| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date | 2024-May-15 15:15:59 |
| Detected languages |
English - United States
|
| Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
| Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
| Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x100 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 5 |
| TimeDateStamp | 2024-May-15 15:15:59 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
| Magic | PE32 |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x29600 |
| SizeOfInitializedData | 0xf800 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x0000C4CA (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x2b000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x3c000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| KERNEL32.dll |
SetConsoleTitleA
GetModuleHandleA LoadLibraryA GetProcAddress HeapSize SetStdHandle GetProcessHeap SetEnvironmentVariableW QueryPerformanceCounter QueryPerformanceFrequency WideCharToMultiByte Sleep InitializeCriticalSectionEx GetSystemTimeAsFileTime GetModuleHandleW EnterCriticalSection LeaveCriticalSection DeleteCriticalSection EncodePointer DecodePointer MultiByteToWideChar LCMapStringEx GetStringTypeW GetCPInfo IsProcessorFeaturePresent UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsDebuggerPresent GetStartupInfoW GetCurrentProcessId GetCurrentThreadId InitializeSListHead RtlUnwind RaiseException GetLastError SetLastError InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree FreeLibrary LoadLibraryExW ExitProcess GetModuleHandleExW GetConsoleCP GetModuleFileNameW GetStdHandle WriteFile GetCommandLineA GetCommandLineW HeapAlloc HeapFree CreateFileW CloseHandle GetConsoleMode SetConsoleMode ReadConsoleInputW ReadConsoleW GetFileType WaitForSingleObject GetExitCodeProcess CreateProcessW GetFileAttributesExW CompareStringW LCMapStringW GetLocaleInfoW IsValidLocale GetUserDefaultLCID EnumSystemLocalesW FlushFileBuffers GetConsoleOutputCP ReadFile GetFileSizeEx SetFilePointerEx HeapReAlloc FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetACP GetOEMCP GetEnvironmentStringsW FreeEnvironmentStringsW WriteConsoleW |
|---|---|
| USER32.dll |
FindWindowA
|
| WINMM.dll |
timeGetTime
|
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2024-May-15 15:15:59 |
| Version | 0.0 |
| SizeofData | 852 |
| AddressOfRawData | 0x343dc |
| PointerToRawData | 0x32ddc |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2024-May-15 15:15:59 |
| Version | 0.0 |
| SizeofData | 0 |
| AddressOfRawData | 0 |
| PointerToRawData | 0 |
| Size | 0xc0 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x437040 |
| SEHandlerTable | 0x433fe8 |
| SEHandlerCount | 55 |
| XOR Key | 0x64f680e2 |
|---|---|
| Unmarked objects | 0 |
| ASM objects (30795) | 11 |
| C++ objects (30795) | 183 |
| C objects (30795) | 21 |
| C objects (33218) | 19 |
| ASM objects (33218) | 23 |
| C++ objects (33218) | 84 |
| Imports (30795) | 7 |
| Total imports | 127 |
| C++ objects (LTCG) (33523) | 1 |
| Resource objects (33523) | 1 |
| Linker (33523) | 1 |