383229fae314b882a2f619e191e248e1
Summary
| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2018-Sep-12 13:48:38 |
| Detected languages |
English - United Kingdom
|
Plugin Output
| Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
Is an AutoIT compiled script:
|
| Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Info | The PE's resources present abnormal characteristics. | Resource SCRIPT is possibly compressed or encrypted. |
| Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x108 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 5 |
| TimeDateStamp | 2018-Sep-12 13:48:38 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Image Optional Header
| Magic | PE32 |
|---|---|
| LinkerVersion | 11.0 |
| SizeOfCode | 0x8b600 |
| SizeOfInitializedData | 0x21dc00 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x00025F74 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x8d000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 5.1 |
| ImageVersion | 0.0 |
| SubsystemVersion | 5.1 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x2b0000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x2b295e |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x400000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x400000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.rsrc
.reloc
Imports
| WSOCK32.dll |
#151
#16 #19 #21 #15 #17 #18 #115 #9 #1 #13 #2 #3 #4 #116 #10 #20 #111 #11 #52 #57 #23 |
|---|---|
| VERSION.dll |
GetFileVersionInfoW
VerQueryValueW GetFileVersionInfoSizeW |
| WINMM.dll |
timeGetTime
waveOutSetVolume mciSendStringW |
| COMCTL32.dll |
ImageList_Destroy
ImageList_Remove ImageList_SetDragCursorImage ImageList_BeginDrag ImageList_DragEnter ImageList_DragLeave ImageList_EndDrag ImageList_DragMove ImageList_Create InitCommonControlsEx ImageList_ReplaceIcon |
| MPR.dll |
WNetUseConnectionW
WNetCancelConnection2W WNetGetConnectionW WNetAddConnection2W |
| WININET.dll |
InternetReadFile
InternetCloseHandle InternetOpenW InternetSetOptionW InternetCrackUrlW HttpQueryInfoW InternetQueryOptionW HttpOpenRequestW HttpSendRequestW FtpOpenFileW FtpGetFileSize InternetOpenUrlW InternetConnectW InternetQueryDataAvailable |
| PSAPI.DLL |
GetProcessMemoryInfo
|
| IPHLPAPI.DLL |
IcmpCreateFile
IcmpCloseHandle IcmpSendEcho |
| USERENV.dll |
UnloadUserProfile
DestroyEnvironmentBlock CreateEnvironmentBlock LoadUserProfileW |
| UxTheme.dll |
IsThemeActive
|
| KERNEL32.dll |
HeapAlloc
GetProcessHeap HeapFree Sleep GetCurrentThreadId MultiByteToWideChar MulDiv GetVersionExW GetSystemInfo FreeLibrary LoadLibraryA GetProcAddress SetErrorMode GetModuleFileNameW WideCharToMultiByte lstrcpyW lstrlenW GetModuleHandleW QueryPerformanceCounter VirtualFreeEx OpenProcess VirtualAllocEx WriteProcessMemory ReadProcessMemory CreateFileW SetFilePointerEx ReadFile WriteFile FlushFileBuffers TerminateProcess CreateToolhelp32Snapshot Process32FirstW Process32NextW SetFileTime GetFileAttributesW FindFirstFileW FindClose GetLongPathNameW GetCurrentThread FindNextFileW MoveFileW CopyFileW CreateDirectoryW RemoveDirectoryW SetSystemPowerState QueryPerformanceFrequency FindResourceW LoadResource LockResource SizeofResource EnumResourceNamesW OutputDebugStringW GetTempPathW GetTempFileNameW DeviceIoControl GetLocalTime CompareStringW DeleteCriticalSection WaitForSingleObject LeaveCriticalSection GetStdHandle CreatePipe InterlockedExchange TerminateThread LoadLibraryExW FindResourceExW VirtualFree FormatMessageW GetExitCodeProcess GetPrivateProfileStringW WritePrivateProfileStringW GetPrivateProfileSectionW WritePrivateProfileSectionW GetPrivateProfileSectionNamesW FileTimeToLocalFileTime FileTimeToSystemTime SystemTimeToFileTime LocalFileTimeToFileTime GetDriveTypeW GetDiskFreeSpaceExW GetDiskFreeSpaceW