Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2018-Jul-09 16:03:36 |
Detected languages |
English - United States
|
Debug artifacts |
rojects\IDM\Release\IDMan.pdb
|
Comments | http://www.internetdownloadmanager.com |
CompanyName | Tonec Inc. |
FileDescription | Internet Download Manager (IDM) |
FileVersion | 6, 31, 3, 2 |
InternalName | Internet Download Manager |
LegalCopyright | Tonec Inc., Copyright © 1999 - 2018 |
LegalTrademarks | Internet Download Manager |
OriginalFilename | IDMan.exe |
PrivateBuild | |
ProductName | Internet Download Manager (IDM) |
ProductVersion | 6, 31, 3, 2 |
SpecialBuild |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ Microsoft Visual C++ v6.0 Microsoft Visual C++ v5.0/v6.0 (MFC) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE's digital signature is invalid. |
Signer: Tonec Inc.
Issuer: VeriSign Class 3 Code Signing 2010 CA The file was modified after it was signed. |
Suspicious | VirusTotal score: 2/68 (Scanned on 2019-11-16 10:01:27) |
Zillya:
Backdoor.Androm.Win32.62561
Trapmine: malicious.high.ml.score |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x118 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2018-Jul-09 16:03:36 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x230000 |
SizeOfInitializedData | 0x199000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x001EA8BF (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x231000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x3ca000 |
SizeOfHeaders | 0x1000 |
Checksum | 0x3d6a55 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x400000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
WS2_32.dll |
#23
#10 #4 #11 #111 #14 #8 #3 #19 #16 #151 #18 #7 #13 #2 #1 #6 #112 #15 #116 #115 #52 #9 |
---|---|
KERNEL32.dll |
TlsAlloc
GlobalHandle TlsFree GlobalReAlloc TlsSetValue LocalReAlloc TlsGetValue GetProcessVersion GetCPInfo GetOEMCP GetFileTime SetErrorMode WritePrivateProfileStringA FindResourceExA RtlUnwind SetEnvironmentVariableW GetCurrentDirectoryW SetCurrentDirectoryW GlobalFlags GetLocalTime GetSystemTimeAsFileTime RaiseException HeapReAlloc RemoveDirectoryA SetEnvironmentVariableA SetCurrentDirectoryA GetFileInformationByHandle PeekNamedPipe GetFileType GetStartupInfoA GetCommandLineA ExitThread HeapSize GetEnvironmentVariableA HeapDestroy HeapCreate VirtualFree VirtualAlloc IsBadWritePtr LCMapStringA LCMapStringW SetUnhandledExceptionFilter SetStdHandle SetHandleCount GetStdHandle UnhandledExceptionFilter FreeEnvironmentStringsA FreeEnvironmentStringsW GetEnvironmentStrings GetEnvironmentStringsW GetStringTypeA GetStringTypeW IsBadReadPtr IsBadCodePtr CompareStringA CompareStringW VirtualProtect lstrlenW GetCurrentThread GetTickCount GetProfileIntA GetThreadLocale GetFullPathNameA FindFirstFileA UnlockFile LockFile DuplicateHandle lstrcmpA SuspendThread SetThreadPriority ResumeThread FileTimeToLocalFileTime InterlockedIncrement GlobalGetAtomNameA GlobalAddAtomA GlobalFindAtomA GlobalDeleteAtom lstrcpyA CreateProcessA SetThreadExecutionState GetVolumeInformationW CompareFileTime GetDiskFreeSpaceW GetDiskFreeSpaceA GetSystemInfo InterlockedDecrement GetComputerNameA FindResourceA SizeofResource LoadResource LockResource GetCurrentDirectoryA GetACP GetSystemDefaultLangID GetVolumeInformationA DeleteCriticalSection