21877a78cda11e2cd72bc495b2aff681
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2011-Oct-26 17:26:11 |
| Detected languages |
English - United States
|
Plugin Output
| Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
|
| Suspicious | The PE is packed or was manually edited. | The number of imports reported in the RICH header is inconsistent. |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Info | The PE is digitally signed. |
Signer: Enthusiastic Software
Issuer: Thawte Code Signing CA - G2 |
| Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x100 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 4 |
| TimeDateStamp | 2011-Oct-26 17:26:11 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 6.0 |
| SizeOfCode | 0x7d000 |
| SizeOfInitializedData | 0x40000 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x00067964 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x7e000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x1000 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 4.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0xbe000 |
| SizeOfHeaders | 0x1000 |
| Checksum | 0xb41fe |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve | 0x1000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x1000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.rsrc
Imports
| USER32.dll |
GetWindowRect
GetDialogBaseUnits TrackPopupMenu LoadBitmapW KillTimer SetTimer GetKeyState GetNextDlgTabItem GetClassNameW EnumChildWindows EnumThreadWindows CallWindowProcA GetDlgItemTextW GetWindowTextLengthW GetWindowTextW CallWindowProcW MessageBeep CheckDlgButton IsDlgButtonChecked DrawIcon DrawFocusRect SendDlgItemMessageW BeginPaint EndPaint ReleaseDC GetFocus GetParent GetForegroundWindow SetForegroundWindow EndDialog GetDlgCtrlID WinHelpW CreateDialogIndirectParamW DialogBoxIndirectParamW ScreenToClient SetDlgItemTextW GetDlgItem GetClassInfoW GetSysColor EnableWindow ModifyMenuW GetClientRect SetWindowTextW SetParent InvalidateRect LoadIconW SetClassLongW GetClassLongW SetMenu ClientToScreen RegisterWindowMessageW DefWindowProcW SetScrollRange SetScrollPos BeginDeferWindowPos DeferWindowPos EndDeferWindowPos GetWindowLongW ShowWindow GetSystemMenu DrawMenuBar RegisterClassW SetWindowLongW UpdateWindow UnregisterClassW GetSysColorBrush AppendMenuW TrackPopupMenuEx CreateMenu DispatchMessageW EnableMenuItem CheckMenuItem DestroyMenu CreatePopupMenu DestroyWindow PostMessageW GetDC GetCursor LoadCursorW SetCursor MsgWaitForMultipleObjects PeekMessageW GetMessageW TranslateMessage PostQuitMessage MessageBoxW GetSystemMetrics CreateWindowExW SendMessageW SetFocus SetWindowPos |
|---|---|
| ADVAPI32.dll |
RegDeleteValueW
RegDeleteKeyW DeregisterEventSource ReportEventW RegisterEventSourceW OpenProcessToken CopySid GetLengthSid GetTokenInformation RegCloseKey RegSetValueExW RegQueryInfoKeyW RegQueryValueExW RegFlushKey RegOpenKeyExW RegEnumValueW RegEnumKeyExW RegCreateKeyExW |
| GDI32.dll |
CreatePatternBrush
BitBlt CreateDIBSection CreateBitmap GetMapMode SetMapMode DPtoLP Polyline GetTextExtentPoint32W ExtTextOutW RoundRect CreatePen Rectangle SetBkColor DeleteDC SetTextColor CreateSolidBrush CreateCompatibleBitmap GetStockObject SelectObject DeleteObject GetObjectW GetTextMetricsW CreateFontIndirectW GetTextFaceW CreateCompatibleDC |
| COMCTL32.dll |
#17
