Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 1998-Jul-01 18:22:27 |
Detected languages |
English - United States
|
CompanyName | ActiveState Tool Corp. |
FileDescription | Perl Infomation Server |
FileVersion | 5,0,0,0 |
InternalName | PerlSE.dll |
LegalCopyright | Copyright © 1998, developed by ActiveState Tool Corp., http://www.ActiveState.com |
LegalTrademarks | |
OriginalFilename | PerlSE.dll |
ProductName | ActivePerl |
ProductVersion | Build 500 |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ Microsoft Visual C++ v6.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
|
Malicious | The file headers were tampered with. | The RICH header checksum is invalid. |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Safe | VirusTotal score: 0/40 (Scanned on 2010-04-20 05:10:02) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xc8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 1998-Jul-01 18:22:27 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 5.0 |
SizeOfCode | 0x27c00 |
SizeOfInitializedData | 0xde00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0001B080 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x29000 |
ImageBase | 0x1f000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x39000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
LCMapStringA
GetProcAddress LoadLibraryA GetCurrentProcessId GetVersionExA CreateSemaphoreA GetLastError LoadLibraryExA InterlockedExchange GetComputerNameA MultiByteToWideChar WideCharToMultiByte LocalFree FormatMessageA CreateFileA FreeLibrary GetLocaleInfoA GetStringTypeA GetSystemDefaultLangID GetSystemDefaultLCID GetUserDefaultLangID HeapAlloc HeapReAlloc HeapFree ReleaseSemaphore WaitForSingleObject GetDriveTypeA GetVolumeInformationA CreateProcessA GetShortPathNameA CompareStringA GetTickCount EnterCriticalSection FindFirstFileA FreeEnvironmentStringsA GetEnvironmentStrings FindNextFileA GetFileAttributesA TerminateProcess OpenProcess Sleep GetProcessTimes GetCurrentProcess GetExitCodeProcess WaitForMultipleObjects LocalAlloc GetStdHandle CreatePipe TlsSetValue TlsGetValue GetLogicalDriveStringsA GetLogicalDrives GetFullPathNameA HeapCreate HeapDestroy GetSystemTime RemoveDirectoryA SetCurrentDirectoryA GetCurrentDirectoryA CreateDirectoryA SystemTimeToFileTime LocalFileTimeToFileTime WriteFile CloseHandle UnlockFileEx GetUserDefaultLCID LeaveCriticalSection RaiseException GetModuleFileNameA GetCurrentThreadId DeleteCriticalSection InterlockedIncrement GetModuleHandleA InitializeCriticalSection DeleteFileA LockFileEx FindClose ExpandEnvironmentStringsA SetFileTime PeekNamedPipe GetFileInformationByHandle FileTimeToLocalFileTime FileTimeToSystemTime DuplicateHandle SetFileAttributesA GetLocaleInfoW GetStringTypeW CompareStringW MoveFileA GetStartupInfoA SetHandleCount GetFileType SetStdHandle InterlockedDecrement GetCommandLineA GetVersion ExitProcess TlsFree SetLastError TlsAlloc VirtualFree HeapSize FlushFileBuffers VirtualAlloc SetFilePointer LCMapStringW ReadFile GetLocalTime GetTimeZoneInformation SetEndOfFile SetEnvironmentVariableA RtlUnwind GetCPInfo SetUnhandledExceptionFilter IsBadCodePtr IsBadWritePtr IsBadReadPtr GetEnvironmentStringsW FreeEnvironmentStringsW GetOEMCP GetACP |
---|---|
USER32.dll |
GetActiveWindow
MessageBoxA PeekMessageA TranslateMessage DispatchMessageA wsprintfA |
ADVAPI32.dll |
RegDeleteKeyA
RegEnumKeyA LookupAccountNameA GetUserNameA RegisterEventSourceA ReportEventA RegConnectRegistryA RegQueryValueExA RegQueryInfoKeyA RegOpenKeyA RegCloseKey RegSetValueA RegCreateKeyA RegOpenKeyExA RegSetValueExA |
ole32.dll |
CLSIDFromString
CoInitializeEx CoUninitialize CLSIDFromProgID MkParseDisplayName CreateBindCtx CoCreateInstance |
OLEAUT32.dll |
#26
#12 #161 #411 #162 #20 #35 #17 #24 #19 #23 #15 #147 #10 #16 #21 #148 #8 #9 #2 #6 #4 #7 #22 |
WSOCK32.dll |
#17
#16 #13 #12 #11 #151 #10 #7 #6 #56 #55 #54 #53 #19 #18 #52 #51 #4 #2 #1 #111 #15 #14 #9 #8 #116 #115 #20 #21 #22 #23 #57 #5 #3 |
Ordinal | 1 |
---|---|
Address | 0x3c70 |
Ordinal | 2 |
---|---|
Address | 0x3c90 |
Ordinal | 3 |
---|---|
Address | 0x3da0 |
Ordinal | 4 |
---|---|
Address | 0x3d70 |
Ordinal | 5 |
---|---|
Address | 0xd810 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 5.0.0.0 |
ProductVersion | 5.0.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | English - United States |
CompanyName | ActiveState Tool Corp. |
FileDescription | Perl Infomation Server |
FileVersion (#2) | 5,0,0,0 |
InternalName | PerlSE.dll |
LegalCopyright | Copyright © 1998, developed by ActiveState Tool Corp., http://www.ActiveState.com |
LegalTrademarks | |
OriginalFilename | PerlSE.dll |
ProductName | ActivePerl |
ProductVersion (#2) | Build 500 |
Resource LangID | English - United States |
---|
XOR Key | 0x104696 |
---|---|
Unmarked objects | 0 |
Resource objects (VS97 SP3 cvtres 5.00.1668) | 1 |
Unmarked objects (#2) | 481 |
Imports (VS97 SP3 link 5.10.7303) | 1 |