Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2021-Jan-15 11:19:45 |
TLS Callbacks | 1 callback(s) detected. |
Debug artifacts |
C:\Users\PHoetger\source\repos\runtimelab\samples\HelloWorld\bin\release\net5.0\win-x64\native\HelloWorld.pdb
|
CompanyName | HelloWorld |
FileDescription | HelloWorld |
FileVersion | 1.0.0.0 |
InternalName | HelloWorld.dll |
LegalCopyright | |
OriginalFilename | HelloWorld.dll |
ProductName | HelloWorld |
ProductVersion | 1.0.0 |
Assembly Version | 1.0.0.0 |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to SHA1 |
Suspicious | The PE is possibly packed. | Unusual section name found: .managed |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 3/70 (Scanned on 2021-01-15 11:26:34) |
APEX:
Malicious
Gridinsoft: Trojan.Heur!.02006023 Cynet: Malicious (score: 90) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x118 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 8 |
TimeDateStamp | 2021-Jan-15 11:19:45 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x20fc00 |
SizeOfInitializedData | 0x270c00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000005DE9C (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x486000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
EventSetInformation
EventUnregister RegCloseKey EventActivityIdControl EventRegister EnumerateTraceGuidsEx EventWriteTransfer RegEnumKeyExW RegEnumValueW RegOpenKeyExW RegQueryValueExW EventWrite EventEnabled OpenProcessToken AdjustTokenPrivileges LookupPrivilegeValueW |
---|---|
bcrypt.dll |
BCryptGenRandom
|
KERNEL32.dll |
CreateFileW
SetFilePointerEx GetCPInfoExW SetLastError FormatMessageW GetLastError GetConsoleCP GetConsoleMode GetConsoleOutputCP GetFileType GetStdHandle MultiByteToWideChar ReadFile ReadConsoleW WideCharToMultiByte WriteFile WriteConsoleW LocalFree GetTickCount64 GetCurrentProcessId FileTimeToSystemTime GetSystemTime TzSpecificLocalTimeToSystemTime SystemTimeToFileTime Sleep GetCurrentProcessorNumber GetCurrentProcess GetCurrentThread CreateThreadpoolWork CloseThreadpoolWork SubmitThreadpoolWork CreateThreadpoolTimer SetThreadpoolTimer InitializeCriticalSection InitializeConditionVariable DeleteCriticalSection EnterCriticalSection LeaveCriticalSection WakeConditionVariable CompareStringEx FindNLSStringEx LCIDToLocaleName GetUserPreferredUILanguages FindStringOrdinal GetProcAddress GetCPInfo LocalAlloc RaiseFailFastException WaitForMultipleObjectsEx DuplicateHandle GetThreadPriority SetThreadPriority LocaleNameToLCID LCMapStringEx CompareStringOrdinal GetLocaleInfoEx EnumTimeFormatsEx GetCalendarInfoEx EnumCalendarInfoExEx ResolveLocaleName SleepConditionVariableCS ExpandEnvironmentStringsW FreeLibrary GetSystemDirectoryW LoadLibraryExW GetFileMUIPath OutputDebugStringW QueryUnbiasedInterruptTime GetDynamicTimeZoneInformation GetTimeZoneInformation CloseHandle SetEvent ResetEvent CreateEventExW VerSetConditionMask FlushProcessWriteBuffers GetCurrentThreadId WaitForSingleObjectEx RaiseException GetSystemInfo VirtualQuery AddVectoredExceptionHandler FlsAlloc FlsGetValue FlsSetValue CreateEventW SwitchToThread CreateThread SuspendThread ResumeThread GetThreadContext VirtualAlloc VirtualProtect VirtualFree GetModuleHandleExW QueryPerformanceCounter QueryPerformanceFrequency GetSystemTimeAsFileTime InitializeCriticalSectionEx GetEnvironmentVariableW DebugBreak WaitForSingleObject SleepEx GlobalMemoryStatusEx GetTickCount GetLogicalProcessorInformation GetLogicalProcessorInformationEx GetLargePageMinimum VirtualUnlock GetWriteWatch ResetWriteWatch VirtualAllocExNuma IsProcessInJob QueryInformationJobObject GetNumaHighestNodeNumber GetProcessAffinityMask K32GetProcessMemoryInfo FlushFileBuffers HeapReAlloc HeapSize GetProcessHeap LCMapStringW CompareStringW InitializeCriticalSectionAndSpinCount GetModuleHandleW InitializeSListHead RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind IsDebuggerPresent UnhandledExceptionFilter SetUnhandledExceptionFilter GetStartupInfoW IsProcessorFeaturePresent TerminateProcess RtlUnwindEx RtlPcToFileHeader EncodePointer TlsAlloc TlsGetValue TlsSetValue TlsFree GetModuleFileNameW ExitProcess GetCommandLineA GetCommandLineW HeapAlloc HeapFree FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetACP GetOEMCP GetEnvironmentStringsW FreeEnvironmentStringsW SetEnvironmentVariableW SetStdHandle GetStringTypeW |
ole32.dll |
CoWaitForMultipleHandles
CoUninitialize CoInitializeEx CoTaskMemFree CoGetApartmentType CoCreateGuid CoTaskMemAlloc |
USER32.dll |
LoadStringW
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.0.0 |
ProductVersion | 1.0.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
CompanyName | HelloWorld |
FileDescription | HelloWorld |
FileVersion (#2) | 1.0.0.0 |
InternalName | HelloWorld.dll |
LegalCopyright | |
OriginalFilename | HelloWorld.dll |
ProductName | HelloWorld |
ProductVersion (#2) | 1.0.0 |
Assembly Version | 1.0.0.0 |
Resource LangID | UNKNOWN |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Jan-15 11:19:45 |
Version | 0.0 |
SizeofData | 134 |
AddressOfRawData | 0x3b6d1c |
PointerToRawData | 0x3b4d1c |
Referenced File | C:\Users\PHoetger\source\repos\runtimelab\samples\HelloWorld\bin\release\net5.0\win-x64\native\HelloWorld.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Jan-15 11:19:45 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x3b6da4 |
PointerToRawData | 0x3b4da4 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2021-Jan-15 11:19:45 |
Version | 0.0 |
SizeofData | 1172 |
AddressOfRawData | 0x3b6db8 |
PointerToRawData | 0x3b4db8 |
StartAddressOfRawData | 0x1403b7280 |
---|---|
EndAddressOfRawData | 0x1403b7390 |
AddressOfIndex | 0x140447490 |
AddressOfCallbacks | 0x140212700 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_16BYTES
|
Callbacks |
0x000000014005DEB8
|
Size | 0x138 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140438518 |
XOR Key | 0x1dddfba1 |
---|---|
Unmarked objects | 0 |
C objects (26715) | 21 |
ASM objects (26715) | 17 |
C++ objects (26715) | 139 |
C objects (VS 2015/2017/2019 runtime 29118) | 16 |
ASM objects (VS 2015/2017/2019 runtime 29118) | 9 |
C++ objects (VS 2015/2017/2019 runtime 29118) | 51 |
Imports (26715) | 11 |
Total imports | 203 |
ASM objects (VS2019 Update 8 (16.8.2) compiler 29334) | 13 |
C++ objects (VS2019 Update 8 (16.8.2) compiler 29334) | 65 |
Unmarked objects (#2) | 1 |
Resource objects (29336) | 1 |
Linker (29336) | 1 |