Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 1992-Jun-19 22:22:17 |
Detected languages |
English - Australia
|
Info | Matching compiler(s): | Borland Delphi 3 -> Portions Copyright (c) 1983,97 Borland (h) |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE header may have been manually modified. |
The resource timestamps differ from the PE header:
|
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x50 |
e_cp | 0x2 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0xf |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0x1a |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 8 |
TimeDateStamp | 1992-Jun-19 22:22:17 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x32c00 |
SizeOfInitializedData | 0xa200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00033AF0 (Section: CODE) |
BaseOfCode | 0x1000 |
BaseOfData | 0x34000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 1.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x43000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x4e20 |
SizeofStackCommit | 0x4e20 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
kernel32.dll |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpyA LoadLibraryExA GetThreadLocale GetStartupInfoA GetModuleFileNameA GetLocaleInfoA GetLastError GetCommandLineA FreeLibrary ExitProcess WriteFile SetFilePointer SetEndOfFile RtlUnwind ReadFile RaiseException GetStdHandle GetFileSize GetFileType CreateFileA CloseHandle |
---|---|
user32.dll |
GetKeyboardType
LoadStringA MessageBoxA |
advapi32.dll |
RegQueryValueExA
RegOpenKeyExA RegCloseKey |
oleaut32.dll |
VariantChangeTypeEx
VariantCopyInd VariantClear SysStringLen SysFreeString SysReAllocStringLen SysAllocStringLen |
kernel32.dll (#2) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpyA LoadLibraryExA GetThreadLocale GetStartupInfoA GetModuleFileNameA GetLocaleInfoA GetLastError GetCommandLineA FreeLibrary ExitProcess WriteFile SetFilePointer SetEndOfFile RtlUnwind ReadFile RaiseException GetStdHandle GetFileSize GetFileType CreateFileA CloseHandle |
advapi32.dll (#2) |
RegQueryValueExA
RegOpenKeyExA RegCloseKey |
kernel32.dll (#3) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpyA LoadLibraryExA GetThreadLocale GetStartupInfoA GetModuleFileNameA GetLocaleInfoA GetLastError GetCommandLineA FreeLibrary ExitProcess WriteFile SetFilePointer SetEndOfFile RtlUnwind ReadFile RaiseException GetStdHandle GetFileSize GetFileType CreateFileA CloseHandle |
gdi32.dll |
UnrealizeObject
TextOutA StretchBlt StartPage StartDocA SetWindowOrgEx SetViewportOrgEx SetTextColor SetROP2 SetBkMode SetBkColor SetAbortProc SelectPalette SelectObject SaveDC RestoreDC RectVisible RealizePalette MoveToEx IntersectClipRect GetWindowOrgEx GetTextMetricsA GetTextExtentPointA GetSystemPaletteEntries GetStockObject GetObjectA GetDeviceCaps GetDIBits GetCurrentPositionEx GetBitmapBits ExcludeClipRect EnumFontsA EnumFontFamiliesExA EndPage EndDoc DeleteObject DeleteDC CreateSolidBrush CreateRectRgn CreatePenIndirect CreatePalette CreateICA CreateFontIndirectA CreateDIBitmap CreateDCA CreateCompatibleDC CreateCompatibleBitmap CreateBrushIndirect CreateBitmap BitBlt |
user32.dll (#2) |
GetKeyboardType
LoadStringA MessageBoxA |
comctl32.dll |
ImageList_GetDragImage
ImageList_DragShowNolock ImageList_SetDragCursorImage ImageList_DragMove ImageList_DragLeave ImageList_DragEnter ImageList_EndDrag ImageList_BeginDrag ImageList_SetBkColor ImageList_ReplaceIcon ImageList_Destroy ImageList_Create |
winspool.drv |
OpenPrinterA
EnumPrintersA DocumentPropertiesA ClosePrinter |
comdlg32.dll |
PrintDlgA
|
Ctrl+ |
Alt+ |
Unable to insert a line |
Clipboard does not support Icons |
Text exceeds memo capacity |
There is no default printer currently selected |
Bits index out of range |
Menu '%s' is already being used by another form |
BkSp |
Tab |
Esc |
Enter |
Space |
PgUp |
PgDn |
End |
Home |
Left |
Up |
Right |
Down |
Ins |
Del |
Shift+ |
Cannot drag a form |
Warning |
Error |
Information |
Confirm |
&Yes |
&No |
OK |
Cancel |
&Help |
&Abort |
&Retry |
&Ignore |
&All |
N&o to All |
Y&es to All |
Error creating window device context |
Error creating window class |
Cannot focus a disabled or invisible window |
Control '%s' has no parent window |
Cannot hide an MDI Child Form |
Cannot change Visible in OnShow or OnHide |
Menu index out of range |
Menu inserted twice |
Sub-menu is not in menu |
Printer is not currently printing |
Printing in progress |
Printer selected is not valid |
%s on %s |
GroupIndex cannot be less than a previous menu item's GroupIndex |
Cannot create form. No MDI forms are currently active |
A control cannot have itself as its parent |
String list does not allow duplicates |
A component named %s already exists |
''%s'' is not a valid component name |
A class named %s already exists |
Invalid property value |
Invalid property path |
Property does not exist |
Property is read-only |
Error reading %s.%s: %s |
Ancestor for '%s' not found |
Bitmap image is not valid |
Icon image is not valid |
Cannot change the size of an icon |
Out of system resources |
Canvas does not allow drawing |
Invalid ImageList |
Friday |
Saturday |
Cannot assign a %s to a %s |
Cannot create file %s |
Cannot open file %s |
Stream read error |
Stream write error |
Out of memory while expanding memory stream |
Can't write to a read-only resource stream |
Class %s not found |
Invalid stream format |
Resource %s not found |
List index out of bounds (%d) |
List capacity out of bounds (%d) |
List count out of bounds (%d) |
Operation not allowed on sorted string list |
September |
October |
November |
December |
Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
Sunday |
Monday |
Tuesday |
Wednesday |
Thursday |
May |
Jun |
Jul |
Aug |
Sep |
Oct |
Nov |
Dec |
January |
February |
March |
April |
May |
June |
July |
August |
Format result longer than 4096 characters |
Error creating variant array |
Variant is not an array |
Variant array index out of bounds |
External exception %x |
Assertion failed |
Interface not supported |
%s (%s, line %d) |
Abstract Error |
Access violation at address %p in module '%s'. %s of address %p |
Win32 Error. Code: %d. |
%s |
A Win32 API function failed |
Jan |
Feb |
Mar |
Apr |
Floating point underflow |
Invalid pointer operation |
Invalid class typecast |
Access violation at address %p. %s of address %p |
Stack overflow |
Control-C hit |
Privileged instruction |
Exception %s in module %s at %p. |
%s%s |
Application Error |
Format '%s' invalid or incompatible with argument |
No argument for format '%s' |
Invalid variant type conversion |
Invalid variant operation |
Variant method calls not supported |
Read |
Write |
'%s' is not a valid floating point value |
Out of memory |
I/O error %d |
File not found |
Invalid filename |
Too many open files |
File access denied |
Read beyond end of file |
Disk full |
Invalid numeric input |
Division by zero |
Range check error |
Integer overflow |
Invalid floating point operation |
Floating point division by zero |
Floating point overflow |
StartAddressOfRawData | 0x439000 |
---|---|
EndAddressOfRawData | 0x439008 |
AddressOfIndex | 0x4354ac |
AddressOfCallbacks | 0x43a010 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks | (EMPTY) |