EnterCriticalSection LeaveCriticalSection InitializeCriticalSection lstrcpynA CreateThread SleepEx ReadFile CreateDirectoryA CopyFileW MoveFileA LocalAlloc SetLastError CreateDirectoryW GetFileAttributesExW FileTimeToSystemTime CreateWaitableTimerA SetWaitableTimer CancelWaitableTimer SetFileAttributesW FlushFileBuffers DeviceIoControl GetCurrentThreadId TerminateProcess GetUserDefaultLangID SetEvent lstrlenA SetFileAttributesA DeleteFileA GetWindowsDirectoryW lstrcmpiA GetLocaleInfoA GetDriveTypeW GetVersion GetCurrentProcessId MoveFileW RemoveDirectoryW GetSystemTime SystemTimeToFileTime SetFileTime LoadLibraryW MoveFileExW GetModuleHandleA WriteFile GetProcessHeap HeapFree HeapAlloc OpenProcess lstrcatA GetFileSize CreateFileMappingA MapViewOfFile UnmapViewOfFile SetFilePointer SetEndOfFile GetSystemDirectoryW DeleteFileW GetWindowsDirectoryA GetVersionExA GetExitCodeProcess CreateFileA GetCurrentProcess CreateProcessW GetModuleFileNameW CreateEventA WaitForMultipleObjects ResetEvent GlobalAlloc GlobalFree FindFirstFileW FindNextFileW FindClose CreateFileW CreateMutexA OpenMutexA WaitForSingleObject ReleaseMutex CloseHandle GetSystemDirectoryA GetModuleFileNameA GetFileAttributesA CopyFileA LoadLibraryA GetProcAddress FreeLibrary Sleep GlobalSize GlobalLock GlobalUnlock GetFileAttributesW GetLastError FormatMessageA LocalFree WideCharToMultiByte MultiByteToWideChar MulDiv ExitProcess GetProfileStringA GetTimeZoneInformation |
USER32.dll |
IsRectEmpty
InflateRect CharUpperA IsClipboardFormatAvailable ValidateRect GrayStringA DrawTextA TabbedTextOutA GetMenuCheckMarkDimensions GetMenuState SetMenuItemBitmaps IsDialogMessageA GetDlgItemTextA SendDlgItemMessageA MapWindowPoints GetFocus AdjustWindowRectEx DeferWindowPos BeginDeferWindowPos EndDeferWindowPos GetTopWindow IsChild WinHelpA GetClassInfoA SetWindowsHookExA CallNextHookEx GetClassLongA UnhookWindowsHookEx CallWindowProcA GetMessageTime GetLastActivePopup GetWindowPlacement GetNextDlgTabItem EndDialog CreateDialogIndirectParamA GetParent GetActiveWindow DrawFrameControl SetRect SystemParametersInfoW DrawStateA ModifyMenuW DeleteMenu AppendMenuW DrawTextW DrawIconEx IntersectRect GetSysColorBrush FillRect LockWindowUpdate PeekMessageA SetActiveWindow UnionRect ClientToScreen WindowFromPoint SetDlgItemTextA IsWindowEnabled GetWindowTextLengthW CopyIcon SetFocus DestroyIcon PostQuitMessage GetMessageA TranslateMessage DispatchMessageA UpdateWindow SetCursorPos GetClassNameA CreateDialogParamW CreateDialogParamA SetPropA RemovePropA DefWindowProcW DefWindowProcA CreateWindowExA SetWindowLongA RegisterClassA DefDlgProcA DestroyWindow GetWindowLongA GetWindowDC BeginPaint EndPaint SetDlgItemTextW RegisterWindowMessageA RegisterClipboardFormatA RemoveMenu DrawFocusRect GetMessagePos ScreenToClient LoadCursorA SetCursor EqualRect GetCapture ReleaseCapture SetCapture CreatePopupMenu SystemParametersInfoA GetKeyState ModifyMenuA TrackPopupMenu IsIconic GetSystemMetrics DrawIcon OffsetRect EnableMenuItem SetClipboardViewer CheckMenuItem LoadImageW LoadImageA DestroyMenu ChangeClipboardChain GetMenu EnumWindows SetForegroundWindow IsWindowVisible wsprintfW SendMessageW LoadBitmapA GetMenuItemCount GetMenuItemID GetSubMenu GetDCEx GetNextDlgGroupItem CopyAcceleratorTableA CharNextA PostThreadMessageA