Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2021-Jul-24 22:19:26 |
Detected languages |
English - United States
|
Comments | Spaebook Ryddelige Spasticitets |
CompanyName | Tarerende |
InternalName | Neologisms latterliggrelserne.exe |
OriginalFilename | Neologisms latterliggrelserne.exe |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Suspicious | The PE is an NSIS installer | Unusual section name found: .ndata |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
84748 bytes of data starting at offset 0x1da00.
The overlay data has an entropy of 7.99782 and is possibly compressed or encrypted. |
Malicious | VirusTotal score: 11/70 (Scanned on 2022-09-22 03:29:53) |
McAfee:
Artemis!7FCD8DAC3C61
Elastic: malicious (high confidence) Paloalto: generic.ml Avast: FileRepMalware [Misc] McAfee-GW-Edition: BehavesLike.Win32.Dropper.dh Ikarus: Win32.Outbreak Microsoft: Trojan:Win32/Wacatac.B!ml Google: Detected Malwarebytes: MachineLearning/Anomalous.97% Fortinet: NSIS/Injector.AOW!tr AVG: FileRepMalware [Misc] |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2021-Jul-24 22:19:26 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x6600 |
SizeOfInitializedData | 0x22a00 |
SizeOfUninitializedData | 0x800 |
AddressOfEntryPoint | 0x000035D8 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x8000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 6.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x7f000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
RegCreateKeyExW
RegEnumKeyW RegQueryValueExW RegSetValueExW RegCloseKey RegDeleteValueW RegDeleteKeyW AdjustTokenPrivileges LookupPrivilegeValueW OpenProcessToken SetFileSecurityW RegOpenKeyExW RegEnumValueW |
---|---|
SHELL32.dll |
SHGetSpecialFolderLocation
SHFileOperationW SHBrowseForFolderW SHGetPathFromIDListW ShellExecuteExW SHGetFileInfoW |
ole32.dll |
OleInitialize
OleUninitialize CoCreateInstance IIDFromString CoTaskMemFree |
COMCTL32.dll |
#17
ImageList_Create ImageList_Destroy ImageList_AddMasked |
USER32.dll |
GetClientRect
EndPaint DrawTextW IsWindowEnabled DispatchMessageW wsprintfA CharNextA CharPrevW MessageBoxIndirectW GetDlgItemTextW SetDlgItemTextW GetSystemMetrics FillRect AppendMenuW TrackPopupMenu OpenClipboard SetClipboardData CloseClipboard IsWindowVisible CallWindowProcW GetMessagePos CheckDlgButton LoadCursorW SetCursor GetWindowLongW GetSysColor SetWindowPos PeekMessageW SetClassLongW GetSystemMenu EnableMenuItem GetWindowRect ScreenToClient EndDialog RegisterClassW SystemParametersInfoW CreateWindowExW GetClassInfoW DialogBoxParamW CharNextW ExitWindowsEx DestroyWindow CreateDialogParamW SetTimer SetWindowTextW PostQuitMessage SetForegroundWindow ShowWindow wsprintfW SendMessageTimeoutW FindWindowExW IsWindow GetDlgItem SetWindowLongW LoadImageW GetDC ReleaseDC EnableWindow InvalidateRect SendMessageW DefWindowProcW BeginPaint EmptyClipboard CreatePopupMenu |
GDI32.dll |
SetBkMode
SetBkColor GetDeviceCaps CreateFontIndirectW CreateBrushIndirect DeleteObject SetTextColor SelectObject |
KERNEL32.dll |
GetExitCodeProcess
WaitForSingleObject GetModuleHandleA GetProcAddress GetSystemDirectoryW lstrcatW Sleep lstrcpyA WriteFile GetTempFileNameW lstrcmpiA RemoveDirectoryW CreateProcessW CreateDirectoryW GetLastError CreateThread GlobalLock GlobalUnlock GetDiskFreeSpaceW WideCharToMultiByte lstrcpynW lstrlenW SetErrorMode GetVersion GetCommandLineW GetTempPathW GetWindowsDirectoryW SetEnvironmentVariableW ExitProcess CopyFileW GetCurrentProcess GetModuleFileNameW GetFileSize CreateFileW GetTickCount MulDiv SetFileAttributesW GetFileAttributesW SetCurrentDirectoryW MoveFileW GetFullPathNameW GetShortPathNameW SearchPathW CompareFileTime SetFileTime CloseHandle lstrcmpiW lstrcmpW ExpandEnvironmentStringsW GlobalFree GlobalAlloc GetModuleHandleW LoadLibraryExW MoveFileExW FreeLibrary WritePrivateProfileStringW GetPrivateProfileStringW lstrlenA MultiByteToWideChar ReadFile SetFilePointer FindClose FindNextFileW FindFirstFileW DeleteFileW |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0 |
FileVersion | 1.3.0.0 |
ProductVersion | 1.3.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
Comments | Spaebook Ryddelige Spasticitets |
CompanyName | Tarerende |
InternalName | Neologisms latterliggrelserne.exe |
OriginalFilename | Neologisms latterliggrelserne.exe |
Resource LangID | English - United States |
---|
XOR Key | 0xd26650e9 |
---|---|
Unmarked objects | 0 |
C objects (VS2003 (.NET) build 4035) | 2 |
Total imports | 165 |
Imports (VS2003 (.NET) build 4035) | 15 |
48 (9044) | 10 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |