Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Oct-10 19:36:41 |
Detected languages |
English - United States
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x118 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 7 |
TimeDateStamp | 2019-Oct-10 19:36:41 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x26c00 |
SizeOfInitializedData | 0x14600 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000B09F (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x28000 |
ImageBase | 0x10000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x40000 |
SizeOfHeaders | 0x1000 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.DLL |
GetVersionExW
GetComputerNameExW OpenProcess HeapSize MultiByteToWideChar GetLastError GlobalAlloc GlobalFree HeapReAlloc CloseHandle RaiseException HeapAlloc K32EnumProcesses DecodePointer WaitForSingleObject DeleteCriticalSection GetCurrentProcessId GetProcessHeap CreateProcessW WideCharToMultiByte WriteProcessMemory VirtualAllocEx ReadProcessMemory CreateRemoteThread ReadConsoleW InitializeCriticalSectionEx GetTempPathW K32GetModuleFileNameExW GetCurrentProcess ReadFile SetEndOfFile WriteConsoleW SetFilePointerEx CreateFileW FlushFileBuffers SetStdHandle SetEnvironmentVariableA FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineW GetCommandLineA GetOEMCP IsValidCodePage FindNextFileA FindFirstFileExA FindClose GetStringTypeW EnterCriticalSection LeaveCriticalSection EncodePointer SetLastError InitializeCriticalSectionAndSpinCount CreateEventW TlsAlloc TlsGetValue TlsSetValue TlsFree GetSystemTimeAsFileTime GetModuleHandleW GetProcAddress CompareStringW LCMapStringW GetLocaleInfoW GetCPInfo IsDebuggerPresent OutputDebugStringW SetEvent ResetEvent WaitForSingleObjectEx UnhandledExceptionFilter SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent GetStartupInfoW QueryPerformanceCounter GetCurrentThreadId InitializeSListHead RtlUnwind FreeLibrary LoadLibraryExW GetModuleFileNameW InterlockedFlushSList ExitProcess GetModuleHandleExW GetModuleFileNameA GetACP GetStdHandle GetFileType IsValidLocale GetUserDefaultLCID EnumSystemLocalesW GetExitCodeProcess CreateProcessA GetFileAttributesExW WriteFile GetConsoleCP GetConsoleMode HeapFree |
---|---|
ADVAPI32.dll |
SystemFunction036
LookupPrivilegeValueW AdjustTokenPrivileges OpenProcessToken GetUserNameW |
SHLWAPI.dll |
StrChrA
PathFindFileNameW |
USER32.dll |
wsprintfW
|
WINHTTP.dll |
WinHttpQueryHeaders
WinHttpReadData WinHttpOpenRequest WinHttpSetOption WinHttpCloseHandle WinHttpAddRequestHeaders WinHttpWriteData WinHttpSendRequest WinHttpSetTimeouts WinHttpConnect WinHttpCrackUrl WinHttpQueryDataAvailable WinHttpOpen WinHttpGetProxyForUrl WinHttpReceiveResponse WinHttpGetIEProxyConfigForCurrentUser |
Ordinal | 1 |
---|---|
Address | 0x47ea |
StartAddressOfRawData | 0x1003b000 |
---|---|
EndAddressOfRawData | 0x1003b008 |
AddressOfIndex | 0x10039588 |
AddressOfCallbacks | 0x10028244 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0x5c |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x10038070 |
SEHandlerTable | 0x100357c0 |
SEHandlerCount | 44 |
XOR Key | 0x79dc6ec7 |
---|---|
Unmarked objects | 0 |
241 (40116) | 13 |
243 (40116) | 152 |
242 (40116) | 29 |
ASM objects (23907) | 22 |
C++ objects (23013) | 2 |
C++ objects (23907) | 53 |
C objects (23907) | 33 |
Imports (65501) | 11 |
Total imports | 139 |
265 (VS2015 UPD2 build 23918) | 4 |
Exports (VS2015 UPD2 build 23918) | 1 |
Resource objects (VS2015 UPD2 build 23918) | 1 |
Linker (VS2015 UPD2 build 23918) | 1 |