Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2021-Jul-21 10:04:24 |
Detected languages |
English - United Kingdom
English - United States |
Debug artifacts |
c:\hudson\ZeusBase\ZeusGreen\GameMaker\Runner\VC_Runner\Win32\Release-Zeus\Runner.pdb
|
CompanyName | |
FileDescription | |
FileVersion | 1.0.0.2 |
LegalCopyright | |
PrivateBuild | 01.00.00.00 |
ProductName | |
ProductVersion | 1.0.0.2 |
Info | Matching compiler(s): |
Microsoft Visual C++ v6.0 DLL
Microsoft Visual C++ 6.0 - 8.0 MASM/TASM - sig1(h) Microsoft Visual C++ Microsoft Visual C++ v6.0 |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 |
Suspicious | The PE is possibly packed. |
Unusual section name found: minATL
Unusual section name found: .mydata |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. | 52272 bytes of data starting at offset 0x4bd9d0. |
Safe | VirusTotal score: 0/67 (Scanned on 2021-10-23 10:18:13) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x128 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 8 |
TimeDateStamp | 2021-Jul-21 10:04:24 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x331800 |
SizeOfInitializedData | 0x198a00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x002C801D (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x333000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x725000 |
SizeOfHeaders | 0x400 |
Checksum | 0x4c5d08 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
WININET.dll |
InternetReadFile
InternetCloseHandle HttpOpenRequestA HttpSendRequestA InternetOpenA InternetCanonicalizeUrlA InternetWriteFile InternetConnectA InternetCrackUrlA HttpEndRequestW HttpQueryInfoA InternetGetConnectedState |
---|---|
dxgi.dll |
CreateDXGIFactory1
|
d3d11.dll |
D3D11CreateDevice
|
dbghelp.dll |
MiniDumpWriteDump
SymInitialize SymFromAddr |
WINMM.dll |
mciSendStringA
joyGetPosEx joyGetPos timeGetDevCaps timeBeginPeriod timeEndPeriod mciGetErrorStringA |
WS2_32.dll |
setsockopt
sendto recvfrom recv listen inet_ntoa inet_addr getsockopt ioctlsocket socket closesocket bind accept getpeername select __WSAFDIsSet ntohs ntohl htons htonl gethostname WSAStartup WSACleanup WSAGetLastError WSAAddressToStringA getaddrinfo connect freeaddrinfo send |
gdiplus.dll |
GdiplusStartup
GdiplusShutdown |
COMCTL32.dll |
InitCommonControlsEx
|
VERSION.dll |
GetFileVersionInfoSizeW
VerQueryValueW GetFileVersionInfoW |
RPCRT4.dll |
UuidToStringW
UuidCreate |
KERNEL32.dll |
GetFullPathNameA
SetCurrentDirectoryW HeapReAlloc GetTimeZoneInformation MoveFileExW SetFilePointerEx SetStdHandle ReadConsoleW GetConsoleMode GetConsoleCP FlushFileBuffers EnumSystemLocalesW IsValidLocale LCMapStringW CompareStringW GetTimeFormatW GetDateFormatW DecodePointer GetStringTypeW GetACP WriteFile GetStdHandle GetModuleFileNameA PeekNamedPipe GetFileType GetDriveTypeW FileTimeToSystemTime SystemTimeToTzSpecificLocalTime FindFirstFileExW ReadFile SetFileAttributesW GetFileAttributesExW GetModuleHandleExW HeapWalk HeapValidate LoadLibraryExW InterlockedFlushSList InterlockedPushEntrySList EncodePointer RtlUnwind VirtualQuery GetProcessHeap HeapFree HeapAlloc InitializeSListHead FindFirstFileExA FindNextFileA GetSystemTimeAsFileTime RaiseException GetStartupInfoW IsDebuggerPresent EnterCriticalSection RtlCaptureStackBackTrace InitializeCriticalSectionAndSpinCount GetProcAddress LoadLibraryW WideCharToMultiByte CloseHandle WaitForSingleObjectEx CreateEventExW OutputDebugStringA IsValidCodePage GetConsoleWindow GetLastError GetCurrentDirectoryW DeleteFileW GetFullPathNameW SetLastError CreateThread GetExitCodeThread GetModuleHandleW LocalFree FormatMessageW SetCurrentDirectoryA GetCurrentDirectoryA FreeLibrary GetEnvironmentVariableW CreateDirectoryW FindClose FindFirstFileW FindNextFileW GetFileAttributesW RemoveDirectoryW Sleep GetExitCodeProcess CreateProcessW QueryPerformanceCounter QueryPerformanceFrequency WaitForSingleObject