773d626f8d64ff03aceafa8b10613
|
SHA256 |
70f2d6052035e62000af02c53855dab9ce4ad116b9909a8a172c8f758771f136
|
SHA3 |
8e685710bd4c26b2453cb941e0edf7d12ba93b94d2a74b67d66271b98e3fff1c
|
VirtualSize |
0x444
|
VirtualAddress |
0x1b2000
|
SizeOfRawData |
0x1000
|
PointerToRawData |
0x9d400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
3.76577
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x1e8c4
|
VirtualAddress |
0x1b3000
|
SizeOfRawData |
0
|
PointerToRawData |
0
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
142377ec2022ad22af82548d829ec533
|
SHA1 |
20379e9e6b28de44401fb706b958a7c3896d627e
|
SHA256 |
e94102e2d5d1c259d08f1ac9f7656d3629c8aa2d5b7352c16d3ff03102b1794a
|
SHA3 |
0bbd4802c311870b1b0a7c02ec6e74bf120fceb29032cc56ef70123c5563ed01
|
VirtualSize |
0
|
VirtualAddress |
0x1d2000
|
SizeOfRawData |
0x71800
|
PointerToRawData |
0x9e400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.95116
|
kernel32.dll |
GetModuleHandleA
GetProcAddress
|
RPCRT4.dll |
RpcStringFreeA
|
USER32.dll |
SetWindowsHookExA
|
COMCTL32.dll |
_TrackMouseEvent
|
GDI32.dll |
GetDeviceCaps
|
WINSPOOL.DRV |
ClosePrinter
|
comdlg32.dll |
GetFileTitleA
|
ADVAPI32.dll |
CloseServiceHandle
|
SHELL32.dll |
SHGetFolderPathA
|
ole32.dll |
CoUninitialize
|
OLEAUT32.dll |
#184
|
SHLWAPI.dll |
PathIsUNCA
|
OLEACC.dll |
AccessibleObjectFromWindow
|
oledlg.dll |
#8
|
WSOCK32.dll |
#4
|
Ordinal |
1
|
Address |
0x3fb80
|
Ordinal |
2
|
Address |
0x42630
|
Ordinal |
3
|
Address |
0x43760
|
Ordinal |
4
|
Address |
0x43770
|
Ordinal |
5
|
Address |
0x43d40
|
Ordinal |
6
|
Address |
0x43ca0
|
Ordinal |
7
|
Address |
0x7c470
|
Ordinal |
8
|
Address |
0x3f050
|
Ordinal |
9
|
Address |
0x3f370
|
Ordinal |
10
|
Address |
0x3f390
|
Ordinal |
11
|
Address |
0x3f2d0
|
Ordinal |
12
|
Address |
0x3f310
|
Ordinal |
13
|
Address |
0x3f350
|
Ordinal |
14
|
Address |
0x3f330
|
Ordinal |
15
|
Address |
0x3f160
|
Ordinal |
16
|
Address |
0x3f100
|
Ordinal |
17
|
Address |
0x3f130
|
Ordinal |
18
|
Address |
0x3ed30
|
Ordinal |
19
|
Address |
0x3f3b0
|
Ordinal |
20
|
Address |
0x3f3d0
|
Ordinal |
21
|
Address |
0x3f3f0
|
Ordinal |
22
|
Address |
0x3f3f0
|
Ordinal |
23
|
Address |
0x3f400
|
Ordinal |
24
|
Address |
0x3f180
|
Ordinal |
25
|
Address |
0x3edb0
|
Ordinal |
26
|
Address |
0x3ee10
|
Ordinal |
27
|
Address |
0x3ed80
|
Ordinal |
28
|
Address |
0x3ede0
|
Ordinal |
29
|
Address |
0x3ee50
|
Ordinal |
30
|
Address |
0x3f260
|
Ordinal |
31
|
Address |
0x3ef70
|
Ordinal |
32
|
Address |
0x3ee90
|
Ordinal |
33
|
Address |
0x3f4a0
|
Ordinal |
34
|
Address |
0x3f4c0
|
Ordinal |
35
|
Address |
0x3f4e0
|
Ordinal |
36
|
Address |
0x3f500
|
Ordinal |
37
|
Address |
0x3f0d0
|
