Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2005-Oct-25 21:53:12 |
TLS Callbacks | 1 callback(s) detected. |
Info | Matching compiler(s): |
Borland C++ DLL
Borland C++ for Win32 1999 |
Suspicious | PEiD Signature: | UPX -> www.upx.sourceforge.net |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
404568 bytes of data starting at offset 0xa5a8.
The overlay data has an entropy of 7.99609 and is possibly compressed or encrypted. Overlay data amounts for 90.5122% of the executable. |
Malicious | VirusTotal score: 15/69 (Scanned on 2019-10-23 07:49:31) |
MicroWorld-eScan:
Gen:Trojan.Heur.GM.0040440C20
Cylance: Unsafe Cybereason: malicious.f7f7c7 APEX: Malicious BitDefender: Gen:Trojan.Heur.GM.0040440C20 Endgame: malicious (high confidence) Emsisoft: Gen:Trojan.Heur.GM.0040440C20 (B) Invincea: heuristic Trapmine: suspicious.low.ml.score FireEye: Generic.mg.4c135bdf7f7c7ebf MAX: malware (ai score=80) Arcabit: Trojan.Heur.GM.0040440C20 GData: Gen:Trojan.Heur.GM.0040440C20 Ad-Aware: Gen:Trojan.Heur.GM.0040440C20 Qihoo-360: QVM41.1.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x6b |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0x1 |
e_ss | 0 |
e_sp | 0 |
e_csum | 0 |
e_ip | 0x1e |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x70 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 3 |
TimeDateStamp | 2005-Oct-25 21:53:12 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 1.0 |
SizeOfCode | 0x7cae |
SizeOfInitializedData | 0x2da4 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000014C8 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x9000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 1.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xd000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x2000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.DLL |
GetStringTypeW
GetFileType SetHandleCount GetVersionExA GetLastError SetFilePointer VirtualFree VirtualAlloc LoadLibraryA GlobalMemoryStatus SetConsoleCtrlHandler CloseHandle CreateFileA GetModuleHandleA GetLocalTime RtlUnwind RaiseException WriteFile GetStdHandle GetModuleFileNameA GetCurrentThreadId HeapAlloc GetVersion GetCPInfo GetACP GetOEMCP UnhandledExceptionFilter GetStartupInfoA GetCommandLineA GetEnvironmentStrings GetProcAddress TlsSetValue TlsGetValue TlsFree TlsAlloc ExitProcess HeapFree GetProcessHeap |
---|---|
USER32.DLL |
EnumThreadWindows
MessageBoxA wsprintfA |
Ordinal | 1 |
---|---|
Address | 0x1521 |
Ordinal | 2 |
---|---|
Address | 0x9124 |
StartAddressOfRawData | 0x40c000 |
---|---|
EndAddressOfRawData | 0x40c09c |
AddressOfIndex | 0x409117 |
AddressOfCallbacks | 0x408bb0 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
0x00401618
|