Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-May-03 03:14:06 |
Detected languages |
English - United States
Korean - Korea |
Debug artifacts |
c:\devel\Ark6\bin\bdzsfx.pdb
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | PEiD Signature: |
ACE Archive
HQR data file |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to SHA1
Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
1156300 bytes of data starting at offset 0x4d200.
Overlay data amounts for 78.5421% of the executable. |
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2019-May-03 03:14:06 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x32400 |
SizeOfInitializedData | 0x1aa00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00022463 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x34000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x60000 |
SizeOfHeaders | 0x400 |
Checksum | 0x4db4c |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetTickCount
FileTimeToSystemTime GetCurrentProcessId LoadLibraryW QueryPerformanceCounter WideCharToMultiByte VirtualAlloc VirtualFree DeleteFileW WaitForSingleObject CreateEventW SetEvent ResetEvent lstrcatW GetFileAttributesA GetFileAttributesW lstrlenA lstrcpyW SetFileAttributesW GetFileSize CreateFileW GetCurrentThread SetFileTime GetTimeZoneInformation SystemTimeToTzSpecificLocalTime Sleep GlobalMemoryStatusEx GetDriveTypeW WriteFile SetFilePointer CreateFileA ReadFile FlushFileBuffers GlobalAlloc GlobalLock GlobalUnlock MulDiv GetVersion GetSystemDirectoryW CompareStringA WriteConsoleW CloseHandle WriteConsoleA SetStdHandle GetStringTypeW GetStringTypeA LCMapStringA GetConsoleMode GetConsoleCP GetLocaleInfoA SetEnvironmentVariableW SetEnvironmentVariableA CompareStringW GetSystemTimeAsFileTime GetCommandLineW GetStartupInfoA GetFileType SetHandleCount RtlUnwind LCMapStringW IsValidCodePage GetOEMCP GetACP GetCPInfo InitializeCriticalSectionAndSpinCount GetModuleFileNameA GetStdHandle HeapCreate GetEnvironmentStringsW FreeEnvironmentStringsW TlsFree TlsSetValue TlsAlloc TlsGetValue IsDebuggerPresent SetUnhandledExceptionFilter GetModuleHandleA UnhandledExceptionFilter TerminateProcess GetStartupInfoW CreateThread ExitThread ExitProcess IsProcessorFeaturePresent LoadLibraryA InterlockedCompareExchange GetProcessHeap HeapSize HeapReAlloc CreateProcessW SetCurrentDirectoryW GetUserDefaultLangID GetCurrentThreadId SetLastError FlushInstructionCache GetCurrentProcess DeleteCriticalSection InitializeCriticalSection LoadLibraryExW MultiByteToWideChar EnterCriticalSection RaiseException LeaveCriticalSection lstrcmpiW GetProcAddress GetModuleHandleW FreeLibrary GetLastError InterlockedDecrement InterlockedIncrement GlobalFree lstrcpynW CreateDirectoryW GetModuleFileNameW lstrlenW FindResourceExW FindResourceW LoadResource LockResource GetConsoleOutputCP SizeofResource HeapFree HeapAlloc HeapDestroy |
---|---|
USER32.dll |
TranslateMessage
SendMessageW PeekMessageW UnregisterClassA CharNextW DispatchMessageW RegisterWindowMessageW EndPaint BeginPaint ShowWindow GetForegroundWindow DrawIcon DrawTextW GetSysColor CreateWindowExW DestroyWindow IsDialogMessageW GetCapture CreateDialogIndirectParamW ReleaseDC GetDC OffsetRect CopyRect SystemParametersInfoW MonitorFromRect GetFocus GetSystemMetrics SetFocus InvalidateRect EndDialog KillTimer ScreenToClient MessageBoxW EnableWindow SetTimer GetDlgItem SetDlgItemTextW SetWindowTextW GetWindow MonitorFromWindow GetMonitorInfoW LoadIconW GetClientRect PostMessageW MapWindowPoints GetParent MoveWindow GetWindowRect SetWindowPos GetWindowLongW GetWindowTextW GetWindowTextLengthW SetWindowLongW DialogBoxParamW GetActiveWindow GetMessageW |
GDI32.dll |
GetObjectW
GetStockObject SetBkMode SetTextColor GetDeviceCaps ExtTextOutW SetBkColor GetTextExtentPoint32W GetTextMetricsW BitBlt DeleteDC SelectObject CreateCompatibleDC CreateDIBSection DeleteObject CreateFontIndirectW |
ADVAPI32.dll |
AccessCheck
OpenThreadToken RevertToSelf ImpersonateSelf GetFileSecurityW RegDeleteValueW RegCreateKeyExW RegSetValueExW RegOpenKeyExW RegEnumKeyExW RegQueryInfoKeyW RegCloseKey RegDeleteKeyW AreAllAccessesGranted |
SHELL32.dll |
SHBrowseForFolderW
ShellExecuteW SHGetPathFromIDListW |
ole32.dll |
CoInitialize
CoCreateInstance CoTaskMemAlloc CoTaskMemRealloc CoTaskMemFree CoUninitialize |
OLEAUT32.dll |
#277
|
SHLWAPI.dll |
PathIsDirectoryW
|
bdzsfx |
BDZSFX |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-May-03 03:14:06 |
Version | 0.0 |
SizeofData | 53 |
AddressOfRawData | 0x39568 |
PointerToRawData | 0x37d68 |
Referenced File | c:\devel\Ark6\bin\bdzsfx.pdb |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x43f050 |
SEHandlerTable | 0x43b4c0 |
SEHandlerCount | 88 |
XOR Key | 0x7cc67314 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2008 SP1 build 30729) | 28 |
C objects (VS2008 SP1 build 30729) | 153 |
C++ objects (VS2008 SP1 build 30729) | 63 |
C objects (VS2012 build 50727 / VS2005 build 50727) | 3 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 17 |
Total imports | 254 |
138 (VS2008 SP1 build 30729) | 126 |
Linker (VS2008 build 21022) | 1 |
Resource objects (VS2008 SP1 build 30729) | 1 |