Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2017-Apr-26 07:07:39 |
Detected languages |
English - United States
|
Debug artifacts |
d:\jenkins\workspace\CIS_UM_brunch\Release\x64\cmdapt.pdb
|
CompanyName | COMODO |
FileVersion | 10, 0, 1, 6225 |
FileDescription | COMODO Internet Security |
LegalCopyright | 2005-2017 COMODO. All rights reserved. |
ProductName | COMODO Internet Security |
ProductVersion | 10, 0, 1, 6225 |
Info | Matching compiler(s): |
MASM/TASM - sig2(h)
MASM/TASM - sig1(h) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1 Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Comodo Security Solutions
Issuer: COMODO RSA Code Signing CA |
Safe | VirusTotal score: 0/69 (Scanned on 2019-10-02 17:55:20) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x138 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2017-Apr-26 07:07:39 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0xb3c00 |
SizeOfInitializedData | 0x6ae00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000068FA0 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.2 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x123000 |
SizeOfHeaders | 0x400 |
Checksum | 0x124b07 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetSystemInfo
GetSystemWindowsDirectoryW ResetEvent WaitForMultipleObjects CreateWaitableTimerW SetWaitableTimer CreateFileMappingW lstrlenW SetLastError CreateThread DecodePointer OpenEventW GetCommandLineW GetFileAttributesExW MapViewOfFileEx GetProcessTimes GetModuleHandleA CreateToolhelp32Snapshot Process32FirstW Process32NextW WriteConsoleW SetFilePointerEx GetConsoleMode GetConsoleCP FlushFileBuffers SetStdHandle SetEnvironmentVariableA FreeEnvironmentStringsW ReleaseSemaphore GetCurrentThread FileTimeToSystemTime SetFilePointer WriteFile GetComputerNameW GetSystemDirectoryW GetDriveTypeW ReadFile GetTickCount WideCharToMultiByte CreateEventW LockResource GetFileSize Sleep WaitForSingleObject SetEvent DeleteCriticalSection InitializeCriticalSectionAndSpinCount LeaveCriticalSection EnterCriticalSection ExitProcess CreateFileW GetModuleFileNameW lstrcpyW FileTimeToDosDateTime FileTimeToLocalFileTime GetSystemTimeAsFileTime GetCurrentThreadId SetUnhandledExceptionFilter RaiseException GetCurrentProcessId GetPrivateProfileStringW VerifyVersionInfoW VerSetConditionMask FindNextFileW FindFirstFileW FindClose GetFileAttributesW QueryDosDeviceW GetWindowsDirectoryW GetLongPathNameW MultiByteToWideChar FindResourceExW FindResourceW ExpandEnvironmentStringsW GetModuleHandleW LoadLibraryW CloseHandle SizeofResource LoadResource GetLastError GetCurrentProcess OpenProcess GetProcessHeap HeapSize HeapFree HeapReAlloc HeapAlloc HeapDestroy LocalFree GetProcAddress GetEnvironmentStringsW GetOEMCP IsValidCodePage FindFirstFileExW IsDebuggerPresent GetTimeZoneInformation GetTimeFormatW GetDateFormatW GetFileType GetACP GetStdHandle GetCommandLineA VirtualQuery GetModuleHandleExW ExitThread RtlUnwindEx UnregisterWaitEx GetStringTypeW RtlPcToFileHeader EncodePointer TryEnterCriticalSection QueueUserWorkItem IsProcessorFeaturePresent GetCPInfo QueryPerformanceCounter TlsFree DuplicateHandle QueryDepthSList InterlockedFlushSList InterlockedPushEntrySList InterlockedPopEntrySList VirtualProtect VirtualFree VirtualAlloc GetVersionExW LoadLibraryExW FreeLibraryAndExitThread FreeLibrary GetThreadTimes UnregisterWait RegisterWaitForSingleObject SetThreadAffinityMask GetProcessAffinityMask GetNumaHighestNodeNumber DeleteTimerQueueTimer ChangeTimerQueueTimer CreateTimerQueueTimer UnmapViewOfFile GetLogicalDriveStringsW TlsSetValue TlsGetValue TlsAlloc OutputDebugStringW GetPrivateProfileSectionW SystemTimeToTzSpecificLocalTime GetLogicalProcessorInformation GetThreadPriority SetThreadPriority SwitchToThread SignalObjectAndWait CreateTimerQueue InitializeSListHead GetStartupInfoW TerminateProcess UnhandledExceptionFilter RtlVirtualUnwind RtlLookupFunctionEntry RtlCaptureContext LCMapStringW CompareStringW WaitForSingleObjectEx |
