8828bcd846eee515c7bf8adb88ea75b43f74bfb52b2b8c8decee07019cd87b37
Summary
| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 1970-Jan-01 00:00:00 |
| TLS Callbacks | 1 callback(s) detected. |
Plugin Output
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 |
| Suspicious | The PE is possibly packed. | Unusual section name found: /4 |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Info | The PE's resources present abnormal characteristics. |
Resource TFRMKONFIG is possibly compressed or encrypted.
Resource TFRMSPLASH is possibly compressed or encrypted. |
| Suspicious | The file contains overlay data. | 19 bytes of data starting at offset 0x1425e00. |
| Safe | VirusTotal score: 0/68 (Scanned on 2021-09-16 16:36:16) | All the AVs think this file is safe. |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x80 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 9 |
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| PointerToSymbolTable | 0x1425e00 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Image Optional Header
| Magic | PE32+ |
|---|---|
| LinkerVersion | 3.0 |
| SizeOfCode | 0x9a4080 |
| SizeOfInitializedData | 0xb4dd4 |
| SizeOfUninitializedData | 0xf65ec8 |
| AddressOfEntryPoint | 0x00000000000034C0 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x100000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 1.0 |
| SubsystemVersion | 4.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x2391000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve | 0x1000000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.data
.rdata
.pdata
.bss
.CRT
.idata
.rsrc
/4
Imports
| kernel32.dll |
GetStdHandle
GetConsoleMode TlsGetValue GetModuleFileNameW GetLastError SetLastError GetTickCount ExitProcess GetStartupInfoA GetCommandLineA GetCurrentProcessId GetCurrentThreadId GetCurrentProcess ReadProcessMemory GetModuleFileNameA GetModuleHandleA WriteFile ReadFile CloseHandle SetFilePointer SetEndOfFile GetSystemInfo LoadLibraryW LoadLibraryA GetProcAddress FreeLibrary FormatMessageW DeleteFileW MoveFileW CreateFileW GetFileAttributesW CreateDirectoryW SetCurrentDirectoryW GetCurrentDirectoryW GetFullPathNameW SetEnvironmentVariableW GetConsoleOutputCP GetOEMCP GetProcessHeap HeapAlloc HeapFree TlsAlloc TlsSetValue CreateThread ExitThread LocalAlloc LocalFree Sleep SuspendThread ResumeThread TerminateThread WaitForSingleObject SetThreadPriority GetThreadPriority CreateEventA ResetEvent SetEvent InitializeCriticalSection DeleteCriticalSection EnterCriticalSection LeaveCriticalSection TryEnterCriticalSection GetEnvironmentStringsW FreeEnvironmentStringsW RaiseException MultiByteToWideChar WideCharToMultiByte GetACP GetConsoleCP RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind RtlUnwindEx GetEnvironmentStringsA FreeEnvironmentStringsA FormatMessageA CreateMutexA GetLogicalDriveStringsA LoadLibraryExA FindResourceA FindResourceExA EnumResourceTypesA EnumResourceNamesA EnumResourceLanguagesA GlobalAddAtomA GetProfileStringA GetDriveTypeA GetTempPathA GetTempFileNameA GetWindowsDirectoryA CreateFileA GetFileAttributesExA SetVolumeLabelA GetComputerNameA GetVersionExA CompareStringA GetLocaleInfoA GetDateFormatA EnumCalendarInfoA EnumSystemLocalesA EnumSystemCodePagesA GetShortPathNameW GetCommandLineW SetFileAttributesW CreateProcessW FindFirstFileW FindNextFileW CompareStringW GetLocaleInfoW GetDateFormatW FindFirstFileExW FreeResource LockResource GlobalAlloc GlobalReAlloc GlobalSize GlobalLock GlobalUnlock GlobalFree VirtualQuery GetProcessAffinityMask TerminateProcess GetExitCodeProcess GetExitCodeThread SetErrorMode LoadResource SizeofResource GlobalDeleteAtom LockFile UnlockFile FlushFileBuffers DeviceIoControl FindClose GetFileTime SetFileTime DuplicateHandle ClearCommBreak ClearCommError SetupComm EscapeCommFunction GetCommModemStatus GetCommState PurgeComm SetCommBreak SetCommMask SetCommState SetCommTimeouts WaitCommEvent MulDiv GetLocalTime GetTimeZoneInformation FileTimeToLocalFileTime LocalFileTimeToFileTime FileTimeToSystemTime FileTimeToDosDateTime DosDateTimeToFileTime CreatePipe PeekNamedPipe QueryPerformanceCounter QueryPerformanceFrequency GetCPInfo GetThreadLocale SetThreadLocale GetUserDefaultLCID GetDiskFreeSpaceExA GetOverlappedResult |
|---|---|
| oleaut32.dll |
SysAllocStringLen
SysFreeString SysReAllocStringLen SafeArrayCreate SafeArrayRedim SafeArrayGetUBound SafeArrayGetLBound SafeArrayAccessData SafeArrayUnaccessData SafeArrayGetElement SafeArrayPutElement SafeArrayPtrOfIndex VariantChangeTypeEx VariantClear VariantCopy VariantInit |
| user32.dll |
MessageBoxA
CharUpperBuffW CharLowerBuffW PeekMessageA SendMessageA PostMessageA DefWindowProcA CallWindowProcA RegisterClassA UnregisterClassA GetClassInfoA CreateWindowExA RegisterClipboardFormatA GetClipboardFormatNameA CharToOemA OemToCharA CharToOemBuffA OemToCharBuffA CharUpperA CharUpperBuffA CharLowerA CharLowerBuffA GetMenuItemInfoA SetPropA GetPropA RemovePropA EnumPropsA GetWindowLongA SetWindowLongA GetClassLongPtrA SetClassLongPtrA FindWindowA GetClassNameA LoadBitmapA LoadCursorA LoadIconA LoadImageA SystemParametersInfoA DispatchMessageW PeekMessageW SendMessageW PostMessageW DefWindowProcW CallWindowProcW RegisterClassW UnregisterClassW GetClassInfoW CreateWindowExW InsertMenuItemW GetMenuItemInfoW SetMenuItemInfoW DrawTextW DrawStateW SetWindowTextW GetWindowTextW GetWindowTextLengthW MessageBoxW GetWindowLongPtrW SetWindowLongPtrW TranslateMessage PostQuitMessage GetDoubleClickTime IsWindow IsMenu DestroyWindow ShowWindow ShowWindowAsync ShowOwnedPopups MoveWindow SetWindowPos GetWindowPlacement SetWindowPlacement BeginDeferWindowPos DeferWindowPos EndDeferWindowPos IsWindowVisible IsIconic BringWindowToTop IsZoomed GetDlgItem OpenClipboard CloseClipboard SetClipboardData GetClipboardData CountClipboardFormats EnumClipboardFormats EmptyClipboard IsClipboardFormatAvailable SetFocus GetActiveWindow GetFocus GetKeyState GetCapture SetCapture ReleaseCapture