GetVolumeInformationW SetVolumeLabelW CreateHardLinkW SetFileAttributesW GetShortPathNameW CreateEventW SetEvent GetEnvironmentVariableW SetEnvironmentVariableW GlobalLock GlobalUnlock GlobalAlloc GetFileSize GlobalFree GlobalMemoryStatusEx Beep GetSystemDirectoryW GetComputerNameW GetWindowsDirectoryW GetCurrentProcessId GetProcessIoCounters CreateProcessW SetPriorityClass LoadLibraryW VirtualAlloc CloseHandle GetLastError GetFullPathNameW SetCurrentDirectoryW IsDebuggerPresent GetCurrentDirectoryW lstrcmpiW RaiseException InitializeCriticalSectionAndSpinCount InterlockedDecrement InterlockedIncrement CreateThread DuplicateHandle EnterCriticalSection GetCurrentProcess ExitProcess GetModuleHandleExW ExitThread GetSystemTimeAsFileTime ResumeThread GetCommandLineW IsProcessorFeaturePresent HeapSize IsValidCodePage GetACP GetOEMCP GetCPInfo SetLastError UnhandledExceptionFilter SetUnhandledExceptionFilter TlsAlloc TlsGetValue TlsSetValue TlsFree GetStartupInfoW GetStringTypeW SetStdHandle GetFileType GetConsoleCP GetConsoleMode RtlUnwind ReadConsoleW SetFilePointer GetTimeZoneInformation GetDateFormatW GetTimeFormatW LCMapStringW GetEnvironmentStringsW FreeEnvironmentStringsW HeapReAlloc WriteConsoleW SetEndOfFile DeleteFileW SetEnvironmentVariableA |
| USER32.dll |
SetWindowPos
GetCursorInfo RegisterHotKey ClientToScreen GetKeyboardLayoutNameW IsCharAlphaW IsCharAlphaNumericW IsCharLowerW IsCharUpperW GetMenuStringW GetSubMenu GetCaretPos IsZoomed MonitorFromPoint GetMonitorInfoW SetWindowLongW SetLayeredWindowAttributes FlashWindow GetClassLongW TranslateAcceleratorW IsDialogMessageW GetSysColor InflateRect DrawFocusRect DrawTextW FrameRect DrawFrameControl FillRect PtInRect DestroyAcceleratorTable CreateAcceleratorTableW SetCursor GetWindowDC GetSystemMetrics DrawMenuBar GetActiveWindow CharNextW wsprintfW RedrawWindow DestroyMenu SetMenu GetWindowTextLengthW CreateMenu IsDlgButtonChecked DefDlgProcW CallWindowProcW ReleaseCapture SetCapture MonitorFromRect LoadImageW CreateIconFromResourceEx mouse_event ExitWindowsEx SetActiveWindow FindWindowExW EnumThreadWindows SetMenuDefaultItem InsertMenuItemW IsMenu TrackPopupMenuEx GetCursorPos CopyImage CheckMenuRadioItem GetMenuItemID GetMenuItemCount SetMenuItemInfoW GetMenuItemInfoW SetForegroundWindow IsIconic FindWindowW UnregisterHotKey keybd_event SendInput GetAsyncKeyState SetKeyboardState GetKeyboardState GetKeyState VkKeyScanW LoadStringW DialogBoxParamW MessageBeep EndDialog SendDlgItemMessageW GetDlgItem SetWindowTextW CopyRect ReleaseDC GetDC EndPaint BeginPaint GetClientRect GetMenu DestroyWindow EnumWindows GetDesktopWindow IsWindow IsWindowEnabled IsWindowVisible EnableWindow InvalidateRect GetWindowLongW GetWindowThreadProcessId AttachThreadInput GetFocus ScreenToClient SendMessageTimeoutW EnumChildWindows CharUpperBuffW GetClassNameW GetParent GetDlgCtrlID SendMessageW MapVirtualKeyW PostMessageW GetWindowRect SetUserObjectSecurity CloseDesktop CloseWindowStation OpenDesktopW SetProcessWindowStation GetProcessWindowStation OpenWindowStationW GetUserObjectSecurity AdjustWindowRectEx SetRect SetClipboardData EmptyClipboard CountClipboardFormats CloseClipboard GetClipboardData IsClipboardFormatAvailable OpenClipboard BlockInput GetMessageW LockWindowUpdate DispatchMessageW TranslateMessage DeleteMenu PeekMessageW MessageBoxW DefWindowProcW MoveWindow SetFocus PostQuitMessage KillTimer CreatePopupMenu RegisterWindowMessageW SetTimer ShowWindow CreateWindowExW RegisterClassExW LoadIconW LoadCursorW GetSysColorBrush GetForegroundWindow MessageBoxA DestroyIcon SystemParametersInfoW CharLowerBuffW GetWindowTextW |
| GDI32.dll |
SetPixel
