Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 1970-Jan-01 00:00:00 |
TLS Callbacks | 1 callback(s) detected. |
Suspicious | The PE contains functions most legitimate programs don't use. |
Manipulates other processes:
|
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 1970-Jan-01 00:00:00 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 3.0 |
SizeOfCode | 0x6630 |
SizeOfInitializedData | 0x4f4 |
SizeOfUninitializedData | 0x15610 |
AddressOfEntryPoint | 0x000075F0 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x8000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 1.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x22000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x1000000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.DLL |
GetModuleHandleA
|
---|---|
USER32.DLL |
MessageBoxA
LoadCursorA RegisterClassA CreateWindowExA ShowWindow GetMessageA TranslateMessage DispatchMessageA DefWindowProcA BeginPaint EndPaint FillRect InvalidateRect PostQuitMessage |
GDI32.DLL |
Ellipse
|
kernel32.dll |
GetLastError
SetLastError ExitProcess GetStartupInfoA GetStdHandle GetCommandLineA GetCurrentProcessId GetCurrentThreadId GetCurrentProcess ReadProcessMemory GetModuleFileNameA WriteFile ReadFile CloseHandle SetFilePointer CreateFileW GetConsoleMode GetConsoleOutputCP GetOEMCP GetProcessHeap HeapAlloc HeapFree TlsAlloc TlsGetValue TlsSetValue CreateThread ExitThread LocalAlloc LocalFree Sleep SuspendThread ResumeThread TerminateThread WaitForSingleObject SetThreadPriority GetThreadPriority CreateEventA ResetEvent SetEvent InitializeCriticalSection DeleteCriticalSection EnterCriticalSection LeaveCriticalSection TryEnterCriticalSection MultiByteToWideChar WideCharToMultiByte GetACP GetConsoleCP SetUnhandledExceptionFilter EnumResourceTypesA EnumResourceNamesA EnumResourceLanguagesA FindResourceA FindResourceExA LoadResource SizeofResource LockResource FreeResource |
oleaut32.dll |
SysAllocStringLen
SysFreeString SysReAllocStringLen |
user32.dll |
CharUpperBuffW
CharLowerBuffW |
StartAddressOfRawData | 0x400000 |
---|---|
EndAddressOfRawData | 0x400000 |
AddressOfIndex | 0x4084f0 |
AddressOfCallbacks | 0x420000 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
0x00407590
|