Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2008-Jan-23 19:25:42 |
Detected languages |
English - United States
Russian - Russia |
CompanyName | Fairdell Software |
FileDescription | HexCmp |
FileVersion | 2.34.0.0 |
InternalName | |
LegalCopyright | Fedor Mishin |
LegalTrademarks | |
OriginalFilename | HexCmp |
ProductName | HexCmp |
ProductVersion | 2.34.0.0 |
Comments |
Suspicious | PEiD Signature: | ASPack v2.12 |
Suspicious | The PE is packed with Aspack or Armadillo |
Unusual section name found:
Unusual section name found: Unusual section name found: Unusual section name found: Unusual section name found: Unusual section name found: Unusual section name found: Unusual section name found: .adata The PE's resources are bigger than it is. |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE is possibly a dropper. |
Resource 1 is possibly compressed or encrypted.
Resource 2 is possibly compressed or encrypted. Resource 3 is possibly compressed or encrypted. Resource 4 is possibly compressed or encrypted. Resource 5 is possibly compressed or encrypted. Resource 6 is possibly compressed or encrypted. Resource 7 is possibly compressed or encrypted. Resource BBABORT is possibly compressed or encrypted. Resource BBALL is possibly compressed or encrypted. Resource BBCANCEL is possibly compressed or encrypted. Resource BBCLOSE is possibly compressed or encrypted. Resource BBHELP is possibly compressed or encrypted. Resource BBIGNORE is possibly compressed or encrypted. Resource BBNO is possibly compressed or encrypted. Resource BBOK is possibly compressed or encrypted. Resource BBRETRY is possibly compressed or encrypted. Resource BBYES is possibly compressed or encrypted. Resource 4084 is possibly compressed or encrypted. Resource 4086 is possibly compressed or encrypted. Resource 4087 is possibly compressed or encrypted. Resource 4088 is possibly compressed or encrypted. Resource 4089 is possibly compressed or encrypted. Resource 4090 is possibly compressed or encrypted. Resource 4091 is possibly compressed or encrypted. Resource 4092 is possibly compressed or encrypted. Resource 4093 is possibly compressed or encrypted. Resource 4094 is possibly compressed or encrypted. Resource 4095 is possibly compressed or encrypted. Resource 4096 is possibly compressed or encrypted. Resource TABOUTFORM is possibly compressed or encrypted. The binary may have been compiled on a machine in the UTC-5 timezone. Resources amount for 213.749% of the executable. |
Suspicious | VirusTotal score: 1/68 (Scanned on 2021-05-19 13:01:01) | APEX: Malicious |
e_magic | MZ |
---|---|
e_cblp | 0x50 |
e_cp | 0x2 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0xf |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0x1a |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x200 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 10 |
TimeDateStamp | 2008-Jan-23 19:25:42 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 5.0 |
SizeOfCode | 0xbc000 |
SizeOfInitializedData | 0x1e000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001000 (Section: ) |
BaseOfCode | 0x1000 |
BaseOfData | 0xbd000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x1ec000 |
SizeOfHeaders | 0x600 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x2000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
kernel32.dll |
GetProcAddress
GetModuleHandleA LoadLibraryA |
---|---|
advapi32.dll |
RegCloseKey
|
version.dll |
GetFileVersionInfoA
|
winspool.drv |
ClosePrinter
|
comctl32.dll |
ImageList_Add
|
comdlg32.dll |
ChooseColorA
|
gdi32.dll |
AbortDoc
|
shell32.dll |
DragAcceptFiles
|
user32.dll |
ActivateKeyboardLayout
|
ole32.dll |
IsEqualGUID
|
oleaut32.dll |
SysAllocStringLen
|
Ordinal | 1 |
---|---|
Address | 0x1059 |
Ordinal | 2 |
---|---|
Address | 0x220f8 |
Ordinal | 3 |
---|---|
Address | 0x22108 |
Ordinal | 4 |
---|---|
Address | 0x22118 |
Ordinal | 5 |
---|---|
Address | 0x2235c |
Ordinal | 6 |
---|---|
Address | 0x2242c |
Ordinal | 7 |
---|---|
Address | 0x224cc |
Ordinal | 8 |
---|---|
Address | 0x22554 |
Ordinal | 9 |
---|---|
Address | 0x226f8 |
Ordinal | 10 |
---|---|
