37a9444d4cc44be17393baf42c4b3cfa
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2005-Dec-01 01:06:20 |
| Detected languages |
English - United States
|
| Debug artifacts |
F:\mw\Speed\PC\CDMWCollectors\NfsMWCollectorsRelease.pdb
|
Plugin Output
| Info | Matching compiler(s): |
Microsoft Visual C++ 7.1
Microsoft Visual C++ 6.0 - 8.0 InstallShield 2000 MASM/TASM - sig1(h) Microsoft Visual C++ Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
| Suspicious | PEiD Signature: |
SafeDisc v4
SafeDisc 4 |
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
Tries to detect virtualized environments:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 |
| Suspicious | The PE is possibly packed. | Unusual section name found: |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Suspicious | VirusTotal score: 1/72 (Scanned on 2026-02-13 19:32:22) | Jiangmin: Trojan.Convagent.auc |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x108 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 5 |
| TimeDateStamp | 2005-Dec-01 01:06:20 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 7.0 |
| SizeOfCode | 0x495000 |
| SizeOfInitializedData | 0x208000 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x003C4040 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x490000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x1000 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 4.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x698000 |
| SizeOfHeaders | 0x1000 |
| Checksum | 0x5e3834 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.rsrc
Imports
| KERNEL32.dll |
GetPriorityClass
GetCurrentThread GetCurrentProcess GetLongPathNameA SetErrorMode CloseHandle Process32Next Process32First CreateToolhelp32Snapshot CreateDirectoryA GetModuleHandleA FreeLibrary GetProcAddress LoadLibraryA InterlockedIncrement InterlockedDecrement GetTickCount IsDebuggerPresent RemoveDirectoryA GetFullPathNameA SetCurrentDirectoryA GetDiskFreeSpaceA FileTimeToLocalFileTime FileTimeToSystemTime ExitThread GetThreadPriority GetProcessAffinityMask SetPriorityClass SetThreadPriority SetProcessAffinityMask Sleep GetVersionExA GetLogicalDrives GetDriveTypeA GlobalMemoryStatusEx ResumeThread SuspendThread DeleteFileA MultiByteToWideChar FindFirstFileA FindNextFileA FindClose FatalAppExitA DebugBreak SetupComm SetCommTimeouts GetCommConfig SetCommConfig GetCommState SetCommState PurgeComm WaitForMultipleObjects SetCommMask GetOverlappedResult WaitCommEvent GetProcessHeap QueueUserAPC SetThreadAffinityMask ReleaseSemaphore CreateSemaphoreA ReleaseMutex CreateMutexA CreateThread GlobalFree GlobalAlloc GetDiskFreeSpaceExA GetFileSize MoveFileA GetCurrentDirectoryA ResetEvent QueryPerformanceCounter QueryPerformanceFrequency CreateProcessA GetLastError IsBadReadPtr OutputDebugStringA CreateEventA SetEvent CreateWaitableTimerA GetSystemTime GetCommandLineA RtlUnwind RaiseException IsBadWritePtr HeapValidate EnterCriticalSection LeaveCriticalSection TerminateProcess ExitProcess GetTimeZoneInformation GetSystemTimeAsFileTime UnhandledExceptionFilter GetModuleFileNameA FreeEnvironmentStringsA GetEnvironmentStrings FreeEnvironmentStringsW WideCharToMultiByte GetEnvironmentStringsW SetHandleCount GetStdHandle GetFileType GetStartupInfoA DeleteCriticalSection TlsAlloc GetCurrentThreadId TlsFree TlsSetValue TlsGetValue SetLastError HeapDestroy HeapCreate HeapFree VirtualFree WriteFile SetUnhandledExceptionFilter LCMapStringA LCMapStringW HeapAlloc HeapReAlloc VirtualAlloc GetCPInfo CompareStringA CompareStringW ReadFile SetConsoleCtrlHandler GetACP GetOEMCP InitializeCriticalSection VirtualQuery InterlockedExchange IsBadCodePtr GetTimeFormatA GetDateFormatA GetStringTypeA GetStringTypeW IsValidLocale IsValidCodePage GetLocaleInfoA EnumSystemLocalesA GetUserDefaultLCID VirtualProtect GetSystemInfo SetFilePointer GetCurrentProcessId FlushFileBuffers SetStdHandle CreateFileA SetEndOfFile GetLocaleInfoW SetEnvironmentVariableA DuplicateHandle TerminateThread SleepEx GetExitCodeThread SetWaitableTimer WaitForSingleObject SystemTimeToFileTime |