DeleteObject GetTextExtentPoint32W ExtCreatePen StrokeAndFillPath StrokePath GetDeviceCaps CloseFigure LineTo AngleArc CreateCompatibleBitmap CreateCompatibleDC MoveToEx Ellipse PolyDraw BeginPath SelectObject StretchBlt GetDIBits DeleteDC GetPixel CreateDCW GetStockObject Rectangle SetViewportOrgEx GetObjectW SetBkMode RoundRect SetBkColor CreatePen CreateSolidBrush SetTextColor CreateFontW GetTextFaceW EndPath |
| COMDLG32.dll |
GetSaveFileNameW
GetOpenFileNameW |
| ADVAPI32.dll |
GetAclInformation
RegEnumValueW RegDeleteValueW RegDeleteKeyW RegEnumKeyExW RegSetValueExW RegCreateKeyExW GetUserNameW RegOpenKeyExW RegCloseKey RegQueryValueExW RegConnectRegistryW InitializeSecurityDescriptor InitializeAcl AdjustTokenPrivileges OpenThreadToken OpenProcessToken LookupPrivilegeValueW DuplicateTokenEx CreateProcessAsUserW CreateProcessWithLogonW GetLengthSid CopySid InitiateSystemShutdownExW LogonUserW AllocateAndInitializeSid CheckTokenMembership FreeSid GetTokenInformation GetSecurityDescriptorDacl SetSecurityDescriptorDacl AddAce GetAce |
| SHELL32.dll |
DragQueryPoint
ShellExecuteExW DragQueryFileW SHEmptyRecycleBinW SHGetPathFromIDListW SHBrowseForFolderW SHCreateShellItem SHGetDesktopFolder SHGetSpecialFolderLocation SHGetFolderPathW SHFileOperationW ExtractIconExW Shell_NotifyIconW ShellExecuteW DragFinish |
| ole32.dll |
CoTaskMemAlloc
CoTaskMemFree CLSIDFromString ProgIDFromCLSID CLSIDFromProgID OleSetMenuDescriptor MkParseDisplayName OleSetContainedObject CoCreateInstance IIDFromString StringFromGUID2 CreateStreamOnHGlobal CoInitialize CoUninitialize GetRunningObjectTable CoGetInstanceFromFile CoGetObject CoInitializeSecurity CoCreateInstanceEx CoSetProxyBlanket |
| OLEAUT32.dll |
#163
#183 #11 #3 #6 #38 #39 #24 #23 #37 #186 #411 #2 #7 #185 #220 #77 #418 #164 #10 #9 #31 #32 #146 #12 #41 #8 |
Delayed Imports
1
2
3
4
5
6
7
8
9
10
11
12
166
1000
7 (#2)
8 (#2)
9 (#2)
10 (#2)
11 (#2)
12 (#2)
313
SCRIPT
99
162
164
169
1 (#2)
1 (#3)
String Table contents
| (Paused) |
| AutoIt Error |
| AutoIt has detected the stack has become corrupt. |
| Stack corruption typically occurs when either the wrong calling convention is used or when the function is called with the wrong number of arguments. |
| AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention. |
| "EndWith" missing "With". |
| Badly formatted "Func" statement. |
| "With" missing "EndWith". |
| Missing right bracket ')' in expression. |
| Missing operator in expression. |
| Unbalanced brackets in expression. |
| Error in expression. |
| Error parsing function call. |
| Incorrect number of parameters in function call. |
| "ReDim" used without an array variable. |
| Illegal text at the end of statement (one statement per line). |
| "If" statement has no matching "EndIf" statement. |
| "Else" statement with no matching "If" statement. |
| "EndIf" statement with no matching "If" statement. |
| Too many "Else" statements for matching "If" statement. |
| "While" statement has no matching "Wend" statement. |
| "Wend" statement with no matching "While" statement. |
| Variable used without being declared. |
| Array variable has incorrect number of subscripts or subscript dimension range exceeded. |
| Variable subscript badly formatted. |
| Subscript used on non-accessible variable. |
| Too many subscripts used for an array. |
| Missing subscript dimensions in "Dim" statement. |
| No variable given for "Dim", "Local", "Global", "Struct" or "Const" statement. |
| Expected a "=" operator in assignment statement. |
| Invalid keyword at the start of this line. |
| Array maximum size exceeded. |
| "Func" statement has no matching "EndFunc". |
| Duplicate function name. |
| Unknown function name. |
| Unknown macro. |
| Unable to get a list of running processes. |
| Invalid element in a DllStruct. |
| Unknown option or bad parameter specified. |
