Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 1992-Jun-19 22:22:17 |
Detected languages |
English - United States
Russian - Russia |
CompanyName | PainteR |
FileDescription | ProxyEmu |
FileVersion | 0.9.2.0 |
InternalName | ProxyEmu |
OriginalFilename | emuext.exe |
LegalCopyright | painter |
ProductName | ProxyEmu |
ProductVersion | 0.9.2.0 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | PEiD Signature: | PolyEnE 0.01+ by Lennart Hedlund |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Suspicious | The PE is possibly packed. |
Unusual section name found: .pr0
Section .pr0 is both writable and executable. Unusual section name found: .pr1 Section .pr1 is both writable and executable. |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE header may have been manually modified. |
The resource timestamps differ from the PE header:
|
Malicious | VirusTotal score: 50/72 (Scanned on 2020-04-25 16:42:29) |
MicroWorld-eScan:
Application.Hacktool.YH
CAT-QuickHeal: Adware.Win32 McAfee: HTool-Crack Cylance: Unsafe Sangfor: Malware K7AntiVirus: Unwanted-Program ( 004d38111 ) Alibaba: HackTool:Win32/Keygen.190419 K7GW: Unwanted-Program ( 004d38111 ) Cybereason: malicious.f61964 Invincea: heuristic Cyren: W32/Trojan.PLPH-6178 Symantec: PUA.Keygen ESET-NOD32: a variant of Win32/HackTool.Crack.FS potentially unsafe APEX: Malicious Paloalto: generic.ml ClamAV: Win.Malware.Agent-6370066-0 BitDefender: Application.Hacktool.YH Avast: FileRepMalware [PUP] Ad-Aware: Application.Hacktool.YH Sophos: Generic PUA MK (PUA) Comodo: ApplicUnwnt@#2u9oe899fvalr VIPRE: Trojan.Win32.Generic!BT TrendMicro: CRCK_PATCH McAfee-GW-Edition: BehavesLike.Win32.Generic.vc FireEye: Generic.mg.8abdc20f619641e2 SentinelOne: DFI - Malicious PE Jiangmin: Trojan.Generic.bdaap Webroot: W32.Riskware.Patcher eGambit: Unsafe.AI_Score_99% Antiy-AVL: Trojan/Win32.TGeneric Microsoft: HackTool:Win32/Patcher Endgame: malicious (high confidence) Arcabit: Application.Hacktool.YH AegisLab: Riskware.Win32.Crack.1!c GData: Application.Hacktool.YH AhnLab-V3: Unwanted/Win32.KeyGen.R268822 Acronis: suspicious ALYac: Misc.Keygen MAX: malware (ai score=100) Malwarebytes: CrackTool.Agent Zoner: Trojan.Win32.48198 TrendMicro-HouseCall: CRCK_PATCH Rising: HackTool.Patcher!8.2DD (CLOUD) Yandex: PUP.Crack! Ikarus: not-a-virus:Crack.Adobe MaxSecure: Trojan.Basine.A.Crpt Fortinet: Riskware/HackTool_Crack_FS BitDefenderTheta: Gen:NN.ZelphiF.34106.zQ0@a8YkUjdi AVG: FileRepMalware [PUP] CrowdStrike: win/malicious_confidence_100% (W) |
e_magic | MZ |
---|---|
e_cblp | 0x50 |
e_cp | 0x2 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0xf |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0x1a |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 10 |
TimeDateStamp | 1992-Jun-19 22:22:17 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x113a00 |
SizeOfInitializedData | 0x83400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0024723F (Section: .pr1) |
BaseOfCode | 0x1000 |
BaseOfData | 0x115000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x26b000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x4000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
kernel32.dll |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess ExitThread CreateThread WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
---|---|
user32.dll |
GetKeyboardType
LoadStringA MessageBoxA CharNextA |
advapi32.dll |
RegQueryValueExA
RegOpenKeyExA RegCloseKey |
oleaut32.dll |
SysFreeString
SysReAllocStringLen SysAllocStringLen |
kernel32.dll (#2) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess ExitThread CreateThread WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
advapi32.dll (#2) |
RegQueryValueExA
