Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Jul-16 13:50:11 |
Detected languages |
English - United States
Swedish - Sweden |
CompanyName | Mojang |
FileDescription | Minecraft launcher |
FileVersion | 1.0.1.0 |
InternalName | MinecraftLauncher |
LegalCopyright | Copyright (C) 2016 Mojang |
OriginalFilename | MinecraftLauncher.exe |
ProductName | Minecraft |
ProductVersion | 1.0.1.0 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to SHA1 Microsoft's Cryptography API |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE is possibly a dropper. | Resource 4 detected as a PE Executable. |
Info | The PE is digitally signed. |
Signer: Mojang AB
Issuer: Symantec Class 3 SHA256 Code Signing CA |
Suspicious | VirusTotal score: 2/67 (Scanned on 2019-09-15 23:44:01) |
VBA32:
BScope.Trojan.Swrort
Cylance: Unsafe |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x120 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 7 |
TimeDateStamp | 2019-Jul-16 13:50:11 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0xec800 |
SizeOfInitializedData | 0x127e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000A548E (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0xee000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x219000 |
SizeOfHeaders | 0x400 |
Checksum | 0x223cf4 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
WINHTTP.dll |
WinHttpGetIEProxyConfigForCurrentUser
|
---|---|
COMCTL32.dll |
#17
|
WS2_32.dll |
#17
#57 #11 #10 WSAIoctl #21 #15 #9 #7 #6 #5 #4 #3 #2 #19 #16 #111 #112 #18 #151 #23 #14 #116 #115 #8 |
CRYPT32.dll |
CertGetCertificateChain
CertFreeCertificateChainEngine CertCreateCertificateChainEngine CryptQueryObject CertGetNameStringA CertAddCertificateContextToStore CryptStringToBinaryA CertFreeCertificateContext CertFindCertificateInStore CertEnumCertificatesInStore CertCloseStore CertOpenStore CertFreeCertificateChain |
KERNEL32.dll |
GetConsoleCP
GetDateFormatW GetTimeFormatW IsValidLocale GetUserDefaultLCID EnumSystemLocalesW FlushFileBuffers SetFilePointerEx SetStdHandle GetProcessHeap GetTimeZoneInformation ReadConsoleW FindFirstFileExA GetLastError SetEvent OpenEventW GetCommandLineW GlobalFree LockResource LoadResource SizeofResource FindResourceW CloseHandle CreateMutexA GetExitCodeProcess WaitForSingleObject CreateProcessW GetProcAddress GetCurrentProcess GetModuleFileNameW GetModuleHandleW GetVersionExW GetFileSizeEx DeviceIoControl IsValidCodePage GetTempPathW SetCurrentDirectoryW GetCurrentDirectoryW CreateDirectoryW GetFullPathNameW CreateFileW GetFileAttributesW DeleteFileW FindFirstFileW FindNextFileW MoveFileExW FreeLibrary LoadLibraryExW VirtualAlloc VirtualFree Sleep SleepEx GetTickCount VerSetConditionMask GetSystemDirectoryA GetModuleHandleA LoadLibraryA VerifyVersionInfoA ExpandEnvironmentStringsA SetLastError FormatMessageA CreateFileA ReadFile LoadLibraryW GetVersionExA GetWindowsDirectoryA GetConsoleMode GetACP WriteFile GetStdHandle GetModuleFileNameA ExitProcess HeapReAlloc GetModuleHandleExW ExitThread HeapFree HeapAlloc FileTimeToSystemTime SystemTimeToTzSpecificLocalTime PeekNamedPipe GetFileType GetDriveTypeW RtlUnwind GetOEMCP GetCommandLineA GetEnvironmentStringsW FreeEnvironmentStringsW SetEnvironmentVariableA SetEndOfFile GetFileAttributesExW WriteConsoleW RemoveDirectoryW FindNextFileA HeapSize FindClose WideCharToMultiByte FormatMessageW EncodePointer DecodePointer RaiseException EnterCriticalSection LeaveCriticalSection TryEnterCriticalSection DeleteCriticalSection GetCurrentThreadId QueueUserWorkItem IsProcessorFeaturePresent QueryPerformanceCounter DuplicateHandle WaitForSingleObjectEx GetCurrentThread GetExitCodeThread MultiByteToWideChar InitializeCriticalSectionAndSpinCount CreateEventW TlsAlloc TlsGetValue TlsSetValue TlsFree GetSystemTimeAsFileTime GetCPInfo GetStringTypeW CompareStringW LCMapStringW GetLocaleInfoW ResetEvent UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsDebuggerPresent GetStartupInfoW GetCurrentProcessId InitializeSListHead CreateTimerQueue SignalObjectAndWait SwitchToThread CreateThread SetThreadPriority GetThreadPriority GetLogicalProcessorInformation CreateTimerQueueTimer ChangeTimerQueueTimer DeleteTimerQueueTimer GetNumaHighestNodeNumber GetProcessAffinityMask SetThreadAffinityMask RegisterWaitForSingleObject UnregisterWait GetThreadTimes FreeLibraryAndExitThread VirtualProtect ReleaseSemaphore InterlockedPopEntrySList InterlockedPushEntrySList InterlockedFlushSList QueryDepthSList UnregisterWaitEx |
USER32.dll |
MessageBoxW
LoadIconW SetWindowLongW GetWindowLongW SetWindowTextW GetDlgItem EndDialog CreateDialogParamW ShowWindow DestroyWindow SendMessageW DispatchMessageW TranslateMessage GetMessageW |
SHELL32.dll |
SHGetFolderPathW
CommandLineToArgvW |
ADVAPI32.dll |
CryptGenRandom
RegQueryValueExA RegOpenKeyExA RegEnumKeyExA RegCloseKey CryptDestroyHash CryptHashData CryptCreateHash CryptGetHashParam CryptReleaseContext CryptAcquireContextA RegQueryValueExW RegOpenKeyExW |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.1.0 |
ProductVersion | 1.0.1.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Mojang |
FileDescription | Minecraft launcher |
FileVersion (#2) | 1.0.1.0 |
InternalName | MinecraftLauncher |
LegalCopyright | Copyright (C) 2016 Mojang |
OriginalFilename | MinecraftLauncher.exe |
ProductName | Minecraft |
ProductVersion (#2) | 1.0.1.0 |
Resource LangID | Swedish - Sweden |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Jul-16 13:50:11 |
Version | 0.0 |
SizeofData | 980 |
AddressOfRawData | 0x119d7c |
PointerToRawData | 0x11897c |
StartAddressOfRawData | 0x536000 |
---|---|
EndAddressOfRawData | 0x536008 |
AddressOfIndex | 0x533434 |
AddressOfCallbacks | 0x4ee4a0 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0x5c |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x528168 |
SEHandlerTable | 0x5193b0 |
SEHandlerCount | 627 |
XOR Key | 0x7afc2ea8 |
---|---|
Unmarked objects | 0 |
241 (40116) | 22 |
243 (40116) | 174 |
242 (40116) | 31 |
199 (41118) | 6 |
ASM objects (VS2015 UPD3 build 24123) | 26 |
C++ objects (VS2015 UPD3 build 24123) | 125 |
C objects (VS2015 UPD3 build 24123) | 38 |
C objects (VS2015 UPD3 build 24213) | 111 |
Imports (VS2008 SP1 build 30729) | 17 |
Total imports | 239 |
C++ objects (VS2015 UPD3 build 24213) | 50 |
Resource objects (VS2015 UPD3 build 24210) | 1 |
151 | 1 |
Linker (VS2015 UPD3 build 24213) | 1 |