Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2023-Apr-20 03:57:03 |
Detected languages |
English - United States
|
TLS Callbacks | 2 callback(s) detected. |
Debug artifacts |
D:\a\boiii\boiii\build\bin\x64\Release\boiii.pdb
|
CompanyName | momo5502 |
FileDescription | BOIII |
FileVersion | 0.0.1.1036 |
InternalName | something |
LegalCopyright | Copyright (C) 2022 momo5502. All rights reserved. |
OriginalFilename | boiii.exe |
ProductName | BOIII |
ProductVersion | 0.0.1 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains another PE executable:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES Uses known Mersenne Twister constants Microsoft's Cryptography API |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE is possibly a dropper. |
Resource 1 is possibly compressed or encrypted.
Resource 305 is possibly compressed or encrypted. Resource 308 detected as a PE Executable. |
Suspicious | VirusTotal score: 1/71 (Scanned on 2023-05-28 23:24:51) | Cynet: Malicious (score: 100) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x118 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2023-Apr-20 03:57:03 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x130000 |
SizeOfInitializedData | 0x171a00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00000000000F0AE4 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x2a6000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
CRYPT32.dll |
CertCloseStore
CertEnumCertificatesInStore CryptStringToBinaryA CertFreeCertificateContext PFXImportCertStore CryptDecodeObjectEx CertGetCertificateChain CertFreeCertificateChainEngine CertAddCertificateContextToStore CryptProtectData CertOpenStore CryptQueryObject CertFreeCertificateChain CertGetNameStringA CertFindExtension CertCreateCertificateChainEngine CertFindCertificateInStore |
---|---|
KERNEL32.dll |
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime GetDriveTypeW SetThreadContext GetThreadContext HeapDestroy HeapCreate MoveFileExA FormatMessageW SleepEx GetEnvironmentVariableA VerifyVersionInfoW GetSystemDirectoryA MapViewOfFile CreateFileMappingW CreateMutexExA InitializeCriticalSection OpenProcess AddVectoredExceptionHandler GetProcAddress GetVolumeInformationA LocalFree CreateMutexA GetLastError CloseHandle SetProcessAffinityMask GetProcessAffinityMask MulDiv SetConsoleTitleA AttachConsole AllocConsole GetConsoleWindow GetCurrentThreadId OutputDebugStringA GetCurrentProcess TerminateProcess GetCurrentProcessId CreateThread GetTickCount64 DeleteCriticalSection UnmapViewOfFile InitializeCriticalSectionEx GetTickCount WaitForSingleObject GetCommandLineA ExitProcess VirtualProtect GetModuleHandleA GetVersionExA SetUnhandledExceptionFilter SetEnvironmentVariableA GetCurrentDirectoryA DecodePointer WriteConsoleW SetEndOfFile SetStdHandle GetProcessHeap SetEnvironmentVariableW FreeEnvironmentStringsW GetEnvironmentStringsW GetOEMCP GetACP IsValidCodePage HeapSize ReadConsoleW GetConsoleMode GetConsoleOutputCP SetFilePointerEx GetFileSizeEx HeapReAlloc GetTimeZoneInformation GetFileType EnumSystemLocalesW GetUserDefaultLCID IsValidLocale GetLocaleInfoW LCMapStringW CompareStringW GetTimeFormatW GetDateFormatW HeapFree HeapAlloc GetStdHandle FreeLibraryAndExitThread ExitThread RtlUnwind LoadLibraryExW TlsFree TlsSetValue TlsGetValue TlsAlloc SetLastError InterlockedPushEntrySList RtlUnwindEx GetStartupInfoW UnhandledExceptionFilter RtlVirtualUnwind RtlLookupFunctionEntry RtlCaptureContext InitializeSListHead CreateEventW ReadFile WriteFile PeekNamedPipe CreateFileW WaitNamedPipeW lstrlenW GetModuleFileNameW SizeofResource FindResourceA GetModuleHandleExA LoadLibraryA LockResource LoadResource FreeLibrary CreateProcessA VirtualFree VirtualAlloc GetSystemInfo FlushInstructionCache GetSystemFirmwareTable DeleteFileW MoveFileW VirtualQuery GetCommandLineW Thread32Next Thread32First SuspendThread ResumeThread CreateToolhelp32Snapshot GetThreadId OpenThread SetFilePointer GetTempPathA CreateFileA GetTempFileNameA FlushFileBuffers ReleaseMutex IsDebuggerPresent OutputDebugStringW RaiseException EnterCriticalSection LeaveCriticalSection InitializeSRWLock ReleaseSRWLockExclusive AcquireSRWLockExclusive MultiByteToWideChar WaitForSingleObjectEx Sleep GetExitCodeThread GetNativeSystemInfo QueryPerformanceCounter QueryPerformanceFrequency FormatMessageA