Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2004-Sep-14 06:41:04 |
Detected languages |
English - United States
|
Info | Matching compiler(s): |
Microsoft Visual C++
Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
911725 bytes of data starting at offset 0xb000.
The overlay data has an entropy of 7.9998 and is possibly compressed or encrypted. Overlay data amounts for 95.2909% of the executable. |
Safe | VirusTotal score: 0/72 (Scanned on 2019-04-04 19:50:44) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2004-Sep-14 06:41:04 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x5000 |
SizeOfInitializedData | 0x13000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000289F (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x6000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x19000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
RtlUnwind
SetFilePointer GetFileSize CreateFileA CloseHandle SetFileTime DosDateTimeToFileTime WriteFile lstrlenA lstrcatA lstrcpyA DeleteFileA WaitForSingleObject CreateProcessA Sleep GetTempPathA GetTickCount GetModuleFileNameA GetEnvironmentStrings GetEnvironmentStringsW GetStringTypeA LCMapStringW GetStringTypeW MultiByteToWideChar LoadLibraryA LCMapStringA GetModuleHandleA GetStartupInfoA GetCommandLineA GetVersion ExitProcess ReadFile HeapAlloc HeapFree TerminateProcess GetCurrentProcess UnhandledExceptionFilter FreeEnvironmentStringsA FreeEnvironmentStringsW WideCharToMultiByte HeapCreate VirtualFree SetHandleCount GetStdHandle GetFileType GetEnvironmentVariableA GetVersionExA HeapDestroy VirtualAlloc HeapReAlloc GetOEMCP GetCPInfo GetACP GetProcAddress |
---|---|
USER32.dll |
GetSystemMetrics
SendMessageA LoadImageA CreateDialogParamA wsprintfA DestroyWindow MessageBoxA |
XOR Key | 0x8a66067d |
---|---|
Unmarked objects | 0 |
C++ objects (8047) | 3 |
14 (7299) | 14 |
C objects (8047) | 27 |
19 (8034) | 5 |
Total imports | 62 |
C++ objects (VC++ 6.0 SP5 build 8804) | 2 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |