Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2018-Apr-22 21:54:50 |
Detected languages |
English - United States
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Malicious | The file headers were tampered with. | The RICH header checksum is invalid. |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. | 875 bytes of data starting at offset 0x34000. |
Suspicious | VirusTotal score: 2/66 (Scanned on 2018-05-22 10:53:55) |
Invincea:
heuristic
TrendMicro-HouseCall: Suspicious_GEN.F47V0508 |
e_magic | MZ |
---|---|
e_cblp | 0xe8 |
e_cp | 0 |
e_crlc | 0x5b00 |
e_cparhdr | 0xc381 |
e_minalloc | 0x6d9 |
e_maxalloc | 0 |
e_ss | 0xc353 |
e_sp | 0 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2018-Apr-22 21:54:50 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x21c00 |
SizeOfInitializedData | 0x12e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000086AC (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x23000 |
ImageBase | 0x10000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x38000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
AddVectoredExceptionHandler
WaitForSingleObject Sleep ExitProcess GetEnvironmentVariableA SetEnvironmentVariableA GetCurrentProcessId GetModuleHandleA VirtualProtect LoadLibraryA CreateThread CreateFileW HeapSize ReadConsoleW SetStdHandle FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineW WideCharToMultiByte GetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection MultiByteToWideChar EncodePointer DecodePointer SetLastError InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree GetSystemTimeAsFileTime GetModuleHandleW GetProcAddress LCMapStringW GetLocaleInfoW GetStringTypeW GetCPInfo UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentThreadId InitializeSListHead IsDebuggerPresent GetStartupInfoW RaiseException RtlUnwind InterlockedFlushSList FreeLibrary LoadLibraryExW HeapAlloc HeapFree HeapReAlloc GetModuleHandleExW GetModuleFileNameA GetACP GetStdHandle GetFileType IsValidLocale GetUserDefaultLCID EnumSystemLocalesW GetProcessHeap CloseHandle FlushFileBuffers WriteFile GetConsoleCP GetConsoleMode ReadFile SetFilePointerEx FindClose FindFirstFileExA FindNextFileA IsValidCodePage GetOEMCP GetCommandLineA WriteConsoleW |
---|---|
USER32.dll |
ShowWindow
SendMessageA EnumWindows MessageBoxA EnumChildWindows GetWindowThreadProcessId |
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Apr-22 21:54:50 |
Version | 0.0 |
SizeofData | 744 |
AddressOfRawData | 0x2fcd8 |
PointerToRawData | 0x2ecd8 |
Size | 0xa0 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x100322dc |
SEHandlerTable | 0x1002fc30 |
SEHandlerCount | 42 |
XOR Key | 0x721518db |
---|---|
Unmarked objects | 0 |
ASM objects (VS2017 v15.?.? build 25203) | 13 |
C++ objects (VS2017 v15.?.? build 25203) | 151 |
C objects (VS2017 v15.?.? build 25203) | 22 |
ASM objects (VS2017 v15.?.? build 25930) | 21 |
C++ objects (VS2017 v15.?.? build 25930) | 50 |
C objects (VS2017 v15.?.? build 25930) | 32 |
Imports (VS2017 v15.?.? build 25203) | 5 |
Total imports | 102 |
C++ objects (VS2017 v15.6.3-5 compiler 26129) | 6 |
Exports (VS2017 v15.6.3-5 compiler 26129) | 1 |
Resource objects (VS2017 v15.6.3-5 compiler 26129) | 1 |
Linker (VS2017 v15.6.3-5 compiler 26129) | 1 |