Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2021-Nov-29 11:07:54 |
Detected languages |
English - United States
|
FileVersion | 3.0.4.103 |
FileDescription | eMagicOne Store Manager for Magento Setup |
LegalCopyright | Copyright © 2006-2021 eMagicOne |
Comments | eMagicOne-Smart Solutions Store Manager for Magento Setup |
CompanyName | eMagicOne |
ProductName | eMagicOne Store Manager for Magento Setup |
ProductVersion | 3.0.4.103 |
Suspicious | PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h) UPX -> www.upx.sourceforge.net UPX Protector v1.0x (2) UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to MD5 |
Suspicious | The PE is packed with UPX |
Unusual section name found: UPX0
Section UPX0 is both writable and executable. Unusual section name found: UPX1 Section UPX1 is both writable and executable. |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE's resources present abnormal characteristics. |
Resource E1_SKIN is possibly compressed or encrypted.
Resource 5 is possibly compressed or encrypted. Resource 6 is possibly compressed or encrypted. Resource 8 is possibly compressed or encrypted. Resource BBABORT is possibly compressed or encrypted. Resource BBALL is possibly compressed or encrypted. Resource BBCANCEL is possibly compressed or encrypted. Resource BBCLOSE is possibly compressed or encrypted. Resource BBHELP is possibly compressed or encrypted. Resource BBIGNORE is possibly compressed or encrypted. Resource BBNO is possibly compressed or encrypted. Resource BBOK is possibly compressed or encrypted. Resource BBRETRY is possibly compressed or encrypted. Resource BBYES is possibly compressed or encrypted. Resource OPENFOLDER is possibly compressed or encrypted. Resource UNKNOWNFILE is possibly compressed or encrypted. Resource 4051 is possibly compressed or encrypted. Resource 4052 is possibly compressed or encrypted. Resource 4053 is possibly compressed or encrypted. Resource 4054 is possibly compressed or encrypted. Resource 4055 is possibly compressed or encrypted. Resource 4056 is possibly compressed or encrypted. Resource 4057 is possibly compressed or encrypted. Resource 4058 is possibly compressed or encrypted. Resource 4059 is possibly compressed or encrypted. Resource 4061 is possibly compressed or encrypted. Resource 4064 is possibly compressed or encrypted. Resource 4065 is possibly compressed or encrypted. Resource 4067 is possibly compressed or encrypted. Resource 4073 is possibly compressed or encrypted. Resource 4074 is possibly compressed or encrypted. Resource 4075 is possibly compressed or encrypted. Resource 4079 is possibly compressed or encrypted. Resource 4081 is possibly compressed or encrypted. Resource 4082 is possibly compressed or encrypted. Resource 4083 is possibly compressed or encrypted. Resource 4084 is possibly compressed or encrypted. Resource 4085 is possibly compressed or encrypted. Resource 4086 is possibly compressed or encrypted. Resource 4087 is possibly compressed or encrypted. Resource 4088 is possibly compressed or encrypted. Resource 4089 is possibly compressed or encrypted. Resource 4092 is possibly compressed or encrypted. Resource 4093 is possibly compressed or encrypted. Resource 4094 is possibly compressed or encrypted. Resource 4095 is possibly compressed or encrypted. Resource 4096 is possibly compressed or encrypted. Resource BAD is possibly compressed or encrypted. Resource GOOD is possibly compressed or encrypted. Resource LICENSEAGREEMENT is possibly compressed or encrypted. Resource PACKAGEINFO is possibly compressed or encrypted. Resource PRIVACYPOLICY is possibly compressed or encrypted. Resource PROMO_1 is possibly compressed or encrypted. Resource PROMO_2 is possibly compressed or encrypted. Resource PROMO_3 is possibly compressed or encrypted. Resource PROMO_4 is possibly compressed or encrypted. Resource PROMO_5 is possibly compressed or encrypted. Resource PROMO_6 is possibly compressed or encrypted. Resource PROMO_7 is possibly compressed or encrypted. Resource PROMO_8 is possibly compressed or encrypted. Resource PROMO_9 is possibly compressed or encrypted. Resource SERVICELEVELAGREEMENT is possibly compressed or encrypted. Resource TFMBASEMAINFORM is possibly compressed or encrypted. Resource TFMLOG is possibly compressed or encrypted. Resource WELCOME is possibly compressed or encrypted. The binary may have been compiled on a machine in the UTC+2 timezone. |
Info | The PE is digitally signed. |
Signer: eMagicOne LLC
Issuer: Sectigo Public Code Signing CA R36 |
Safe | VirusTotal score: 0/58 (Scanned on 2024-02-05 03:10:39) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x50 |
e_cp | 0x2 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0xf |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0x1a |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 3 |
TimeDateStamp | 2021-Nov-29 11:07:54 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x15b000 |
SizeOfInitializedData | 0x3f000 |
SizeOfUninitializedData | 0x343000 |
AddressOfEntryPoint | 0x0049E2F0 (Section: UPX1) |
BaseOfCode | 0x344000 |
BaseOfData | 0x49f000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x4de000 |
SizeOfHeaders | 0x1000 |
Checksum | 0x1aa608 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x4000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.DLL |
LoadLibraryA
GetProcAddress VirtualProtect VirtualAlloc VirtualFree ExitProcess |
---|---|
advapi32.dll |
RegLoadKeyW
|
comctl32.dll |
ImageList_Add
|
gdi32.dll |
Pie
|
msvcrt.dll |
memchr
|
netapi32.dll |
NetWkstaGetInfo
|
ole32.dll |
IsEqualGUID
|
oleaut32.dll |
VariantInit
|
shell32.dll |
ShellExecuteW
|
user32.dll |
GetDC
|
version.dll |
VerQueryValueW
|
wininet.dll |
InternetOpenW
|
winspool.drv |
ClosePrinter
|
āāāāāāā 夀Ĉāāāāāāāāāāāāāāāāāāāāāāఁf āāāāāāāࠁ āāāāāāāā 㬀ăāāāāāāāāāāāāāāāāāāāāA āāāāāāāࠁ āā |
āāāāā ∀āāāāāāāāāāāāāāāāāāāā$ āāāāāāāࠁ āāāāāāāā āāāāāāāāāāāāāāāāāā āāāāāāāࠁ āāāā |
āāā ِāāāāāāāāāāāāāāāā夆 āāāāāāāࠁ āāāāāāāā IJāāāāāāāāāāāāāā㬁 āāāāāāāࠁ āāāāāā |
ā Ęāāāāāāāāāāāāᰁ āāāāāāāࠁ āāāāāāāā Čāāāāāāāāāāఁ āāāāāāāࠁ āāāāāāā㜎 |