CreateToolbarEx CreateStatusWindowW PropertySheetW CreatePropertySheetPageW ImageList_Create ImageList_Destroy ImageList_Add |
| comdlg32.dll |
GetOpenFileNameW
GetSaveFileNameW |
| Msi.dll |
#20
#125 #163 #118 #32 #17 #159 #160 #115 #158 #92 #24 #7 #8 |
| ole32.dll |
CoInitializeEx
CoTaskMemAlloc CoTaskMemFree CoUninitialize |
| OLEAUT32.dll |
#149
#150 #6 |
| RPCRT4.dll |
UuidCreate
UuidToStringW RpcStringFreeW |
| SHELL32.dll |
SHGetPathFromIDListW
ShellExecuteW Shell_NotifyIconW SHGetSpecialFolderLocation SHGetMalloc SHGetDesktopFolder SHBrowseForFolderW |
| KERNEL32.dll |
GetStartupInfoA
GetModuleHandleA RaiseException TerminateProcess RtlUnwind GetCommandLineA LocalFree InterlockedIncrement InterlockedExchange FindFirstFileW FindNextFileW FindClose WritePrivateProfileStringW GetPrivateProfileIntW GetPrivateProfileStringW UnlockFile GetTempFileNameW GetTempPathW SetEndOfFile GetFileSize MoveFileExW MoveFileW GetLogicalDrives LockFile GetShortPathNameW FlushFileBuffers SetFilePointer TlsSetValue GetVersion HeapSize FileTimeToLocalFileTime FileTimeToSystemTime CreateDirectoryW GetFileAttributesW GetFullPathNameW lstrcpynW ReadFile FreeEnvironmentStringsA FreeEnvironmentStringsW GetEnvironmentStrings GetEnvironmentStringsW SetHandleCount GetStdHandle GetFileType GetFileAttributesA IsValidLocale IsValidCodePage GetLocaleInfoA EnumSystemLocalesA GetUserDefaultLCID GetStringTypeA GetStringTypeW IsBadReadPtr IsBadCodePtr GetACP GetVersionExW CreateThread HeapReAlloc ExitThread GetTimeZoneInformation LCMapStringW LCMapStringA CompareStringW GetCPInfo CompareStringA RemoveDirectoryW TlsAlloc SetUnhandledExceptionFilter TlsGetValue GetModuleFileNameA GetEnvironmentVariableA GetVersionExA HeapDestroy HeapCreate VirtualFree VirtualAlloc GetFileTime DeleteFileW UnhandledExceptionFilter GetOEMCP LoadLibraryA SetStdHandle CreateFileA GetExitCodeProcess CreateProcessA SetEnvironmentVariableA GetLocaleInfoW WriteFile CreateFileW GetExitCodeThread GetProcAddress Sleep GetTimeFormatW ReleaseMutex WaitForSingleObject CloseHandle CreateMutexW ExitProcess OpenMutexW WideCharToMultiByte MultiByteToWideChar OutputDebugStringW LeaveCriticalSection EnterCriticalSection GetCurrentProcess ResumeThread GetThreadPriority SetThreadPriority SetPriorityClass SetEvent ResetEvent ReleaseSemaphore CreateSemaphoreW OpenSemaphoreW CreateEventW GetCurrentThreadId SetLastError lstrlenW InterlockedDecrement GetProcessHeap HeapAlloc HeapFree GetLocalTime GetDateFormatW IsDebuggerPresent GetCommandLineW FindResourceW GetModuleFileNameW GetLastError SetCurrentDirectoryW GetCurrentDirectoryW LockResource SizeofResource LoadResource DebugBreak IsBadWritePtr GetSystemTime GetComputerNameW GetModuleHandleW InitializeCriticalSection DeleteCriticalSection FreeLibrary LoadLibraryW |
Delayed Imports
?TrackMouseEvent@ESXToolTipTrack@@AAGHPAUtagTRACKMOUSEEVENT@@@Z
| Ordinal | 1 |
|---|---|
| Address | 0xb726 |
CTESTAR.GIF
1
A
Version Info
TLS Callbacks
Load Configuration
RICH Header
| XOR Key | 0xff205a7f |
|---|---|
| Unmarked objects | 0 |
| 14 (7299) | 31 |
| C++ objects (8798) | 2 |
| C++ objects (8047) | 22 |
| C objects (8047) | 177 |
| 19 (8022) | 11 |
| Unmarked objects (#2) | 26 |
| Total imports | 298 |
| 19 (8034) | 17 |
| Resource objects (VS98 SP6 cvtres build 1736) | 1 |
| C++ objects (VC++ 6.0 SP5 build 8804) | 34 |
| Linker (VC++ 6.0 SP5 imp/exp build 8447) | 1 |