Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2015-Oct-02 15:39:01 |
Detected languages |
English - United States
|
FileVersion | 2,0,0,45 |
ProductName | SHARP Launcher Install Program |
ProductVersion | 2,0,0,45 |
Info | Matching compiler(s): |
Microsoft Visual C++
Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
3881761 bytes of data starting at offset 0x25000.
The overlay data has an entropy of 7.99912 and is possibly compressed or encrypted. Overlay data amounts for 96.2425% of the executable. |
Info | No VirusTotal score. | A scan of the file is currently queued. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2015-Oct-02 15:39:01 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x17000 |
SizeOfInitializedData | 0xd000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0001403C (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x18000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x25000 |
SizeOfHeaders | 0x1000 |
Checksum | 0x3e0f7f |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetModuleFileNameA
GetVersionExA GetVersion GetPrivateProfileStringA GetStringTypeW GetStringTypeA IsBadCodePtr IsBadReadPtr SetUnhandledExceptionFilter GetFileType GetStdHandle SetHandleCount GetEnvironmentStringsW GetEnvironmentStrings FreeEnvironmentStringsW FreeEnvironmentStringsA UnhandledExceptionFilter GetOEMCP GetACP GetCPInfo LCMapStringW GetDriveTypeA IsBadWritePtr HeapReAlloc VirtualAlloc VirtualFree HeapCreate HeapDestroy GetEnvironmentVariableA GetCommandLineA GetStartupInfoA GetModuleHandleA MoveFileA DeleteFileA RtlUnwind SetEnvironmentVariableA CreateDirectoryA HeapFree HeapAlloc HeapCompact TerminateProcess ExitProcess GetCurrentProcess MoveFileExA FormatMessageA SetFileTime WritePrivateProfileStringA OpenFile GetFileAttributesA SetFileAttributesA SetErrorMode GetLocalTime GetFullPathNameA MultiByteToWideChar WideCharToMultiByte GetTempPathA GetShortPathNameA GetExitCodeProcess GetCurrentDirectoryA SetCurrentDirectoryA CreateProcessA Sleep lstrcatA lstrlenA WinExec LoadLibraryA GetProcAddress FreeLibrary GetDiskFreeSpaceA GlobalAlloc GlobalLock GlobalUnlock GlobalFree CloseHandle SetFilePointer WriteFile ReadFile CreateFileA GetLastError FindFirstFileA FindClose GetWindowsDirectoryA LCMapStringA GetSystemDirectoryA |
---|---|
USER32.dll |
DialogBoxParamA
ExitWindowsEx IsIconic PostQuitMessage DefWindowProcA AdjustWindowRectEx BringWindowToTop EndDialog IsDlgButtonChecked CheckDlgButton SetTimer GetDlgItemTextA SendDlgItemMessageA GetLastActivePopup RegisterClassA LoadCursorA LoadIconA PostMessageA GetWindow SendMessageA GetSysColor ScreenToClient GetWindowRect GetDlgItem EndPaint BeginPaint GetClientRect FillRect CheckRadioButton SetFocus GetParent UpdateWindow IsWindowVisible InvalidateRect CreateDialogParamA RedrawWindow PeekMessageA GetMessageA IsDialogMessageA TranslateMessage DispatchMessageA SetDlgItemTextA SetWindowTextA SetWindowPos ShowWindow DestroyWindow CreateWindowExA GetWindowLongA IsWindowEnabled CallWindowProcA ValidateRect SetWindowLongA GetClassNameA MessageBoxA EnableWindow SendMessageTimeoutA wsprintfA GetSystemMetrics DrawTextA FindWindowA |
GDI32.dll |
CreatePalette
SetBkColor ExtTextOutA CreateFontIndirectA GetSystemPaletteEntries SetBkMode AddFontResourceA RemoveFontResourceA GetStockObject GetDeviceCaps DeleteDC DeleteObject BitBlt SelectObject CreateCompatibleBitmap CreateCompatibleDC RealizePalette SelectPalette CreateHalftonePalette CreateDIBPatternBrush CreateSolidBrush SetBrushOrgEx SetTextColor StretchDIBits SetStretchBltMode |
ADVAPI32.dll |
RegDeleteValueA
OpenProcessToken LookupPrivilegeValueA AdjustTokenPrivileges RegCreateKeyExA RegCreateKeyA RegCloseKey RegOpenKeyA RegSetValueExA RegQueryValueA RegOpenKeyExA RegQueryValueExA |
SHELL32.dll |
SHBrowseForFolderA
SHGetSpecialFolderLocation SHGetPathFromIDListA SHGetMalloc ShellExecuteA |
ole32.dll |
OleInitialize
CoCreateInstance CoGetMalloc OleUninitialize |
VERSION.dll |
GetFileVersionInfoSizeA
GetFileVersionInfoA VerQueryValueA VerFindFileA |
COMCTL32.dll |
#17
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 2.0.0.45 |
ProductVersion | 2.0.0.45 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
FileVersion (#2) | 2,0,0,45 |
ProductName | SHARP Launcher Install Program |
ProductVersion (#2) | 2,0,0,45 |
Resource LangID | English - United States |
---|
XOR Key | 0x7364b7da |
---|---|
Unmarked objects | 0 |
12 (7291) | 2 |
C++ objects (8047) | 6 |
14 (7299) | 18 |
C objects (8047) | 43 |
C objects (VC++ 6.0 SP5 build 8804) | 15 |
C objects (2190) | 2 |
Imports (2179) | 17 |
Total imports | 198 |
49 (9044) | 2 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |