Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2016-Oct-17 13:02:05 |
Detected languages |
English - United States
|
CompanyName | Hikari Calyx Tech |
FileDescription | PNX-AOP Bootloader Unlocker |
FileVersion | 1,0,3,11 |
ProductName | Bootloader Unlocker |
InternalName | 0x8 UBLK |
ProductVersion | 1.0.3.11 |
LegalCopyright | 2019 (C) Hikari Calyx Tech. All rights Reserved. |
Info | Matching compiler(s): | MASM/TASM - sig2(h) |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE is possibly a dropper. |
Resource 21BC3F6BA4ACA90E2A4595727F1B1A23 is possibly compressed or encrypted.
Resource E2AF5C45D04AFA77225A7ED7DB23BA33 is possibly compressed or encrypted. Resources amount for 98.2668% of the executable. |
Malicious | VirusTotal score: 21/65 (Scanned on 2019-05-21 14:28:23) |
FireEye:
Generic.mg.2a2f8e9614bdbf9c
CAT-QuickHeal: Trojan.KillProc.S219381 K7GW: Riskware ( 0040eff71 ) K7AntiVirus: Riskware ( 0040eff71 ) Cyren: W32/Trojan.CJFR-5972 APEX: Malicious Tencent: Dropper.Win32.Agent.f DrWeb: Trojan.MulDrop7.63872 Invincea: heuristic McAfee-GW-Edition: BehavesLike.Win32.Downloader.wc Trapmine: malicious.high.ml.score SentinelOne: DFI - Malicious PE F-Prot: W32/Trojan2.PBHJ Antiy-AVL: Trojan/Win32.AGeneric Endgame: malicious (high confidence) Acronis: suspicious VBA32: BScope.Trojan.MulDrop Cylance: Unsafe Rising: Malware.Heuristic.MLite(91%) (AI-LITE:isXvONvxpXPFDzsPp1o6VQ) Cybereason: malicious.0c6707 CrowdStrike: win/malicious_confidence_80% (D) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2016-Oct-17 13:02:05 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0xec00 |
SizeOfInitializedData | 0x3e5c00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001000 (Section: .code) |
BaseOfCode | 0x1000 |
BaseOfData | 0x11000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x3f8000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve | 0x200000 |
SizeofStackCommit | 0x2000 |
SizeofHeapReserve | 0x200000 |
SizeofHeapCommit | 0x2000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
MSVCRT.dll |
memset
strncmp memmove strncpy strstr _strnicmp _stricmp strlen strcmp strcpy strcat memcpy sprintf fabs ceil malloc floor free fclose tolower |
---|---|
KERNEL32.dll |
GetModuleHandleA
HeapCreate SetConsoleCtrlHandler GetCommandLineA RemoveDirectoryA GetTempFileNameA GetShortPathNameA GetWindowsDirectoryA GetSystemDirectoryA HeapDestroy ExitProcess GetNativeSystemInfo FindResourceA LoadResource SizeofResource HeapAlloc HeapFree Sleep LoadLibraryA GetProcAddress FreeLibrary GetCurrentThreadId GetCurrentProcessId CloseHandle InitializeCriticalSection GetModuleFileNameA GetEnvironmentVariableA SetEnvironmentVariableA GetCurrentProcess DuplicateHandle CreatePipe GetStdHandle CreateProcessA WaitForSingleObject EnterCriticalSection LeaveCriticalSection TerminateProcess GetExitCodeProcess CreateFileA ReadFile WriteFile SetFilePointer DeleteFileA GetFileSize HeapReAlloc SetUnhandledExceptionFilter GetVersionExA SetLastError HeapSize TlsAlloc GetCurrentDirectoryA SetCurrentDirectoryA GetTempPathA SetFileAttributesA CreateDirectoryA DeleteCriticalSection MultiByteToWideChar WideCharToMultiByte |
USER32.DLL |
CharUpperA
CharLowerA MessageBoxA SendMessageA PostMessageA GetWindowThreadProcessId IsWindowVisible GetWindowLongA GetForegroundWindow IsWindowEnabled EnableWindow EnumWindows SetWindowPos DestroyWindow GetDC GetWindowTextLengthA GetWindowTextA SetRect DrawTextA GetSystemMetrics ReleaseDC GetSysColor GetSysColorBrush CreateWindowExA CallWindowProcA SetWindowLongA SetFocus RedrawWindow RemovePropA DefWindowProcA SetPropA GetParent GetPropA GetWindow SetActiveWindow UnregisterClassA DestroyAcceleratorTable LoadIconA LoadCursorA RegisterClassA AdjustWindowRectEx ShowWindow CreateAcceleratorTableA PeekMessageA MsgWaitForMultipleObjects GetMessageA GetActiveWindow TranslateAcceleratorA TranslateMessage DispatchMessageA GetFocus GetClientRect FillRect EnumChildWindows DefFrameProcA GetWindowRect IsChild GetClassNameA GetKeyState DestroyIcon RegisterWindowMessageA |
GDI32.DLL |
GetStockObject
SelectObject SetBkColor SetTextColor GetTextExtentPoint32A CreateSolidBrush DeleteObject GetObjectA CreateCompatibleDC GetDIBits DeleteDC GetObjectType CreateDIBSection BitBlt CreateBitmap SetPixel |
COMCTL32.DLL |
InitCommonControlsEx
|
OLE32.DLL |
CoInitialize
CoTaskMemFree RevokeDragDrop |
SHELL32.DLL |
ShellExecuteExA
|
SHLWAPI.DLL |
PathQuoteSpacesA
PathGetArgsA PathAddBackslashA PathRenameExtensionA PathUnquoteSpacesA |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.3.11 |
ProductVersion | 1.0.3.11 |
FileFlags |
VS_FF_DEBUG
VS_FF_PRERELEASE
VS_FF_PRIVATEBUILD
|
FileOs |
VOS_DOS
VOS_DOS_WINDOWS16
VOS_DOS_WINDOWS32
VOS_OS232
VOS_OS232_PM32
VOS_WINCE
VOS__PM32
VOS__WINDOWS16
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Hikari Calyx Tech |
FileDescription | PNX-AOP Bootloader Unlocker |
FileVersion (#2) | 1,0,3,11 |
ProductName | Bootloader Unlocker |
InternalName | 0x8 UBLK |
ProductVersion (#2) | 1.0.3.11 |
LegalCopyright | 2019 (C) Hikari Calyx Tech. All rights Reserved. |
Resource LangID | UNKNOWN |
---|