Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2008-Mar-31 07:17:00 |
Detected languages |
Polish - Poland
|
Debug artifacts |
e:\Projects\Dev\test\release\test.pdb
|
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ 8.0 MSVC++ v.8 (procedure 1 recognized - h) |
Suspicious | The PE is possibly packed. |
Unusual section name found: foobar1
Unusual section name found: foobar2 Unusual section name found: foobar3 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE's digital signature is invalid. |
Signer: SysTApplSecur rulz OK!
Issuer: SystApplSecur rulz OK! The file was modified after it was signed. |
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 7 |
TimeDateStamp | 2008-Mar-31 07:17:00 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 8.0 |
SizeOfCode | 0x7000 |
SizeOfInitializedData | 0x8000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001000 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x8000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x10000 |
SizeOfHeaders | 0x1000 |
Checksum | 0x133f1 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
USER32.dll |
MessageBoxW
|
---|---|
KERNEL32.dll |
HeapCreate
HeapFree GetVersionExA HeapAlloc GetProcessHeap TerminateProcess GetCurrentProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent GetProcAddress GetModuleHandleA ExitProcess WriteFile GetStdHandle GetModuleFileNameA GetModuleFileNameW FreeEnvironmentStringsA MultiByteToWideChar GetEnvironmentStrings FreeEnvironmentStringsW GetLastError GetEnvironmentStringsW GetCommandLineA GetCommandLineW SetHandleCount GetFileType GetStartupInfoA DeleteCriticalSection TlsGetValue TlsAlloc TlsSetValue TlsFree InterlockedIncrement SetLastError GetCurrentThreadId InterlockedDecrement HeapDestroy VirtualFree QueryPerformanceCounter GetTickCount GetCurrentProcessId GetSystemTimeAsFileTime LeaveCriticalSection EnterCriticalSection LoadLibraryA InitializeCriticalSection Sleep GetCPInfo GetACP GetOEMCP IsValidCodePage VirtualAlloc HeapReAlloc RtlUnwind HeapSize GetLocaleInfoA WideCharToMultiByte GetStringTypeA GetStringTypeW LCMapStringA LCMapStringW |
Characteristics |
0
|
---|---|
TimeDateStamp | 2008-Mar-31 07:17:00 |
Version | 0.0 |
SizeofData | 62 |
AddressOfRawData | 0x9330 |
PointerToRawData | 0x9330 |
Referenced File | e:\Projects\Dev\test\release\test.pdb |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x40a004 |
SEHandlerTable | 0x409370 |
SEHandlerCount | 3 |
XOR Key | 0xa2024b75 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2012 build 50727 / VS2005 build 50727) | 16 |
C++ objects (VS2012 build 50727 / VS2005 build 50727) | 25 |
C objects (VS2012 build 50727 / VS2005 build 50727) | 74 |
Imports (VS2003 (.NET) build 4035) | 5 |
Total imports | 78 |
114 (VS2012 build 50727 / VS2005 build 50727) | 1 |
Resource objects (VS2012 build 50727 / VS2005 build 50727) | 1 |
Linker (VS2012 build 50727 / VS2005 build 50727) | 1 |