| Unable to load the internet libraries. |
| "Struct" statement has no matching "EndStruct". |
| Unable to open file, the maximum number of open files has been exceeded. |
| "ContinueLoop" statement with no matching "While", "Do" or "For" statement. |
| Invalid file filter given. |
| Expected a variable in user function call. |
| "Do" statement has no matching "Until" statement. |
| "Until" statement with no matching "Do" statement. |
| "For" statement is badly formatted. |
| "Next" statement with no matching "For" statement. |
| "ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop. |
| "For" statement has no matching "Next" statement. |
| "Case" statement with no matching "Select"or "Switch" statement. |
| "EndSelect" statement with no matching "Select" statement. |
| Recursion level has been exceeded - AutoIt will quit to prevent stack overflow. |
| Cannot make existing variables static. |
| Cannot make static variables into regular variables. |
| Badly formated Enum statement |
| This keyword cannot be used after a "Then" keyword. |
| "Select" statement is missing "EndSelect" or "Case" statement. |
| "If" statements must have a "Then" keyword. |
| Badly formated Struct statement. |
| Cannot assign values to constants. |
| Cannot make existing variables into constants. |
| Only Object-type variables allowed in a "With" statement. |
| "long_ptr", "int_ptr" and "short_ptr" DllCall() types have been deprecated. Use "long*", "int*" and "short*" instead. |
| Object referenced outside a "With" statement. |
| Nested "With" statements are not allowed. |
| Variable must be of type "Object". |
| The requested action with this object has failed. |
| Variable appears more than once in function declaration. |
| ReDim array can not be initialized in this manner. |
| An array variable can not be used in this manner. |
| Can not redeclare a constant. |
| Can not redeclare a parameter inside a user function. |
| Can pass constants by reference only to parameters with "Const" keyword. |
| Can not initialize a variable with itself. |
| Incorrect way to use this parameter. |
| "EndSwitch" statement with no matching "Switch" statement. |
| "Switch" statement is missing "EndSwitch" or "Case" statement. |
| "ContinueCase" statement with no matching "Select"or "Switch" statement. |
| Assert Failed! |
| Obsolete function/parameter. |
| Invalid Exitcode (reserved for AutoIt internal use). |
| Variable cannot be accessed in this manner. |
| Func reassign not allowed. |
| Func reassign on global level not allowed. |
| Unable to parse line. |
| Unable to open the script file. |
| String missing closing quote. |
| Badly formated variable or macro. |
| Missing separator character after keyword. |
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 0.0.0.0 |
| ProductVersion | 0.0.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | English - United Kingdom |
| Resource LangID | English - United Kingdom |
|---|
IMAGE_DEBUG_TYPE_RESERVED
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2014-Jun-01 17:44:52 |
| Version | 0.0 |
| SizeofData | 4 |
| AddressOfRawData | 0xb2778 |
| PointerToRawData | 0xb1178 |
TLS Callbacks
Load Configuration
| Size | 0x48 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x4badc0 |
| SEHandlerTable | 0 |
| SEHandlerCount | 0 |
RICH Header
| XOR Key | 0xcda605b9 |
|---|---|
| Unmarked objects | 0 |
| 199 (41118) | 1 |
| ASM objects (50929) | 51 |
| C objects (50929) | 174 |
| C++ objects (50929) | 50 |
| C objects (VS2008 SP1 build 30729) | 9 |
| Imports (VS2008 SP1 build 30729) | 37 |
| Total imports | 532 |
| 216 (VS2012 UPD4 build 61030) | 77 |
| ASM objects (VS2012 UPD4 build 61030) | 2 |
| Resource objects (VS2012 UPD4 build 61030) | 1 |
| 151 | 1 |
| Linker (VS2012 UPD4 build 61030) | 1 |