---|---|
USER32.dll |
wsprintfW
LoadStringW GetSystemMetrics PostThreadMessageW MessageBoxW |
ADVAPI32.dll |
StartServiceW
StartServiceCtrlDispatcherW SetServiceStatus RegisterServiceCtrlHandlerW DeleteService CreateServiceW ControlService CryptDestroyHash CryptHashData CryptCreateHash CryptGetHashParam CryptReleaseContext CryptAcquireContextW ReportEventW RegisterEventSourceW DeregisterEventSource GetTokenInformation RegDeleteKeyW DuplicateTokenEx GetUserNameW QueryServiceStatus QueryServiceConfigW OpenServiceW OpenSCManagerW CloseServiceHandle ChangeServiceConfigW RegQueryInfoKeyW RegEnumValueW ConvertStringSidToSidW ConvertSidToStringSidW RegQueryValueExW RegOpenKeyExW RegLoadKeyW RegEnumKeyExW RegConnectRegistryW RegCloseKey ImpersonateLoggedOnUser LookupPrivilegeValueW LookupAccountSidW CopySid GetLengthSid IsValidSid AdjustTokenPrivileges OpenProcessToken RevertToSelf |
SHELL32.dll |
#165
CommandLineToArgvW SHGetFolderPathW |
ole32.dll |
CoUninitialize
CoInitializeEx CoInitializeSecurity CoCreateInstance CoInitialize CoTaskMemFree StringFromGUID2 CoSetProxyBlanket CoAddRefServerProcess CoReleaseServerProcess CLSIDFromProgID |
OLEAUT32.dll |
#7
#8 #6 #2 #9 |
SHLWAPI.dll |
PathStripPathW
PathRemoveExtensionW PathRemoveFileSpecW PathFindFileNameW PathAppendW PathAddBackslashW UrlUnescapeW |
USERENV.dll |
UnloadUserProfile
|
dbghelp.dll |
MiniDumpWriteDump
|
CRYPT32.dll |
CertDuplicateCertificateContext
CryptBinaryToStringW CertGetNameStringW CertFreeCertificateContext |
WINTRUST.dll |
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain WinVerifyTrust WTHelperProvDataFromStateData |
msi.dll |
#224
|
WS2_32.dll |
#115
#17 #16 WSAEventSelect #4 #3 #116 #52 WSAAddressToStringW #19 #111 #23 #9 #20 WSAEnumNetworkEvents |
WTSAPI32.dll |
WTSFreeMemory
WTSEnumerateSessionsW WTSQueryUserToken |
VERSION.dll |
VerQueryValueW
GetFileVersionInfoW GetFileVersionInfoSizeW |
WININET.dll |
HttpQueryInfoW
InternetCloseHandle HttpSendRequestW HttpOpenRequestW InternetGetLastResponseInfoW InternetSetOptionW InternetReadFile InternetConnectW InternetQueryOptionW InternetOpenW |
WINMM.dll |
timeGetTime
|
PSAPI.DLL |
GetModuleFileNameExW
EnumProcessModules EnumProcesses |
IPHLPAPI.DLL |
GetAdaptersAddresses
|
cmdaptag |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 10.0.1.6225 |
ProductVersion | 10.0.1.6225 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | COMODO |
FileVersion (#2) | 10, 0, 1, 6225 |
FileDescription | COMODO Internet Security |
LegalCopyright | 2005-2017 COMODO. All rights reserved. |
ProductName | COMODO Internet Security |
ProductVersion (#2) | 10, 0, 1, 6225 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-Apr-26 07:07:39 |
Version | 0.0 |
SizeofData | 82 |
AddressOfRawData | 0xed9cc |
PointerToRawData | 0xec9cc |
Referenced File | d:\jenkins\workspace\CIS_UM_brunch\Release\x64\cmdapt.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-Apr-26 07:07:39 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0xeda20 |
PointerToRawData | 0xeca20 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-Apr-26 07:07:39 |
Version | 0.0 |
SizeofData | 928 |
AddressOfRawData | 0xeda34 |
PointerToRawData | 0xeca34 |
Size | 0x94 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x14010f200 |
XOR Key | 0xf94f4802 |
---|---|
Unmarked objects | 0 |
241 (40116) | 11 |
243 (40116) | 156 |
242 (40116) | 27 |
ASM objects (VS2015 UPD3 build 24123) | 8 |
C++ objects (VS2015 UPD3 build 24123) | 122 |
C objects (VS2015 UPD3 build 24123) | 43 |
C++ objects (23013) | 2 |
C objects (VS2008 SP1 build 30729) | 3 |
135 (VS2008 SP1 build 30729) | 3 |
Imports (VS2008 SP1 build 30729) | 43 |
Total imports | 406 |
ASM objects (VS2015 UPD3 build 24210) | 1 |
C objects (VS2015 UPD3 build 24213) | 1 |
C++ objects (VS2015 UPD3 build 24213) | 62 |
Resource objects (VS2015 UPD3 build 24210) | 1 |
151 | 1 |
Linker (VS2015 UPD3 build 24213) | 1 |