MsgWaitForMultipleObjects SetTimer KillTimer EnableWindow IsWindowEnabled GetSystemMetrics GetMenu SetMenu DrawMenuBar GetSystemMenu CreateMenu CreatePopupMenu DestroyMenu EnableMenuItem GetSubMenu GetMenuItemCount RemoveMenu DeleteMenu UpdateWindow SetActiveWindow GetForegroundWindow SetForegroundWindow WindowFromDC GetDC GetDCEx GetWindowDC ReleaseDC BeginPaint EndPaint GetUpdateRect SetWindowRgn InvalidateRect InvalidateRgn RedrawWindow ScrollWindowEx ShowScrollBar EnableScrollBar GetClientRect GetWindowRect AdjustWindowRectEx MessageBeep SetCursorPos SetCursor GetCursorPos ClipCursor CreateCaret GetCaretBlinkTime DestroyCaret HideCaret ShowCaret SetCaretPos GetCaretPos ClientToScreen ScreenToClient MapWindowPoints WindowFromPoint GetSysColor GetSysColorBrush SetSysColors DrawFocusRect FillRect FrameRect SetRect InflateRect IntersectRect OffsetRect IsRectEmpty PtInRect GetDesktopWindow GetParent SetParent EnumThreadWindows GetTopWindow GetWindowThreadProcessId GetLastActivePopup GetWindow CallNextHookEx DestroyCursor DestroyIcon CopyImage CreateIconIndirect GetIconInfo SetScrollInfo GetScrollInfo DrawEdge DrawFrameControl TrackPopupMenuEx ChildWindowFromPointEx FlashWindowEx |
| advapi32.dll |
GetUserNameA
RegQueryInfoKeyA RegSetValueExW RegQueryValueExW RegCreateKeyExW RegEnumKeyExW RegEnumValueW RegOpenKeyExW RegCloseKey RegFlushKey |
| gdi32.dll |
CreateFontIndirectA
EnumFontFamiliesA GetCharABCWidthsA GetTextExtentPointA CreateEnhMetaFileA GetEnhMetaFileDescriptionA GetTextMetricsA StartDocA GetObjectA ExtTextOutA CreateFontIndirectW CreateICW EnumFontFamiliesExW GetCharABCWidthsW GetTextExtentPoint32W GetTextExtentExPointW ResetDCW StartDocW GetObjectW TextOutW ExtTextOutW CreateDCW GetRandomRgn Arc BitBlt Chord CombineRgn CreateBitmap CreateBrushIndirect CreateCompatibleBitmap CreateCompatibleDC CreateDIBitmap CreateEllipticRgn CreatePen CreatePenIndirect CreatePatternBrush CreateRectRgn CreateRoundRectRgn CreateSolidBrush DeleteDC DeleteObject Ellipse EqualRgn ExcludeClipRect ExtCreateRegion ExtFloodFill FillRgn GetROP2 GetBkColor GetBitmapBits GetClipBox GetClipRgn GetCurrentObject GetDeviceCaps GetDIBits GetMapMode GetObjectType GetPixel GetRegionData GetRgnBox GetStockObject GetTextAlign GetTextColor GetViewportExtEx GetViewportOrgEx GetWindowExtEx GetWindowOrgEx IntersectClipRect LineTo MaskBlt OffsetRgn PatBlt Pie PaintRgn PtInRegion RectInRegion RectVisible Rectangle RestoreDC RealizePalette RoundRect SaveDC SelectClipRgn ExtSelectClipRgn SelectObject SelectPalette SetBkColor SetBkMode SetMapMode SetPixel SetPolyFillMode StretchBlt SetRectRgn StretchDIBits SetROP2 SetStretchBltMode SetTextCharacterExtra SetTextColor SetTextAlign SetTextJustification CloseEnhMetaFile DeleteEnhMetaFile GetEnhMetaFileHeader PlayEnhMetaFile CreateDIBSection EndDoc StartPage EndPage AbortDoc SetAbortProc BeginPath CloseFigure EndPath SetArcDirection StrokePath ExtCreatePen MoveToEx CreatePolygonRgn DPtoLP LPtoDP Polygon Polyline PolyBezier SetViewportExtEx SetViewportOrgEx SetWindowExtEx SetWindowOrgEx OffsetViewportOrgEx SetBrushOrgEx GetDCOrgEx ChoosePixelFormat |
