Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2012-Dec-31 00:38:51 |
Detected languages |
English - United States
|
CompanyName | ALERT BLACK-AND-WHITE MONKEY |
FileDescription | ALERT BLACK-AND-WHITE |
FileVersion | 1.0.4.049 |
InternalName | ALERTBLACK-AND-WHITE.exe |
LegalCopyright | ALERT BLACK-AND-WHITE MONKEY(c). All rights reserved |
OriginalFilename | ALERTBLACK-AND-WHITE.exe |
ProductName | ALERT BLACK-AND-WHITE |
ProductVersion | 1.0.4.049 |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ Microsoft Visual C++ v6.0 |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to SHA256
Uses constants related to AES |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Horace Oy
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 |
Malicious | VirusTotal score: 8/67 (Scanned on 2022-01-14 23:20:35) |
DrWeb:
Adware.Downware.20028
Malwarebytes: Adware.SpecialSearchOffer Symantec: Trojan.Gen.9 Sophos: Generic ML PUA (PUA) Comodo: ApplicUnwnt@#3huhrjm00mi25 Emsisoft: Application.Updater (A) Ikarus: PUA.OpenSUpdater CrowdStrike: win/malicious_confidence_60% (D) |
e_magic | MZ |
---|---|
e_cblp | 0x60 |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x60 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2012-Dec-31 00:38:51 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 8.0 |
SizeOfCode | 0x18e00 |
SizeOfInitializedData | 0x15c00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0001942F (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1a000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x35000 |
SizeOfHeaders | 0x200 |
Checksum | 0x14b794 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
COMCTL32.dll |
#17
|
---|---|
SHELL32.dll |
SHGetSpecialFolderPathW
ShellExecuteW SHGetMalloc SHGetPathFromIDListW SHBrowseForFolderW SHGetFileInfoW ShellExecuteExW |
GDI32.dll |
CreateCompatibleDC
CreateFontIndirectW DeleteObject DeleteDC GetCurrentObject StretchBlt GetDeviceCaps CreateCompatibleBitmap SelectObject SetStretchBltMode GetObjectW |
ADVAPI32.dll |
FreeSid
AllocateAndInitializeSid CheckTokenMembership |
USER32.dll |
GetWindowLongW
GetMenu SetWindowPos GetWindowDC ReleaseDC GetDlgItem GetParent GetWindowRect GetClassNameA CreateWindowExW SetTimer GetMessageW DispatchMessageW KillTimer DestroyWindow SendMessageW EndDialog wsprintfW GetWindowTextW GetWindowTextLengthW GetSysColor wsprintfA SetWindowTextW MessageBoxA ScreenToClient GetClientRect SetWindowLongW UnhookWindowsHookEx SetFocus GetSystemMetrics SystemParametersInfoW ShowWindow DrawTextW GetDC ClientToScreen GetWindow DialogBoxIndirectParamW DrawIconEx CallWindowProcW DefWindowProcW CallNextHookEx PtInRect SetWindowsHookExW LoadImageW LoadIconW MessageBeep EnableWindow IsWindow EnableMenuItem GetSystemMenu CreateWindowExA wvsprintfW CharUpperW GetKeyState CopyImage |
ole32.dll |
CreateStreamOnHGlobal
CoCreateInstance CoInitialize |
OLEAUT32.dll |
VariantClear
SysFreeString OleLoadPicture SysAllocString |
KERNEL32.dll |
GetFileSize
SetFilePointer ReadFile WaitForMultipleObjects GetModuleHandleA SetFileTime SetEndOfFile LeaveCriticalSection EnterCriticalSection DeleteCriticalSection FormatMessageW lstrcpyW LocalFree IsBadReadPtr GetSystemDirectoryW GetCurrentThreadId SuspendThread TerminateThread InitializeCriticalSection ResetEvent SetEvent CreateEventW GetVersionExW GetModuleFileNameW GetCurrentProcess SetProcessWorkingSetSize SetCurrentDirectoryW GetDriveTypeW CreateFileW GetCommandLineW GetStartupInfoW CreateProcessW CreateJobObjectW ResumeThread AssignProcessToJobObject CreateIoCompletionPort SetInformationJobObject GetQueuedCompletionStatus GetExitCodeProcess CloseHandle SetEnvironmentVariableW GetTempPathW GetSystemTimeAsFileTime lstrlenW CompareFileTime SetThreadLocale FindFirstFileW DeleteFileW FindNextFileW FindClose RemoveDirectoryW ExpandEnvironmentStringsW WideCharToMultiByte VirtualAlloc GlobalMemoryStatusEx lstrcmpW GetEnvironmentVariableW lstrcmpiW lstrlenA GetLocaleInfoW MultiByteToWideChar GetUserDefaultUILanguage GetSystemDefaultUILanguage GetSystemDefaultLCID lstrcmpiA GlobalAlloc GlobalFree MulDiv FindResourceExA SizeofResource LoadResource LockResource LoadLibraryA GetProcAddress GetModuleHandleW ExitProcess lstrcatW GetDiskFreeSpaceExW SetFileAttributesW SetLastError Sleep GetExitCodeThread WaitForSingleObject CreateThread GetLastError SystemTimeToFileTime GetLocalTime GetFileAttributesW CreateDirectoryW WriteFile GetStdHandle VirtualFree GetStartupInfoA |
MSVCRT.dll |
??3@YAXPAX@Z
??2@YAPAXI@Z memcmp free memcpy _wtol _controlfp _except_handler3 __set_app_type __p__fmode __p__commode _adjust_fdiv __setusermatherr _initterm __getmainargs _acmdln exit _XcptFilter _exit ??1type_info@@UAE@XZ _onexit __dllonexit _CxxThrowException _beginthreadex _EH_prolog ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z memset _wcsnicmp strncmp wcsncmp malloc memmove _purecall |
Extraction Failed |
File is corrupt |
Cannot create folder '{0}' |
Extracting |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.4.49 |
ProductVersion | 1.0.4.49 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | ALERT BLACK-AND-WHITE MONKEY |
FileDescription | ALERT BLACK-AND-WHITE |
FileVersion (#2) | 1.0.4.049 |
InternalName | ALERTBLACK-AND-WHITE.exe |
LegalCopyright | ALERT BLACK-AND-WHITE MONKEY(c). All rights reserved |
OriginalFilename | ALERTBLACK-AND-WHITE.exe |
ProductName | ALERT BLACK-AND-WHITE |
ProductVersion (#2) | 1.0.4.049 |
Resource LangID | English - United States |
---|