Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2018-Mar-03 07:27:35 |
Detected languages |
English - United States
|
Debug artifacts |
l:\projects\clamwin\src\clamav-win32\msvc\release\win32\clamscan.pdb
|
FileDescription | ClamWin Antivirus |
FileVersion | 0, 99, 4, 0 |
InternalName | clamscan.exe |
LegalCopyright | Copyright (C) 2005-2018 Cisco Systems, Inc. / ClamWin Pty Ltd |
OriginalFilename | clamscan.exe |
ProductName | ClamWin Antivirus |
ProductVersion | 0, 99, 4, 0 |
Info | Matching compiler(s): |
Microsoft Visual C++ 8
MSVC++ v.8 (procedure 1 recognized - h) |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | VirusTotal score: 1/71 (Scanned on 2019-10-18 16:19:17) | Trapmine: malicious.moderate.ml.score |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2018-Mar-03 07:27:35 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 8.0 |
SizeOfCode | 0x7000 |
SizeOfInitializedData | 0x10000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000787A (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x8000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x18000 |
SizeOfHeaders | 0x1000 |
Checksum | 0x25e09 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
SetUnhandledExceptionFilter
Sleep InterlockedCompareExchange SetConsoleCtrlHandler SetConsoleCursorPosition FillConsoleOutputCharacterA GetStdHandle GetConsoleScreenBufferInfo GetFileType UnmapViewOfFile CreateThread FreeLibrary GetLastError GetProcAddress GetCurrentProcess LoadLibraryA CreateFileMappingA GetExitCodeThread WaitForSingleObject FlushViewOfFile GetModuleFileNameA GetCurrentThreadId CloseHandle CreateFileA GetCurrentProcessId GetFileInformationByHandle GetTempPathA MapViewOfFile SetErrorMode InterlockedExchange IsBadReadPtr FindFirstFileW IsBadWritePtr TerminateProcess DeleteFileA FindClose ExpandEnvironmentStringsA WriteFile OpenProcess WideCharToMultiByte ReadProcessMemory CopyFileA UnhandledExceptionFilter IsDebuggerPresent QueryPerformanceCounter GetTickCount GetSystemTimeAsFileTime |
---|---|
libclamav.dll |
#104
cw_rename #91 #215 #214 cl_retflevel cl_cvdfree #129 cl_retdbdir #131 #177 cl_cvdhead #130 cw_movefile cw_revertfsredir #60 #122 #61 cw_disablefsredir #53 #107 #54 cl_scandesc_callback cw_normalizepath cl_engine_set_clcb_meta cl_engine_set_clcb_post_scan cw_strerror #138 #126 cl_engine_set_clcb_stats_get_hostid cl_init #71 cl_load cl_engine_set_clcb_virus_found cl_engine_set_num cl_engine_set_clcb_progress #110 #137 cl_engine_stats_enable #112 cl_strerror cl_engine_free #165 cl_engine_new cw_unlink cl_scanfile_callback cl_engine_set_str #70 #90 cl_engine_set_clcb_sigload cw_perror cl_engine_compile #125 cw_stat #72 cl_engine_set_clcb_stats_submit cl_engine_set_clcb_pre_cache cl_debug #172 cl_always_gen_section_hash cl_cleanup_crypto #170 cl_retver #171 cl_initialize_crypto cl_scandesc |
MSVCR80.dll |
_lseek
_strdup _getcwd _access _close _umask _CIlog memset realloc _stricmp memcpy _controlfp_s _invoke_watson _except_handler4_common _decode_pointer _onexit _lock __dllonexit _unlock ?terminate@@YAXXZ _crt_debugger_hook __set_app_type _encode_pointer __p__fmode __p__commode _adjust_fdiv __setusermatherr _configthreadlocale _initterm_e _initterm __initenv _XcptFilter _exit _cexit __getmainargs _amsg_exit strftime calloc _time64 fflush _localtime64 _ctime64 fgets fread _open_osfhandle wcsrchr _wcsdup strncpy _setmode _fileno strncat abort strrchr fwrite free strncmp _errno fclose sprintf fprintf printf exit _ftime64 _open malloc fopen __iob_func |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 0.99.4.0 |
ProductVersion | 0.99.4.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | UNKNOWN |
FileDescription | ClamWin Antivirus |
FileVersion (#2) | 0, 99, 4, 0 |
InternalName | clamscan.exe |
LegalCopyright | Copyright (C) 2005-2018 Cisco Systems, Inc. / ClamWin Pty Ltd |
OriginalFilename | clamscan.exe |
ProductName | ClamWin Antivirus |
ProductVersion (#2) | 0, 99, 4, 0 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Mar-03 07:27:35 |
Version | 0.0 |
SizeofData | 93 |
AddressOfRawData | 0xe9c8 |
PointerToRawData | 0xe9c8 |
Referenced File | l:\projects\clamwin\src\clamav-win32\msvc\release\win32\clamscan.pdb |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x410000 |
SEHandlerTable | 0x40ea30 |
SEHandlerCount | 1 |
XOR Key | 0x376b278b |
---|---|
Unmarked objects | 0 |
126 (50327) | 7 |
C++ objects (VS2012 build 50727 / VS2005 build 50727) | 2 |
ASM objects (VS2012 build 50727 / VS2005 build 50727) | 4 |
C objects (VS2012 build 50727 / VS2005 build 50727) | 22 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 4 |
Total imports | 185 |
Imports (VS2003 (.NET) build 4035) | 5 |
113 (VS2012 build 50727 / VS2005 build 50727) | 10 |
Resource objects (VS2012 build 50727 / VS2005 build 50727) | 1 |
Linker (VS2012 build 50727 / VS2005 build 50727) | 1 |