Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-May-26 19:30:30 |
Detected languages |
German - Germany
German - Liechtenstein |
Company | Nenad Hrg (SoftwareOK.de) |
CompanyName | Nenad Hrg (SoftwareOK.com) |
FileDescription | Q-Dir the alternative Quad File Explorer for Windows |
FileVersion | 7,5,5,0 |
InternalName | Q-Dir |
LegalCopyright | Copyright © Nenad Hrg (SoftwareOK.com) 2006-2019 |
OriginalFilename | Q-Dir.exe |
ProductName | Q-Dir SoftwareOK.com |
ProductVersion | 7,5,5,0 |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Suspicious | The PE is possibly packed. | Unusual section name found: Shared |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE's resources present abnormal characteristics. |
Resource AR is possibly compressed or encrypted.
Resource ARA is possibly compressed or encrypted. Resource BR is possibly compressed or encrypted. Resource CH is possibly compressed or encrypted. Resource CHS is possibly compressed or encrypted. Resource COL is possibly compressed or encrypted. Resource CZ is possibly compressed or encrypted. Resource DA is possibly compressed or encrypted. Resource DE is possibly compressed or encrypted. Resource EE is possibly compressed or encrypted. Resource EN is possibly compressed or encrypted. Resource ES is possibly compressed or encrypted. Resource FI is possibly compressed or encrypted. Resource FR is possibly compressed or encrypted. Resource GR is possibly compressed or encrypted. Resource HELP_DE_EN is possibly compressed or encrypted. Resource HR is possibly compressed or encrypted. Resource HU is possibly compressed or encrypted. Resource IT is possibly compressed or encrypted. Resource JA is possibly compressed or encrypted. Resource KR is possibly compressed or encrypted. Resource MENU_2017 is possibly compressed or encrypted. Resource NL is possibly compressed or encrypted. Resource NO is possibly compressed or encrypted. Resource PL is possibly compressed or encrypted. Resource RO is possibly compressed or encrypted. Resource RU is possibly compressed or encrypted. Resource SK is possibly compressed or encrypted. Resource SLO is possibly compressed or encrypted. Resource SRP is possibly compressed or encrypted. Resource TR is possibly compressed or encrypted. Resource UK is possibly compressed or encrypted. Resource UKR is possibly compressed or encrypted. |
Malicious | VirusTotal score: 3/68 (Scanned on 2021-04-14 07:20:01) |
APEX:
Malicious
Rising: Exploit.Shellcode!8.2A (CLOUD) BitDefenderTheta: Gen:NN.ZexaF.34670.!y0@a0eNKZF |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2019-May-26 19:30:30 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x8e000 |
SizeOfInitializedData | 0x76000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0008DD48 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x8f000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x105000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetTempFileNameW
SetVolumeLabelW CreateFileMappingW MapViewOfFile UnmapViewOfFile HeapDestroy CreateMutexW GetProfileStringW GetLocaleInfoW GetNumberFormatW GetEnvironmentVariableW GetPrivateProfileSectionW WritePrivateProfileSectionW WritePrivateProfileStringW GetPrivateProfileIntW GetFullPathNameW GetDiskFreeSpaceW GetUserDefaultLangID ExitProcess TerminateProcess GetTimeFormatW GetDateFormatW GetUserDefaultLCID EnumDateFormatsW EnumTimeFormatsW Sleep GetShortPathNameW GetPrivateProfileStringW GetLocalTime SizeofResource GetSystemDirectoryW GetFileSize SetFilePointer SetFileTime ReadFile TerminateThread GetLastError GetCurrentProcessId MoveFileW CreateThread MulDiv GetTimeZoneInformation lstrcpynA GetLogicalDrives SetLastError CompareStringW lstrcpyW