RegOpenKeyExA RegCloseKey |
kernel32.dll (#3) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess ExitThread CreateThread WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
version.dll |
VerQueryValueA
GetFileVersionInfoSizeA GetFileVersionInfoA |
gdi32.dll |
UnrealizeObject
StretchBlt SetWindowOrgEx SetWinMetaFileBits SetViewportOrgEx SetTextColor SetStretchBltMode SetROP2 SetPixelV SetPixel SetEnhMetaFileBits SetDIBColorTable SetBrushOrgEx SetBkMode SetBkColor SelectPalette SelectObject SaveDC RoundRect RestoreDC Rectangle RectVisible RealizePalette Polyline Polygon PlayEnhMetaFile PatBlt MoveToEx MaskBlt LineTo IntersectClipRect GetWindowOrgEx GetWinMetaFileBits GetViewportOrgEx GetTextMetricsA GetTextExtentPointA GetTextExtentPoint32A GetSystemPaletteEntries GetStockObject GetPixel GetPaletteEntries GetObjectA GetEnhMetaFilePaletteEntries GetEnhMetaFileHeader GetEnhMetaFileBits GetDeviceCaps GetDIBits GetDIBColorTable GetDCOrgEx GetCurrentPositionEx GetClipBox GetBrushOrgEx GetBitmapDimensionEx GetBitmapBits GdiFlush ExtTextOutA ExcludeClipRect DeleteObject DeleteEnhMetaFile DeleteDC CreateSolidBrush CreateRectRgn CreatePenIndirect CreatePen CreatePalette CreateHalftonePalette CreateFontIndirectW CreateFontIndirectA CreateDIBitmap CreateDIBSection CreateCompatibleDC CreateCompatibleBitmap CreateBrushIndirect CreateBitmap CopyEnhMetaFileA CombineRgn BitBlt |
user32.dll (#2) |
GetKeyboardType
LoadStringA MessageBoxA CharNextA |
kernel32.dll (#4) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess ExitThread CreateThread WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
oleaut32.dll (#2) |
SysFreeString
SysReAllocStringLen SysAllocStringLen |
ole32.dll |
OleUninitialize
OleInitialize CoUninitialize CoInitialize |
oleaut32.dll (#3) |
SysFreeString
SysReAllocStringLen SysAllocStringLen |
comctl32.dll |
ImageList_SetIconSize
ImageList_GetIconSize ImageList_Write ImageList_Read ImageList_GetDragImage ImageList_DragShowNolock ImageList_SetDragCursorImage ImageList_DragMove ImageList_DragLeave ImageList_DragEnter ImageList_EndDrag ImageList_BeginDrag ImageList_GetIcon ImageList_Remove ImageList_DrawEx ImageList_Replace ImageList_Draw ImageList_GetBkColor ImageList_SetBkColor ImageList_ReplaceIcon ImageList_Add ImageList_SetImageCount ImageList_GetImageCount ImageList_Destroy ImageList_Create |
shell32.dll |
ShellExecuteA
SHGetFileInfoA |
shell32.dll (#2) |
ShellExecuteA
SHGetFileInfoA |
comdlg32.dll |
GetOpenFileNameA
|
kernel32.dll (#5) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess ExitThread CreateThread WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
user32.dll (#3) |
GetKeyboardType
LoadStringA MessageBoxA CharNextA |
kernel32.dll (#6) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess ExitThread CreateThread WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
kernel32.dll (#7) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId InterlockedDecrement InterlockedIncrement VirtualQuery WideCharToMultiByte MultiByteToWideChar lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess ExitThread CreateThread WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 0.9.2.0 |
ProductVersion | 0.9.2.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | Russian - Russia |
CompanyName | PainteR |
FileDescription | ProxyEmu |
FileVersion (#2) | 0.9.2.0 |
InternalName | ProxyEmu |
OriginalFilename | emuext.exe |
LegalCopyright | painter |
ProductName | ProxyEmu |
ProductVersion (#2) | 0.9.2.0 |
Resource LangID | English - United States |
---|
StartAddressOfRawData | 0x530000 |
---|---|
EndAddressOfRawData | 0x530010 |
AddressOfIndex | 0x51509c |
AddressOfCallbacks | 0x531010 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks | (EMPTY) |