Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Jan-27 10:03:10 |
Detected languages |
English - United States
|
Debug artifacts |
D:\Work\ab2\actionball\bin\actionball.pdb
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE's resources present abnormal characteristics. | Resource 107 is possibly compressed or encrypted. |
Malicious | VirusTotal score: 16/71 (Scanned on 2020-02-01 07:44:02) |
Lionic:
Trojan.Win32.Generic.4!c
MicroWorld-eScan: Trojan.GenericKD.42297191 APEX: Malicious BitDefender: Trojan.GenericKD.42297191 Ad-Aware: Trojan.GenericKD.42297191 FireEye: Trojan.GenericKD.42297191 Emsisoft: Trojan.GenericKD.42297191 (B) Jiangmin: Trojan.Inject.bbgd Arcabit: Trojan.Generic.D2856767 ALYac: Trojan.GenericKD.42297191 MAX: malware (ai score=89) TrendMicro-HouseCall: TROJ_GEN.R023H09AT20 Rising: Malware.Heuristic!ET#80% (RDMK:cmRtazq34ljhTeucImDX0hJZToRL) MaxSecure: Trojan.Malware.74802562.susgen GData: Trojan.GenericKD.42297191 Qihoo-360: Generic/Trojan.Generic.01b |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x120 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2020-Jan-27 10:03:10 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x196e00 |
SizeOfInitializedData | 0xe7c00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0011B515 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x198000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x280000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
ExitThread
CloseHandle ResumeThread CreateThread WriteConsoleW GetLastError CreateMutexA SetEndOfFile HeapSize CreateProcessW GetExitCodeProcess WaitForSingleObject CreateFileW GetFileAttributesExW MoveFileExW SetStdHandle GetProcessHeap SetEnvironmentVariableW FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineW GetCommandLineA GetOEMCP GetACP IsValidCodePage GetTimeZoneInformation HeapReAlloc FlushFileBuffers CreateDirectoryW GetFileSizeEx GetConsoleCP DeleteFileW RemoveDirectoryW EnumSystemLocalesW GetUserDefaultLCID IsValidLocale GetTimeFormatW GetDateFormatW ReadConsoleW GetConsoleMode SetFilePointerEx GetFileType GetModuleHandleA GetVersionExA QueryPerformanceFrequency lstrcpyA GetSystemInfo GetProcAddress lstrcmpiA QueryPerformanceCounter Sleep LoadLibraryA FreeLibrary GetModuleFileNameA GetLocalTime GetCurrentProcess GetCurrentThreadId GetCurrentProcessId EnterCriticalSection LeaveCriticalSection DeleteCriticalSection WideCharToMultiByte EncodePointer DecodePointer MultiByteToWideChar SetLastError InitializeCriticalSectionAndSpinCount CreateEventW TlsAlloc TlsGetValue TlsSetValue TlsFree GetSystemTimeAsFileTime GetModuleHandleW GetStringTypeW CompareStringW LCMapStringW GetLocaleInfoW GetCPInfo SetEvent ResetEvent WaitForSingleObjectEx InitializeSListHead UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent IsDebuggerPresent GetStartupInfoW RtlUnwind InterlockedPushEntrySList RaiseException LoadLibraryExW ReadFile FindClose FindFirstFileExW FindNextFileW SystemTimeToTzSpecificLocalTime FileTimeToSystemTime ExitProcess GetModuleHandleExW GetModuleFileNameW GetStdHandle WriteFile GetTempPathW HeapFree HeapAlloc FreeLibraryAndExitThread |
---|---|
USER32.dll |
CheckDlgButton
