Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2014-Aug-23 09:24:50 |
Detected languages |
English - United States
|
Suspicious | Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
|
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 3/65 (Scanned on 2018-05-23 15:15:29) |
K7GW:
Riskware ( 0040eff71 )
K7AntiVirus: Riskware ( 0040eff71 ) ClamAV: Win.Trojan.Agent-6326965-0 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 5 |
TimeDateStamp | 2014-Aug-23 09:24:50 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32+ |
---|---|
LinkerVersion | 12.0 |
SizeOfCode | 0x45400 |
SizeOfInitializedData | 0x6ec00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000023944 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xb6000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x4e20 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
SHLWAPI.dll |
SHStrDupW
|
---|---|
COMDLG32.dll |
GetOpenFileNameW
GetSaveFileNameW |
ADVAPI32.dll |
RegQueryValueExW
RegSetValueExW RegOpenKeyExW RegDeleteValueW CryptAcquireContextW CryptReleaseContext CryptDestroyKey CryptCreateHash CryptHashData CryptDestroyHash CryptVerifySignatureW RegCloseKey RegCreateKeyExW |
COMCTL32.dll |
InitCommonControlsEx
|
WININET.dll |
InternetCloseHandle
InternetOpenUrlW InternetReadFileExW InternetSetStatusCallbackW HttpQueryInfoW InternetOpenW |
CRYPT32.dll |
CryptImportPublicKeyInfo
CertFreeCertificateContext CertCreateCertificateContext |
KERNEL32.dll |
GlobalSize
GlobalLock GlobalUnlock GlobalFree GetTempFileNameW GetTempPathW Sleep LoadResource LockResource SizeofResource FindResourceW FreeLibrary LoadLibraryW LoadLibraryExW LCMapStringW CompareStringW EnumSystemLocalesW GetUserDefaultLCID IsValidLocale GetLocaleInfoW FlushFileBuffers SetStdHandle MoveFileExW GetConsoleCP SetFilePointerEx GetProcAddress TlsFree TlsSetValue TlsGetValue TlsAlloc TerminateProcess GetCurrentProcess InitializeCriticalSectionAndSpinCount SetUnhandledExceptionFilter GlobalReAlloc RtlVirtualUnwind RtlCaptureContext FreeEnvironmentStringsW GetEnvironmentStringsW GetSystemTimeAsFileTime GetCurrentProcessId QueryPerformanceCounter GetModuleFileNameA GetStartupInfoW DeleteCriticalSection GetFileType ReadConsoleW GetConsoleMode ReadFile GetStdHandle GetProcessHeap HeapSize GetModuleHandleExW ExitProcess GetStringTypeW GetCPInfo GetOEMCP GetACP IsValidCodePage GetCurrentThreadId SetLastError AreFileApisANSI IsProcessorFeaturePresent IsDebuggerPresent LeaveCriticalSection EnterCriticalSection GetCommandLineA HeapAlloc HeapFree DecodePointer EncodePointer RtlPcToFileHeader RtlUnwindEx RtlLookupFunctionEntry MultiByteToWideChar GlobalAlloc RaiseException GetFileAttributesW GetEnvironmentVariableW MulDiv UnhandledExceptionFilter WideCharToMultiByte GetModuleHandleW GetModuleFileNameW GetVersionExW GetLastError CloseHandle WriteFile DeleteFileW CreateFileW HeapReAlloc OutputDebugStringW WriteConsoleW GetFileAttributesExW SetEndOfFile SetEnvironmentVariableA LoadLibraryExA |
USER32.dll |
EndDialog
DialogBoxParamW CreateDialogParamW CreateWindowExW KillTimer SetTimer SetMenuDefaultItem CheckMenuItem IsClipboardFormatAvailable EmptyClipboard RegisterClipboardFormatW SetClipboardData GetGUIThreadInfo CallNextHookEx GetWindowThreadProcessId GetClassNameA GetClipboardOwner CloseClipboard OpenClipboard LoadBitmapW GetMenuItemInfoW TrackPopupMenu ModifyMenuW GetMenuItemCount GetMenuItemID GetSubMenu DestroyMenu GetMenuState GetMenuStringW LoadMenuW GetSystemMetrics IsDialogMessageW LoadIconW UnhookWindowsHookEx SetWindowsHookExW FindWindowW GetCursorPos MessageBeep MessageBoxA SetForegroundWindow UpdateWindow GetMenuDefaultItem BringWindowToTop IsWindow RegisterClassExW PostQuitMessage PostMessageW DispatchMessageW TranslateMessage GetMessageW RegisterWindowMessageW GetSysColor SetCursor SetFocus AppendMenuW GetSystemMenu EnableWindow GetFocus GetDlgCtrlID DestroyWindow LoadStringW GetDesktopWindow IntersectRect ScreenToClient GetWindowRect SetWindowTextW IsWindowVisible SetWindowPos ShowWindow MessageBoxW DestroyIcon SetWindowLongPtrW GetWindowLongPtrW GetWindowLongW InflateRect DrawFocusRect GetClientRect GetWindowTextW InvalidateRect DrawStateW CallWindowProcW DefWindowProcW DrawFrameControl LoadImageW DestroyCursor GetWindow GetTopWindow ReleaseDC GetDC SendDlgItemMessageW GetDlgItem SendMessageW GetForegroundWindow IsWindowUnicode MapVirtualKeyA SendInput keybd_event ToAsciiEx GetKeyboardState LoadKeyboardLayoutA ActivateKeyboardLayout GetKeyboardLayout GetMessageExtraInfo PostMessageA GetKeyState GetClipboardData |
GDI32.dll |
GetObjectW
BitBlt CreateCompatibleDC DeleteDC GetDeviceCaps SetBkMode DeleteObject CreateFontIndirectW CreateSolidBrush SetBkColor ExtTextOutW GetTextExtentPoint32W Rectangle SelectObject SetTextColor EnumFontFamiliesExW GetStockObject |
SHELL32.dll |
Shell_NotifyIconW
SetCurrentProcessExplicitAppUserModelID ShellExecuteW |
ole32.dll |
PropVariantClear
CoCreateInstance CoInitialize |
IMM32.dll |
ImmCreateContext
ImmReleaseContext ImmAssociateContext ImmSetCompositionStringW ImmSetOpenStatus ImmGetContext |
api-ms-win-core-winrt-l1-1-0.dll (delay-loaded) |
RoGetActivationFactory
|
Attributes | 0x1 |
---|---|
Name | api-ms-win-core-winrt-l1-1-0.dll |
ModuleHandle | 0x9a0c0 |
DelayImportAddressTable | 0x6cf28 |
DelayImportNameTable | 0x5edf0 |
BoundDelayImportTable | 0x5ee68 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
UniKey 4.1 |
&About UniKey... |
Size | 0x70 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x1400681e0 |
XOR Key | 0x839b0680 |
---|---|
Unmarked objects | 0 |
199 (41118) | 1 |
C objects (20806) | 235 |
ASM objects (20806) | 13 |
229 (VS2013 build 21005) | 1 |
209 (65501) | 1 |
C objects (65501) | 2 |
Imports (65501) | 25 |
Total imports | 270 |
C++ objects (20806) | 82 |
C++ objects (VS2013 build 21005) | 41 |
Resource objects (VS2013 build 21005) | 1 |
151 | 1 |
Linker (VS2013 build 21005) | 1 |