GetAsyncKeyState SetRectEmpty MapDialogRect FrameRect SetWindowContextHelpId AppendMenuA CheckMenuRadioItem GetCursorPos PtInRect GetClientRect ReleaseDC CopyRect FindWindowA GetWindowThreadProcessId MsgWaitForMultipleObjects SetParent KillTimer SetTimer InvalidateRect wsprintfA PostMessageA GetForegroundWindow ExitWindowsEx MessageBeep ShowWindow GetWindowTextLengthA MoveWindow GetWindowTextA MessageBoxW GetWindowTextW GetWindowRect CreateWindowExW SetWindowPos SetWindowTextW SetWindowTextA GetDesktopWindow MessageBoxA GetDlgItem GetSysColor GetDlgCtrlID LoadStringA IsWindow SendMessageA GetWindow GetDC EnableWindow LoadIconA IsWindowUnicode ExcludeUpdateRgn ShowCaret HideCaret UnregisterClassA GetPropA |
GDI32.dll |
SetWindowExtEx
GetTextColor GetBkColor EnumFontFamiliesExA CopyMetaFileA ScaleViewportExtEx SetViewportExtEx OffsetViewportOrgEx GetCharWidthA StretchDIBits CombineRgn SetRectRgn CreateRectRgnIndirect PatBlt Escape ExtTextOutA TextOutA RectVisible PtVisible CreatePatternBrush GetWindowExtEx GetViewportExtEx CreateRectRgn IntersectClipRect ExcludeClipRect LPtoDP DPtoLP TranslateCharsetInfo GetTextMetricsA CreateCompatibleBitmap DeleteObject SelectObject StretchBlt BitBlt DeleteDC GetStockObject CreateCompatibleDC GetDIBits SelectClipRgn CreateDIBSection CreateSolidBrush GetTextExtentPoint32W GetTextExtentPoint32A GetObjectA GetTextExtentPointA CreateDIBitmap CreateFontIndirectA GetDeviceCaps CreateFontA SetViewportOrgEx RestoreDC SaveDC CreateBitmap GetClipBox SetBkMode SetBkColor SetTextColor SetStretchBltMode CreateFontIndirectW GetMapMode SetMapMode ScaleWindowExtEx |
comdlg32.dll |
GetSaveFileNameA
GetOpenFileNameA GetFileTitleA GetSaveFileNameW |
ADVAPI32.dll |
CloseServiceHandle
RegQueryValueExA RegOpenKeyExA RegDeleteValueA RegSetValueExA RegCreateKeyExA RegEnumKeyA RegQueryInfoKeyA RegDeleteKeyA RegEnumKeyExA RegQueryValueExW RegSetValueExW RegDeleteValueW RegNotifyChangeKeyValue AdjustTokenPrivileges LookupPrivilegeValueA OpenProcessToken RegFlushKey RegCreateKeyExW GetUserNameW RegLoadKeyA RegRestoreKeyA GetUserNameA RegSaveKeyA OpenSCManagerA OpenServiceA RegCloseKey DuplicateTokenEx GetLengthSid SetTokenInformation CreateProcessAsUserW GetTokenInformation GetSidSubAuthorityCount GetSidSubAuthority RegEnumValueA |
SHELL32.dll |
SHGetMalloc
SHGetDesktopFolder Shell_NotifyIconA SHBrowseForFolderW SHGetPathFromIDListW SHFileOperationW SHFileOperationA ShellExecuteW FindExecutableW ShellExecuteExA ShellExecuteExW SHGetFileInfoW SHGetFileInfoA SHBrowseForFolderA SHGetPathFromIDListA ShellExecuteA |
COMCTL32.dll |
ImageList_AddMasked
ImageList_Add ImageList_Remove #17 #8 ImageList_BeginDrag ImageList_DragShowNolock ImageList_DragMove ImageList_EndDrag ImageList_DragLeave ImageList_Draw ImageList_DragEnter ImageList_GetIcon ImageList_Destroy ImageList_Create PropertySheetA DestroyPropertySheetPage CreatePropertySheetPageA |
oledlg.dll |
#8
|
ole32.dll |
CoTaskMemFree
OleUninitialize CreateStreamOnHGlobal CoRevokeClassObject CoInitialize CoUninitialize CoSetProxyBlanket OleGetClipboard CoRegisterClassObject CoGetObject StringFromGUID2 CoCreateInstance ReleaseStgMedium OleFlushClipboard OleIsCurrentClipboard DoDragDrop CoFreeUnusedLibraries CLSIDFromProgID CLSIDFromString CreateILockBytesOnHGlobal StgCreateDocfileOnILockBytes StgOpenStorageOnILockBytes CoGetClassObject CoRegisterMessageFilter CoTaskMemAlloc OleDuplicateData CoDisconnectObject RevokeDragDrop CoLockObjectExternal OleInitialize RegisterDragDrop |
OLEPRO32.DLL |
#251
#253 |
OLEAUT32.dll |
#2
#150 #185 #12 #10 #8 #9 #183 #19 #20 #25 #161 #7 #4 #6 |
WININET.dll |
InternetSetCookieA
InternetGetCookieA InternetCrackUrlA InternetCanonicalizeUrlA GetUrlCacheEntryInfoW InternetCanonicalizeUrlW InternetCombineUrlA |
&About IDM... |
Displays a Tip of the Day. |
Ti&p of the Day... |
Did you know... |
Tips file does not exist in the prescribed directory |
Trouble reading the tips file |
Add a file to IDM list for downloading later |
Start file downloading |
Launch Internet Download Manager on system startup |
Monitor system Clipboard for links to download with IDM |
Purchase registered copy of IDM |
Make an attempt to find HTTP proxy in Internet Explorer configuration |
Use FTP protocol in passive mode (needed behind firewalls) |
Check for available updates on www.internetdownloadmanager.com |
Register IDM with your registration key |
Click to visit IDM home site |
Contact IDM support team |
Click to know how to get license for IDM |
Move item down |
Move item up |
Remove item from download queue |
Start queue |
Stop queue |
Use this option in an emergency. This can cause the applications to lose data. |
Hide categories |
Check All Files |
Uncheck All Files |
Start Exploring |
Stop Exploring |
Start Downloading the checked files |
Stop downloading the checked files |
Add checked files to the main IDM list and to the download queue |
Browse |
Write a letter to your friend about IDM |
Add new download address manually |
Start/Resume downloading selected file(s) |
Stop downloading selected file(s) |
Stop all downloads |
Remove selected file(s) from the list |
Remove all completed files from the list |
Browsers/System integration, File types, Proxy, Passwords and others |
Scheduler and download queues |
Opening Port |
Port Opened |
Connecting Device |
Device Connected |
All Devices Connected |
Starting Authentication |
Authentication Notify |
Authentication Retry |
Callback Requested |
Change Password Requested |
Projection Phase Started |
Link Speed Calculation |
Authentication Acknowledged |
Reauthenticatation Started |
Authenticated |
Waiting For Modem Reset |
Waiting For Callback |
Interactive |
Retry Authentication |
Callback Set By Caller |
Password Expired |
Connected |
Disconnected |
Run site grabber |
Schedule the project |
Show grabber statistics |
Update all |
Start main download queue, or choose a queue to start from drop-down list |
Stop main download queue, or choose a queue to stop from drop-down list |
Open |
Save As |
All Files (*.*) |
Untitled |
an unnamed file |
&Hide |
No error message is available. |
An unsupported operation was attempted. |
A required resource was unavailable. |
Out of memory. |
An unknown error has occurred. |
Invalid filename. |
Failed to open document. |
Failed to save document. |
Save changes to %1? |
Failed to create empty document. |
The file is too large to open. |
Could not start print job. |
Failed to launch help. |
Internal application error. |
Command failed. |
Insufficient memory to perform operation. |
System registry entries have been removed and the INI file (if any) was deleted. |
Not all of the system registry entries (or INI file) were removed. |
This program requires the file %s, which was not found on this system. |
This program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s. |
Please enter an integer. |
Please enter a number. |
Please enter an integer between %1 and %2. |
Please enter a number between %1 and %2. |
Please enter no more than %1 characters. |
Please select a button. |
Please enter an integer between 0 and 255. |
Please enter a positive integer. |
Please enter a date and/or time. |
Please enter a currency. |
Unexpected file format. |
%1 |
Cannot find this file. |
Please verify that the correct path and file name are given. |
Destination disk drive is full. |
Unable to read from %1, it is opened by someone else. |
Unable to write to %1, it is read-only or opened by someone else. |
An unexpected error occurred while reading %1. |
An unexpected error occurred while writing %1. |
Unable to read write-only property. |
Unable to write read-only property. |
Unable to load mail system support. |
Mail system DLL is invalid. |
Send Mail failed to send message. |
No error occurred. |
An unknown error occurred while accessing %1. |
%1 was not found. |
%1 contains an invalid path. |
%1 could not be opened because there are too many open files. |
Access to %1 was denied. |
An invalid file handle was associated with %1. |
%1 could not be removed because it is the current directory. |
%1 could not be created because the directory is full. |
Seek failed on %1 |
A hardware I/O error was reported while accessing %1. |
A sharing violation occurred while accessing %1. |
A locking violation occurred while accessing %1. |
Disk full while accessing %1. |
An attempt was made to access %1 past its end. |
No error occurred. |
An unknown error occurred while accessing %1. |
An attempt was made to write to the reading %1. |
An attempt was made to access %1 past its end. |
An attempt was made to read from the writing %1. |
%1 has a bad format. |
%1 contained an unexpected object. |
%1 contains an incorrect schema. |
pixels |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 6.31.3.2 |
ProductVersion | 6.31.3.2 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
Comments | http://www.internetdownloadmanager.com |
CompanyName | Tonec Inc. |
FileDescription | Internet Download Manager (IDM) |
FileVersion (#2) | 6, 31, 3, 2 |
InternalName | Internet Download Manager |
LegalCopyright | Tonec Inc., Copyright © 1999 - 2018 |
LegalTrademarks | Internet Download Manager |
OriginalFilename | IDMan.exe |
PrivateBuild | |
ProductName | Internet Download Manager (IDM) |
ProductVersion (#2) | 6, 31, 3, 2 |
SpecialBuild |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Jul-09 16:03:36 |
Version | 0.0 |
SizeofData | 54 |
AddressOfRawData | 0 |
PointerToRawData | 0x3c4000 |
Referenced File | rojects\IDM\Release\IDMan.pdb |
XOR Key | 0x91b3f71d |
---|---|
Unmarked objects | 0 |
12 (7291) | 12 |
C++ objects (8798) | 3 |
19 (8022) | 42 |
C objects (VC++ 6.0 SP5 imp/exp build 8447) | 1 |
Unmarked objects (#2) | 91 |
C++ objects (8047) | 11 |
14 (7299) | 41 |
C objects (8047) | 210 |
C++ objects (8569) | 104 |
Total imports | 645 |
19 (8034) | 19 |
C++ objects (VC++ 6.0 SP5 build 8804) | 261 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |