Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2009-Jul-14 17:58:25 |
Detected languages |
English - United States
|
Debug artifacts |
0\asf\release\build-2.2.14\support\Release\ab.pdb
|
Comments | Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. |
CompanyName | Apache Software Foundation |
FileDescription | ApacheBench command line utility |
FileVersion | 2.2.14 |
InternalName | ab.exe |
LegalCopyright | Copyright 2009 The Apache Software Foundation. |
OriginalFilename | ab.exe |
ProductName | Apache HTTP Server |
ProductVersion | 2.2.14 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. | 74 bytes of data starting at offset 0x12000. |
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2009-Jul-14 17:58:25 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0xb000 |
SizeOfInitializedData | 0xa000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000A37E (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0xc000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x16000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
MSVCRT.dll |
_iob
_except_handler3 __set_app_type __p__fmode __p__commode _adjust_fdiv __setusermatherr _initterm __getmainargs __p___initenv _XcptFilter _exit _onexit __dllonexit strrchr wcsncmp _close wcslen wcscpy strerror modf strspn realloc __p__environ __p__wenviron _errno free strncmp strstr strncpy _ftol qsort fopen perror fclose fflush calloc malloc signal printf _isctype atoi exit __mb_cur_max _pctype strchr fprintf _controlfp _strdup _strnicmp |
---|---|
KERNEL32.dll |
PeekNamedPipe
ReadFile WriteFile LoadLibraryA GetProcAddress GetVersionExA GetExitCodeProcess TerminateProcess LeaveCriticalSection SetEvent ReleaseMutex EnterCriticalSection DeleteCriticalSection InitializeCriticalSection CreateMutexA GetFileType SetLastError FreeEnvironmentStringsW GetEnvironmentStringsW GlobalFree GetCommandLineW TlsAlloc TlsFree DuplicateHandle GetCurrentProcess SetHandleInformation CloseHandle GetSystemTimeAsFileTime FileTimeToSystemTime GetTimeZoneInformation FileTimeToLocalFileTime SystemTimeToFileTime SystemTimeToTzSpecificLocalTime Sleep FormatMessageA GetLastError WaitForSingleObject CreateEventA SetStdHandle SetFilePointer CreateFileA CreateFileW GetOverlappedResult DeviceIoControl GetFileInformationByHandle LocalFree |
ADVAPI32.dll |
FreeSid
AllocateAndInitializeSid |
WSOCK32.dll |
#7
#4 #9 #52 #14 #12 #21 #23 #3 #18 #10 #151 #115 #116 #111 |
WS2_32.dll |
WSARecv
WSASend |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 2.2.14.0 |
ProductVersion | 2.2.14.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
Comments | Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. |
CompanyName | Apache Software Foundation |
FileDescription | ApacheBench command line utility |
FileVersion (#2) | 2.2.14 |
InternalName | ab.exe |
LegalCopyright | Copyright 2009 The Apache Software Foundation. |
OriginalFilename | ab.exe |
ProductName | Apache HTTP Server |
ProductVersion (#2) | 2.2.14 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2009-Sep-29 03:34:14 |
Version | 0.0 |
SizeofData | 74 |
AddressOfRawData | 0 |
PointerToRawData | 0x12000 |
Referenced File | 0\asf\release\build-2.2.14\support\Release\ab.pdb |
XOR Key | 0x859e59d7 |
---|---|
Unmarked objects | 0 |
12 (7291) | 4 |
14 (7299) | 9 |
C objects (8047) | 11 |
Linker (8047) | 3 |
Total imports | 201 |
Imports (2179) | 8 |
48 (9044) | 40 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |