Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Jun-04 17:02:52 |
Detected languages |
English - United States
|
Debug artifacts |
C:\Users\admin\Desktop\Новая папка\Release\ConsoleApplication9.pdb
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 5/71 (Scanned on 2019-06-05 22:03:46) |
Kaspersky:
UDS:DangerousObject.Multi.Generic
Rising: Spyware.Quasar!8.1BB5/N3#81% (RDM+:cmRtazqG1M8c4epuKsvfKTstgnKd) ZoneAlarm: UDS:DangerousObject.Multi.Generic Panda: Trj/Genetic.gen Qihoo-360: HEUR/QVM20.1.AB6D.Malware.Gen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2019-Jun-04 17:02:52 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x1a800 |
SizeOfInitializedData | 0x6c600 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000056A5 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1c000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x8d000 |
SizeOfHeaders | 0x400 |
Checksum | 0x957d3 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
MultiByteToWideChar
ExitProcess RaiseException GetLastError InitializeCriticalSectionEx DeleteCriticalSection DecodePointer HeapAlloc HeapFree HeapReAlloc HeapSize GetProcessHeap LoadLibraryA GetModuleFileNameA GetShortPathNameA lstrcpyA lstrcatA GetEnvironmentVariableA GetProcAddress CreateFileW SetStdHandle CloseHandle FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineW GetCommandLineA GetOEMCP GetACP IsValidCodePage FindNextFileW FindFirstFileExW FindClose ReadConsoleW ReadFile WideCharToMultiByte EncodePointer EnterCriticalSection LeaveCriticalSection SetLastError InitializeCriticalSectionAndSpinCount CreateEventW SwitchToThread TlsAlloc TlsGetValue TlsSetValue TlsFree GetSystemTimeAsFileTime GetModuleHandleW GetCPInfo LCMapStringW GetLocaleInfoW GetStringTypeW UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent IsDebuggerPresent GetStartupInfoW QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId InitializeSListHead OutputDebugStringW RtlUnwind FreeLibrary LoadLibraryExW GetModuleHandleExW GetModuleFileNameW GetStdHandle WriteFile GetFileType GetFileSizeEx SetFilePointerEx IsValidLocale GetUserDefaultLCID EnumSystemLocalesW FlushFileBuffers GetConsoleCP GetConsoleMode WriteConsoleW |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Jun-04 17:02:52 |
Version | 0.0 |
SizeofData | 101 |
AddressOfRawData | 0x29520 |
PointerToRawData | 0x28120 |
Referenced File | C:\Users\admin\Desktop\Новая папка\Release\ConsoleApplication9.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Jun-04 17:02:52 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x29588 |
PointerToRawData | 0x28188 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Jun-04 17:02:52 |
Version | 0.0 |
SizeofData | 920 |
AddressOfRawData | 0x2959c |
PointerToRawData | 0x2819c |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Jun-04 17:02:52 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x429944 |
---|---|
EndAddressOfRawData | 0x42994c |
AddressOfIndex | 0x42c5a0 |
AddressOfCallbacks | 0x41c1d4 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0xa0 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x42b06c |
SEHandlerTable | 0x4294c0 |
SEHandlerCount | 24 |
XOR Key | 0x7365c67a |
---|---|
Unmarked objects | 0 |
ASM objects (26213) | 13 |
C++ objects (26213) | 168 |
C objects (26213) | 22 |
ASM objects (VS 2015/2017 runtime 26706) | 22 |
C++ objects (VS 2015/2017 runtime 26706) | 63 |
C objects (VS 2015/2017 runtime 26706) | 33 |
Imports (26213) | 13 |
Total imports | 125 |
265 (VS2017 v15.9.5-6 compiler 27026) | 12 |
Resource objects (VS2017 v15.9.5-6 compiler 27026) | 1 |
151 | 1 |
Linker (VS2017 v15.9.5-6 compiler 27026) | 1 |