Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Nov-24 05:41:39 |
TLS Callbacks | 1 callback(s) detected. |
Comments | |
CompanyName | |
FileDescription | YoutubeAuto |
FileVersion | 1.0.1.8 |
InternalName | YoutubeAuto.exe |
LegalCopyright | Copyright © 2020 |
LegalTrademarks | |
OriginalFilename | YoutubeAuto.exe |
ProductName | YoutubeAuto |
ProductVersion | 1.0.1.8 |
Assembly Version | 1.0.1.8 |
Info | Matching compiler(s): | .NET executable -> Microsoft |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA256 |
Suspicious | The PE is packed with Enigma Protector |
Unusual section name found: .enigma1
Section .enigma1 is both writable and executable. Unusual section name found: .enigma2 Section .enigma2 is both writable and executable. |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2020-Nov-24 05:41:39 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 48.0 |
SizeOfCode | 0x6c000 |
SizeOfInitializedData | 0x96a00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0006DFFA (Section: .text) |
BaseOfCode | 0x2000 |
BaseOfData | 0x6e000 |
ImageBase | 0x400000 |
SectionAlignment | 0x2000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xe2000 |
SizeOfHeaders | 0x2000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x200000 |
SizeofStackCommit | 0x2000 |
SizeofHeapReserve | 0x200000 |
SizeofHeapCommit | 0x2000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
kernel32.dll |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetTickCount QueryPerformanceCounter GetVersion GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess ExitThread WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
---|---|
user32.dll |
GetKeyboardType
LoadStringA MessageBoxA CharNextA |
advapi32.dll |
RegQueryValueExA
RegOpenKeyExA RegCloseKey |
oleaut32.dll |
SysFreeString
SysReAllocStringLen SysAllocStringLen |
kernel32.dll (#2) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetTickCount QueryPerformanceCounter GetVersion GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess ExitThread WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
advapi32.dll (#2) |
RegQueryValueExA
RegOpenKeyExA RegCloseKey |
kernel32.dll (#3) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetTickCount QueryPerformanceCounter GetVersion GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess ExitThread WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
user32.dll (#2) |
GetKeyboardType
LoadStringA MessageBoxA CharNextA |
kernel32.dll (#4) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetTickCount QueryPerformanceCounter GetVersion GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess ExitThread WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
kernel32.dll (#5) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetTickCount QueryPerformanceCounter GetVersion GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess ExitThread WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
ole32.dll |
CreateStreamOnHGlobal
CoUninitialize CoInitialize |
oleaut32.dll (#2) |
SysFreeString
SysReAllocStringLen SysAllocStringLen |
oleaut32.dll (#3) |
SysFreeString
SysReAllocStringLen SysAllocStringLen |
ntdll.dll |
RtlInitUnicodeString
RtlFreeUnicodeString RtlFormatCurrentUserKeyPath RtlDosPathNameToNtPathName_U |
SHFolder.dll |
SHGetFolderPathW
SHGetFolderPathA |
ntdll.dll (#2) |
RtlInitUnicodeString
RtlFreeUnicodeString RtlFormatCurrentUserKeyPath RtlDosPathNameToNtPathName_U |
shlwapi.dll |
PathMatchSpecW
|
ntdll.dll (#3) |
RtlInitUnicodeString
RtlFreeUnicodeString RtlFormatCurrentUserKeyPath RtlDosPathNameToNtPathName_U |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.1.8 |
ProductVersion | 1.0.1.8 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
Comments | |
CompanyName | |
FileDescription | YoutubeAuto |
FileVersion (#2) | 1.0.1.8 |
InternalName | YoutubeAuto.exe |
LegalCopyright | Copyright © 2020 |
LegalTrademarks | |
OriginalFilename | YoutubeAuto.exe |
ProductName | YoutubeAuto |
ProductVersion (#2) | 1.0.1.8 |
Assembly Version | 1.0.1.8 |
Resource LangID | UNKNOWN |
---|
StartAddressOfRawData | 0x49c018 |
---|---|
EndAddressOfRawData | 0x49c040 |
AddressOfIndex | 0x49c040 |
AddressOfCallbacks | 0x49c044 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
0x004D1CA0
|