Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2007-Sep-12 15:08:17 |
Info | Matching compiler(s): |
Installer VISE Custom
Microsoft Visual C++ Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | VirusTotal score: 2/66 (Scanned on 2018-05-18 14:00:35) |
Cylance:
Unsafe
Jiangmin: Trojan.Generic.drng |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 3 |
TimeDateStamp | 2007-Sep-12 15:08:17 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x3000 |
SizeOfInitializedData | 0x2000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000101D (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x4000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x6000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
USER32.dll |
MessageBoxA
|
---|---|
KERNEL32.dll |
HeapCreate
GetStringTypeW GetModuleHandleA GetStartupInfoA GetCommandLineA GetVersion ExitProcess TerminateProcess GetCurrentProcess UnhandledExceptionFilter GetModuleFileNameA FreeEnvironmentStringsA FreeEnvironmentStringsW WideCharToMultiByte GetEnvironmentStrings GetEnvironmentStringsW SetHandleCount GetStdHandle GetFileType HeapDestroy VirtualFree HeapFree RtlUnwind WriteFile GetCPInfo GetACP GetOEMCP HeapAlloc VirtualAlloc HeapReAlloc GetProcAddress LoadLibraryA MultiByteToWideChar LCMapStringA LCMapStringW GetStringTypeA |
XOR Key | 0xa158a888 |
---|---|
Unmarked objects | 0 |
C objects (VS98 build 8168) | 22 |
14 (7299) | 9 |
Total imports | 38 |
19 (8034) | 5 |
C++ objects (VS98 build 8168) | 2 |