4e9f28a6a3db2b5289231a33d7dc353a

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2016-Feb-29 07:18:28
Detected languages English - United States
Debug artifacts h:\Build\BestCrypt\2016.02.29_BC_9.02.9_BCFNT_v.2.84\Projects\WinExe\Release\BCWipe.pdb
CompanyName Jetico
FileDescription BCWipe command line utility.
FileVersion 3.10.6
InternalName BCWipe.exe
LegalCopyright Copyright © 1997-2015
OriginalFilename BCWipe.exe
ProductName BCWipe.exe
ProductVersion 3.10.6

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ v6.0 DLL
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h)
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • SCHTASK
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • LoadLibraryExA
  • LoadLibraryA
  • GetProcAddress
Functions which can be used for anti-debugging purposes:
  • FindWindowW
Code injection capabilities (PowerLoader):
  • FindWindowW
  • GetWindowLongW
Can access the registry:
  • RegDeleteKeyA
  • RegDeleteKeyW
  • RegOpenKeyExA
  • RegQueryValueExA
  • RegCreateKeyExW
  • RegSetValueExA
  • RegDeleteValueA
  • RegCloseKey
  • RegSetValueExW
  • RegDeleteValueW
  • RegOpenKeyExW
  • RegQueryValueExW
  • RegEnumValueW
  • RegEnumKeyExW
  • RegQueryInfoKeyA
  • RegCreateKeyW
Possibly launches other programs:
  • CreateProcessW
  • ShellExecuteW
Can create temporary files:
  • CreateFileA
  • GetTempPathW
  • CreateFileW
Functions related to the privilege level:
  • AdjustTokenPrivileges
  • OpenProcessToken
  • DuplicateTokenEx
Enumerates local disk drives:
  • GetVolumeInformationW
  • GetDriveTypeW
  • GetLogicalDriveStringsW
Manipulates other processes:
  • OpenProcess
Can take screenshots:
  • FindWindowW
  • GetDC
  • BitBlt
  • CreateCompatibleDC
Can shut the system down or lock the screen:
  • ExitWindowsEx
Malicious The PE's digital signature is invalid. Signer: Jetico Inc. Oy
Issuer: DigiCert SHA2 High Assurance Code Signing CA
The file was modified after it was signed.
Safe VirusTotal score: 0/70 (Scanned on 2019-11-16 17:07:24) All the AVs think this file is safe.

Hashes

MD5 4e9f28a6a3db2b5289231a33d7dc353a
SHA1 9aadd1ade67050a17a5b43014f05652efc41eb1d
SHA256 2056f534e71bf46c7b810bc4470e5eb3207753973b369874505efb99cfea52e1
SHA3 47c8ee05f5bfc49b56737f932fd851a0526c311d2dc13e90b7fbce3da1f03993
SSDeep 12288:JRCyc92N9c+TbLqMotnNqjAJ4eIG9tAdBASokDJE:HCJO6BMotnNqsJ4eIG9VSok2
Imports Hash 64a2fcad6a99473dc13f86f424d00ce2

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2016-Feb-29 07:18:28
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x48400
SizeOfInitializedData 0x61400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000227EB (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x4a000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0xad000
SizeOfHeaders 0x400
Checksum 0xb43d4
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 ccf8c61596bd0ad9b3b55e3e41642e57
SHA1 8f60bc065f5c82e5b0f568671ee89731f64b51ee
SHA256 118eb62fe7cd6664d2d15ac30f8cb79e8eaea6219e781466652ba0f892b50d69
SHA3 62e4e9ab11047197626c70a7061d002312a2e7bf37be212050133bbda3a19ed6
VirtualSize 0x48298
VirtualAddress 0x1000
SizeOfRawData 0x48400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.5937

.rdata

MD5 ec264989d69a9278d28c66e118198c29
SHA1 48390bd39b6bdc8b63218706361828932ce6bae9
SHA256 3abf53dc92fab88bb8aec2452eec616e07aeea592a46fdaf63866e92b1b2eb0f
SHA3 6cbf8bb125f31837409e40a658896fc3c5f6eb22cfeb22a3b333cad1f235dc44
VirtualSize 0xc436
VirtualAddress 0x4a000
SizeOfRawData 0xc600
PointerToRawData 0x48800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.67835

.data

MD5 f0edd85a2ef797ff2e08383803585740
SHA1 d3ff92a5395a6d002b01026b073fd1a91d3bb024
SHA256 f71db8899f9f25c2e173ec9fc4a96e4da65ca52b1d3a5717aa9b4d36a6cd0ab6
SHA3 49ecb94172ffe1d3f4ef112f4be8fdbc3fbd30501891b5102822385bec2eff8b
VirtualSize 0x8204
VirtualAddress 0x57000
SizeOfRawData 0x1a00
PointerToRawData 0x54e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.92565

.rsrc

MD5 94453389dd503221607b35a364c73b9f
SHA1 7aa0e3baba5627044d71bbb56c35233f089df730
SHA256 f1f156651841390111d96de81b9b0bccf8ac12795bc6be77bafd05fd36de543a
SHA3 906308ef7db5e16821d7f9994bc99076835b704923c834dd47e6c0f6324bfad3
VirtualSize 0x48fa8
VirtualAddress 0x60000
SizeOfRawData 0x49000
PointerToRawData 0x56800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.57358

.reloc

MD5 6383bed76dba6723e68610c0aa49f601
SHA1 727d3c649aeb50a94bc0b5cd7845a59f7d0e62cb
SHA256 9f80ed864af55130da9cc10b670bda1060a8f6616c0b17fe35f8cf239cc8e91f
SHA3 0f3e98bf8de5c239e16373d739e25e6c2ef90249b5fcb4e048f4cff22b5602a5
VirtualSize 0x38c0
VirtualAddress 0xa9000
SizeOfRawData 0x3a00
PointerToRawData 0x9f800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.48871

Imports

VERSION.dll GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
KERNEL32.dll SetFilePointer
CreateFileA
ReadFile
SetEndOfFile
VirtualFree
VirtualAlloc
GetFileSize
GetWindowsDirectoryW
IsBadStringPtrW
SetLastError
GetVersionExA
CreateThread
DuplicateHandle
GetCurrentThread
SetErrorMode
FindClose
FindNextFileW
Sleep
GetFullPathNameW
GetExitCodeThread
CreateDirectoryW
GetTempPathW
GetVolumeInformationW
GetLongPathNameW
GetCurrentDirectoryW
GetLocaleInfoA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
DeviceIoControl
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetModuleHandleA
CreateFileW
GetFileAttributesW
FindFirstFileW
CopyFileW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetShortPathNameW
GetFileInformationByHandle
GetLogicalDrives
FormatMessageW
GetFileAttributesExW
RemoveDirectoryW
GetCompressedFileSizeW
GetExitCodeProcess
ResumeThread
CreateProcessW
CreateDirectoryExW
SetFileTime
GetCommandLineW
GetDriveTypeW
GetLogicalDriveStringsW
GetCurrentThreadId
HeapAlloc
HeapFree
WriteFile
InitializeCriticalSection
DeleteCriticalSection
GetComputerNameW
GetDiskFreeSpaceW
GlobalFree
GlobalAlloc
RtlUnwind
GetFileAttributesA
GetSystemTimeAsFileTime
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapSize
HeapCreate
HeapDestroy
FatalAppExitA
GetSystemInfo
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetConsoleCtrlHandler
InterlockedExchange
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
ExpandEnvironmentStringsA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
WideCharToMultiByte
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
WaitForSingleObject
OpenSemaphoreW
FreeLibrary
LoadLibraryExW
LoadLibraryExA
LoadLibraryA
GetModuleFileNameA
GetCurrentProcessId
OpenProcess
CreateSemaphoreW
CreateMutexW
LocalAlloc
CreateNamedPipeW
LocalFree
GetCurrentProcess
FlushFileBuffers
CloseHandle
GetModuleFileNameW
GetVersion
GetLastError
GetProcAddress
GetProcessHeap
HeapReAlloc
USER32.dll GetActiveWindow
SetWindowPos
LoadStringA
GetParent
FindWindowW
PostMessageA
FindWindowExA
LoadStringW
SetDlgItemTextW
GetWindowTextLengthW
LoadImageA
GetDlgItemTextW
GetWindowTextA
GetDlgItem
GetDesktopWindow
MessageBoxW
GetWindowLongW
SetWindowLongW
SetClassLongW
SendMessageA
GetDC
DrawTextW
GetMenuItemInfoW
GetMenuItemID
GetMenuState
ModifyMenuW
SendMessageW
GetWindowTextW
IsWindow
PeekMessageA
TranslateMessage
DispatchMessageW
LoadCursorA
SetCursor
ExitWindowsEx
MessageBoxA
GDI32.dll CreateCompatibleBitmap
BitBlt
ExtTextOutW
DeleteObject
SelectObject
CreateCompatibleDC
COMDLG32.dll CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW
ADVAPI32.dll FreeSid
RegDeleteKeyA
RegDeleteKeyW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
RegDeleteValueA
OpenThreadToken
DuplicateTokenEx
RevertToSelf
ImpersonateNamedPipeClient
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
DecryptFileW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyA
SetThreadToken
RegCreateKeyW
SHELL32.dll SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
#155
SHGetFileInfoW
SHGetFolderLocation
ShellExecuteExW
SHGetSpecialFolderPathA
ShellExecuteW
SHGetDesktopFolder
SHGetMalloc

