Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2018-Jul-06 02:46:14 |
Debug artifacts |
018_7\Debug\2018_7.pdb
|
Info | Matching compiler(s): |
InstallShield 2000
Microsoft Visual C++ Microsoft Visual C++ v5.0/v6.0 (MFC) |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to MD5 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. | 47 bytes of data starting at offset 0x1e000. |
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2018-Jul-06 02:46:14 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x15000 |
SizeOfInitializedData | 0xa000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00002B20 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x16000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x20000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
VirtualProtectEx
OpenProcess GetCurrentProcessId ExitProcess TerminateProcess GetCurrentProcess GetCommandLineA GetVersion IsBadWritePtr IsBadReadPtr HeapValidate DebugBreak GetStdHandle WriteFile InterlockedDecrement OutputDebugStringA GetProcAddress LoadLibraryA InterlockedIncrement GetModuleFileNameA UnhandledExceptionFilter FreeEnvironmentStringsA FreeEnvironmentStringsW WideCharToMultiByte GetEnvironmentStrings GetEnvironmentStringsW SetHandleCount GetFileType GetStartupInfoA GetModuleHandleA GetEnvironmentVariableA GetVersionExA HeapDestroy HeapCreate HeapFree VirtualFree RtlUnwind HeapAlloc HeapReAlloc GetLastError VirtualAlloc SetConsoleCtrlHandler MultiByteToWideChar GetCPInfo GetACP GetOEMCP GetStringTypeA GetStringTypeW FlushFileBuffers SetFilePointer ReadFile LCMapStringA LCMapStringW SetStdHandle CloseHandle |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Jul-05 11:40:14 |
Version | 0.0 |
SizeofData | 47 |
AddressOfRawData | 0 |
PointerToRawData | 0x1e000 |
Referenced File | 018_7\Debug\2018_7.pdb |
XOR Key | 0x259a4588 |
---|---|
Unmarked objects | 0 |
C++ objects (VS98 SP6 build 8804) | 1 |
14 (7299) | 16 |
C objects (VS98 SP6 build 8804) | 62 |
19 (8034) | 3 |
Total imports | 55 |
C++ objects (VS98 build 8168) | 1 |