Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2017-Jul-26 17:31:29 |
Detected languages |
English - United States
|
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to SHA256
Uses constants related to SHA512 Microsoft's Cryptography API |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 4/65 (Scanned on 2018-08-09 08:38:28) |
Kaspersky:
UDS:DangerousObject.Multi.Generic
Endgame: malicious (moderate confidence) ZoneAlarm: UDS:DangerousObject.Multi.Generic AhnLab-V3: Malware/Gen.Generic.C2441817 |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2017-Jul-26 17:31:29 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 12.0 |
SizeOfCode | 0x1a800 |
SizeOfInitializedData | 0x10000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000906A (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1c000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x2e000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetPrivateProfileStringW
GetTempPathW WideCharToMultiByte CreatePipe GetStartupInfoA CreateProcessA TerminateThread TerminateProcess CloseHandle WriteFile ReadFile QueryPerformanceCounter CreateThread GetLastError OpenProcess Sleep GetTimeZoneInformation SetEndOfFile GetCurrentDirectoryW GetFullPathNameW PeekNamedPipe GetFileInformationByHandle FileTimeToLocalFileTime CreateFileW OutputDebugStringW WriteConsoleW LCMapStringW CompareStringW GetStringTypeW FlushFileBuffers SetStdHandle HeapReAlloc LoadLibraryExW FreeEnvironmentStringsW GetEnvironmentStringsW GetSystemTimeAsFileTime GetCurrentProcessId GetModuleHandleW TlsFree EncodePointer DecodePointer HeapFree HeapAlloc IsDebuggerPresent IsProcessorFeaturePresent GetCommandLineW ExitProcess GetModuleHandleExW GetProcAddress AreFileApisANSI MultiByteToWideChar HeapSize EnterCriticalSection LeaveCriticalSection RtlUnwind SetFilePointerEx GetConsoleMode ReadConsoleW GetProcessHeap IsValidCodePage GetACP GetOEMCP GetCPInfo SetLastError GetCurrentThreadId GetFileAttributesExW GetConsoleCP GetStdHandle GetModuleFileNameW RaiseException FindClose FindFirstFileExW GetDriveTypeW SystemTimeToTzSpecificLocalTime FileTimeToSystemTime GetFileType DeleteCriticalSection GetStartupInfoW UnhandledExceptionFilter SetUnhandledExceptionFilter InitializeCriticalSectionAndSpinCount GetCurrentProcess TlsAlloc TlsGetValue TlsSetValue SetEnvironmentVariableA |
---|---|
ADVAPI32.dll |
CryptReleaseContext
CryptAcquireContextW CryptGenRandom |
SHELL32.dll |
SHGetSpecialFolderPathW
|
WS2_32.dll |
#19
#16 #4 #11 #9 #23 #111 #115 |
WINHTTP.dll |
WinHttpQueryHeaders
WinHttpReceiveResponse WinHttpWriteData WinHttpSendRequest WinHttpAddRequestHeaders WinHttpQueryDataAvailable WinHttpSetOption WinHttpOpenRequest WinHttpConnect WinHttpOpen WinHttpGetIEProxyConfigForCurrentUser WinHttpCloseHandle WinHttpReadData WinHttpQueryOption |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x423000 |
SEHandlerTable | 0x421c50 |
SEHandlerCount | 3 |
XOR Key | 0x80ed8d18 |
---|---|
Unmarked objects | 0 |
C++ objects (VS2013 build 21005) | 49 |
ASM objects (VS2013 build 21005) | 20 |
C objects (VS2013 build 21005) | 168 |
Imports (VS2008 SP1 build 30729) | 11 |
Total imports | 138 |
229 (VS2013 UPD3 build 30723) | 13 |
Resource objects (VS2013 build 21005) | 1 |
151 | 1 |
Linker (VS2013 UPD3 build 30723) | 1 |