Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2017-Sep-07 17:52:09 |
Detected languages |
English - United States
|
Debug artifacts |
iexplore.pdb
|
CompanyName | Microsoft Corporation |
FileDescription | Internet Explorer |
FileVersion | 11.00.9600.18817 (winblue_ltsb.170907-0600) |
InternalName | iexplore |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | IEXPLORE.EXE |
ProductName | Internet Explorer |
ProductVersion | 11.00.9600.18817 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to internet browsers:
|
Suspicious | The PE is possibly packed. | Unusual section name found: .didat |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE is possibly a dropper. | Resources amount for 93.8992% of the executable. |
Info | The PE is digitally signed. |
Signer: Microsoft Corporation
Issuer: Microsoft Code Signing PCA |
Safe | VirusTotal score: 0/72 (Scanned on 2020-01-05 07:24:25) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2017-Sep-07 17:52:09 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 11.3 |
SizeOfCode | 0x4200 |
SizeOfInitializedData | 0xbee00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001E40 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x6000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.3 |
ImageVersion | 6.3 |
SubsystemVersion | 6.1 |
Win32VersionValue | 0 |
SizeOfImage | 0xc8000 |
SizeOfHeaders | 0x400 |
Checksum | 0xca218 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0xe000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
msvcrt.dll |
wcschr
rand_s ??_U@YAPAXI@Z _except_handler4_common _controlfp ?terminate@@YAXXZ _wcmdln _initterm __setusermatherr __p__fmode _cexit _exit exit __set_app_type __wgetmainargs _amsg_exit __p__commode _XcptFilter wcsncmp iswspace _vsnwprintf ??_V@YAXPAX@Z iswalpha memset |
---|---|
KERNEL32.dll |
VirtualQuery
SetProcessDEPPolicy GetLastError FreeLibrary GetVersionExA GetSystemInfo LoadLibraryExA VirtualProtect GetNativeSystemInfo RaiseException VirtualAlloc UnhandledExceptionFilter GetCommandLineW SetErrorMode CreateProcessW LoadLibraryExW SetDllDirectoryW GetCurrentProcess GetModuleHandleW InitializeCriticalSection Wow64DisableWow64FsRedirection Wow64RevertWow64FsRedirection TerminateProcess GetProcAddress LocalAlloc IsWow64Process HeapSetInformation DeleteCriticalSection CloseHandle LocalFree ExpandEnvironmentStringsW Sleep GetStartupInfoW SetUnhandledExceptionFilter GetModuleHandleA QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime GetTickCount |
api-ms-win-downlevel-advapi32-l1-1-0.dll |
EventRegister
EventWrite RegQueryValueExW EventUnregister RegGetValueW RegOpenKeyExW RegCloseKey |
iertutil.dll |
#9
#139 #32 #650 #701 |
api-ms-win-downlevel-shlwapi-l1-1-0.dll |
StrStrIW
|
USER32.dll (delay-loaded) |
WaitForInputIdle
IsWindowEnabled GetWindowThreadProcessId SendMessageTimeoutW FindWindowExW IsWindowVisible AllowSetForegroundWindow |
Attributes | 0x1 |
---|---|
Name | USER32.dll |
ModuleHandle | 0x6154 |
DelayImportAddressTable | 0x8000 |
DelayImportNameTable | 0x4fdc |
BoundDelayImportTable | 0 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 11.0.9600.18817 |
ProductVersion | 11.0.9600.18817 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Microsoft Corporation |
FileDescription | Internet Explorer |
FileVersion (#2) | 11.00.9600.18817 (winblue_ltsb.170907-0600) |
InternalName | iexplore |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | IEXPLORE.EXE |
ProductName | Internet Explorer |
ProductVersion (#2) | 11.00.9600.18817 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-Sep-07 17:52:09 |
Version | 0.0 |
SizeofData | 37 |
AddressOfRawData | 0x5158 |
PointerToRawData | 0x4558 |
Referenced File | iexplore.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2017-Sep-07 17:52:09 |
Version | 566.30117 |
SizeofData | 8 |
AddressOfRawData | 0x5150 |
PointerToRawData | 0x4550 |
Size | 0x5c |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x406150 |
SEHandlerTable | 0x4010c8 |
SEHandlerCount | 1 |
GuardCFCheckFunctionPointer | 4223304 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |
XOR Key | 0x52fa8236 |
---|---|
Unmarked objects | 0 |
Imports (VS2008 SP1 build 30729) | 6 |
C++ objects (65501) | 1 |
ASM objects (65501) | 2 |
C objects (65501) | 20 |
Imports (65501) | 13 |
Total imports | 148 |
216 (65501) | 13 |
Resource objects (65501) | 1 |
Linker (65501) | 1 |