SetWaitableTimer GetTickCount CreateWaitableTimerW GetCurrentProcess GetCurrentThread SetThreadPriority SetPriorityClass GlobalAlloc GlobalLock GlobalUnlock GlobalMemoryStatusEx GetSystemInfo GetVersionExW GetLocaleInfoW GetUserDefaultLCID ExitProcess lstrlenA GetCommandLineW ExpandEnvironmentStringsW CreateFileW GetFinalPathNameByHandleW SetUnhandledExceptionFilter SetErrorMode GetCurrentProcessId GetCurrentThreadId GetModuleFileNameW MoveFileA DeleteCriticalSection TlsAlloc TlsGetValue TlsSetValue TlsFree IsProcessorFeaturePresent UnhandledExceptionFilter TerminateProcess GetOEMCP GetCPInfo GetCommandLineA GetEnvironmentStringsW FreeEnvironmentStringsW SetEnvironmentVariableA SetEnvironmentVariableW SetConsoleCtrlHandler OutputDebugStringW WriteConsoleW SetEndOfFile MultiByteToWideChar HeapSize LeaveCriticalSection |
USER32.dll |
GetDlgItem
SetDlgItemTextW GetDlgItemTextW DrawTextW GetDC ReleaseDC SetWindowTextW ScreenToClient MoveWindow SetCursorPos ClientToScreen MapWindowPoints GetActiveWindow GetCursorPos wsprintfW GetAsyncKeyState keybd_event OpenClipboard CloseClipboard SetClipboardData GetClipboardData EmptyClipboard IsClipboardFormatAvailable GetFocus MessageBoxA EndDialog TranslateMessage DispatchMessageW PeekMessageW LoadImageW SetProcessDPIAware GetForegroundWindow UpdateWindow SetWindowLongW ChangeDisplaySettingsW EnumDisplaySettingsW MonitorFromWindow GetMonitorInfoW AdjustWindowRectEx GetWindowRect GetClientRect SetForegroundWindow GetSystemMetrics ReleaseCapture SetCapture GetKeyState SetFocus BringWindowToTop SetWindowPos ShowWindow DestroyWindow DialogBoxParamW SetDlgItemTextA CreateDialogParamW CreateWindowExW RegisterClassExW DefWindowProcW PostMessageW SendMessageW MessageBoxW GetRawInputDeviceList GetRawInputDeviceInfoA LoadCursorW CallNextHookEx IsDialogMessageW SetCursor |
GDI32.dll |
GetDeviceCaps
SelectObject DeleteObject GetStockObject CreateFontA |
COMDLG32.dll |
GetSaveFileNameW
GetOpenFileNameW |
ADVAPI32.dll |
RegOpenKeyExW
RegCloseKey RegQueryValueExW |
SHELL32.dll |
ShellExecuteW
SHGetFolderPathW |
ole32.dll |
CoInitialize
CoCreateInstance CoTaskMemFree CoCreateFreeThreadedMarshaler |
dwmapi.dll |
DwmGetCompositionTimingInfo
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.0.2 |
ProductVersion | 1.0.0.2 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | English - United Kingdom |
CompanyName | |
FileDescription | |
FileVersion (#2) | 1.0.0.2 |
LegalCopyright | |
PrivateBuild | 01.00.00.00 |
ProductName | |
ProductVersion (#2) | 1.0.0.2 |
Resource LangID | English - United Kingdom |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Jul-21 10:04:24 |
Version | 0.0 |
SizeofData | 110 |
AddressOfRawData | 0x41bd2c |
PointerToRawData | 0x41a92c |
Referenced File | c:\hudson\ZeusBase\ZeusGreen\GameMaker\Runner\VC_Runner\Win32\Release-Zeus\Runner.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Jul-21 10:04:24 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x41bd9c |
PointerToRawData | 0x41a99c |
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Jul-21 10:04:24 |
Version | 0.0 |
SizeofData | 900 |
AddressOfRawData | 0x41bdb0 |
PointerToRawData | 0x41a9b0 |
Size | 0x5c |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x8ad784 |
SEHandlerTable | 0x81ada0 |
SEHandlerCount | 995 |
XOR Key | 0x60fbb457 |
---|---|
Unmarked objects | 0 |
241 (40116) | 49 |
243 (40116) | 192 |
242 (40116) | 44 |
199 (41118) | 6 |
ASM objects (VS2015 UPD3 build 24123) | 33 |
C++ objects (VS2015 UPD3 build 24123) | 41 |
C objects (VS2015 UPD3 build 24123) | 24 |
C++ objects (VS2010 build 30319) | 1 |
C++ objects (65501) | 1 |
Imports (21202) | 4 |
Imports (65501) | 33 |
Total imports | 282 |
C objects (VS2015 UPD3.1 build 24215) | 175 |
C++ objects (VS2015 UPD3.1 build 24215) | 347 |
Resource objects (VS2015 UPD3 build 24210) | 1 |
151 | 1 |
Linker (VS2015 UPD3.1 build 24215) | 1 |