Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2018-Jul-10 19:09:32 |
Detected languages |
English - United States
Russian - Russia |
Suspicious | PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h) UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser UPX -> www.upx.sourceforge.net UPX Protector v1.0x (2) UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser |
Suspicious | The PE is packed with UPX |
Unusual section name found: UPX0
Section UPX0 is both writable and executable. Unusual section name found: UPX1 Section UPX1 is both writable and executable. |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x50 |
e_cp | 0x2 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0xf |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0x1a |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 3 |
TimeDateStamp | 2018-Jul-10 19:09:32 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x3b000 |
SizeOfInitializedData | 0xd000 |
SizeOfUninitializedData | 0x6e000 |
AddressOfEntryPoint | 0x000A97F0 (Section: UPX1) |
BaseOfCode | 0x6f000 |
BaseOfData | 0xaa000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xb7000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x4000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.DLL |
LoadLibraryA
GetProcAddress VirtualProtect VirtualAlloc VirtualFree ExitProcess |
---|---|
advapi32.dll |
RegFlushKey
|
comctl32.dll |
ImageList_Add
|
comdlg32.dll |
GetOpenFileNameA
|
gdi32.dll |
SaveDC
|
mpr.dll |
WNetOpenEnumA
|
ole32.dll |
CoTaskMemFree
|
oleaut32.dll |
VariantCopy
|
shell32.dll |
ShellExecuteW
|
user32.dll |
GetDC
|
version.dll |
VerQueryValueA
|
JPEG error #%d |
JPEG Image File |
Invalid buffer size for decryption |
Menu '%s' is already being used by another form |
Docked control must have a name |
Error removing control from dock tree |
- Dock zone not found |
- Dock zone has no control |
Error loading dock zone from the stream. Expecting version %d, but found %d. |
Error setting %s.Count |
Listbox (%s) style must be virtual in order to set Count |
ANSI |
ASCII |
Unicode |
Big Endian Unicode |
UTF-8 |
UTF-7 |
%s requires Windows Vista or later |
Cannot change the size of a JPEG image |
Space |
PgUp |
PgDn |
End |
Home |
Left |
Up |
Right |
Down |
Ins |
Del |
Shift+ |
Ctrl+ |
Alt+ |
Unable to insert a line |
Clipboard does not support Icons |
Confirm |
&Yes |
&No |
OK |
Cancel |
&Help |
&Abort |
&Retry |
&Ignore |
&All |
N&o to All |
Yes to &All |
BkSp |
Tab |
Esc |
Enter |
&Yes |
&No |
&Help |
&Close |
&Ignore |
&Retry |
Abort |
&All |
Cannot drag a form |
Metafiles |
Enhanced Metafiles |
Icons |
Bitmaps |
Warning |
Error |
Information |
Error creating window class |
Cannot focus a disabled or invisible window |
Control '%s' has no parent window |
Parent given is not a parent of '%s' |
Cannot hide an MDI Child Form |
Cannot change Visible in OnShow or OnHide |
Cannot make a visible window modal |
Menu index out of range |
Menu inserted twice |
Sub-menu is not in menu |
Not enough timers available |
GroupIndex cannot be less than a previous menu item's GroupIndex |
Cannot create form. No MDI forms are currently active |
A control cannot have itself as its parent |
OK |
Cancel |
No topic-based help system installed |
Bitmap image is not valid |
Icon image is not valid |
Metafile is not valid |
Invalid pixel format |
Scan line index out of range |
Cannot change the size of an icon |
Unsupported clipboard format |
Out of system resources |
Canvas does not allow drawing |
Invalid image size |
Invalid ImageList |
Invalid ImageList Index |
Failed to read ImageList data from stream |
Failed to write ImageList data to stream |
Error creating window device context |
List index out of bounds (%d) |
Out of memory while expanding memory stream |
Error reading %s%s%s: %s |
Stream read error |
Property is read-only |
Failed to get data for '%s' |
Resource %s not found |
%s.Seek not implemented |
Operation not allowed on sorted list |
%s not in a class registration group |
Property %s does not exist |
Stream write error |
Unable to find a Table of Contents |
No help found for %s |
No context-sensitive help installed |
No help found for context |
CheckSynchronize called from thread $%x, which is NOT the main thread |
Class %s not found |
A class named %s already exists |
List does not allow duplicates ($0%x) |
A component named %s already exists |
String list does not allow duplicates |
Cannot create file "%s". %s |
Cannot open file "%s". %s |
Invalid stream format |
''%s'' is not a valid component name |
Invalid property value |
Invalid property path |
Invalid property value |
Invalid data type for '%s' |
List capacity out of bounds (%d) |
List count out of bounds (%d) |
Tue |
Wed |
Thu |
Fri |
Sat |
Sunday |
Monday |
Tuesday |
Wednesday |
Thursday |
Friday |
Saturday |
Ancestor for '%s' not found |
Cannot assign a %s to a %s |
Bits index out of range |
Can't write to a read-only resource stream |
Nov |
Dec |
January |
February |
March |
April |
May |
June |
July |
August |
September |
October |
November |
December |
Sun |
Mon |
Exception in safecall method |
%s (%s, line %d) |
Abstract Error |
Access violation at address %p in module '%s'. %s of address %p |
System Error. Code: %d. |
%s |
A call to an OS function failed |
Jan |
Feb |
Mar |
Apr |
May |
Jun |
Jul |
Aug |
Sep |
Oct |
Error creating variant or safe array |
Variant or safe array index out of bounds |
Variant or safe array is locked |
Invalid variant type conversion |
Invalid variant operation |
Invalid variant operation (%s%.8x) |
%s |
Could not convert variant of type (%s) into type (%s) |
Overflow while converting variant of type (%s) into type (%s) |
Variant overflow |
Invalid argument |
Invalid variant type |
Operation not supported |
Unexpected variant error |
External exception %x |
Assertion failed |
Interface not supported |
Floating point overflow |
Floating point underflow |
Invalid pointer operation |
Invalid class typecast |
Access violation at address %p. %s of address %p |
Access violation |
Stack overflow |
Control-C hit |
Privileged instruction |
Exception %s in module %s at %p. |
%s%s |
Application Error |
Format '%s' invalid or incompatible with argument |
No argument for format '%s' |
Variant method calls not supported |
Read |
Write |
'%s' is not a valid integer value |
'%s' is not a valid GUID value |
Out of memory |
I/O error %d |
File not found |
Invalid filename |
Too many open files |
File access denied |
Read beyond end of file |
Disk full |
Invalid numeric input |
Division by zero |
Range check error |
Integer overflow |
Invalid floating point operation |
Floating point division by zero |