| version.dll |
GetFileVersionInfoSizeA
GetFileVersionInfoA VerQueryValueA |
| shell32.dll |
DragQueryFileA
ShellExecuteA DragQueryFileW ShellExecuteW DragFinish DragAcceptFiles SHGetPathFromIDListW SHBrowseForFolderW |
| ole32.dll |
CoCreateGuid
CoTaskMemFree IsEqualGUID OleInitialize OleUninitialize CoUninitialize CoCreateInstance CoInitialize CoGetMalloc CoTaskMemAlloc GetErrorInfo |
| comctl32.dll |
InitCommonControls
ImageList_Create ImageList_Destroy ImageList_GetImageCount ImageList_SetImageCount ImageList_Add ImageList_Replace ImageList_AddMasked ImageList_DrawEx ImageList_DrawIndirect ImageList_Remove ImageList_Copy ImageList_BeginDrag ImageList_EndDrag ImageList_DragEnter ImageList_DragLeave ImageList_DragMove ImageList_DragShowNolock _TrackMouseEvent FlatSB_GetScrollInfo FlatSB_GetScrollPos FlatSB_SetScrollPos FlatSB_SetScrollInfo FlatSB_SetScrollProp InitializeFlatSB |
| shlwapi.dll |
AssocQueryStringW
|
| comdlg32.dll |
ChooseColorA
CommDlgExtendedError GetOpenFileNameW GetSaveFileNameW PrintDlgW PageSetupDlgW |
| winspool.drv |
DeviceCapabilitiesA
DeviceCapabilitiesW OpenPrinterW ClosePrinter DocumentPropertiesW EnumPrintersW GetPrinterA StartDocPrinterA StartPagePrinter EndDocPrinter EndPagePrinter AbortPrinter WritePrinter |
| imm32.dll |
ImmGetContext
ImmReleaseContext ImmGetCompositionStringW ImmNotifyIME |
Delayed Imports
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
1 (#2)
2 (#2)
3 (#2)
4 (#2)
5 (#2)
LAZ_PIC_DIALOG_TEMPLATE
BTNCALCULATOR
BTNCALCULATOR_150
BTNCALCULATOR_200
BTNCALENDAR
BTNCALENDAR_150
BTNCALENDAR_200
BTNFILTERCANCEL
BTNFILTERCANCEL_150
BTNFILTERCANCEL_200
BTNSELDIR
BTNSELDIR_150
BTNSELDIR_200
BTNSELFILE
BTNSELFILE_150
BTNSELFILE_200
BTNTIME
BTNTIME_150
BTNTIME_200
BTN_ABORT
BTN_ABORT_150
BTN_ABORT_200
BTN_ALL
BTN_ALL_150
BTN_ALL_200
BTN_ARROWRIGHT
BTN_ARROWRIGHT_150
BTN_ARROWRIGHT_200
BTN_CANCEL
BTN_CANCEL_150
BTN_CANCEL_200
BTN_CLOSE
BTN_CLOSE_150
BTN_CLOSE_200
BTN_HELP
BTN_HELP_150
BTN_HELP_200
BTN_IGNORE
BTN_IGNORE_150
BTN_IGNORE_200
BTN_NO
BTN_NO_150
BTN_NO_200
BTN_OK
BTN_OK_150
BTN_OK_200
BTN_RETRY
BTN_RETRY_150
BTN_RETRY_200
BTN_YES
BTN_YES_150
BTN_YES_200
DBNAVCANCEL
DBNAVCANCEL_150
DBNAVCANCEL_200
DBNAVDELETE
DBNAVDELETE_150
DBNAVDELETE_200
DBNAVEDIT
DBNAVEDIT_150
DBNAVEDIT_200
DBNAVFIRST
DBNAVFIRST_150
DBNAVFIRST_200
DBNAVINSERT
DBNAVINSERT_150
DBNAVINSERT_200
DBNAVLAST
DBNAVLAST_150
DBNAVLAST_200
DBNAVNEXT
DBNAVNEXT_150
DBNAVNEXT_200
DBNAVPOST
DBNAVPOST_150
DBNAVPOST_200
DBNAVPRIOR
DBNAVPRIOR_150
DBNAVPRIOR_200
DBNAVREFRESH
DBNAVREFRESH_150
DBNAVREFRESH_200
DIALOG_CONFIRMATION
DIALOG_ERROR
DIALOG_INFORMATION
DIALOG_SHIELD
DIALOG_WARNING
SORTASC
SORTASC_150
SORTASC_200
SORTASC_50
SORTASC_75
SORTDESC
SORTDESC_150
SORTDESC_200
SORTDESC_50
SORTDESC_75
TBEGACUSTOMPREVIEWFRAME
TBEGACUSTOMPRINTPREVIEWFORM
TCALCULATEDCHARTSOURCE
TCALCULATEDCHARTSOURCE_150
