Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2018-Aug-28 11:05:06 |
Detected languages |
English - United States
|
CompanyName | CERT.at |
ProductName | ProcDOT |
ProductVersion | 1.2 |
FileVersion | 1.2 |
FileDescription | ProcDOT - Visual Malware Analysis |
InternalName | ProcDOT |
OriginalFilename | procdot.exe |
LegalCopyright | Copyright by nic.at / Written by Christian Wojner |
chrisu@procdot.com | |
Website | http://www.procdot.com |
Suspicious | PEiD Signature: |
FASM 1.5x
FASM v1.5x |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 Uses constants related to SHA256 Uses constants related to SHA512 Uses constants related to AES Uses constants related to Blowfish Uses known Diffie-Helman primes Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Safe | VirusTotal score: 0/65 (Scanned on 2019-08-15 22:18:27) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 6 |
TimeDateStamp | 2018-Aug-28 11:05:06 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32+ |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x1a2a00 |
SizeOfInitializedData | 0x47e200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000001000 (Section: .code) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0x624000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
msvcrt.dll |
memset
memcpy wcslen wcscpy wcscat _wcsicmp wcsncpy strncpy malloc free strncmp memmove memcmp printf wcschr wcscmp sscanf _stricmp sprintf strcpy strlen strcat _wstat _wcsdup strcmp floor ceil acos atan2 fread longjmp _setjmp _wfopen fclose fseek ftell strstr _strnicmp _snwprintf _wtoi _wcsnicmp _strdup wcsstr wcsncmp tolower _localtime64 _mktime64 _itow _gmtime64 sinf cosf fmodf abs fabs pow ??3@YAXPEAX@Z ??2@YAPEAX_K@Z fmod cos sin tan atan setlocale swscanf _isnan calloc _errno strrchr memchr abort _close _wopen realloc _setmode _lseeki64 exit _open_osfhandle strchr _snprintf wctomb _get_osfhandle _open toupper mbstowcs frexp modf fopen strerror atof fflush ferror remove fwrite __iob_func fprintf getenv srand rand _vsnwprintf ??1type_info@@UEAA@XZ ?terminate@@YAXXZ __C_specific_handler |
---|---|
KERNEL32.dll |
GetModuleHandleW
HeapCreate HeapDestroy ExitProcess CreateToolhelp32Snapshot Process32FirstW Process32NextW CloseHandle GetCurrentProcessId FreeLibrary GetVersion OpenProcess TerminateProcess HeapFree TlsGetValue HeapAlloc TlsSetValue TlsAlloc UnregisterWait EnterCriticalSection LeaveCriticalSection TlsFree DeleteCriticalSection InitializeCriticalSection GetCurrentProcess GetCurrentThread DuplicateHandle RegisterWaitForSingleObject WaitForSingleObject LoadLibraryW GetProcAddress HeapReAlloc GetCurrentThreadId MultiByteToWideChar GetCommandLineW CreatePipe GetStdHandle CreateProcessW GetEnvironmentVariableW SetEnvironmentVariableW PeekNamedPipe GetExitCodeProcess GetEnvironmentStringsW FreeEnvironmentStringsW GetModuleFileNameW ReadFile GetLastError CreateFileW GetFileSize SetFilePointer WideCharToMultiByte SetEndOfFile WriteFile DeleteFileW RtlLookupFunctionEntry RtlVirtualUnwind RemoveVectoredExceptionHandler AddVectoredExceptionHandler GetTickCount GetTempPathW CreateDirectoryW GetDriveTypeW FindFirstFileW FindClose GetFileAttributesW SetFileAttributesW FindNextFileW CopyFileW MoveFileW RemoveDirectoryW FileTimeToLocalFileTime FileTimeToSystemTime GetVersionExW Sleep GlobalLock GlobalSize GlobalUnlock GlobalAlloc GlobalFree SetErrorMode GetDiskFreeSpaceW CompareFileTime GetWindowsDirectoryW GetLogicalDrives GetDateFormatW GetTimeFormatW WaitForMultipleObjects ResetEvent SetEvent FindCloseChangeNotification FindNextChangeNotification TerminateThread CreateEventW CreateThread FindFirstChangeNotificationW QueryPerformanceFrequency QueryPerformanceCounter SetLastError GetLocalTime FlushFileBuffers AllocConsole GetConsoleScreenBufferInfo SetConsoleCtrlHandler SetConsoleTitleW WriteConsoleW GlobalReAlloc HeapSize MulDiv IsValidCodePage GetACP GetOEMCP GetFileType GetFileInformationByHandle GetFileAttributesA CreateFileA GetFullPathNameW |
USER32.DLL |
GetWindowLongPtrW
GetDesktopWindow GetDC ReleaseDC AttachThreadInput FindWindowW GetForegroundWindow GetKeyboardLayout GetTopWindow GetWindow GetWindowTextW GetWindowThreadProcessId IsWindow SendInput SendMessageW SetForegroundWindow ShowWindow VkKeyScanExW GetParent SetPropW DestroyWindow CreateWindowExW SetWindowPos LoadIconW GetPropW SetWindowLongPtrW GetCapture ReleaseCapture CallWindowProcW GetWindowRect GetClientRect RemovePropW FillRect GetIconInfo DrawStateW InvalidateRect IsZoomed MoveWindow MessageBoxW DefWindowProcW GetWindowTextLengthW EnableWindow UnregisterClassW LoadCursorW RegisterClassExW IsWindowEnabled GetSystemMetrics SetFocus CreateAcceleratorTableW BringWindowToTop GetMessageW TranslateAcceleratorW TranslateMessage DispatchMessageW DestroyAcceleratorTable IsWindowVisible EnumWindows SetMenu DestroyMenu CreatePopupMenu AppendMenuW CreateMenu GetCursorPos GetMenuItemInfoW SetMenuItemInfoW TrackPopupMenu GetMenu EnableMenuItem ModifyMenuW ScreenToClient ClientToScreen MapWindowPoints SetWindowTextW GetKeyState BeginPaint EndPaint ClipCursor RedrawWindow GetMessagePos ChildWindowFromPointEx SetCursor SetCapture GetFocus DrawFocusRect GetSysColor GetSysColorBrush SetRect DrawTextW GetWindowLongW SetScrollInfo GetScrollPos GetScrollRange SetScrollPos UpdateWindow InflateRect GetWindowDC GetClassNameW PostMessageW PeekMessageW IntersectRect ValidateRect GetUpdateRect SetClassLongPtrW SetParent DrawFrameControl SetTimer KillTimer FrameRect CreateDialogParamW SendDlgItemMessageW GetDlgItemTextW SetDlgItemTextW DestroyIcon EndDialog LoadStringW GetScrollInfo EnumPropsExW SetActiveWindow IsIconic MsgWaitForMultipleObjects GetActiveWindow GetAncestor IsDialogMessageW AdjustWindowRectEx RegisterClassW DefFrameProcW EnumChildWindows IsChild RegisterWindowMessageW EnumDisplaySettingsW OpenClipboard EmptyClipboard SetClipboardData CloseClipboard GetClipboardData DrawIconEx CopyImage CreateIconFromResourceEx CreateIconFromResource CharLowerW CharUpperW |
GDI32.DLL |
GetObjectW
BitBlt GetObjectType DeleteObject IntersectClipRect GetStockObject SelectObject GetTextExtentPoint32W CreateCompatibleDC DeleteDC CreateCompatibleBitmap CreateDIBSection GdiGetBatchLimit GdiSetBatchLimit SetTextColor SetBkColor ExcludeClipRect SetBkMode CreateBrushIndirect CreateRectRgnIndirect SelectClipRgn TextOutW CreatePen MoveToEx LineTo CreateRectRgn CreateDCW SetStretchBltMode StretchBlt CreateSolidBrush GetDeviceCaps GetClipRgn ExtSelectClipRgn SelectPalette RealizePalette GetDIBits StretchDIBits SetTextAlign SetBrushOrgEx CreateFontIndirectW SetPixelV Rectangle Ellipse SetROP2 GetPixel ExtFloodFill RoundRect GetTextMetricsW CreateBitmap SetPixel GetObjectA CreateFontW |
