Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2012-Mar-07 23:01:48 |
Detected languages |
English - United States
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Safe | VirusTotal score: 0/68 (Scanned on 2017-10-27 15:19:49) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2012-Mar-07 23:01:48 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x9000 |
SizeOfInitializedData | 0x3200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001D7E (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0xa000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x10000 |
SizeOfHeaders | 0x400 |
Checksum | 0x10585 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
PSAPI.DLL |
EnumProcessModules
GetModuleFileNameExA |
---|---|
KERNEL32.dll |
Process32First
CreateToolhelp32Snapshot CloseHandle Process32Next GetLastError GetCurrentProcess OpenProcess GetModuleFileNameA GetModuleHandleW Sleep GetProcAddress ExitProcess GetCommandLineA TerminateProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent EnterCriticalSection LeaveCriticalSection HeapFree GetCPInfo InterlockedIncrement InterlockedDecrement GetACP GetOEMCP IsValidCodePage TlsGetValue TlsAlloc TlsSetValue TlsFree SetLastError GetCurrentThreadId HeapAlloc LCMapStringA WideCharToMultiByte MultiByteToWideChar LCMapStringW WriteFile GetStdHandle DeleteCriticalSection LoadLibraryA InitializeCriticalSectionAndSpinCount FreeEnvironmentStringsA GetEnvironmentStrings FreeEnvironmentStringsW GetEnvironmentStringsW SetHandleCount GetFileType GetStartupInfoA HeapCreate VirtualFree QueryPerformanceCounter GetTickCount GetCurrentProcessId GetSystemTimeAsFileTime SetFilePointer GetConsoleCP GetConsoleMode RtlUnwind VirtualAlloc HeapReAlloc GetStringTypeA GetStringTypeW GetLocaleInfoA HeapSize SetStdHandle WriteConsoleA GetConsoleOutputCP WriteConsoleW FlushFileBuffers CreateFileA |
ADVAPI32.dll |
LookupPrivilegeValueA
AdjustTokenPrivileges OpenProcessToken |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x40c000 |
SEHandlerTable | 0x40b4a0 |
SEHandlerCount | 3 |
XOR Key | 0x39de946d |
---|---|
Unmarked objects | 0 |
150 (20413) | 1 |
ASM objects (VS2008 SP1 build 30729) | 17 |
C objects (VS2008 SP1 build 30729) | 95 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 7 |
Total imports | 92 |
C++ objects (VS2008 SP1 build 30729) | 33 |
Resource objects (VS2008 SP1 build 30729) | 1 |