88fda2ef328a6636b00500d87c97bb67
Summary
| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2024-Feb-02 13:14:20 |
| Detected languages |
English - United States
|
| FileDescription | A helper tool for checking if your product feeds fulfill the standard requirements for the integration with the Digitec Galaxus online shops |
| FileVersion | 1.0.1 |
| InternalName | Feedchecker |
| OriginalFilename | Feedchecker |
| ProductName | Feedchecker |
| ProductVersion | 1.0.2 |
| Language | English / German |
| LegalTrademarks |
Plugin Output
| Info | Interesting strings found in the binary: |
Contains domain names:
|
| Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
| Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
| Suspicious | The file contains overlay data. |
9562210 bytes of data starting at offset 0x4d200.
The overlay data has an entropy of 7.99077 and is possibly compressed or encrypted. Overlay data amounts for 96.802% of the executable. |
| Malicious | VirusTotal score: 10/73 (Scanned on 2024-06-07 03:06:19) |
APEX:
Malicious
Bkav: W32.Common.292FDCB6 Cylance: Unsafe Fortinet: W32/PossibleThreat MaxSecure: Trojan.Malware.121218.susgen McAfee: Artemis!88FDA2EF328A McAfeeD: ti!B3A010A3D9E0 Paloalto: generic.ml Panda: Trj/Chgt.AD Skyhigh: BehavesLike.Win64.Generic.tc |
Hashes
DOS Header
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x108 |
PE Header
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 7 |
| TimeDateStamp | 2024-Feb-02 13:14:20 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Image Optional Header
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x29e00 |
| SizeOfInitializedData | 0x23000 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x000000000000C1F0 (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x140000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 5.2 |
| ImageVersion | 0.0 |
| SubsystemVersion | 5.2 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x54000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0x97876d |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x1e8480 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
.text
.rdata
.data
.pdata
_RDATA
.rsrc
.reloc
Imports
| USER32.dll |
CreateWindowExW
MessageBoxW MessageBoxA SystemParametersInfoW DestroyIcon SetWindowLongPtrW GetWindowLongPtrW GetClientRect InvalidateRect ReleaseDC GetDC DrawTextW GetDialogBaseUnits EndDialog DialogBoxIndirectParamW MoveWindow SendMessageW |
|---|---|
| COMCTL32.dll |
#380
|
| KERNEL32.dll |
IsValidCodePage
GetStringTypeW GetFileAttributesExW HeapReAlloc FlushFileBuffers GetCurrentDirectoryW GetACP GetOEMCP GetModuleHandleW MulDiv GetLastError SetDllDirectoryW GetModuleFileNameW CreateSymbolicLinkW GetProcAddress GetCommandLineW GetEnvironmentVariableW GetCPInfo ExpandEnvironmentStringsW CreateDirectoryW GetTempPathW WaitForSingleObject Sleep GetExitCodeProcess CreateProcessW GetStartupInfoW FreeLibrary LoadLibraryExW SetConsoleCtrlHandler FindClose FindFirstFileExW CloseHandle GetCurrentProcess LocalFree FormatMessageW MultiByteToWideChar WideCharToMultiByte GetEnvironmentStringsW FreeEnvironmentStringsW GetProcessHeap GetTimeZoneInformation HeapSize WriteConsoleW SetEndOfFile SetEnvironmentVariableW RtlUnwindEx RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree EncodePointer RaiseException RtlPcToFileHeader GetCommandLineA CreateFileW GetDriveTypeW GetFileInformationByHandle GetFileType PeekNamedPipe SystemTimeToTzSpecificLocalTime FileTimeToSystemTime GetFullPathNameW RemoveDirectoryW FindNextFileW SetStdHandle DeleteFileW ReadFile GetStdHandle WriteFile ExitProcess GetModuleHandleExW HeapFree GetConsoleMode ReadConsoleW SetFilePointerEx GetConsoleOutputCP GetFileSizeEx HeapAlloc FlsAlloc FlsGetValue FlsSetValue FlsFree CompareStringW LCMapStringW |
| ADVAPI32.dll |
OpenProcessToken
GetTokenInformation ConvertStringSecurityDescriptorToSecurityDescriptorW ConvertSidToStringSidW |
| GDI32.dll |
SelectObject
DeleteObject CreateFontIndirectW |
Delayed Imports
1
2
3
4
5
6
7
8
1 (#2)
1 (#3)
1 (#4)
Version Info
| Signature | 0xfeef04bd |
|---|---|
| StructVersion | 0x10000 |
| FileVersion | 1.0.6.0 |
| ProductVersion | 1.0.6.0 |
| FileFlags | (EMPTY) |
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language | English - United States |
| FileDescription | A helper tool for checking if your product feeds fulfill the standard requirements for the integration with the Digitec Galaxus online shops |
| FileVersion (#2) | 1.0.1 |
| InternalName | Feedchecker |
| OriginalFilename | Feedchecker |
| ProductName | Feedchecker |
| ProductVersion (#2) | 1.0.2 |
| Language (#2) | English / German |
| LegalTrademarks |
| Resource LangID | UNKNOWN |
|---|
IMAGE_DEBUG_TYPE_POGO
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2024-Feb-02 13:14:20 |
| Version | 0.0 |
| SizeofData | 772 |
| AddressOfRawData | 0x3a860 |
| PointerToRawData | 0x39a60 |
TLS Callbacks
Load Configuration
| Size | 0x140 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x14003e018 |
| GuardCFCheckFunctionPointer | 5368886304 |
| GuardCFDispatchFunctionPointer | 0 |
| GuardCFFunctionTable | 0 |
| GuardCFFunctionCount | 0 |
| GuardFlags | (EMPTY) |
| CodeIntegrity.Flags | 0 |
| CodeIntegrity.Catalog | 0 |
| CodeIntegrity.CatalogOffset | 0 |
| CodeIntegrity.Reserved | 0 |
| GuardAddressTakenIatEntryTable | 0 |
| GuardAddressTakenIatEntryCount | 0 |
| GuardLongJumpTargetTable | 0 |
| GuardLongJumpTargetCount | 0 |
RICH Header
| XOR Key | 0x853fae11 |
|---|---|
| Unmarked objects | 0 |
| ASM objects (30795) | 8 |
| C++ objects (30795) | 188 |
| C objects (30795) | 10 |
| 253 (VS 2015-2022 runtime 32533) | 4 |
| C++ objects (VS 2015-2022 runtime 32533) | 40 |
| C objects (VS 2015-2022 runtime 32533) | 17 |
| ASM objects (VS 2015-2022 runtime 32533) | 9 |
| Imports (30795) | 11 |
| Total imports | 139 |
| C objects (32826) | 21 |
| Linker (32826) | 1 |