Address | 0x22f24 |
Ordinal | 11 |
---|---|
Address | 0x231a4 |
Ordinal | 12 |
---|---|
Address | 0x23218 |
Ordinal | 13 |
---|---|
Address | 0x23228 |
Ordinal | 14 |
---|---|
Address | 0x23238 |
Ordinal | 15 |
---|---|
Address | 0x2329c |
Ordinal | 16 |
---|---|
Address | 0x2332c |
Ordinal | 17 |
---|---|
Address | 0x2349c |
Ordinal | 18 |
---|---|
Address | 0x237b8 |
Ordinal | 19 |
---|---|
Address | 0x237d4 |
Ordinal | 20 |
---|---|
Address | 0x23b04 |
Ordinal | 21 |
---|---|
Address | 0x23c20 |
Ordinal | 22 |
---|---|
Address | 0x23cf8 |
Ordinal | 23 |
---|---|
Address | 0x24108 |
Ordinal | 24 |
---|---|
Address | 0x24348 |
Ordinal | 25 |
---|---|
Address | 0x249ac |
Ordinal | 26 |
---|---|
Address | 0x249e8 |
Ordinal | 27 |
---|---|
Address | 0x24cc8 |
Ordinal | 28 |
---|---|
Address | 0x24d54 |
Ordinal | 29 |
---|---|
Address | 0x24dd0 |
Ordinal | 30 |
---|---|
Address | 0x24df0 |
Ordinal | 31 |
---|---|
Address | 0x24dfc |
Ordinal | 32 |
---|---|
Address | 0x24e24 |
Ordinal | 33 |
---|---|
Address | 0x27428 |
Ordinal | 34 |
---|---|
Address | 0x276d4 |
Ordinal | 35 |
---|---|
Address | 0x27720 |
Ordinal | 36 |
---|---|
Address | 0x27730 |
Ordinal | 37 |
---|---|
Address | 0x27750 |
Ordinal | 38 |
---|---|
Address | 0x2789c |
Ordinal | 39 |
---|---|
Address | 0x278d4 |
Ordinal | 40 |
---|---|
Address | 0x27a64 |
Ordinal | 41 |
---|---|
Address | 0x27ac0 |
Ordinal | 42 |
---|---|
Address | 0x27afc |
Ordinal | 43 |
---|---|
Address | 0x27bc0 |
Ordinal | 44 |
---|---|
Address | 0x27ec4 |
Ordinal | 45 |
---|---|
Address | 0x28270 |
Ordinal | 46 |
---|---|
Address | 0x28448 |
Ordinal | 47 |
---|---|
Address | 0x28458 |
Ordinal | 48 |
---|---|
Address | 0x28c54 |
Ordinal | 49 |
---|---|
Address | 0x28c64 |
Ordinal | 50 |
---|---|
Address | 0x29970 |
Ordinal | 51 |
---|---|
Address | 0x29980 |
Ordinal | 52 |
---|---|
Address | 0x2a860 |
Ordinal | 53 |
---|---|
Address | 0x2a870 |
Ordinal | 54 |
---|---|
Address | 0x2b7b8 |
Ordinal | 55 |
---|---|
Address | 0x2b7c8 |
Ordinal | 56 |
---|---|
Address | 0x2c0c8 |
Ordinal | 57 |
---|---|
Address | 0x2c0d8 |
Ordinal | 58 |
---|---|
Address | 0x2c1f0 |
Ordinal | 59 |
---|---|
Address | 0x2c200 |
Ordinal | 60 |
---|---|
Address | 0x2c7f0 |
Ordinal | 61 |
---|---|
Address | 0x2c800 |
Ordinal | 62 |
---|---|
Address | 0x2db58 |
Ordinal | 63 |
---|---|
Address | 0x2db68 |
Ordinal | 64 |
---|---|
Address | 0x2e240 |
Ordinal | 65 |
---|---|
Address | 0x2e250 |
Ordinal | 66 |
---|---|
Address | 0x2e5dc |
Ordinal | 67 |
---|---|
Address | 0x2e5ec |
Ordinal | 68 |
---|---|
Address | 0x2f208 |
Ordinal | 69 |
---|---|
Address | 0x2f218 |
Ordinal | 70 |
---|---|
Address | 0x2f338 |
Ordinal | 71 |
---|---|
Address | 0x2f348 |
Ordinal | 72 |
---|---|
Address | 0x2f4c0 |
Ordinal | 73 |
---|---|
Address | 0x2f4d0 |
Ordinal | 74 |
---|---|
Address | 0x2fc64 |
Ordinal | 75 |
---|---|
Address | 0x2fc74 |
Ordinal | 76 |
---|---|
Address | 0x2fc84 |
Ordinal | 77 |
---|---|
Address | 0x2fc94 |
Ordinal | 78 |
---|---|
Address | 0x32660 |
Ordinal | 79 |
---|---|
Address | 0x32670 |
Ordinal | 80 |
---|---|
Address | 0x3a168 |
Ordinal | 81 |
---|---|
Address | 0x3a178 |
Ordinal | 82 |
---|---|
Address | 0x3a850 |
Ordinal | 83 |
---|---|
Address | 0x3a860 |
Ordinal | 84 |
---|---|
Address | 0x3ab68 |
Ordinal | 85 |
---|---|
Address | 0x3ab78 |
Ordinal | 86 |
---|---|
Address | 0xbd484 |
Ordinal | 87 |
---|---|
Address | 0xc975c |
Ordinal | 88 |
---|---|
Address | 0xd694c |
Ordinal | 89 |
---|---|
Address | 0xd695c |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 2.34.0.0 |
ProductVersion | 2.34.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Fairdell Software |
FileDescription | HexCmp |
FileVersion (#2) | 2.34.0.0 |
InternalName | |
LegalCopyright | Fedor Mishin |
LegalTrademarks | |
OriginalFilename | HexCmp |
ProductName | HexCmp |
ProductVersion (#2) | 2.34.0.0 |
Comments |
Resource LangID | Russian - Russia |
---|
StartAddressOfRawData | 0x4db000 |
---|---|
EndAddressOfRawData | 0x4db0b4 |
AddressOfIndex | 0x4d6934 |
AddressOfCallbacks | 0x4dc010 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks | (EMPTY) |