Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2012-Feb-17 10:53:55 |
Detected languages |
English - United States
|
CompanyName | link |
ProductName | Exe2Aut |
FileDescription | Tiny AutoIt3 Decompiler |
LegalCopyright | Coded in Feb 2012 |
FileVersion | 6 |
ProductVersion | v6 |
Suspicious | PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains another PE executable:
|
Malicious | The PE contains functions mostly used by malware. |
Functions which can be used for anti-debugging purposes:
|
Malicious | The PE is possibly a dropper. |
Resource 4 detected as a PE Executable.
Resource 5 detected as a PE Executable. Resource 6 detected as a PE Executable. |
Malicious | VirusTotal score: 16/69 (Scanned on 2019-11-18 22:19:01) |
McAfee:
GenericRXBB-QK!29D90C254764
Zillya: Trojan.Agent.Win32.612526 BitDefenderTheta: Gen:NN.ZexaF.32251.cq0@aeWmb6ji TrendMicro-HouseCall: TROJ_GEN.R002H06K819 NANO-Antivirus: Trojan.Win32.Barys.fboayd APEX: Malicious McAfee-GW-Edition: GenericRXBB-QK!29D90C254764 Trapmine: malicious.high.ml.score FireEye: Generic.mg.29d90c254764d41d SentinelOne: DFI - Suspicious PE Jiangmin: Variant.Barys.fs Antiy-AVL: Trojan/Win32.Fuerboos Endgame: malicious (high confidence) Acronis: suspicious VBA32: TScope.Malware-Cryptor.SB Rising: Trojan.Tiggre!8.ED98 (TFE:4:o9CDluiuA9N) |
e_magic | MZ |
---|---|
e_cblp | 0x80 |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0x10 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0x140 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2012-Feb-17 10:53:55 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 1.0 |
SizeOfCode | 0x3200 |
SizeOfInitializedData | 0x8000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001000 (Section: .code) |
BaseOfCode | 0x1000 |
BaseOfData | 0x5000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 1.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x18000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x1000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x10000 |
SizeofHeapCommit | 0 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.DLL |
CloseHandle
CreateMutexA CreateProcessA CreateRemoteThread CreateThread DeleteFileA ExitProcess FindResourceA GetBinaryTypeA GetCommandLineW GetExitCodeProcess GetExitCodeThread GetFileAttributesA GetLastError GetModuleHandleA GetProcAddress GetProcessHeap GetTempFileNameA GetTempPathA HeapAlloc HeapFree HeapReAlloc LoadResource LocalAlloc LocalFree LocalReAlloc LocalSize LockResource OpenProcess ReleaseMutex ResumeThread SetCurrentDirectoryA SetEndOfFile SizeofResource Sleep TerminateProcess VirtualAllocEx VirtualFreeEx WaitForSingleObject WriteProcessMemory _lclose _lcreat _llseek _lopen _lread _lwrite lstrcmpiW lstrlenA |
---|---|
GDI32.DLL |
BitBlt
CreateCompatibleBitmap CreateCompatibleDC CreateFontA GetStockObject SelectObject SetBkMode SetPixel SetTextColor |
MSVCRT.DLL |
atoi
_itoa memmove memset strcat strchr strcmp strcpy _stricmp strlen strncpy strstr wcsncmp _wtoi |
SHELL32.DLL |
CommandLineToArgvW
DragFinish DragQueryFileA |
USER32.DLL |
AppendMenuA
BeginPaint CheckDlgButton CheckMenuItem ClientToScreen DialogBoxParamA DrawTextA EndDialog EndPaint FillRect FindWindowA GetClientRect GetDC GetDlgItem GetMenuState GetSystemMenu HideCaret InvalidateRect IsDlgButtonChecked LoadImageA MessageBoxA MessageBoxIndirectA MoveWindow PostMessageA ReleaseDC SendDlgItemMessageA SendMessageA SetDlgItemTextA SetForegroundWindow SetTimer SetWindowPos |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 6.0.0.0 |
ProductVersion | 706.0.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | link |
ProductName | Exe2Aut |
FileDescription | Tiny AutoIt3 Decompiler |
LegalCopyright | Coded in Feb 2012 |
FileVersion (#2) | 6 |
ProductVersion (#2) | v6 |
Resource LangID | English - United States |
---|