8abdc20f619641e29aa9ad2b999a0dcc

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1992-Jun-19 22:22:17
Detected languages English - United States
Russian - Russia
CompanyName PainteR
FileDescription ProxyEmu
FileVersion 0.9.2.0
InternalName ProxyEmu
OriginalFilename emuext.exe
LegalCopyright painter
ProductName ProxyEmu
ProductVersion 0.9.2.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious PEiD Signature: PolyEnE 0.01+ by Lennart Hedlund
Info Interesting strings found in the binary: Contains domain names:
  • adobe.com
  • helpx.adobe.com
  • https://helpx.adobe.com
  • https://helpx.adobe.com/creative-cloud/packager/creative-cloud-licensing-identifiers.html
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE is possibly packed. Unusual section name found: .pr0
Section .pr0 is both writable and executable.
Unusual section name found: .pr1
Section .pr1 is both writable and executable.
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryExA
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryW
 Functions which can be used for anti-debugging purposes:
  • FindWindowA
  • CreateToolhelp32Snapshot
 Code injection capabilities:
  • VirtualAlloc
  • WriteProcessMemory
  • VirtualAllocEx
  • OpenProcess
 Code injection capabilities (PowerLoader):
  • GetWindowLongA
  • FindWindowA
 Can access the registry:
  • RegQueryValueExA
  • RegOpenKeyExA
  • RegCloseKey
 Possibly launches other programs:
  • CreateProcessA
  • ShellExecuteA
 Can create temporary files:
  • GetTempPathA
  • CreateFileA
 Uses functions commonly found in keyloggers:
  • MapVirtualKeyA
  • GetForegroundWindow
  • CallNextHookEx
 Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualAllocEx
  • VirtualProtect
 Manipulates other processes:
  • WriteProcessMemory
  • ReadProcessMemory
  • OpenProcess
 Can take screenshots:
  • CreateCompatibleDC
  • BitBlt
  • GetDCEx
  • GetDC
  • FindWindowA
 Reads the contents of the clipboard:
  • GetClipboardData
Suspicious The PE header may have been manually modified. The resource timestamps differ from the PE header:
  • 2016-Nov-04 18:46:22
Malicious VirusTotal score: 50/72 (Scanned on 2020-04-25 16:42:29) MicroWorld-eScan: Application.Hacktool.YH
CAT-QuickHeal: Adware.Win32
McAfee: HTool-Crack
Cylance: Unsafe
Sangfor: Malware
K7AntiVirus: Unwanted-Program ( 004d38111 )
Alibaba: HackTool:Win32/Keygen.190419
K7GW: Unwanted-Program ( 004d38111 )
Cybereason: malicious.f61964
Invincea: heuristic
Cyren: W32/Trojan.PLPH-6178
Symantec: PUA.Keygen
ESET-NOD32: a variant of Win32/HackTool.Crack.FS potentially unsafe
APEX: Malicious
Paloalto: generic.ml
ClamAV: Win.Malware.Agent-6370066-0
BitDefender: Application.Hacktool.YH
Avast: FileRepMalware [PUP]
Ad-Aware: Application.Hacktool.YH
Sophos: Generic PUA MK (PUA)
Comodo: ApplicUnwnt@#2u9oe899fvalr
VIPRE: Trojan.Win32.Generic!BT
TrendMicro: CRCK_PATCH
McAfee-GW-Edition: BehavesLike.Win32.Generic.vc
FireEye: Generic.mg.8abdc20f619641e2
SentinelOne: DFI - Malicious PE
Jiangmin: Trojan.Generic.bdaap
Webroot: W32.Riskware.Patcher
eGambit: Unsafe.AI_Score_99%
Antiy-AVL: Trojan/Win32.TGeneric
Microsoft: HackTool:Win32/Patcher
Endgame: malicious (high confidence)
Arcabit: Application.Hacktool.YH
AegisLab: Riskware.Win32.Crack.1!c
GData: Application.Hacktool.YH
AhnLab-V3: Unwanted/Win32.KeyGen.R268822
Acronis: suspicious
ALYac: Misc.Keygen
MAX: malware (ai score=100)
Malwarebytes: CrackTool.Agent
Zoner: Trojan.Win32.48198
TrendMicro-HouseCall: CRCK_PATCH
Rising: HackTool.Patcher!8.2DD (CLOUD)
Yandex: PUP.Crack!
Ikarus: not-a-virus:Crack.Adobe
MaxSecure: Trojan.Basine.A.Crpt
Fortinet: Riskware/HackTool_Crack_FS
BitDefenderTheta: Gen:NN.ZelphiF.34106.zQ0@a8YkUjdi
AVG: FileRepMalware [PUP]
CrowdStrike: win/malicious_confidence_100% (W)

Hashes

MD5 8abdc20f619641e29aa9ad2b999a0dcc
SHA1 caad125358d2ae6d217e74cfcd175ac81c43c729
SHA256 cdc95d0113a2af05c2e70fab23f6c218ae583ebcb47077dd5b705a476f9d6b96
SHA3 cae01a827cc46ff789c01068e080152164bbb04962ff57b0ad4f2c4ce2fac3bf
SSDeep 49152:+kLvWlT+7CZ1k+1T0RSkXDE+QO6oP4DQ4E7U+:+kCZ1bad4+QOJgDQI
Imports Hash f9b971868e29335c16ceaa707224081b