GetLogicalDriveStringsW GetDriveTypeW GetFileAttributesW lstrcmpiW lstrcatW FindFirstFileW FindNextFileW FindClose CopyFileW CreateDirectoryW GetTempPathW GetModuleFileNameW CreateFileW WideCharToMultiByte WriteFile CloseHandle RemoveDirectoryW SetFileAttributesW DeleteFileW GetModuleHandleW FreeLibrary GetVersionExW GetCurrentProcess FlushInstructionCache MultiByteToWideChar lstrlenA InitializeCriticalSection DeleteCriticalSection lstrcmpW FindResourceW LoadResource LockResource GlobalHandle FreeResource GetCurrentThreadId EnterCriticalSection LeaveCriticalSection OutputDebugStringW GlobalSize GlobalAlloc GlobalLock GlobalUnlock GlobalFree GetWindowsDirectoryW InterlockedDecrement InterlockedIncrement GetProcAddress lstrcpynW lstrlenW LoadLibraryW GetStartupInfoW InterlockedExchange |
---|---|
USER32.dll |
GetMenuItemCount
GetMenuItemInfoW DestroyMenu CharLowerW MessageBoxW GetActiveWindow DialogBoxParamW GetDlgCtrlID PostQuitMessage GetSubMenu ScreenToClient GetSystemMetrics LoadImageW EnableWindow CreateWindowExW DestroyWindow InvalidateRgn InvalidateRect SetCapture SetWindowLongW SetRectEmpty DestroyCursor UpdateWindow GetCapture SetDlgItemTextW PtInRect GetMenuDefaultItem SetScrollPos SendMessageW ReleaseCapture CreateAcceleratorTableW GetDesktopWindow GetClassNameW RedrawWindow IsWindow BeginPaint FillRect EndPaint GetDC ReleaseDC GetFocus IsChild SetFocus GetSysColor GetWindowTextLengthW GetWindowTextW DefWindowProcW RegisterWindowMessageW GetClassInfoExW LoadCursorW RegisterClassExW CreateDialogIndirectParamW LoadMenuW SetCursor GetCursorPos CreateCursor CharNextW OffsetRect DrawTextW DrawFocusRect IsWindowEnabled LoadStringW DialogBoxIndirectParamW SetParent AppendMenuW ClientToScreen SetClassLongW GetKeyState IsWindowVisible CopyRect PostMessageW InflateRect FrameRect TrackPopupMenu CreatePopupMenu GetMessagePos GetDoubleClickTime IsDialogMessageW TranslateAcceleratorW GetWindowDC DrawEdge CloseClipboard SetClipboardData EmptyClipboard CallWindowProcW GetWindowLongW wsprintfW SetWindowTextW GetDlgItem GetParent SetTimer ShowWindow KillTimer RegisterClipboardFormatW EndDialog GetClientRect SetWindowPos GetAsyncKeyState EnumChildWindows FindWindowExW CreateDialogParamW MapWindowPoints SystemParametersInfoW GetWindowRect GetWindow IntersectRect IsRectEmpty OpenClipboard EnableMenuItem CheckMenuItem SetWindowsHookExW UnhookWindowsHookEx MessageBeep SetMenuItemInfoW GetWindowThreadProcessId WindowFromPoint IsMenu CallNextHookEx PeekMessageW GetSysColorBrush ModifyMenuW TrackPopupMenuEx DrawFrameControl LoadBitmapW DrawIconEx SetRect DrawAnimatedRects DestroyIcon ShowCaret RemovePropW GetPropW SetPropW GetMenuItemID GetMessageW SendMessageTimeoutW IsZoomed MapVirtualKeyW keybd_event ScrollWindowEx DrawIcon GetScrollInfo SendMessageA TranslateMessage DispatchMessageW InsertMenuW InsertMenuItemW GetMenuState SetActiveWindow SetWindowPlacement GetMenu MenuItemFromPoint mouse_event GetWindowPlacement GetClipboardData RemoveMenu LoadStringA GetMenuStringW LoadIconW DeleteMenu SetMenu LoadAcceleratorsW SetForegroundWindow EnumWindows CharUpperW SetMenuDefaultItem GetScrollPos MoveWindow SetScrollInfo GetSystemMenu |
GDI32.dll |
CreateEnhMetaFileW
GetBkColor DPtoLP LPtoDP Rectangle SetViewportExtEx SetWindowExtEx SetMapMode GetViewportExtEx GetWindowExtEx OffsetViewportOrgEx SelectClipRgn CloseEnhMetaFile GetEnhMetaFileHeader EndDoc AbortDoc EndPage StartPage ResetDCW StartDocW SetStretchBltMode StretchBlt GetPixel SetDIBitsToDevice CreateDCW GetClipBox SetViewportOrgEx SetBrushOrgEx CreateBitmap CreatePatternBrush PatBlt GetTextExtentPoint32W SaveDC ExtTextOutW RestoreDC ExcludeClipRect OffsetWindowOrgEx SetWindowOrgEx CreatePen MoveToEx LineTo IntersectClipRect SetBkMode CreateFontIndirectW CreateDIBSection GetStockObject GetObjectW DeleteObject CreateCompatibleBitmap CreateCompatibleDC SelectObject BitBlt GetDeviceCaps SetBkColor SetTextColor DeleteDC DeleteEnhMetaFile CreateSolidBrush |
