84073ecf9e76e5e3c9f00729c1ead4df

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2000-Dec-13 13:48:52
Detected languages Japanese - Japan
CompanyName
FileDescription skipscr
FileVersion 1, 0, 0, 0
InternalName skipscr
LegalCopyright Copyright (C) 2000 S.Takenouchi
OriginalFilename skipscr.scr
ProductName スキップカウズスクリーンセーバー
ProductVersion 1, 0, 0, 0

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++
Microsoft Visual C++ v6.0
Microsoft Visual C++ v5.0/v6.0 (MFC)
Info Interesting strings found in the binary: Contains domain names:
  • dbmusic.co.jp
  • http://www.dbmusic.co.jp
  • http://www.dbmusic.co.jp/skipcows/index.htm
  • www.dbmusic.co.jp
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
 Can access the registry:
  • RegQueryValueExA
  • RegSetValueExA
  • RegCloseKey
  • RegOpenKeyExA
  • RegCreateKeyExA
 Possibly launches other programs:
  • ShellExecuteA
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 84073ecf9e76e5e3c9f00729c1ead4df
SHA1 c01639569ad06a267dd7b11af633a23d3fc227ef
SHA256 274ba5c9594d7e74498b536c3eaca2910d22b405b436720c8d97f1518b7a9056
SHA3 b9498ceca6c9b09b05e2b79ff79b6187644a8c450c66f49abba2bf565348ae26
SSDeep 3072:mGYIjCwhuvqHkBUcvRY7kneJyo8jX4qiC7Y:mGYiuvqHkFGYUajX4hC
Imports Hash 9e6c8bb1ec277d587e07a85f98168979

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2000-Dec-13 13:48:52
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x11000
SizeOfInitializedData 0x28000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000A9C4 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x12000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x3a000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 86ede26ae5b48ea3f547dafcda8c2d53
SHA1 d589177330f17cfa1cc1a3787d26205371b9360d
SHA256 cb8018ef77c6269ba5ac781458e9c4030f30b6d494d3b11fec21a1a966edb7ef
SHA3 ea5798e5a6e61cb4642f8fd16412a74dc77be6e567f271a43b21aee85d046df5
VirtualSize 0x10425
VirtualAddress 0x1000
SizeOfRawData 0x11000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.39613

.rdata

MD5 59c9fb3b137d97254d832781a4c977f9
SHA1 b6106e13371e0318e4506bd7fd3cbad6538e1fac
SHA256 a5a9c5ce874845e723d135d7426dba7f71d5289a81a410aac20f0a570c135cd1
SHA3 ad4f1894b1bbdd04c7db82fa755a6e8ec0057a49fdc5f6ac1335124ac26531a5
VirtualSize 0x1b90
VirtualAddress 0x12000
SizeOfRawData 0x2000
PointerToRawData 0x12000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.92873

.data

MD5 749966a4789844e9c20c9947089f75bd
SHA1 8560afaf243aed11dd52994ada280c214c7414f7
SHA256 31c1b3052d01ec731c99bde7b4845db958350deb5e22c78e3a98557f73fcfd90
SHA3 39aad220e4b27b46d46a537ad0de0a05b360063c5c3394a45a8e6edf0ff30aff
VirtualSize 0x4e98
VirtualAddress 0x14000
SizeOfRawData 0x3000
PointerToRawData 0x14000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.57373

.rsrc

MD5 d3c4ea57901c324694f76df4cdc57cd5
SHA1 c1f7bd861b556253eb5030f420d0a44f15dae078
SHA256 c2c031ef95b26d5199c263000eaa2b4525d7fa2b20314dca36b3a13f65b6ce86
SHA3 a8c593807b70b9fa8176f06062e5ec1b216825be635c9df64314a6eaf72b2226
VirtualSize 0x203f8
VirtualAddress 0x19000
SizeOfRawData 0x21000
PointerToRawData 0x17000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.6068

Imports

KERNEL32.dll GetFileSize
SuspendThread
WriteFile
ReadFile
CreateFileA
ExitThread
TerminateThread
ResumeThread
SetFilePointer
SetThreadPriority
CreateThread
FindResourceA
GetModuleHandleA
LoadResource
LockResource
FreeResource
OutputDebugStringA
Sleep
OpenMutexA
CreateMutexA
ReleaseMutex
GetLastError
GetACP
GetCPInfo
GetOEMCP
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadCodePtr
VirtualAlloc
GetStringTypeW
IsBadWritePtr
MultiByteToWideChar
GetStringTypeA
HeapSize
HeapReAlloc
GetProcAddress
HeapCreate
HeapDestroy
VirtualFree
GetEnvironmentVariableA
GetFileType
GetVersionExA
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
HeapFree
GetVersion
HeapAlloc
GetStartupInfoA
RtlUnwind
GetCommandLineA
TerminateProcess
ExitProcess
GetCurrentProcess
LCMapStringA
LCMapStringW
SetStdHandle
FlushFileBuffers
LoadLibraryA
CloseHandle
USER32.dll LoadStringA
wsprintfA
GetDesktopWindow
GetDC
ShowWindow
IsWindow
DefWindowProcA
GetMessageA
IsDialogMessageA
DialogBoxParamA
TranslateMDISysAccel
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetClientRect
PostQuitMessage
GetSystemMetrics
EndDialog
LoadIconA
GetClassInfoExA
CreateWindowExA
SetRect
ShowCursor
GetCursorPos
GetForegroundWindow
MessageBoxA
SetCursor
RegisterClassExA
FindWindowExA
EndPaint
GetUpdateRect
BeginPaint
LoadCursorA
DestroyWindow
MoveWindow
ReleaseDC
GetWindowRect
SendDlgItemMessageA
GDI32.dll StretchDIBits
SetSystemPaletteUse
RealizePalette
GetDeviceCaps
GetSystemPaletteEntries
SelectPalette
SetDIBitsToDevice
DeleteObject
GetStockObject
CreatePalette
ADVAPI32.dll RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
SHELL32.dll DragFinish
DragQueryFileA
ShellExecuteA
WINMM.dll timeGetTime
IMM32.dll ImmReleaseContext
ImmSetOpenStatus

Delayed Imports

101

Type RT_BITMAP
Language Japanese - Japan
Codepage UNKNOWN
Size 0x1f9c0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.51801
MD5 bcd1c8a50e79c42585035c43b8f03c51
SHA1 cdd2687a8e05515c7b428456a4f6f6866dfee6ce
SHA256 10039698262ed084c976914f1eada699d4a4313a8b7e6fa15c7986330baad869
SHA3 b53418953c778bd7dce6dc56d6fdcbb264fd30324f72a24febaef3347f0ca9ee
Preview

1

Type RT_ICON
Language Japanese - Japan
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.76213
MD5 db95eba0d2ecf6d1751a16902ede1b08
SHA1 1e9952f72e4fd7dd19017b6da71e69a37fbe12c5
SHA256 c80479bfd74453cf1f1500aaff7c6a616745ea87ae91160acffcfcf637ee48d3
SHA3 583f6e89ac996e643af985f89df558ae81cdfb8f2a658c2aada18517f275c065

102

Type RT_DIALOG
Language Japanese - Japan
Codepage UNKNOWN
Size 0x1d8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.29844
MD5 1d383a578e0d0e89b3b1126faab20fa0
SHA1 68c7071a4aac21bdd1b3017acf36b14769582e6a
SHA256 7284a85d1bfbf8948bb2002a8dfd12954b106800a85e3dbd8ee077d830ed72f7
SHA3 1412786bf1a7c33162c8817cd984ebe006c2fee70eca8c28c3d927cd0cafec03

1 (#2)

Type RT_STRING
Language Japanese - Japan
Codepage UNKNOWN
Size 0x54
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.75573
MD5 a5d2ed52ec071db2d01c816a27dfb6a8
SHA1 3e7d3c2f8d2e4f9572eb922e21d0aca370473000
SHA256 5d1baf56e3d95e68fc131a580c97baa958c9925d788b1b2379691e122c88bef1
SHA3 76a5084de58bf1d7b3c3527767c18f4c76c624bf6a590363e59ff71db8ff2d09

103

Type RT_GROUP_ICON
Language Japanese - Japan
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.16096
Detected Filetype Icon file
MD5 42cf62b780813706e75fb9f2b2e8c258
SHA1 a022d5c1cfdd8aace0089f3e72f2eedd41bda464
SHA256 a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf
SHA3 0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c

1 (#3)

Type RT_VERSION
Language Japanese - Japan
Codepage UNKNOWN
Size 0x344
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.49266
MD5 1fc5f3ad93175f644bd999c611f34014
SHA1 fdb7fd7a02518f5fe58f3b41ac354fec20605382
SHA256 0695bd74b52d571c0f35d38678bbbde5ae3bfab8d35af61f3f7a8d3a3d19f240
SHA3 14348ea5b556b17ab2e8082c3f791ee76362cda81c6bd3a7d93381dbde74dae6

String Table contents

スキップカウズスクリーンセーバー Ver 1.0.0

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language Japanese - Japan
CompanyName
FileDescription skipscr
FileVersion (#2) 1, 0, 0, 0
InternalName skipscr
LegalCopyright Copyright (C) 2000 S.Takenouchi
OriginalFilename skipscr.scr
ProductName スキップカウズスクリーンセーバー
ProductVersion (#2) 1, 0, 0, 0
Resource LangID Japanese - Japan

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x356f530f
Unmarked objects 0
C++ objects (8797) 8
14 (7299) 18
C objects (8797) 74
19 (8034) 17
Total imports 191
C++ objects (8799) 14
Resource objects (VS98 SP6 cvtres build 1736) 1

Errors

<-- -->