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 10
TimeDateStamp 1992-Jun-19 22:22:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x113a00
SizeOfInitializedData 0x83400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0024723F (Section: .pr1)
BaseOfCode 0x1000
BaseOfData 0x115000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x26b000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

CODE

MD5 29de39ddc84d3e785ebfdccbd6faf7e6
SHA1 199d0121f0ab2107605db6f166628057b0c471d5
SHA256 5650288a9b4fd10c94c845085bec26f333e991ce767add60d98f2210a182d7d6
SHA3 da37558fbf8e452c3f346f1f25efedbb116dd38869925f566f6cc8de914a5732
VirtualSize 0x113900
VirtualAddress 0x1000
SizeOfRawData 0x113a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.52752

DATA

MD5 9a741c4d302edf27a7516dcf6aeb8970
SHA1 04f2058d2d3a0ce0bf9bcf8c3a619c75f572bb4e
SHA256 2184b9411d4803aa647f30e1df4e2a2c17d2e4a360c773ca1af60e872e04a957
SHA3 f5d0e3b0e0cf07373883cfa48840abdaa434ea8a5b4e7051b1a99540d1131d28
VirtualSize 0x15b8c
VirtualAddress 0x115000
SizeOfRawData 0x15c00
PointerToRawData 0x113e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.14643

BSS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x11bd
VirtualAddress 0x12b000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 bf49aec44e8bdd743d3a48bacbd04b99
SHA1 e8eb8948dce3b4a9594f7cc3791767e62fa07ad9
SHA256 e0e378a13b45ef5fb7a6f7bd134f4a461ec0251d4a3c127fcd2d821766783ffc
SHA3 5b931cce85479954cb0e75323886c9c2939126e864716d71de427a85e6a0fd6e
VirtualSize 0x29b4
VirtualAddress 0x12d000
SizeOfRawData 0x2a00
PointerToRawData 0x129a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.09216

.tls

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x10
VirtualAddress 0x130000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata

MD5 dd5b4ecd178e5866934d5e7368ca8415
SHA1 15ee01b6d328c1557fdcb4c4ba94f946033c41d9
SHA256 a69975fe7d708de59fcb3a21a3628e5315ab548565b2221a0b05d125618777e3
SHA3 fb6c1b59ff5a26e4dd1577b4eeec1c0c000a3e7310e059a207f385b5626c36f0
VirtualSize 0x18
VirtualAddress 0x131000
SizeOfRawData 0x200
PointerToRawData 0x12c400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 0.164765

.pr0

MD5 cf4188ce38e74a5ee61b1fe69fa88776
SHA1 0aa0031904b77663da61367818d1c5cc8257ca24
SHA256 1234e97d7215d4b96ad682151f3c2e63322d271f9eb4b5cac45508c2158ab8a4
SHA3 cb07b7c61bb0ac516ad07982fe2e517d547c01c388ae7387c125f97099179578
VirtualSize 0x113736
VirtualAddress 0x132000
SizeOfRawData 0x113800
PointerToRawData 0x12c600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.90531

.pr1

MD5 cc12fadd0ff200d66b02caa78aa0d5b3
SHA1 1c43d990fdd8f095b194759514873fc058ac617a
SHA256 440bfa3a8ea0187c5ece127826babe31d3aa0f1aad92846fe49d63030748351c
SHA3 4c5105cfca08ec2a60956b790fe3b2680dc343bdfdb43ff6764a9bee0d91638b
VirtualSize 0xed59
VirtualAddress 0x246000
SizeOfRawData 0xee00
PointerToRawData 0x23fe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.21496

.reloc

MD5 8f2716d046661b928f420fb6b2561cb3
SHA1 bfb89cdfd00c8b2aa1182bd83ca50be0d822f4a3
SHA256 916bb5b9a72d1836582121267a83e900427437a72f2fa1fc24cb83da289a3160
SHA3 35f7c523aa49cdec288f557b18bbebe549c890d9c3d4811e8690109b81c7b6e0
VirtualSize 0xf400
VirtualAddress 0x255000
SizeOfRawData 0xf400
PointerToRawData 0x24ec00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 6.67919

.rsrc

MD5 d6ab8b4b7dbe61a34789c0816b6d3378
SHA1 e73197c64aac11985c2cfe97c75ab0ad129bbda2
SHA256 5d9eae9695e777c5b0fe7bc58741ec33c9d0e8a85f1b67fa37341602d4c3fac7
SHA3 ad53c65363c55f3f43f415633ff2e4ee091d890a95cc061037d20fdf5f082612
VirtualSize 0x5e92
VirtualAddress 0x265000
SizeOfRawData 0x6000
PointerToRawData 0x25e000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 6.01664

Imports

kernel32.dll DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll SysFreeString
SysReAllocStringLen
SysAllocStringLen
kernel32.dll (#2) DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
advapi32.dll (#2) RegQueryValueExA
RegOpenKeyExA
RegCloseKey
kernel32.dll (#3) DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
version.dll VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
gdi32.dll UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixelV
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsA
GetTextExtentPointA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapDimensionEx
GetBitmapBits
GdiFlush
ExtTextOutA
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateFontIndirectA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CombineRgn
BitBlt
user32.dll (#2) GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
kernel32.dll (#4) DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
oleaut32.dll (#2) SysFreeString
SysReAllocStringLen
SysAllocStringLen
ole32.dll OleUninitialize
OleInitialize
CoUninitialize
CoInitialize
oleaut32.dll (#3) SysFreeString
SysReAllocStringLen
SysAllocStringLen
comctl32.dll ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
shell32.dll ShellExecuteA
SHGetFileInfoA
shell32.dll (#2) ShellExecuteA
SHGetFileInfoA
comdlg32.dll GetOpenFileNameA
kernel32.dll (#5) DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll (#3) GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
kernel32.dll (#6) DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
kernel32.dll (#7) DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x19b4
TimeDateStamp 2016-Nov-04 18:46:22
Entropy 7.88566
Detected Filetype PNG graphic file
MD5 0edbdaa8f090e7e9f831f03279b06209
SHA1 966fe0a9284c7da2bed1e3203069559778d607db
SHA256 50d47edba016d286611c4de4aa28592df5f80756e01bbb6688832630a3f90b86
SHA3 d6f0f91d651c075743160e72f03f3ede904c4bc39f1365a9b669d968daa77fdf

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 2016-Nov-04 18:46:22
Entropy 4.28302
MD5 369b539c1b6d2545fc55b1f6fe13627e
SHA1 f11300f8608cdc1518093c3d9e61abec4bcd7b12
SHA256 d7f1bc7c27c6d3a8783be86f8ac9d3304076872f64ab633d1b7afece6b3b82f3
SHA3 3eeec133434aa5a3e5530b8a8c20e16982b673144fd46bc1aad7363d98b2398f

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 2016-Nov-04 18:46:22
Entropy 4.36835
MD5 068921808d28752d6b2fd8f2924bdbff
SHA1 b8e0b31cba8c93a74b7a7e623849948a0f13ce84
SHA256 6a65d4c13fe5868f1a8865c75b992feea55a7b2a5b5840650e6d7aad88cfdfd0
SHA3 24ffc230ebe0022fa25137ccbc42e67a502ebea81812bf8931cfbe8f3a292d9f

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 2016-Nov-04 18:46:22
Entropy 4.39554
MD5 868523ff8c30ab3568d29a64ecb9a159
SHA1 e1fc78042ae699e46da9896c931bf8ede0ccd5d0
SHA256 0a8c3eb2a617fda6425f52b3d4c4da38988e588fad2a5051af0f0027f511f8d8
SHA3 29247abf80943eec5da6c927c88cc35f6e042d77ac4ba9cc2aa7ea66a7014a98

MAINICON

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x3e
TimeDateStamp 2016-Nov-04 18:46:22
Entropy 2.44608
Detected Filetype Icon file
MD5 d9e3948c0d8a92624e056377a09f7e89
SHA1 38f63391d1e566064551cfb3ef6037c8d9523343
SHA256 dcc4af09b581fc120ee178f5ff17100f5c9db70aded72b614e8c232b231af672
SHA3 d57d09f94b9b58e0ae44578ad2890d2072c05ee5e14db1aac2f61360e109fe55

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x288
TimeDateStamp 2016-Nov-04 18:46:22
Entropy 3.27105
MD5 566e1d9a4fb5b5599f71a69b13336689
SHA1 0034840770e316062baea72c92f486a8a687b352
SHA256 7656cc1c8976b3128a8be7c8e86d35f066df74d71f2903e541cd2cfa0198582c
SHA3 16823395fdfaf67c9c84b27e148552c69b8614048378af31a02d29c708b85366

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x58a
TimeDateStamp 2016-Nov-04 18:46:22
Entropy 5.27457
MD5 b6a76cef16bf76882df1838e5e407059
SHA1 df31b4ecb6a473d9c6cdc88851bb76684488f865
SHA256 25b617578449687059bbc329fb16588a7d847411a7df0b08583d6b7cbd0b7c96
SHA3 94930cdd492c9387a01a869ed79b89764636ced9dee6c726990c79e8b24ec0c0

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 0.9.2.0
ProductVersion 0.9.2.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DLL
Language Russian - Russia
CompanyName PainteR
FileDescription ProxyEmu
FileVersion (#2) 0.9.2.0
InternalName ProxyEmu
OriginalFilename emuext.exe
LegalCopyright painter
ProductName ProxyEmu
ProductVersion (#2) 0.9.2.0
Resource LangID English - United States

TLS Callbacks

StartAddressOfRawData 0x530000
EndAddressOfRawData 0x530010
AddressOfIndex 0x51509c
AddressOfCallbacks 0x531010
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0! [*] Warning: Section .tls has a size of 0!
<-- -->