a15529c0a97b92879ef5b51a50d5df0c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1998-Jul-01 18:22:27
Detected languages English - United States
CompanyName ActiveState Tool Corp.
FileDescription Perl Infomation Server
FileVersion 5,0,0,0
InternalName PerlSE.dll
LegalCopyright Copyright © 1998, developed by ActiveState Tool Corp., http://www.ActiveState.com
LegalTrademarks
OriginalFilename PerlSE.dll
ProductName ActivePerl
ProductVersion Build 500

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++
Microsoft Visual C++ v6.0
Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentControlSet\Services
 Miscellaneous malware strings:
  • cmd.exe
Malicious The file headers were tampered with. The RICH header checksum is invalid.
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryExA
 Can access the registry:
  • RegDeleteKeyA
  • RegEnumKeyA
  • RegQueryValueExA
  • RegQueryInfoKeyA
  • RegOpenKeyA
  • RegCloseKey
  • RegSetValueA
  • RegCreateKeyA
  • RegOpenKeyExA
  • RegSetValueExA
 Possibly launches other programs:
  • CreateProcessA
 Enumerates local disk drives:
  • GetDriveTypeA
  • GetVolumeInformationA
  • GetLogicalDriveStringsA
 Manipulates other processes:
  • OpenProcess
Safe VirusTotal score: 0/40 (Scanned on 2010-04-20 05:10:02) All the AVs think this file is safe.

Hashes

MD5 a15529c0a97b92879ef5b51a50d5df0c
SHA1 f4eb1e085aa1856699bb478cfdbfa7ebe60b10d9
SHA256 4230010391726ec315252927826653ec04a6c1dcaee62c678f9107972afd9f31
SHA3 d56eed7db6f2078fe4b99e04f5b6bae4be9d36f2b7f07d4608f3bdfdec4095de
SSDeep 6144:1SrAm/V0qNU42TrLY0MdT4WtPixtBRw/dwzLib2GV:1SkIV0qgTnX3e
Imports Hash fd690a25155cf2044da2d7d4c851f02d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 1998-Jul-01 18:22:27
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 5.0
SizeOfCode 0x27c00
SizeOfInitializedData 0xde00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0001B080 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x29000
ImageBase 0x1f000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x39000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d3ec6977e868c10f428f22ba613d7b5f
SHA1 20a267f5b35c6828b885206d27a76d526eddf217
SHA256 874001a9a96df34686c82c259659cb234a49f8cc7cd9d33916c52c865715768c
SHA3 11981e64f903401c4d302aea6f7979c73e35a55498c1bf7a46ce327d3069941b
VirtualSize 0x27b6a
VirtualAddress 0x1000
SizeOfRawData 0x27c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.49148

.rdata

MD5 25f70414d255db944b0c424607f23e86
SHA1 2b3f0fb3950a3341dd4deab8ab28699a4439bbc1
SHA256 ca3a92c07751cfa673dac52c06cca55249146cebea2043484f9ae37274309652
SHA3 da107300cb6a839263a5c471e08aa94d94ba51ee3acc93ec8429bf319a7c6102
VirtualSize 0x37dd
VirtualAddress 0x29000
SizeOfRawData 0x3800
PointerToRawData 0x28000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.43228

.data

MD5 f9760f1d75b0176619c2edaf1cc20597
SHA1 de362fa0f94879ed88e8028b7958a078f17e9b0f
SHA256 4bd0c7f8f714761237a519f1b3f3d32dfbd789d6169ed3ccaabc629a0084e300
SHA3 38c217336d8d02d698d311eeb03c72d65a115df0ce6a76cef180ba09dac6f2cc
VirtualSize 0x7684
VirtualAddress 0x2d000
SizeOfRawData 0x5c00
PointerToRawData 0x2b800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.97869

.rsrc

MD5 581df83823f2a9abbfd146a2aded7fc8
SHA1 39918194d5ebd2a7c6cac0a1c27f0acbf000d42d
SHA256 7af1d34017de670a57ad20f0df56edc572283ed43370fcb6db7d4ca34d3c89cb
SHA3 e34ce403302c4d42ee8dae7cddeee8c997351058c03bef9b6a7e956e67fcb603
VirtualSize 0x3f0
VirtualAddress 0x35000
SizeOfRawData 0x400
PointerToRawData 0x31400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.24666

.reloc

MD5 13763061bfa08e6cf3b6e1b6e12378c9
SHA1 a4dda9f6a9a045cf8437ba4b31c64ebf1e023fae
SHA256 3baf38280edac377f337072370ad190e814b84ebe7f54ebdfbe184ec70376136
SHA3 ad7b869158f3f16813a1a7a2a7fa1b7d1b30eec652e03a1ac6ad72af87fa65a6
VirtualSize 0x28f0
VirtualAddress 0x36000
SizeOfRawData 0x2a00
PointerToRawData 0x31800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.00889

Imports

KERNEL32.dll LCMapStringA
GetProcAddress
LoadLibraryA
GetCurrentProcessId
GetVersionExA
CreateSemaphoreA
GetLastError
LoadLibraryExA
InterlockedExchange
GetComputerNameA
MultiByteToWideChar
WideCharToMultiByte
LocalFree
FormatMessageA
CreateFileA
FreeLibrary
GetLocaleInfoA
GetStringTypeA
GetSystemDefaultLangID
GetSystemDefaultLCID
GetUserDefaultLangID
HeapAlloc
HeapReAlloc
HeapFree
ReleaseSemaphore
WaitForSingleObject
GetDriveTypeA
GetVolumeInformationA
CreateProcessA
GetShortPathNameA
CompareStringA
GetTickCount
EnterCriticalSection
FindFirstFileA
FreeEnvironmentStringsA
GetEnvironmentStrings
FindNextFileA
GetFileAttributesA
TerminateProcess
OpenProcess
Sleep
GetProcessTimes
GetCurrentProcess
GetExitCodeProcess
WaitForMultipleObjects
LocalAlloc
GetStdHandle
CreatePipe
TlsSetValue
TlsGetValue
GetLogicalDriveStringsA
GetLogicalDrives
GetFullPathNameA
HeapCreate
HeapDestroy
GetSystemTime
RemoveDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
SystemTimeToFileTime
LocalFileTimeToFileTime
WriteFile
CloseHandle
UnlockFileEx
GetUserDefaultLCID
LeaveCriticalSection
RaiseException
GetModuleFileNameA
GetCurrentThreadId
DeleteCriticalSection
InterlockedIncrement
GetModuleHandleA
InitializeCriticalSection
DeleteFileA
LockFileEx
FindClose
ExpandEnvironmentStringsA
SetFileTime
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
DuplicateHandle
SetFileAttributesA
GetLocaleInfoW
GetStringTypeW
CompareStringW
MoveFileA
GetStartupInfoA
SetHandleCount
GetFileType
SetStdHandle
InterlockedDecrement
GetCommandLineA
GetVersion
ExitProcess
TlsFree
SetLastError
TlsAlloc
VirtualFree
HeapSize
FlushFileBuffers
VirtualAlloc
SetFilePointer
LCMapStringW
ReadFile
GetLocalTime
GetTimeZoneInformation
SetEndOfFile
SetEnvironmentVariableA
RtlUnwind
GetCPInfo
SetUnhandledExceptionFilter
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetOEMCP
GetACP
USER32.dll GetActiveWindow
MessageBoxA
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
ADVAPI32.dll RegDeleteKeyA
RegEnumKeyA
LookupAccountNameA
GetUserNameA
RegisterEventSourceA
ReportEventA
RegConnectRegistryA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyA
RegCloseKey
RegSetValueA
RegCreateKeyA
RegOpenKeyExA
RegSetValueExA
ole32.dll CLSIDFromString
CoInitializeEx
CoUninitialize
CLSIDFromProgID
MkParseDisplayName
CreateBindCtx
CoCreateInstance
OLEAUT32.dll #26
#12
#161
#411
#162
#20
#35
#17
#24
#19
#23
#15
#147
#10
#16
#21
#148
#8
#9
#2
#6
#4
#7
#22
WSOCK32.dll #17
#16
#13
#12
#11
#151
#10
#7
#6
#56
#55
#54
#53
#19
#18
#52
#51
#4
#2
#1
#111
#15
#14
#9
#8
#116
#115
#20
#21
#22
#23
#57
#5
#3

Delayed Imports

DllCanUnloadNow

Ordinal 1
Address 0x3c70

DllGetClassObject

Ordinal 2
Address 0x3c90

DllRegisterServer

Ordinal 3
Address 0x3da0

DllUnregisterServer

Ordinal 4
Address 0x3d70

boot_Win32__OLE

Ordinal 5
Address 0xd810

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x38c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.41103
MD5 ef4458b25387d86a39eec0df8a69358c
SHA1 2a6728b52a8852a3f56d4fecf2954dff9987d25f
SHA256 71eef6a8a9bdcc9ecae922ea93c92f0feca0418b20187b3b9a51de9cd6239802
SHA3 21452ff73a166774064d07a082d495ca8930aa73af72a14190758c947a8265a5

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 5.0.0.0
ProductVersion 5.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DLL
Language English - United States
CompanyName ActiveState Tool Corp.
FileDescription Perl Infomation Server
FileVersion (#2) 5,0,0,0
InternalName PerlSE.dll
LegalCopyright Copyright © 1998, developed by ActiveState Tool Corp., http://www.ActiveState.com
LegalTrademarks
OriginalFilename PerlSE.dll
ProductName ActivePerl
ProductVersion (#2) Build 500
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x104696
Unmarked objects 0
Resource objects (VS97 SP3 cvtres 5.00.1668) 1
Unmarked objects (#2) 481
Imports (VS97 SP3 link 5.10.7303) 1

Errors

<-- -->