|---|---|
| d3d9.dll |
Direct3DCreate9
|
| d3dx9_26.dll |
D3DXMatrixMultiply
D3DXVec4Transform D3DXVec3Transform D3DXMatrixInverse D3DXCreateEffectFromResourceA D3DXCreateEffectPool D3DXMatrixOrthoLH D3DXMatrixPerspectiveLH D3DXMatrixTranslation D3DXVec3TransformCoordArray D3DXVec3Normalize D3DXVec3TransformNormal D3DXMatrixTranspose |
| DINPUT8.dll |
DirectInput8Create
|
| USER32.dll |
SetWindowPos
SetWindowLongA BeginPaint EndPaint PostMessageA IsIconic PostQuitMessage SetCapture ReleaseCapture DefWindowProcA wvsprintfA GetCursorPos PeekMessageA ShowCursor GetMessageA TranslateMessage DispatchMessageA GetKeyState MapVirtualKeyExA GetKeyboardLayout GetDesktopWindow GetForegroundWindow wsprintfA PostThreadMessageA SendInput LoadIconA LoadCursorA RegisterClassExA GetWindowRect GetClientRect MapVirtualKeyA ToUnicode MessageBoxA AdjustWindowRect CreateWindowExA UpdateWindow SetCursor SetFocus SetForegroundWindow ShowWindow DestroyWindow |
| ADVAPI32.dll |
RegCreateKeyA
RegOpenKeyExA RegCloseKey RegSetValueExA RegQueryValueExA RegOpenKeyA |
| SHFOLDER.dll |
SHGetFolderPathA
|
| SHELL32.dll |
ShellExecuteA
|
| DSOUND.dll |
#6
#1 |
| WINMM.dll |
waveOutGetDevCapsA
waveOutGetNumDevs waveOutWrite waveOutGetPosition waveOutSetVolume waveInStart waveInAddBuffer waveInGetPosition timeEndPeriod timeGetTime timeBeginPeriod waveOutReset waveOutOpen waveOutClose waveInStop waveInGetNumDevs waveInGetDevCapsA waveInReset waveInOpen waveInClose waveInUnprepareHeader waveOutUnprepareHeader waveInPrepareHeader waveOutPrepareHeader |
| GDI32.dll |
ExtTextOutA
BitBlt GetPixel DeleteObject DeleteDC SetBkMode SetBkColor SetTextColor CreateFontA CreateBitmap SelectObject CreateCompatibleDC |
| TAPI32.dll |
lineGetDevCaps
lineShutdown lineInitialize lineAnswer lineMakeCall lineGetID lineClose lineNegotiateAPIVersion lineOpen |
| NETAPI32.dll |
Netbios
|
| WS2_32.dll |
shutdown
WSASetEvent bind connect listen accept sendto send recv recvfrom select getpeername getsockname gethostbyname gethostname WSAIoctl WSACleanup getsockopt WSAGetLastError WSACreateEvent setsockopt socket WSACloseEvent ioctlsocket WSARecv WSARecvFrom closesocket WSAStartup WSAGetOverlappedResult WSAWaitForMultipleEvents WSAResetEvent |
Delayed Imports
1
2
3
4
5
6
7
8
9
IDI_CARDEPTH_FX
IDI_CAR_FX
IDI_CAR_SHADOW_MAP_FX
IDI_FE_FX
IDI_FE_MASK_FX
IDI_FILTER_FX
IDI_GLASSREFLECTSHADER_FX
IDI_GLOSSYWINDOWDEPTH_FX
IDI_GLOSSYWINDOW_FX
IDI_OVERBRIGHT_FX
IDI_PARTICLES_FX
IDI_RAIN_DROP_FX
IDI_RUNWAYLIGHT_FX
IDI_SCREENFILTER_FX
IDI_SHADOW_CG_FX
IDI_SHADOW_MAP_MESH_DEPTH_FX
IDI_SHADOW_MAP_MESH_FX
IDI_SKYBOX_CG_FX
IDI_SKYBOX_FX
IDI_TREEDEPTH_FX
IDI_TREE_FX
IDI_VISUALTREATMENT_FX
IDI_WORLDBONE_FX
IDI_WORLDDEPTH_FX
IDI_WORLDMIN_FX
IDI_WORLDNOFOG_FX
IDI_WORLDNORMALMAPDEPTH_FX
IDI_WORLDNORMALMAPNOFOG_FX
IDI_WORLDNORMALMAP_FX
IDI_WORLDPRELIT_FX
IDI_WORLDREFLECT_FX
IDI_WORLD_FX
IDI_ICON1
Version Info
IMAGE_DEBUG_TYPE_CODEVIEW
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2005-Dec-01 01:06:20 |
| Version | 0.0 |
| SizeofData | 81 |
| AddressOfRawData | 0x4c849c |
| PointerToRawData | 0x4c849c |
| Referenced File | F:\mw\Speed\PC\CDMWCollectors\NfsMWCollectorsRelease.pdb |
TLS Callbacks
Load Configuration
RICH Header
| XOR Key | 0x41088198 |
|---|---|
| Unmarked objects | 0 |
| Imports (9210) | 2 |
| Imports (2067) | 2 |
| C objects (VS2003 (.NET) build 4035) | 3 |
| C++ objects (VS2003 (.NET) build 4035) | 1 |
| Imports (VS2003 (.NET) build 4035) | 8 |
| 105 (2067) | 3 |
| ASM objects (VS2003 (.NET) build 3077) | 62 |
| C objects (VS2003 (.NET) build 3077) | 276 |
| Imports (2179) | 17 |
| Total imports | 300 |
| C++ objects (VS2003 (.NET) build 3077) | 327 |
| 94 (VS2003 (.NET) build 3052) | 1 |
| Linker (VS2003 (.NET) build 3077) | 1 |