Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Jun-18 15:30:08 |
Detected languages |
English - United States
|
Debug artifacts |
C:\Users\Usuario\Documents\Proyectos\sher.lock\Debug\LooCipher.pdb
|
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to SHA1 Uses constants related to SHA256 Microsoft's Cryptography API |
Malicious | This program contains valid cryptocurrency addresses. |
Contains a valid Bitcoin address:
|
Suspicious | The PE is possibly packed. | Section .textbss is both writable and executable. |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 9 |
TimeDateStamp | 2019-Jun-18 15:30:08 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x421600 |
SizeOfInitializedData | 0x156a00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x001FB2AC (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1000 |
ImageBase | 0x950000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x771000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetLocalTime
GetShortPathNameA GetLogicalDriveStringsA GetStartupInfoA WritePrivateProfileStringA MultiByteToWideChar IsDebuggerPresent DebugBreak GlobalAlloc GlobalUnlock GlobalLock GetPrivateProfileStringA GetLastError SetLastError QueryPerformanceCounter QueryPerformanceFrequency GetCurrentThread GetThreadTimes ReadConsoleW FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineW GetCommandLineA GetOEMCP IsValidCodePage FindNextFileA FindFirstFileExA SetStdHandle CreateProcessA SetConsoleCtrlHandler WriteConsoleW OutputDebugStringA HeapQueryInformation HeapReAlloc HeapSize ReadFile GetConsoleMode GetConsoleCP FlushFileBuffers GetFileType EnumSystemLocalesW GetUserDefaultLCID IsValidLocale GetTimeFormatW GetDateFormatW CreateProcessW GetExitCodeProcess GetACP WriteFile GetStdHandle ExitProcess ResumeThread ExitThread DeleteFileW MoveFileExW RemoveDirectoryW GetCurrentDirectoryW GetCurrentDirectoryA SetCurrentDirectoryW TerminateThread CreateThread Sleep CreateEventA CreateMutexA ReleaseMutex WaitForSingleObject SetEvent CloseHandle GetTimeZoneInformation GetEnvironmentVariableA SetCurrentDirectoryA SetEnvironmentVariableW SetEnvironmentVariableA GetFullPathNameA GetFullPathNameW GetDriveTypeW GetModuleHandleExW WideCharToMultiByte FormatMessageW CreateDirectoryW CreateFileW FindClose FindFirstFileExW FindNextFileW GetDiskFreeSpaceExW GetFileAttributesExW GetFileInformationByHandle SetEndOfFile SetFileAttributesW SetFilePointerEx SetFileTime GetTempPathW AreFileApisANSI CopyFileW CreateHardLinkW DuplicateHandle WaitForSingleObjectEx GetCurrentProcess GetCurrentThreadId GetExitCodeThread GetNativeSystemInfo EnterCriticalSection LeaveCriticalSection TryEnterCriticalSection DeleteCriticalSection EncodePointer DecodePointer InitializeCriticalSectionAndSpinCount CreateEventW TlsAlloc TlsGetValue TlsSetValue TlsFree GetSystemTimeAsFileTime GetTickCount GetModuleHandleW GetProcAddress CompareStringW LCMapStringW GetLocaleInfoW GetStringTypeW GetCPInfo ResetEvent InitializeSListHead UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent GetStartupInfoW RaiseException GetCurrentProcessId HeapAlloc HeapFree GetProcessHeap VirtualQuery FreeLibrary CreateTimerQueue SignalObjectAndWait SwitchToThread SetThreadPriority GetThreadPriority GetLogicalProcessorInformation CreateTimerQueueTimer ChangeTimerQueueTimer DeleteTimerQueueTimer GetNumaHighestNodeNumber GetProcessAffinityMask SetThreadAffinityMask RegisterWaitForSingleObject UnregisterWait OutputDebugStringW FreeLibraryAndExitThread GetModuleFileNameW GetModuleHandleA LoadLibraryExW GetVersionExW VirtualAlloc VirtualProtect VirtualFree SetProcessAffinityMask ReleaseSemaphore InterlockedPopEntrySList InterlockedPushEntrySList InterlockedFlushSList QueryDepthSList UnregisterWaitEx WaitForMultipleObjectsEx LoadLibraryW RtlUnwind HeapValidate GetSystemInfo GetModuleFileNameA RtlCaptureStackBackTrace |
---|---|
USER32.dll |
PeekMessageA
DispatchMessageA GetMessageA TrackMouseEvent LoadCursorA SetClassLongA GetClassLongA MessageBoxW SetWindowTextA UpdateWindow GetSystemMetrics EnableWindow KillTimer SetTimer EmptyClipboard SetClipboardData CloseClipboard OpenClipboard GetDlgCtrlID CreateWindowExW RegisterClassW PostQuitMessage DefWindowProcW SendMessageA TranslateMessage SystemParametersInfoA EnumDisplaySettingsA ChangeDisplaySettingsA SetWindowLongA GetWindowLongA ShowCursor AdjustWindowRect GetWindowRect GetDC SetForegroundWindow SetWindowPos ShowWindow DestroyWindow CreateWindowExA DefWindowProcA |
GDI32.dll |
SetBkColor
DeleteObject CreateSolidBrush CreateFontA SetDIBitsToDevice SetTextColor |
ADVAPI32.dll |
CryptReleaseContext
CryptAcquireContextA CryptGenRandom |
SHELL32.dll |
SHGetSpecialFolderPathA
|
WININET.dll |
InternetCloseHandle
InternetOpenUrlA InternetReadFile InternetOpenA |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Jun-14 15:47:16 |
Version | 0.0 |
SizeofData | 91 |
AddressOfRawData | 0x6e5ac4 |
PointerToRawData | 0x4f04c4 |
Referenced File | C:\Users\Usuario\Documents\Proyectos\sher.lock\Debug\LooCipher.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Jun-14 15:47:16 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x6e5b20 |
PointerToRawData | 0x4f0520 |
StartAddressOfRawData | 0x1094000 |
---|---|
EndAddressOfRawData | 0x1094208 |
AddressOfIndex | 0x1090384 |
AddressOfCallbacks | 0xf67e2c |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0x68 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x1066254 |
SEHandlerTable | 0 |
SEHandlerCount | 0 |
XOR Key | 0x1c2e1b8f |
---|---|
Unmarked objects | 0 |
ASM objects (24610) | 28 |
C++ objects (24610) | 197 |
C objects (24610) | 26 |
ASM objects (24723) | 23 |
C++ objects (24723) | 132 |
C objects (24723) | 37 |
Imports (24610) | 13 |
Total imports | 227 |
C++ objects (VS2017 v15.2 compiler 25019) | 37 |
Resource objects (VS2017 v15.2 compiler 25019) | 1 |
Linker (VS2017 v15.2 compiler 25019) | 1 |