WINSPOOL.DRV |
GetPrinterW
ClosePrinter OpenPrinterW |
comdlg32.dll |
GetOpenFileNameW
GetSaveFileNameW PrintDlgW PageSetupDlgW ChooseColorW |
ADVAPI32.dll |
GetTokenInformation
RegDeleteKeyW GetUserNameW RegOpenKeyExW RegEnumKeyExW RegSetValueExW RegCreateKeyExW RegDeleteValueW RegQueryValueExW RegOpenKeyW AdjustTokenPrivileges LookupPrivilegeValueW OpenProcessToken CryptCreateHash CryptAcquireContextW CryptDestroyHash CryptReleaseContext CryptHashData CryptGetHashParam RegCloseKey |
SHELL32.dll |
SHAppBarMessage
Shell_NotifyIconW #21 DragFinish SHBrowseForFolderW #88 #68 SHGetSettings #25 DragQueryFileW ExtractIconExW #17 #16 SHGetFileInfoW SHFileOperationW DragAcceptFiles #155 #18 SHGetDesktopFolder #4 #2 SHGetSpecialFolderPathW ShellExecuteExW SHGetPathFromIDListW ShellExecuteW SHGetMalloc SHGetSpecialFolderLocation #190 |
ole32.dll |
ReleaseStgMedium
CoCreateInstance CreateStreamOnHGlobal OleInitialize OleUninitialize CLSIDFromProgID CLSIDFromString CoTaskMemFree StringFromCLSID CoTaskMemAlloc OleLockRunning RegisterDragDrop DoDragDrop CoUninitialize CoInitialize OleSetClipboard OleGetClipboard RevokeDragDrop CoSetProxyBlanket |
OLEAUT32.dll |
VariantChangeType
OleCreatePictureIndirect DispCallFunc SafeArrayDestroy VariantInit SafeArrayCreateVector SafeArrayAccessData SafeArrayUnaccessData OleCreateFontIndirect VariantClear SysStringLen LoadRegTypeLib SysAllocString SysAllocStringLen SysFreeString |
MSVCRT.dll |
_controlfp
_onexit __dllonexit __set_app_type __p__fmode __p__commode _adjust_fdiv __setusermatherr _initterm __wgetmainargs _wcmdln exit _XcptFilter _exit localtime ceil rand fread calloc sprintf time _purecall _wcsicmp _wfopen fwrite fclose _except_handler3 clock wcscpy realloc _ftol _wfullpath memmove iswspace iswdigit swprintf vswprintf wcschr free malloc wcscmp _wchdir wcslen wcsrchr _wtoi wcscat ??2@YAPAXI@Z wcsstr ??3@YAXPAX@Z |
COMCTL32.dll |
ImageList_LoadImageW
_TrackMouseEvent ImageList_ReplaceIcon ImageList_Create ImageList_SetBkColor InitCommonControlsEx ImageList_Remove ImageList_Destroy ImageList_GetImageCount ImageList_Draw ImageList_AddMasked #8 ImageList_GetImageInfo CreateStatusWindowW ImageList_GetIcon PropertySheetW DestroyPropertySheetPage CreatePropertySheetPageW |
MSIMG32.dll |
AlphaBlend
|
WINMM.dll |
PlaySoundW
timeGetTime |
SHLWAPI.dll |
PathRelativePathToW
StrCpyW |
Q-Dir |
...... |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 7.5.5.0 |
ProductVersion | 7.5.5.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | German - Germany |
Company | Nenad Hrg (SoftwareOK.de) |
CompanyName | Nenad Hrg (SoftwareOK.com) |
FileDescription | Q-Dir the alternative Quad File Explorer for Windows |
FileVersion (#2) | 7,5,5,0 |
InternalName | Q-Dir |
LegalCopyright | Copyright © Nenad Hrg (SoftwareOK.com) 2006-2019 |
OriginalFilename | Q-Dir.exe |
ProductName | Q-Dir SoftwareOK.com |
ProductVersion (#2) | 7,5,5,0 |
Resource LangID | German - Germany |
---|
StartAddressOfRawData | 0x4a9000 |
---|---|
EndAddressOfRawData | 0x4a900c |
AddressOfIndex | 0x4a79a0 |
AddressOfCallbacks | 0x494330 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks | (EMPTY) |
XOR Key | 0x13cc0422 |
---|---|
Unmarked objects | 0 |
C++ objects (8047) | 1 |
14 (7299) | 7 |
C objects (8047) | 12 |
Linker (8047) | 2 |
C objects (2190) | 14 |
Imports (2179) | 29 |
Total imports | 601 |
C objects (VS98 SP6 build 8804) | 1 |
C++ objects (VS98 SP6 build 8804) | 125 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |