Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2020-Oct-13 03:25:08 |
Detected languages |
Chinese - PRC
English - United States |
Debug artifacts |
E:\vc\AuthcodeToolSelf\authtool\Release\authtool.pdb
|
CompanyName | TODO: <Company name> |
FileDescription | TODO: <File description> |
FileVersion | 1.0.0.1 |
InternalName | authtool.exe |
LegalCopyright | TODO: (c) <Company name>. All rights reserved. |
OriginalFilename | authtool.exe |
ProductName | TODO: <Product name> |
ProductVersion | 1.0.0.1 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2020-Oct-13 03:25:08 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x35c00 |
SizeOfInitializedData | 0x25400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000219EA (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x37000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x62000 |
SizeOfHeaders | 0x400 |
Checksum | 0x60e45 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetOEMCP
GetModuleHandleW FileTimeToSystemTime FileTimeToLocalFileTime GetFileAttributesA GetFileSizeEx GetFileTime SetErrorMode RtlUnwind GetCommandLineA GetStartupInfoA HeapAlloc HeapFree ExitProcess RaiseException VirtualProtect VirtualAlloc GetSystemInfo VirtualQuery HeapReAlloc SetStdHandle GetFileType HeapSize TerminateProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent GetCPInfo IsValidCodePage GetStdHandle FreeEnvironmentStringsA GetEnvironmentStrings FreeEnvironmentStringsW GetEnvironmentStringsW SetHandleCount HeapCreate VirtualFree QueryPerformanceCounter GetSystemTimeAsFileTime InitializeCriticalSectionAndSpinCount GetConsoleCP GetConsoleMode GetStringTypeA GetStringTypeW GetTimeZoneInformation LCMapStringA LCMapStringW WriteConsoleA GetConsoleOutputCP WriteConsoleW CompareStringW SetEnvironmentVariableA GetFullPathNameA GetVolumeInformationA FindFirstFileA FindClose GetCurrentProcess DuplicateHandle GetFileSize SetEndOfFile UnlockFile LockFile FlushFileBuffers SetFilePointer GetThreadLocale InterlockedIncrement TlsFree DeleteCriticalSection LocalReAlloc TlsSetValue TlsAlloc InitializeCriticalSection GlobalHandle GlobalReAlloc EnterCriticalSection TlsGetValue LeaveCriticalSection LocalAlloc GlobalFlags InterlockedDecrement GetModuleFileNameW FormatMessageA LocalFree MulDiv GlobalGetAtomNameA GlobalFindAtomA MultiByteToWideChar lstrcmpW GetVersionExA lstrlenA WritePrivateProfileStringA GlobalUnlock GlobalFree FreeResource GetCurrentProcessId SetLastError GlobalAddAtomA GlobalDeleteAtom GetCurrentThread GetCurrentThreadId ConvertDefaultLocale EnumResourceLanguagesA GetLocaleInfoA LoadLibraryA CompareStringA InterlockedExchange GlobalLock lstrcmpA GlobalAlloc FreeLibrary GetModuleHandleA GetProcAddress OpenEventA GetLocalTime GetModuleFileNameA CreateEventA TerminateThread SetCommMask WaitForSingleObject SetEvent GetTickCount ReadFile CreateFileA GetCommTimeouts SetCommTimeouts GetCommState SetCommState WriteFile GetLastError ClearCommError SetupComm CloseHandle Sleep PurgeComm WideCharToMultiByte FindResourceA LoadResource LockResource GetACP SizeofResource |
---|---|
USER32.dll |
RegisterClipboardFormatA
PostThreadMessageA IsRectEmpty CopyAcceleratorTableA CharNextA CharUpperA GetSysColorBrush ReleaseCapture LoadCursorA SetCapture EndPaint BeginPaint GetWindowDC ReleaseDC GetDC ClientToScreen GrayStringA DrawTextExA DrawTextA TabbedTextOutA DestroyMenu ShowWindow MoveWindow SetWindowTextA IsDialogMessageA RegisterWindowMessageA SendDlgItemMessageA WinHelpA IsChild GetClassLongA GetClassNameA GetPropA RemovePropA SetFocus GetWindowTextLengthA GetWindowTextA GetForegroundWindow GetTopWindow UnhookWindowsHookEx GetMessageTime GetMessagePos MapWindowPoints SetMenu SetForegroundWindow UpdateWindow GetSubMenu GetMenuItemID GetMenuItemCount CreateWindowExA GetClassInfoExA GetClassInfoA RegisterClassA GetSysColor AdjustWindowRectEx EqualRect CopyRect PtInRect GetDlgCtrlID DefWindowProcA CallWindowProcA DrawIcon AppendMenuA SendMessageA GetSystemMenu GetMenu SetWindowLongA OffsetRect IntersectRect SystemParametersInfoA GetWindowPlacement GetWindowRect GetWindow SetWindowContextHelpId MapDialogRect SetWindowPos GetDesktopWindow SetActiveWindow CreateDialogIndirectParamA DestroyWindow UnregisterClassA MessageBeep GetNextDlgGroupItem InvalidateRgn InvalidateRect SetPropA SetRect IsIconic GetClientRect EnableWindow LoadIconA GetSystemMetrics MessageBoxA PostQuitMessage PostMessageA CheckMenuItem EnableMenuItem GetMenuState ModifyMenuA GetParent GetFocus LoadBitmapA GetMenuCheckMarkDimensions SetMenuItemBitmaps ValidateRect GetCursorPos PeekMessageA GetKeyState IsWindowVisible GetActiveWindow DispatchMessageA TranslateMessage GetMessageA CallNextHookEx SetWindowsHookExA SetCursor IsWindowEnabled GetLastActivePopup GetWindowLongA GetWindowThreadProcessId EndDialog GetNextDlgTabItem GetDlgItem IsWindow GetCapture |
GDI32.dll |
ExtSelectClipRgn
DeleteDC GetStockObject GetBkColor GetTextColor CreateRectRgnIndirect GetRgnBox GetMapMode ScaleWindowExtEx SetWindowExtEx ScaleViewportExtEx SetViewportExtEx OffsetViewportOrgEx SetViewportOrgEx SelectObject Escape TextOutA RectVisible CreateBitmap GetWindowExtEx GetViewportExtEx DeleteObject SetMapMode RestoreDC SaveDC ExtTextOutA GetDeviceCaps GetObjectA SetBkColor SetTextColor GetClipBox PtVisible |
COMDLG32.dll |
GetFileTitleA
|
WINSPOOL.DRV |
DocumentPropertiesA
ClosePrinter OpenPrinterA |
ADVAPI32.dll |
RegQueryValueA
RegSetValueExA RegCreateKeyExA RegCloseKey RegOpenKeyA RegEnumKeyA RegDeleteKeyA RegOpenKeyExA RegQueryValueExA |
COMCTL32.dll |
InitCommonControlsEx
|
SHLWAPI.dll |
PathFindFileNameA
PathStripToRootA PathIsUNCA PathFindExtensionA |
oledlg.dll |
#8
|
ole32.dll |
CoRevokeClassObject
OleInitialize CoFreeUnusedLibraries OleUninitialize CreateILockBytesOnHGlobal StgCreateDocfileOnILockBytes StgOpenStorageOnILockBytes OleIsCurrentClipboard CoTaskMemAlloc CoTaskMemFree CLSIDFromString CLSIDFromProgID OleFlushClipboard CoRegisterMessageFilter CoGetClassObject |
OLEAUT32.dll |
#6
#4 #9 #12 #8 #7 #150 #420 #185 #184 #16 #2 #10 |
OLEACC.dll (delay-loaded) |
LresultFromObject
CreateStdAccessibleObject |
Attributes | 0x1 |
---|---|
Name | OLEACC.dll |
ModuleHandle | 0x4d5f4 |
DelayImportAddressTable | 0x4a228 |
DelayImportNameTable | 0x44fb4 |
BoundDelayImportTable | 0x44ff0 |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
&About authtool... |
Open |
Save As |
All Files (*.*) |
Untitled |
an unnamed file |
&Hide |
No error message is available. |
Attempted an unsupported operation. |
A required resource was unavailable. |
Out of memory. |
An unknown error has occurred. |
Encountered an improper argument. |
Incorrect filename. |
Failed to open document. |
Failed to save document. |
Save changes to %1? |
Failed to create empty document. |
The file is too large to open. |
Could not start print job. |
Failed to launch help. |
Internal application error. |
Command failed. |
Insufficient memory to perform operation. |
System registry entries have been removed and the INI file (if any) was deleted. |
Not all of the system registry entries (or INI file) were removed. |
This program requires the file %s, which was not found on this system. |
This program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s. |
Enter an integer. |
Enter a number. |
Enter an integer between %1 and %2. |
Enter a number between %1 and %2. |
Enter no more than %1 characters. |
Select a button. |
Enter an integer between 0 and 255. |
Enter a positive integer. |
Enter a date and/or time. |
Enter a currency. |
Enter a GUID. |
Enter a time. |
Enter a date. |
Unexpected file format. |
%1 |
Cannot find this file. |
Verify that the correct path and file name are given. |
Destination disk drive is full. |
Unable to read from %1, it is opened by someone else. |
Unable to write to %1, it is read-only or opened by someone else. |
Encountered an unexpected error while reading %1. |
Encountered an unexpected error while writing %1. |
%1: %2 |
Continue running script? |
Dispatch exception: %1 |
Unable to read write-only property. |
Unable to write read-only property. |
Unable to load mail system support. |
Mail system DLL is invalid. |
Send Mail failed to send message. |
No error occurred. |
An unknown error occurred while accessing %1. |
%1 was not found. |
%1 contains an incorrect path. |
Could not open %1 because there are too many open files. |
Access to %1 was denied. |
An incorrect file handle was associated with %1. |
Could not remove %1 because it is the current directory. |
Could not create %1 because the directory is full. |
Seek failed on %1 |
Encountered a hardware I/O error while accessing %1. |
Encountered a sharing violation while accessing %1. |
Encountered a locking violation while accessing %1. |
Disk full while accessing %1. |
Attempted to access %1 past its end. |
No error occurred. |
An unknown error occurred while accessing %1. |
Attempted to write to the reading %1. |
Attempted to access %1 past its end. |
Attempted to read from the writing %1. |
%1 has a bad format. |
%1 contained an unexpected object. |
%1 contains an incorrect schema. |
pixels |
Uncheck |
Check |
Mixed |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.0.1 |
ProductVersion | 1.0.0.1 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | TODO: <Company name> |
FileDescription | TODO: <File description> |
FileVersion (#2) | 1.0.0.1 |
InternalName | authtool.exe |
LegalCopyright | TODO: (c) <Company name>. All rights reserved. |
OriginalFilename | authtool.exe |
ProductName | TODO: <Product name> |
ProductVersion (#2) | 1.0.0.1 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Oct-13 03:25:08 |
Version | 0.0 |
SizeofData | 77 |
AddressOfRawData | 0x3f9a8 |
PointerToRawData | 0x3e9a8 |
Referenced File | E:\vc\AuthcodeToolSelf\authtool\Release\authtool.pdb |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x448eb0 |
SEHandlerTable | 0x441f40 |
SEHandlerCount | 130 |
XOR Key | 0xd1f9eaa9 |
---|---|
Unmarked objects | 0 |
C objects (VS2012 build 50727 / VS2005 build 50727) | 10 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 25 |
Total imports | 551 |
ASM objects (VS2008 build 21022) | 27 |
C objects (VS2008 build 21022) | 151 |
C++ objects (VS2008 build 21022) | 160 |
C++ objects (VS2008 SP1 build 30729) | 7 |
Linker (VS2008 SP1 build 30729) | 1 |
Resource objects (VS2008 SP1 build 30729) | 1 |