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.02439
MD5 5f17c95ac6693cf09928b4c037db80b5
SHA1 dd8c4b115699fcf90ea1aa07dc1762af6a43f845
SHA256 f6aff1b336e300ea70d269ae2898303fc844d893f92541eb263df030aa2a567f
SHA3 8e695cf489dc6c6e06ee9ba8c02fa98137441361f60cb21c37a95f6f67b9abfb

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.60407
MD5 54c1deb59d3d2de18bbdc5cad179a8bf
SHA1 7382865fa8a6e9bacf704cbac0d3b8a7139478ac
SHA256 1029b527f29f0eb6356be0d486df42a0526e1dfb3f7aa32a3da41a578e23afd5
SHA3 b29b79c4b59384cc5e05bec5b19b6973003395dbe5fa1f306c80216b1a6ce8dc

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x6c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.43309
MD5 93023cc206d759e2f441a4f65e9a514d
SHA1 99d61af36c882bfd1680d0183ac23fd58b2a4a0f
SHA256 ffd2035214ca9652ddb04fdf1eead242370f45fad5a5f6c626a1f7be05bbb4e7
SHA3 aa75087c020ee419fe738cc92f9cba0e84420674d78014ab018f8f85afd61723

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.85488
MD5 4ea18d34ecfb188913f0593593eb74e3
SHA1 6baf2470b53db138af55fc6d41c16e3078fcb1e1
SHA256 c937b14ef8fb1c9336fc6d8971f545dad0c468f380d431cac3e176dc058be02f
SHA3 cf7be875e9b437a445dd8202e641c8f9e054c6e0f8ae72cc70f015bf385c04e0

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x42028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.49451
MD5 c9b3fde804d30fb9d7b0c19fdd6732c8
SHA1 eb2a1cf7cb8d65c89bed42e417707093df7d7ce2
SHA256 20562426a6cc3596a0b2044f1672efd682b5f5272af01c7d393784aba17c6c5e
SHA3 e504ed526f7f085ff316c8936df33487ba85502a6c6378dce09a6f1fb35faf27

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.15628
MD5 7f72f436f4f95fca915eaf2ac2d02850
SHA1 004b34f199c0310790fd89e11688a8081efe61e2
SHA256 94d340fe73926c1dce81d22ede41230cf191ea45013aa4a1b154c1a43614a5d8
SHA3 4c89a8e3c60921c74cabc9f89be378a294460c5a6537941bcb0f80c14c234509

