Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2009-Apr-15 20:41:42 |
Detected languages |
English - United States
|
CompanyName | McAfee, Inc., Foundstone, Inc. |
FileDescription | BinText file string extractor |
FileVersion | 3, 0, 3, 0 |
InternalName | bintext |
LegalCopyright | Copyright © 2009 McAfee, Inc., Foundstone, Inc. |
OriginalFilename | bintext.exe |
ProductName | bintext |
ProductVersion | 3, 0, 3, 0 |
Info | Matching compiler(s): |
Microsoft Visual C++
Microsoft Visual C++ v6.0 |
Suspicious | The PE contains functions most legitimate programs don't use. |
Can take screenshots:
|
Suspicious | VirusTotal score: 1/72 (Scanned on 2023-10-31 14:30:22) | APEX: Malicious |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2009-Apr-15 20:41:42 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 7.0 |
SizeOfCode | 0x3600 |
SizeOfInitializedData | 0x5e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000422D (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x5000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 4.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xc000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
COMCTL32.dll |
ImageList_AddMasked
ImageList_Create InitCommonControlsEx ImageList_Destroy |
---|---|
KERNEL32.dll |
GetStartupInfoA
GetModuleHandleA lstrcpynA lstrlenA CloseHandle LoadLibraryA GlobalUnlock GlobalLock GlobalAlloc ReadFile SetFilePointer CreateFileA GetTickCount WriteFile lstrcmpA SetThreadPriority GetThreadPriority GetCurrentThread FreeLibrary |
USER32.dll |
SetFocus
CreateWindowExA GetSystemMetrics RegisterClassExA LoadCursorA LoadIconA TrackPopupMenu GetSubMenu GetCursorPos PostQuitMessage CreateDialogParamA MessageBoxA OpenClipboard EmptyClipboard GetWindowTextA CloseClipboard SetWindowTextA SetForegroundWindow PostMessageA SetWindowLongA LoadMenuA SendDlgItemMessageA GetClientRect GetMenu AdjustWindowRect GetWindowRect DestroyMenu DestroyWindow IsDialogMessageA DefWindowProcA GetDlgItemTextA SetClipboardData ScreenToClient MoveWindow EnableWindow wsprintfA SetDlgItemTextA LoadBitmapA LoadImageA GetDC ReleaseDC BeginPaint EndPaint GetDlgItemInt SetDlgItemInt ShowWindow InvalidateRect SetWindowPos UpdateWindow GetWindowLongA CallWindowProcA HideCaret GetDlgItem SendMessageA PeekMessageA GetMessageA TranslateMessage DispatchMessageA CopyRect |
GDI32.dll |
DeleteDC
StretchBlt RealizePalette SelectPalette SelectObject CreateCompatibleDC CreateHalftonePalette CreatePalette GetDIBColorTable GetObjectA CreateFontIndirectA CreateSolidBrush SetBkColor SetTextColor GetStockObject DeleteObject |
comdlg32.dll |
GetOpenFileNameA
GetSaveFileNameA |
SHELL32.dll |
DragAcceptFiles
DragQueryFileA |
MSVCRT.dll |
__CxxFrameHandler
_strlwr strstr sprintf memmove ??3@YAXPAX@Z ??2@YAPAXI@Z malloc free strchr __dllonexit _onexit _exit _XcptFilter exit __getmainargs _initterm __setusermatherr _adjust_fdiv __p__commode __p__fmode __set_app_type _except_handler3 _controlfp calloc _stricmp _acmdln |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 3.0.3.0 |
ProductVersion | 3.0.3.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | McAfee, Inc., Foundstone, Inc. |
FileDescription | BinText file string extractor |
FileVersion (#2) | 3, 0, 3, 0 |
InternalName | bintext |
LegalCopyright | Copyright © 2009 McAfee, Inc., Foundstone, Inc. |
OriginalFilename | bintext.exe |
ProductName | bintext |
ProductVersion (#2) | 3, 0, 3, 0 |
Resource LangID | English - United States |
---|
XOR Key | 0xf96b8393 |
---|---|
Unmarked objects | 0 |
105 (2067) | 1 |
Linker (8047) | 2 |
14 (7299) | 3 |
C objects (8047) | 11 |
Imports (2067) | 2 |
Imports (2179) | 6 |
Imports (9210) | 5 |
Total imports | 129 |
C++ objects (VS2003 (.NET) SP1 build 6030) | 2 |
94 (VS2003 (.NET) build 3052) | 1 |
Linker (VS2003 (.NET) SP1 build 6030) | 1 |