| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2016-Apr-03 20:18:53 |
| Detected languages |
English - United States
|
| Comments | Tool to directly print from web browser |
| CompanyName | PT. MKM |
| FileVersion | 5.0.0.0 |
| ProductName | PPOB Plugin |
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Suspicious | The PE is an NSIS installer | Unusual section name found: .ndata |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Suspicious | The file contains overlay data. |
3277111 bytes of data starting at offset 0x9000.
The overlay data has an entropy of 7.99995 and is possibly compressed or encrypted. Overlay data amounts for 98.8876% of the executable. |
| Suspicious | VirusTotal score: 2/68 (Scanned on 2021-05-20 06:01:10) |
Bkav:
W32.AIDetect.malware1
APEX: Malicious |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0xd8 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 5 |
| TimeDateStamp | 2016-Apr-03 20:18:53 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic | PE32 |
|---|---|
| LinkerVersion | 6.0 |
| SizeOfCode | 0x5e00 |
| SizeOfInitializedData | 0x1d000 |
| SizeOfUninitializedData | 0x400 |
| AddressOfEntryPoint | 0x0000322B (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x7000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 6.0 |
| SubsystemVersion | 4.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x2e000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| KERNEL32.dll |
CopyFileA
Sleep GetTickCount CreateFileA GetFileSize GetModuleFileNameA ReadFile GetFileAttributesA SetFileAttributesA ExitProcess SetEnvironmentVariableA GetWindowsDirectoryA GetTempPathA GetCommandLineA lstrlenA GetVersion GetCurrentProcess GetFullPathNameA GetDiskFreeSpaceA GlobalUnlock GlobalLock CreateThread GetLastError CreateDirectoryA CreateProcessA RemoveDirectoryA GetTempFileNameA WriteFile lstrcpyA MoveFileExA lstrcatA GetSystemDirectoryA GetProcAddress CloseHandle SetCurrentDirectoryA MoveFileA CompareFileTime GetShortPathNameA SearchPathA lstrcmpiA SetFileTime lstrcmpA ExpandEnvironmentStringsA lstrcpynA SetErrorMode GlobalFree FindFirstFileA FindNextFileA DeleteFileA SetFilePointer GetPrivateProfileStringA FindClose MultiByteToWideChar FreeLibrary MulDiv WritePrivateProfileStringA LoadLibraryExA GetModuleHandleA GetExitCodeProcess WaitForSingleObject GlobalAlloc |
|---|---|
| USER32.dll |
ScreenToClient
GetSystemMenu SetClassLongA IsWindowEnabled SetWindowPos GetSysColor GetWindowLongA SetCursor LoadCursorA CheckDlgButton GetMessagePos LoadBitmapA CallWindowProcA IsWindowVisible CloseClipboard SetClipboardData EmptyClipboard PostQuitMessage GetWindowRect EnableMenuItem CreatePopupMenu GetSystemMetrics SetDlgItemTextA GetDlgItemTextA MessageBoxIndirectA CharPrevA DispatchMessageA PeekMessageA ReleaseDC EnableWindow InvalidateRect SendMessageA DefWindowProcA BeginPaint GetClientRect FillRect DrawTextA EndDialog RegisterClassA SystemParametersInfoA CreateWindowExA GetClassInfoA DialogBoxParamA CharNextA ExitWindowsEx GetDC CreateDialogParamA SetTimer GetDlgItem SetWindowLongA SetForegroundWindow LoadImageA IsWindow SendMessageTimeoutA FindWindowExA OpenClipboard TrackPopupMenu AppendMenuA EndPaint DestroyWindow wsprintfA ShowWindow SetWindowTextA |
| GDI32.dll |
SelectObject
SetBkMode CreateFontIndirectA SetTextColor DeleteObject GetDeviceCaps CreateBrushIndirect SetBkColor |
| SHELL32.dll |
SHGetSpecialFolderLocation
SHGetPathFromIDListA SHBrowseForFolderA SHGetFileInfoA ShellExecuteA SHFileOperationA |
| ADVAPI32.dll |
RegDeleteKeyA
SetFileSecurityA OpenProcessToken LookupPrivilegeValueA AdjustTokenPrivileges RegOpenKeyExA RegEnumValueA RegDeleteValueA RegCloseKey RegCreateKeyExA RegSetValueExA RegQueryValueExA RegEnumKeyA |
| COMCTL32.dll |
ImageList_Create
ImageList_AddMasked ImageList_Destroy #17 |
| ole32.dll |
OleUninitialize
OleInitialize CoTaskMemFree CoCreateInstance |
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0 |
| FileVersion | 5.0.0.0 |
| ProductVersion | 5.0.0.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | English - United States |
| Comments | Tool to directly print from web browser |
| CompanyName | PT. MKM |
| FileVersion (#2) | 5.0.0.0 |
| ProductName | PPOB Plugin |
| Resource LangID | English - United States |
|---|
| XOR Key | 0xd246d0e9 |
|---|---|
| Unmarked objects | 0 |
| C objects (VS2003 (.NET) build 4035) | 2 |
| Total imports | 159 |
| Imports (VS2003 (.NET) build 4035) | 15 |
| 48 (9044) | 10 |
| Resource objects (VS98 SP6 cvtres build 1736) | 1 |
No comments yet.