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.29403
MD5 e1e1ef895d47d3075cc3d382f4774d9d
SHA1 a9042cc6bb88ec4949d3c3e609fa88dacd3342f5
SHA256 4720d5ef317e89b77a8dc9baaadef8d829c441cef13498f839e3b88fd79ceded
SHA3 0f06d186137ea2f4bb6a32d387d186b6c964d537f2a02db9d806e7f77d4b7a59

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.16127
MD5 ce1a82f686d738faedf66befe20ab7d6
SHA1 2fe1c26bfc5e35ed79e0dd65842a08cdfa5db6b7
SHA256 e8345d35af0f63e2fc22271c18f26882495051ec96a3582258ab8f9b7e6b8b6c
SHA3 8bf5dc19a120c36751845b6bede4e68b4ff192c24f6a2f96bcda548c0c33e93d

9

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.12058
MD5 15c220395cb26c6e8e938c1e88e7f4ba
SHA1 bad455e45d72b6d453eeefb8810c368b0c63da3e
SHA256 8ae29b3d0d71591ea6c12a1aa5980ef86618eefeeff25f094ccc72d8f678c78c
SHA3 161f3ae60df22afac1e4ccdc18bd9f9552c3b1ac82a6cf061f0538486e25e2be

7 (#2)

Type RT_STRING
Language English - United States
Codepage UNKNOWN
Size 0x1ac
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.15351
MD5 c77ff83aaecc8587e705f0dd73c179d5
SHA1 587ac46fc6ce73439f94a763cb5e4022fea729b6
SHA256 330e5c7a0f05b01558725e1d9c354bbc6575ff9d6f161aac1bc0a142cd0493b6
SHA3 c34a5103a2a64ea3ce53c862f66b705a82e80cb8f3c7d60952931a98340013ce

101

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x84
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.86371
Detected Filetype Icon file
MD5 465c248d41f45ab5baaf1554d41c0796
SHA1 1a39e3a09c508fdb6f5723dd94b0cbf881b0c208
SHA256 b76123085b10545a8b050af79f596b11c425baf46a12bad1dc5231918879b82c
SHA3 f71fb40094e3247fd29e8a7d8761db6d8e75f31d258a9ad530425997c0176aa6

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x2d4
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.3997
MD5 d4dc0439ccf851aa0a6089329efffe1f
SHA1 e8a4b63e7468c9b087595c29092a73ad1f0e6255
SHA256 4c8de2b4559c81732bdcc880a9b0aa8966ed2a7b24e2d68aa6dc06d24c236a79
SHA3 df8a58d9abfe61ca0f293e4ec56e2fd678493586de1c081405522cabaac183fa

String Table contents

BCWipe command line utility
Help hile is not found in current location.
Do you want to browse it in another folders right now?
Choose drive for free space wiping
Choose help file
HTML Help files (*.chm)

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 3.10.6.0
ProductVersion 3.10.6.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Jetico
FileDescription BCWipe command line utility.
FileVersion (#2) 3.10.6
InternalName BCWipe.exe
LegalCopyright Copyright © 1997-2015
OriginalFilename BCWipe.exe
ProductName BCWipe.exe
ProductVersion (#2) 3.10.6
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2016-Feb-29 07:18:28
Version 0.0
SizeofData 112
AddressOfRawData 0x50dc0
PointerToRawData 0x4f5c0
Referenced File h:\Build\BestCrypt\2016.02.29_BC_9.02.9_BCFNT_v.2.84\Projects\WinExe\Release\BCWipe.pdb

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x457610
SEHandlerTable 0x4514a0
SEHandlerCount 235

RICH Header

XOR Key 0x57937b89
Unmarked objects 0
C++ objects (VS2012 build 50727 / VS2005 build 50727) 1
ASM objects (VS2008 SP1 build 30729) 26
C objects (VS2008 SP1 build 30729) 143
Imports (VS2012 build 50727 / VS2005 build 50727) 15
Total imports 245
C++ objects (VS2008 SP1 build 30729) 88
Linker (VS2008 SP1 build 30729) 1
Resource objects (VS2008 SP1 build 30729) 1

Errors