ADVAPI32.DLL |
RegDeleteKeyW
RegConnectRegistryW RegOpenKeyExW RegEnumKeyExW RegCloseKey RegCreateKeyExW RegSetValueExW RegisterEventSourceW ReportEventW DeregisterEventSource RegDeleteValueW RegEnumValueW RegQueryValueExW CryptAcquireContextW CryptGenRandom CryptReleaseContext |
OLEAUT32.DLL |
SysFreeString
SysAllocString VariantInit DispGetParam VariantClear SysStringLen |
OLE32.DLL |
CoInitialize
CoTaskMemFree OleInitialize CreateStreamOnHGlobal GetHGlobalFromStream RevokeDragDrop OleCreate OleSetContainedObject |
SHELL32.DLL |
ShellExecuteExW
SHGetFolderLocation SHGetPathFromIDListW SHGetFileInfoW SHGetSpecialFolderLocation |
WSOCK32.DLL |
closesocket
WSACleanup WSAStartup socket inet_addr gethostbyname htons bind ioctlsocket connect select __WSAFDIsSet send sendto recvfrom recv |
WINMM.DLL |
timeBeginPeriod
|
gdiplus.dll |
GdipDeleteFont
GdipDeleteGraphics GdipDeletePath GdipDeleteMatrix GdipDeletePen GdipDeleteStringFormat GdipFree GdipGetDpiX GdipGetDpiY GdiplusStartup GdipCreateFontFromDC GdipCreateFromHDC GdipCreatePath GdipCreateMatrix GdipCreatePen1 GdipCreateSolidFill GdipDeleteBrush GdipAlloc GdipCloneBrush GdipCloneStringFormat GdipStringFormatGetGenericTypographic GdipGetStringFormatFlags GdipScaleMatrix GdipSetCompositingMode GdipSetStringFormatFlags GdipSetInterpolationMode GdipSetPageUnit GdipSetSmoothingMode GdipSetTextRenderingHint GdipTranslateWorldTransform GdipCreateFontFromLogfontA GdipCreateFont GdipDeleteFontFamily GdipGetFamily GdipGetFontSize GdipGetFontStyle GdipAddPathString GdipClosePathFigure GdipGetPathWorldBounds GdipGetFontUnit GdipMeasureString GdipGetCellAscent GdipGetEmHeight GdipSetPenColor GdipSetPenDashOffset GdipSetPenDashArray GdipDrawPath GdipSetPenDashStyle GdipSetPenLineCap197819 GdipSetPenLineJoin GdipSetPenWidth GdipStartPathFigure GdipDrawString GdipGetWorldTransform GdipSetMatrixElements GdipResetWorldTransform GdipTransformPath GdipTranslateMatrix GdipRotateMatrix GdipFillPath GdipAddPathLine GdipRestoreGraphics GdipSaveGraphics GdipSetStringFormatAlign GdipSetStringFormatLineAlign GdipSetStringFormatTrimming GdipAddPathArc GdipAddPathBezier GdipResetPath GdipSetPathFillMode GdipInvertMatrix GdipMultiplyMatrix GdipMultiplyWorldTransform GdipTransformMatrixPoints |
COMDLG32.DLL |
GetSaveFileNameW
GetOpenFileNameW ChooseColorW |
COMCTL32.DLL |
CreateToolbarEx
ImageList_SetIconSize ImageList_ReplaceIcon CreateStatusWindowW InitCommonControlsEx _TrackMouseEvent ImageList_Destroy ImageList_GetImageCount ImageList_Duplicate ImageList_SetBkColor ImageList_Replace ImageList_Add ImageList_Remove ImageList_AddMasked ImageList_Create ImageList_GetIconSize |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.2.0.0 |
ProductVersion | 1.2.0.0 |
FileFlags | (EMPTY) |
FileOs | (EMPTY) |
FileType |
VFT_UNKNOWN
|
Language | UNKNOWN |
CompanyName | CERT.at |
ProductName | ProcDOT |
ProductVersion (#2) | 1.2 |
FileVersion (#2) | 1.2 |
FileDescription | ProcDOT - Visual Malware Analysis |
InternalName | ProcDOT |
OriginalFilename | procdot.exe |
LegalCopyright | Copyright by nic.at / Written by Christian Wojner |
chrisu@procdot.com | |
Website | http://www.procdot.com |
Resource LangID | English - United States |
---|