TCALCULATEDCHARTSOURCE_200
TCALENDARPOPUPFORM
TCHART
TCHARTAXISTRANSFORMATIONS
TCHARTAXISTRANSFORMATIONS_150
TCHARTAXISTRANSFORMATIONS_200
TCHARTCOMBOBOX
TCHARTCOMBOBOX_150
TCHARTCOMBOBOX_200
TCHARTEXTENTLINK
TCHARTEXTENTLINK_150
TCHARTEXTENTLINK_200
TCHARTGUICONNECTORBGRA
TCHARTGUICONNECTORBGRA_150
TCHARTGUICONNECTORBGRA_200
TCHARTIMAGELIST
TCHARTIMAGELIST_150
TCHARTIMAGELIST_200
TCHARTLEGENDPANEL
TCHARTLEGENDPANEL_150
TCHARTLEGENDPANEL_200
TCHARTLISTBOX
TCHARTLISTBOX_150
TCHARTLISTBOX_200
TCHARTNAVPANEL
TCHARTNAVPANEL_150
TCHARTNAVPANEL_200
TCHARTNAVSCROLLBAR
TCHARTNAVSCROLLBAR_150
TCHARTNAVSCROLLBAR_200
TCHARTSTYLES
TCHARTSTYLES_150
TCHARTSTYLES_200
TCHARTTOOLSET
TCHARTTOOLSET_150
TCHARTTOOLSET_200
TCHART_150
TCHART_200
TCHECKGROUPEDITORDLG
TCHECKLISTBOXEDITORDLG
TCOLLECTIONPROPERTYEDITORFORM
TCOMPONENTLISTEDITORFORM
TDATAPOINTSEDITORFORM
TDATETIMEINTERVALCHARTSOURCE
TDATETIMEINTERVALCHARTSOURCE_150
TDATETIMEINTERVALCHARTSOURCE_200
TDBCHARTSOURCE
TDBCHARTSOURCE_150
TDBCHARTSOURCE_200
TDBF
TDBF_150
TDBF_200
TDM
TFILEFILTERPROPEDITFORM
TFRM2048
TFRMADRINLINE
TFRMAUSWAHL
TFRMBAUTEIL
TFRMBAUTEILERZEUGE
TFRMBESTELLAENDERUNG
TFRMBESTELLDRUCK
TFRMBESTELLMIN
TFRMBILD
TFRMBILDSIZE
TFRMBVERWANDT
TFRMCALCLAMBDA
TFRMCALCLCD
TFRMCALCLM317
TFRMCALCR
TFRMCALCURIP
TFRMCHART
TFRMDRUCKETIKETT
TFRMEINZELGERATERZ
TFRMEXPBESTNR
TFRMHILFE
TFRMIMPORTEXPORT
TFRMINTERVALL
TFRMKISTETAUSCH
TFRMKISTETAUSCHDLG
TFRMKISTETAUSCHFACH
TFRMKONFIG
TFRMLIZENZIERUNG
TFRMMAIN
TFRMMEMOEDIT
TFRMMP3AEND
TFRMMP3INTEGRIEREN
TFRMPARAM
TFRMPBAR
TFRMPPOSTEST
TFRMSCANLIST
TFRMSCHNELL
TFRMSPLASH
TFRMSTATUS
TFRMSUCHTECDATAINLINE
TFRMTECDATASHOWINLINE
TFRMTELPARAM
TFRMTERMCUSTOM
TFRMTERMPARAM
TFRMTRANSLATE
TFRMTRANSLATEDLG
TFRMTYPAUSWAHL
TFRMUNINSTALL
TFRMVERSION
TFRMVERSNEW
TFRMWEBSHOP
TINTERVALCHARTSOURCE
TINTERVALCHARTSOURCE_150
TINTERVALCHARTSOURCE_200
TKEYVALPROPEDITORFRM
TLISTCHARTSOURCE
TLISTCHARTSOURCE_150
TLISTCHARTSOURCE_200
TMEMDATASET
TMEMDATASET_150
TMEMDATASET_200
TPAGESETUPDIALOG
TPAGESETUPDIALOG_150
TPAGESETUPDIALOG_200
TPAGESPROPEDITORFRM
TPRINTDIALOG
TPRINTDIALOG_150
TPRINTDIALOG_200
TPRINTERSETUPDIALOG
TPRINTERSETUPDIALOG_150
TPRINTERSETUPDIALOG_200
TRANDOMCHARTSOURCE
TRANDOMCHARTSOURCE_150
TRANDOMCHARTSOURCE_200
TSELECTPROPERTIESFORM
TSELECTSRCDATASETFORM
TSTRINGGRIDEDITORDLG
TSTRINGSPROPEDITORFRM
TTIMEPOPUPFORM
TUSERDEFINEDCHARTSOURCE
TUSERDEFINEDCHARTSOURCE_150
TUSERDEFINEDCHARTSOURCE_200
CUR_1
CUR_10
CUR_12
CUR_13
CUR_14
CUR_15
CUR_16
CUR_17
CUR_18
CUR_20
CUR_21
CUR_22
MAINICON
1 (#3)
Version Info
TLS Callbacks
| StartAddressOfRawData | 0x100000000 |
|---|---|
| EndAddressOfRawData | 0x100000000 |
| AddressOfIndex | 0x100a5add0 |
| AddressOfCallbacks | 0x1021c5000 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x0000000100003440
|
Load Configuration
RICH Header
Errors
[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Section .bss has a size of 0!
[*] Warning: Raw bytes from section .text could not be obtained.
Leave a comment
No comments yet.