GetCurrentDirectoryW CreateDirectoryW FindClose FindFirstFileW FindFirstFileExW FindNextFileW GetFileAttributesExW GetFileInformationByHandle GetFinalPathNameByHandleW GetFullPathNameW SetFileInformationByHandle AreFileApisANSI GetModuleHandleW GetFileInformationByHandleEx WideCharToMultiByte GetLocaleInfoEx InitializeConditionVariable WakeConditionVariable WakeAllConditionVariable SleepConditionVariableSRW IsProcessorFeaturePresent GetModuleHandleExW FlsAlloc FlsGetValue FlsSetValue FlsFree GetSystemTimeAsFileTime EncodePointer LCMapStringEx CompareStringEx GetCPInfo GetStringTypeW InitializeCriticalSectionAndSpinCount SetEvent ResetEvent TryAcquireSRWLockExclusive |
USER32.dll |
GetMessageA
DispatchMessageA MoveWindow GetWindowLongPtrA SetProcessDPIAware SetFocus SetWindowLongPtrA SendMessageA CreateWindowExA MessageBoxA RegisterClassExA GetWindowTextA LoadIconA GetClientRect UnregisterClassA PostQuitMessage UpdateWindow SetWindowRgn SetWindowPos GetWindowRect DefWindowProcA SetWindowTextA DestroyWindow IsWindow ShowCursor DispatchMessageW LoadCursorA RegisterClassA AdjustWindowRect GetDC GetDesktopWindow ReleaseDC SetForegroundWindow TranslateMessage GetWindowTextW PeekMessageW GetSystemMetrics ShowWindow |
GDI32.dll |
CreateFontA
CreateRoundRectRgn CreateBitmap GetDeviceCaps SetTextColor SetBkColor CreateSolidBrush DeleteObject |
ADVAPI32.dll |
CryptAcquireContextW
CryptGenRandom CryptAcquireContextA CryptCreateHash CryptHashData CryptDestroyHash CryptGetHashParam CryptReleaseContext RegCloseKey RegQueryValueExW RegSetValueExW RegOpenKeyExA RegQueryValueExA RegCreateKeyExW GetUserNameA RegCreateKeyExA GetCurrentHwProfileA |
SHELL32.dll |
CommandLineToArgvW
SHGetKnownFolderPath ShellExecuteA |
ole32.dll |
OleUninitialize
CoTaskMemFree OleSetContainedObject CoInitialize CoCreateInstance OleInitialize CoGetClassObject CoUninitialize |
OLEAUT32.dll |
VariantCopy
VariantClear VariantInit SysAllocString |
ntdll.dll |
NtQueryObject
RtlPcToFileHeader VerSetConditionMask |
WS2_32.dll |
getpeername
getsockname freeaddrinfo ntohl gethostbyname connect closesocket send WSASetLastError recv sendto recvfrom __WSAFDIsSet select ioctlsocket socket setsockopt htonl htons bind WSAStartup WSACleanup WSAEnumNetworkEvents getsockopt WSAWaitForMultipleEvents WSAResetEvent WSAEventSelect WSACreateEvent WSACloseEvent WSAGetLastError WSAIoctl listen accept ntohs getaddrinfo |
dwmapi.dll |
DwmSetWindowAttribute
|
dbghelp.dll |
MiniDumpWriteDump
|
bcrypt.dll |
BCryptGenRandom
|
Ordinal | 1 |
---|---|
Address | 0x1a1e94 |
Ordinal | 2 |
---|---|
Address | 0x1a1e90 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 0.0.1.1036 |
ProductVersion | 0.0.1.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | English - United States |
CompanyName | momo5502 |
FileDescription | BOIII |
FileVersion (#2) | 0.0.1.1036 |
InternalName | something |
LegalCopyright | Copyright (C) 2022 momo5502. All rights reserved. |
OriginalFilename | boiii.exe |
ProductName | BOIII |
ProductVersion (#2) | 0.0.1 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Apr-20 03:57:03 |
Version | 0.0 |
SizeofData | 73 |
AddressOfRawData | 0x18d6b4 |
PointerToRawData | 0x18cab4 |
Referenced File | D:\a\boiii\boiii\build\bin\x64\Release\boiii.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Apr-20 03:57:03 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x18d700 |
PointerToRawData | 0x18cb00 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2023-Apr-20 03:57:03 |
Version | 0.0 |
SizeofData | 1124 |
AddressOfRawData | 0x18d714 |
PointerToRawData | 0x18cb14 |
StartAddressOfRawData | 0x14018dba0 |
---|---|
EndAddressOfRawData | 0x14018df7c |
AddressOfIndex | 0x1401c6c14 |
AddressOfCallbacks | 0x140132000 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_16BYTES
|
Callbacks |
0x00000001400EFFE4
0x00000001400F0098 |
Size | 0x140 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x1401a1220 |
XOR Key | 0x7b2eb96b |
---|---|
Unmarked objects | 0 |
ASM objects (30795) | 12 |
C++ objects (30795) | 204 |
253 (31823) | 6 |
C objects (31823) | 18 |
ASM objects (31823) | 12 |
C++ objects (31823) | 106 |
C objects (30795) | 29 |
C objects (CVTCIL) (30795) | 1 |
Imports (30795) | 29 |
Total imports | 381 |
C++ objects (LTCG) (31943) | 538 |
Exports (31943) | 1 |
Resource objects (31943) | 1 |
151 | 1 |
Linker (31943) | 1 |