Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Apr-12 17:40:08 |
Detected languages |
English - United States
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2019-Apr-12 17:40:08 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 11.0 |
SizeOfCode | 0xa600 |
SizeOfInitializedData | 0x47e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001000 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0xc000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x56000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetProcAddress
LoadLibraryA CreateFileW CloseHandle LocalFree GetLastError RaiseException IsDebuggerPresent IsProcessorFeaturePresent HeapFree RtlUnwind EncodePointer UnhandledExceptionFilter SetUnhandledExceptionFilter FlsGetValue FlsSetValue GetCurrentProcess TerminateProcess GetStartupInfoW GetModuleHandleW DecodePointer EnterCriticalSection LeaveCriticalSection InitializeCriticalSectionAndSpinCount DeleteCriticalSection HeapAlloc InterlockedIncrement InterlockedDecrement IsValidCodePage GetACP GetOEMCP GetCPInfo SetLastError GetCurrentThreadId ExitProcess GetModuleHandleExW MultiByteToWideChar GetStdHandle WriteFile GetModuleFileNameW Sleep WideCharToMultiByte GetStringTypeW LoadLibraryExW OutputDebugStringW LoadLibraryW LCMapStringEx GetFileType InitOnceExecuteOnce FlushFileBuffers GetConsoleCP GetConsoleMode SetStdHandle SetFilePointerEx WriteConsoleW |
---|---|
OLEAUT32.dll |
#411
|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x40f040 |
SEHandlerTable | 0x40e310 |
SEHandlerCount | 7 |
XOR Key | 0x84de57a0 |
---|---|
Unmarked objects | 0 |
ASM objects (50628) | 16 |
C objects (50628) | 96 |
C++ objects (50628) | 37 |
Total imports | 82 |
185 (30716) | 5 |
211 (VS2012 build 50727 / VS2005 build 50727) | 1 |
Resource objects (VS2012 build 50727 / VS2005 build 50727) | 1 |
Linker (VS2012 build 50727 / VS2005 build 50727) | 1 |