Ordinal |
38
|
Address |
0x3f200
|
Ordinal |
39
|
Address |
0x3f520
|
Ordinal |
40
|
Address |
0x3f540
|
Ordinal |
41
|
Address |
0x3f560
|
Ordinal |
42
|
Address |
0x3f580
|
Ordinal |
43
|
Address |
0x3f280
|
Ordinal |
44
|
Address |
0x3f5a0
|
Ordinal |
45
|
Address |
0x3f5c0
|
Ordinal |
46
|
Address |
0x3f5e0
|
Ordinal |
47
|
Address |
0x3f600
|
Ordinal |
48
|
Address |
0x3f240
|
Ordinal |
49
|
Address |
0x3f2b0
|
Ordinal |
50
|
Address |
0x3f1a0
|
Ordinal |
51
|
Address |
0x3f1d0
|
Ordinal |
52
|
Address |
0x3f420
|
Ordinal |
53
|
Address |
0x3f440
|
Ordinal |
54
|
Address |
0x3f460
|
Ordinal |
55
|
Address |
0x3f480
|
Type |
RT_VERSION
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x34c
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.41323
|
MD5 |
3b6f9e67d25b89d0b0cf407612be52e7
|
SHA1 |
f3a311b7e383c37a84c1eddb1b85b5e6c1952e3a
|
SHA256 |
3cb638b82309b27274f6b2ac04644fd15cdcfef5be68918b77627c4b1799ea72
|
SHA3 |
5a8c3cf8c2a51ebe7ca797eddabc92d5a9a9a4a7f867ff9b91a60c52e284a156
|
Type |
RT_MANIFEST
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x56
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4.65542
|
MD5 |
bd62b6f553a2d1d012cc53fc325221d2
|
SHA1 |
c5353cec27b30fb35e414dd5f3d0e9205aaf1c07
|
SHA256 |
388f75e900f0c15fd66249d7b2e7edf6e14eeefb859e6f766b75058e44f27af6
|
SHA3 |
b59854a353caba5e0be1002399bcb847b4dd99e37cff0c7967dd0d42c1eab089
|
Signature |
0xfeef04bd
|
StructVersion |
0x10000
|
FileVersion |
3.2.0.0
|
ProductVersion |
3.2.0.0
|
FileFlags |
(EMPTY)
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language |
English - United States
|
CompanyName |
Concept Software, Inc.
|
FileDescription |
Instant PLUS DLL 3.2.0.0
|
FileVersion (#2) |
3.2.0.0
|
InternalName |
IP2Lib32
|
LegalCopyright |
Copyright © 2013 Concept Software, Inc.
|
OriginalFilename |
IP2Lib32.dll
|
ProductName |
Concept Software, Inc. Instant PLUS DLL
|
ProductVersion (#2) |
3.2.0.0
|
Resource LangID |
English - United States
|
XOR Key |
0xe3607fdd
|
Unmarked objects |
0
|
C objects (VS2003 (.NET) build 4035) |
12
|
48 (9044) |
42
|
C objects (VS98 SP6 build 8804) |
74
|
Unmarked objects (#2) |
1
|
114 (VS2012 build 50727 / VS2005 build 50727) |
39
|
Imports (VS2003 (.NET) build 4035) |
31
|
Total imports |
667
|
126 (50327) |
1
|
ASM objects (VS2012 build 50727 / VS2005 build 50727) |
59
|
C objects (VS2012 build 50727 / VS2005 build 50727) |
278
|
C++ objects (VS2012 build 50727 / VS2005 build 50727) |
258
|
Exports (VS2012 build 50727 / VS2005 build 50727) |
1
|
Resource objects (VS2012 build 50727 / VS2005 build 50727) |
1
|
Linker (VS2012 build 50727 / VS2005 build 50727) |
1
|
[*] Warning: Section .reloc has a size of 0!