CreateDialogParamA SetDlgItemTextA IsDlgButtonChecked DialogBoxParamA EndDialog CheckRadioButton DestroyWindow AdjustWindowRectEx DispatchMessageA LoadCursorA GetDC SetWindowPos SetActiveWindow WaitMessage ShowWindow SetTimer ChangeDisplaySettingsA GetWindowLongA SetWindowTextA EnumDisplaySettingsA DefWindowProcA CreateWindowExA TranslateMessage SetClassLongA LoadIconA PeekMessageA KillTimer PostQuitMessage GetSystemMetrics EnumDisplayDevicesA GetClientRect ClientToScreen GetCursorPos SetCursorPos ScreenToClient ReleaseDC IsIconic UpdateWindow RegisterClassExA |
COMCTL32.dll |
InitCommonControlsEx
|
bass.dll |
BASS_ChannelSetAttribute
BASS_ChannelSlideAttribute BASS_ChannelGetInfo BASS_ChannelSetPosition BASS_ChannelPlay BASS_Free BASS_ChannelIsActive BASS_Pause BASS_SampleGetChannel BASS_MusicFree BASS_Start BASS_GetDevice BASS_ChannelPause BASS_Get3DFactors BASS_SampleLoad BASS_MusicLoad BASS_Set3DFactors BASS_ChannelGetPosition BASS_SetConfig BASS_GetDeviceInfo BASS_SampleFree BASS_ChannelGetLength BASS_Init BASS_SampleGetInfo BASS_GetInfo BASS_ChannelSet3DAttributes BASS_Apply3D BASS_ChannelStop BASS_GetConfig BASS_StreamFree BASS_ChannelGetData BASS_StreamCreateFile |
GDI32.dll |
GetDeviceGammaRamp
SetDeviceGammaRamp |
ADVAPI32.dll |
SetNamedSecurityInfoA
SetEntriesInAclA RegOpenKeyExA RegQueryValueExA RegCloseKey FreeSid AllocateAndInitializeSid |
SHELL32.dll |
SHGetFolderPathA
|
WSOCK32.dll |
WSACleanup
__WSAFDIsSet closesocket gethostbyname select WSAStartup ioctlsocket send socket connect recv htons inet_ntoa WSAGetLastError |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Jan-27 10:03:10 |
Version | 0.0 |
SizeofData | 66 |
AddressOfRawData | 0x1d1da0 |
PointerToRawData | 0x1d0fa0 |
Referenced File | D:\Work\ab2\actionball\bin\actionball.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Jan-27 10:03:10 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x1d1de4 |
PointerToRawData | 0x1d0fe4 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Jan-27 10:03:10 |
Version | 0.0 |
SizeofData | 936 |
AddressOfRawData | 0x1d1df8 |
PointerToRawData | 0x1d0ff8 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Jan-27 10:03:10 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x5d21b0 |
---|---|
EndAddressOfRawData | 0x5d21b8 |
AddressOfIndex | 0x5f1808 |
AddressOfCallbacks | 0x598608 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0xa4 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x5e2014 |
SEHandlerTable | 0x5d1430 |
SEHandlerCount | 604 |
XOR Key | 0x83872154 |
---|---|
Unmarked objects | 0 |
ASM objects (26213) | 49 |
C++ objects (26213) | 213 |
C objects (26213) | 30 |
C objects (VS2003 (.NET) build 4035) | 3 |
Imports (VS2010 SP1 build 40219) | 2 |
C objects (VS2019 Update 4 (16.4.3) compiler 28315) | 82 |
C++ objects (VS2019 Update 4 (16.4.3) compiler 28315) | 14 |
C objects (VS 2015/2017/2019 runtime 28117) | 20 |
ASM objects (VS 2015/2017/2019 runtime 28117) | 26 |
C++ objects (VS 2015/2017/2019 runtime 28117) | 77 |
Imports (26213) | 15 |
Total imports | 224 |
C++ objects (LTCG) (VS2019 Update 4 (16.4.3) compiler 28315) | 112 |
Resource objects (VS2019 Update 4 (16.4.3) compiler 28315) | 1 |
151 | 1 |
Linker (VS2019 Update 4 (16.4.3) compiler 28315) | 1 |