Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2018-Dec-20 01:53:07 |
Detected languages |
English - Australia
English - United States French - France |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE's resources present abnormal characteristics. | Resource 129 is possibly compressed or encrypted. |
Info | The PE is digitally signed. |
Signer: Changing Information Technology Inc.
Issuer: Symantec Class 3 SHA256 Code Signing CA |
Malicious | VirusTotal score: 12/72 (Scanned on 2019-04-17 08:11:27) |
McAfee:
Artemis!2637C4A35B2E
Paloalto: generic.ml Kaspersky: Trojan.Win32.PLEAD.n Endgame: malicious (moderate confidence) McAfee-GW-Edition: Artemis FireEye: Generic.mg.2637c4a35b2eb6ff Microsoft: Trojan:Win32/Azden.B!cl ZoneAlarm: Trojan.Win32.PLEAD.n VBA32: BScope.Trojan-Dropper.Injector ESET-NOD32: Win32/Plead.AC CrowdStrike: win/malicious_confidence_60% (D) Qihoo-360: Trojan.Generic |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2018-Dec-20 01:53:07 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x19000 |
SizeOfInitializedData | 0x1f000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000713A (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1a000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x39000 |
SizeOfHeaders | 0x1000 |
Checksum | 0x3f41a |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
HeapReAlloc
HeapAlloc HeapFree RtlUnwind GetStartupInfoA GetCommandLineA RaiseException TerminateProcess HeapSize GetACP VirtualFree VirtualAlloc IsBadWritePtr GetEnvironmentVariableA GetVersionExA HeapDestroy HeapCreate UnhandledExceptionFilter FreeEnvironmentStringsW GetEnvironmentStrings GetEnvironmentStringsW SetHandleCount GetStdHandle GetFileType SetUnhandledExceptionFilter LCMapStringA LCMapStringW GetStringTypeA GetStringTypeW IsBadReadPtr IsBadCodePtr SetStdHandle GetProfileStringA FlushFileBuffers SetFilePointer WriteFile SetErrorMode WritePrivateProfileStringA GetOEMCP GetCPInfo GetProcessVersion TlsGetValue LocalReAlloc TlsSetValue GlobalReAlloc TlsFree GlobalHandle TlsAlloc LocalFree LocalAlloc EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSection SizeofResource GlobalFlags lstrcpynA CloseHandle GetModuleFileNameA GlobalAlloc lstrcmpA GetCurrentThread MultiByteToWideChar WideCharToMultiByte ExitProcess lstrlenA InterlockedDecrement InterlockedIncrement LoadLibraryA FreeLibrary GetVersion lstrcatA GetCurrentThreadId GlobalGetAtomNameA lstrcmpiA GlobalAddAtomA GlobalFindAtomA GlobalDeleteAtom lstrcpyA MulDiv GetProcAddress SetLastError GlobalLock GlobalUnlock GlobalFree LockResource FindResourceA LoadResource OutputDebugStringW GetCurrentProcess GetModuleHandleA GetTickCount GetCurrentProcessId GetLastError FreeEnvironmentStringsA |
---|---|
USER32.dll |
AdjustWindowRectEx
SetFocus GetFocus DispatchMessageA PeekMessageA MapWindowPoints SendDlgItemMessageA UpdateWindow PostMessageA IsDialogMessageA SetWindowTextA ShowWindow EnableMenuItem CheckMenuItem SetMenuItemBitmaps ModifyMenuA GetMenuState LoadBitmapA GetMenuCheckMarkDimensions PostQuitMessage SetCursor ValidateRect TranslateMessage GetMessageA GetClassNameA LoadCursorA GetSysColorBrush DestroyMenu LoadStringA IsWindowVisible GetTopWindow MessageBoxA GetCapture WinHelpA wsprintfA GetClassInfoA GetMenu GetMenuItemCount GetSubMenu GetMenuItemID GetWindowTextLengthA GetWindowTextA GetDlgCtrlID GetKeyState CreateWindowExA SetWindowsHookExA CallNextHookEx SetPropA UnhookWindowsHookEx GetPropA CallWindowProcA RemovePropA DefWindowProcA GetMessageTime GetMessagePos GetLastActivePopup SetForegroundWindow GetWindow SetWindowLongA RegisterWindowMessageA OffsetRect IntersectRect SystemParametersInfoA GetWindowPlacement GrayStringA DrawTextA TabbedTextOutA EndPaint BeginPaint GetWindowDC ReleaseDC GetNextDlgTabItem EndDialog GetActiveWindow SetActiveWindow IsWindow CreateDialogIndirectParamA DestroyWindow GetParent GetWindowLongA GetDlgItem IsWindowEnabled IsIconic GetClientRect DrawIcon LoadIconA EnableWindow DrawIconEx InflateRect GetSysColor FillRect GetDC SetWindowRgn InvalidateRect GetSystemMetrics GetWindowRect UnregisterClassA HideCaret ShowCaret ExcludeUpdateRgn EnumChildWindows SetWindowPos GetCursorPos GetForegroundWindow ScreenToClient ReleaseCapture SetTimer PtInRect SendMessageA CopyRect RegisterClassA KillTimer SetCapture ClientToScreen IsWindowUnicode CharNextA DefDlgProcA DrawFocusRect GetClassLongA |
GDI32.dll |
RestoreDC
SelectObject GetStockObject SetBkColor SetBkMode SetTextColor SetMapMode SetViewportOrgEx OffsetViewportOrgEx SetViewportExtEx ScaleViewportExtEx SetWindowOrgEx SetWindowExtEx ScaleWindowExtEx GetClipBox IntersectClipRect MoveToEx LineTo SaveDC DeleteObject GetDeviceCaps CreatePen CreateSolidBrush PtVisible RectVisible TextOutA ExtTextOutA Escape GetObjectA CreateBitmap DeleteDC Polyline PlgBlt BitBlt CreateCompatibleDC CreateCompatibleBitmap GetTextExtentPoint32A CreatePolygonRgn CreateDIBitmap PatBlt GetTextExtentPointA PtInRegion |
WINSPOOL.DRV |
DocumentPropertiesA
ClosePrinter OpenPrinterA |
ADVAPI32.dll |
RegSetValueExA
RegCloseKey RegOpenKeyExA RegCreateKeyExA |
COMCTL32.dll |
#17
|
Open |
Save As |
All Files (*.*) |
Untitled |
&Hide |
No error message is available. |
An unsupported operation was attempted. |
A required resource was unavailable. |
Out of memory. |
An unknown error has occurred. |
Invalid filename. |
Failed to open document. |
Failed to save document. |
Save changes to %1? |
Failed to create empty document. |
The file is too large to open. |
Could not start print job. |
Failed to launch help. |
Internal application error. |
Command failed. |
Insufficient memory to perform operation. |
System registry entries have been removed and the INI file (if any) was deleted. |
Not all of the system registry entries (or INI file) were removed. |
This program requires the file %s, which was not found on this system. |
This program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s. |
Please enter an integer. |
Please enter a number. |
Please enter an integer between %1 and %2. |
Please enter a number between %1 and %2. |
Please enter no more than %1 characters. |
Please select a button. |
Please enter an integer between 0 and 255. |
Please enter a positive integer. |
Please enter a date and/or time. |
Please enter a currency. |
Unexpected file format. |
%1 |
Cannot find this file. |
Please verify that the correct path and file name are given. |
Destination disk drive is full. |
Unable to read from %1, it is opened by someone else. |
Unable to write to %1, it is read-only or opened by someone else. |
An unexpected error occurred while reading %1. |
An unexpected error occurred while writing %1. |
Unable to read write-only property. |
Unable to write read-only property. |
Unable to load mail system support. |
Mail system DLL is invalid. |
Send Mail failed to send message. |
No error occurred. |
An unknown error occurred while accessing %1. |
%1 was not found. |
%1 contains an invalid path. |
%1 could not be opened because there are too many open files. |
Access to %1 was denied. |
An invalid file handle was associated with %1. |
%1 could not be removed because it is the current directory. |
%1 could not be created because the directory is full. |
Seek failed on %1 |
A hardware I/O error was reported while accessing %1. |
A sharing violation occurred while accessing %1. |
A locking violation occurred while accessing %1. |
Disk full while accessing %1. |
An attempt was made to access %1 past its end. |
No error occurred. |
An unknown error occurred while accessing %1. |
An attempt was made to write to the reading %1. |
An attempt was made to access %1 past its end. |
An attempt was made to read from the writing %1. |
%1 has a bad format. |
%1 contained an unexpected object. |
%1 contains an incorrect schema. |
pixels |
XOR Key | 0xa27382a9 |
---|---|
Unmarked objects | 0 |
Unmarked objects (#2) | 1 |
C objects (2190) | 3 |
Imports (2179) | 17 |
Total imports | 404 |
14 (7299) | 25 |
C objects (VS98 SP6 build 8804) | 97 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |
C++ objects (VS98 SP6 build 8804) | 63 |