Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 1992-Jun-19 22:22:17 |
Detected languages |
English - United States
|
CompanyName | |
FileDescription | |
FileVersion | 6.1 |
InternalName | |
LegalCopyright | |
LegalTrademarks | |
OriginalFileName | |
ProductName | |
ProductVersion | |
Comments |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE header may have been manually modified. |
The resource timestamps differ from the PE header:
|
Malicious | VirusTotal score: 9/69 (Scanned on 2019-05-13 14:11:53) |
K7GW:
Riskware ( 0040eff71 )
K7AntiVirus: Riskware ( 0040eff71 ) F-Secure: PotentialRisk.PUA/AD.FusionCore SentinelOne: DFI - Suspicious PE Cyren: W32/Application.RTMT-0857 Avira: PUA/AD.FusionCore.uzo Microsoft: PUA:Win32/FusionCore Acronis: suspicious Cylance: Unsafe |
e_magic | MZ |
---|---|
e_cblp | 0x50 |
e_cp | 0x2 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0xf |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0x1a |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 7 |
TimeDateStamp | 1992-Jun-19 22:22:17 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0xfd200 |
SizeOfInitializedData | 0x3400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000FE0C4 (Section: CODE) |
BaseOfCode | 0x1000 |
BaseOfData | 0xff000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x105000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_LIBRARY_PROCESS_INIT
|
SizeofStackReserve | 0 |
SizeofStackCommit | 0 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
kernel32.dll |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId WideCharToMultiByte lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
---|---|
user32.dll |
GetKeyboardType
LoadStringA MessageBoxA CharNextA |
advapi32.dll |
RegQueryValueExA
RegOpenKeyExA RegCloseKey |
oleaut32.dll |
SysFreeString
SysAllocStringLen |
kernel32.dll (#2) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId WideCharToMultiByte lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
kernel32.dll (#3) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId WideCharToMultiByte lstrlenA lstrcpynA LoadLibraryExA GetThreadLocale GetStartupInfoA GetProcAddress GetModuleHandleA GetModuleFileNameA GetLocaleInfoA GetCommandLineA FreeLibrary FindFirstFileA FindClose ExitProcess WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
user32.dll (#2) |
GetKeyboardType
LoadStringA MessageBoxA CharNextA |
Ordinal | 1 |
---|---|
Address | 0xf3d48 |
Ordinal | 2 |
---|---|
Address | 0xf3cd4 |
Ordinal | 3 |
---|---|
Address | 0xf3c74 |
Ordinal | 4 |
---|---|
Address | 0xf3bc4 |
Ordinal | 5 |
---|---|
Address | 0xf3ad8 |
Ordinal | 6 |
---|---|
Address | 0xf3a5c |
Ordinal | 7 |
---|---|
Address | 0xf39cc |
Ordinal | 8 |
---|---|
Address | 0xf390c |
Ordinal | 9 |
---|---|
Address | 0xf3894 |
Ordinal | 10 |
---|---|
Address | 0xf3800 |
Ordinal | 11 |
---|---|
Address | 0xf3740 |
Ordinal | 12 |
---|---|
Address | 0xf36e4 |
Ordinal | 13 |
---|---|
Address | 0xf3630 |
Ordinal | 14 |
---|---|
Address | 0xf35a8 |
Ordinal | 15 |
---|---|
Address | 0xf3520 |
Ordinal | 16 |
---|---|
Address | 0xf3454 |
Ordinal | 17 |
---|---|
Address | 0xf33b4 |
Ordinal | 18 |
---|---|
Address | 0xf3118 |
Ordinal | 19 |
---|---|
Address | 0xf3078 |
Ordinal | 20 |
---|---|
Address | 0xf3b6c |
Ordinal | 21 |
---|---|
Address | 0xf32ec |
Ordinal | 22 |
---|---|
Address | 0xf3244 |
Ordinal | 23 |
---|---|
Address | 0xf3180 |
Ordinal | 24 |
---|---|
Address | 0xf3dd4 |
Ordinal | 25 |
---|---|
Address | 0xf6324 |
Ordinal | 26 |
---|---|
Address | 0xf8888 |
Ordinal | 27 |
---|---|
Address | 0xfa098 |
Ordinal | 28 |
---|---|
Address | 0xfa2d8 |
Ordinal | 29 |
---|---|
Address | 0xfb90c |
Ordinal | 30 |
---|---|
Address | 0xfce14 |
Ordinal | 31 |
---|---|
Address | 0xfd5d4 |
November |
December |
Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
Sunday |
Monday |
Tuesday |
Wednesday |
Thursday |
Friday |
Saturday |
Jul |
Aug |
Sep |
Oct |
Nov |
Dec |
January |
February |
March |
April |
May |
June |
July |
August |
September |
October |
Invalid variant type conversion |
Invalid variant operation |
Invalid argument |
External exception %x |
Assertion failed |
Interface not supported |
Exception in safecall method |
%s (%s, line %d) |
Abstract Error |
Access violation at address %p in module '%s'. %s of address %p |
Jan |
Feb |
Mar |
Apr |
May |
Jun |
Invalid pointer operation |
Invalid class typecast |
Access violation at address %p. %s of address %p |
Access violation |
Stack overflow |
Control-C hit |
Privileged instruction |
Exception %s in module %s at %p. |
%s%s |
Application Error |
Format '%s' invalid or incompatible with argument |
No argument for format '%s' |
Variant method calls not supported |
Read |
Write |
Error creating variant or safe array |
Variant or safe array index out of bounds |
Out of memory |
I/O error %d |
File not found |
Invalid filename |
Too many open files |
File access denied |
Read beyond end of file |
Disk full |
Invalid numeric input |
Division by zero |
Range check error |
Integer overflow |
Invalid floating point operation |
Floating point division by zero |
Floating point overflow |
Floating point underflow |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 0.0.6.1 |
ProductVersion | 0.0.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | |
FileDescription | |
FileVersion (#2) | 6.1 |
InternalName | |
LegalCopyright | |
LegalTrademarks | |
OriginalFileName | |
ProductName | |
ProductVersion (#2) | |
Comments |
Resource LangID | English - United States |
---|