Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2024-May-16 00:20:28 |
Detected languages |
Czech - Czech Republic
English - United States |
Debug artifacts |
D:\JiRoAgent-1\2\s\Shared\Compiled\Win32\Release\STEventService.pdb
|
FileDescription | Event Service |
FileVersion | 11,4,6,0 |
InternalName | Event Service |
OriginalFilename | STEventService.exe |
ProductName | Event Service |
ProductVersion | 11.4.6 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to AES Uses known Mersenne Twister constants |
Suspicious | The PE is possibly packed. | Unusual section name found: .orpc |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Safetica a.s.
Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 |
Safe | VirusTotal score: 0/73 (Scanned on 2024-06-06 23:44:39) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x108 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 6 |
TimeDateStamp | 2024-May-16 00:20:28 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x1a4600 |
SizeOfInitializedData | 0x83c00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00156F91 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1a7000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x22d000 |
SizeOfHeaders | 0x400 |
Checksum | 0x230e6d |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
RPCRT4.dll |
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy CStdStubBuffer_Disconnect CStdStubBuffer_DebugServerRelease NdrOleAllocate CStdStubBuffer_QueryInterface CStdStubBuffer_CountRefs IUnknown_Release_Proxy RpcServerRegisterIf2 RpcServerUseProtseqEpW CStdStubBuffer_Connect RpcServerUnregisterIfEx NdrServerCall2 CStdStubBuffer_AddRef NdrOleFree CStdStubBuffer_DebugServerQueryInterface IUnknown_AddRef_Proxy CStdStubBuffer_Invoke NdrCStdStubBuffer_Release NdrDllGetClassObject RpcServerUnregisterIf |
---|---|
KERNEL32.dll |
RaiseException
GetCommandLineW GetCurrentThread GetTickCount GetCurrentThreadId SetLastError WideCharToMultiByte GetCurrentProcessId WaitForSingleObject Sleep LocalFree GetCurrentProcess DuplicateHandle CreateEventW SetEvent InitializeCriticalSection OpenProcess CloseHandle InitializeCriticalSectionEx GetModuleFileNameW LoadLibraryExW lstrcmpiW GetModuleHandleW GetProcAddress DecodePointer LeaveCriticalSection EnterCriticalSection DeleteCriticalSection MultiByteToWideChar GetLastError FindResourceW LoadResource QueryDosDeviceW SizeofResource GetProcessHeap HeapAlloc HeapFree HeapReAlloc HeapSize HeapDestroy GetVolumePathNamesForVolumeNameW GetDriveTypeW GetFileTime LocalAlloc FreeLibrary CreateThread GetVolumeInformationW GetVolumePathNameW WriteConsoleW SetStdHandle SetEnvironmentVariableW FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineA GetOEMCP GetACP IsValidCodePage ReadConsoleW GetFileSizeEx SetFilePointerEx GetConsoleMode GetConsoleOutputCP EnumSystemLocalesW GetUserDefaultLCID IsValidLocale GetLocaleInfoW LCMapStringW CompareStringW GetFileType GetStdHandle CreateFileMappingW MapViewOfFile OpenFileMappingW UnmapViewOfFile LockResource FindResourceExW GetLocalTime WaitForMultipleObjects GetCurrentDirectoryW GetFullPathNameW FindFirstFileW FindNextFileW FindClose DeleteFileW FileTimeToLocalFileTime GetModuleHandleExW GetUserDefaultUILanguage SetErrorMode CreateFileA LoadLibraryA DeleteFileA AddVectoredExceptionHandler ExitProcess IsBadReadPtr SetUnhandledExceptionFilter GetDiskFreeSpaceExW ResetEvent CreateFileW DeviceIoControl ReadFile WriteFile SetFilePointer GetFileInformationByHandle FileTimeToSystemTime GetFileSize SystemTimeToFileTime GetTimeFormatW GetDateFormatW GetTimeZoneInformation VerSetConditionMask VerifyVersionInfoW GetNativeSystemInfo FormatMessageW MoveFileW GetSystemTime AreFileApisANSI TryEnterCriticalSection HeapCreate GetDiskFreeSpaceW OutputDebugStringA LockFile GetFullPathNameA SetEndOfFile UnlockFileEx GetTempPathW CreateMutexW GetFileAttributesW HeapValidate GetTempPathA GetDiskFreeSpaceA GetFileAttributesA GetFileAttributesExW OutputDebugStringW FlushViewOfFile WaitForSingleObjectEx GetSystemInfo LoadLibraryW HeapCompact UnlockFile LockFileEx GetSystemTimeAsFileTime FormatMessageA QueryPerformanceCounter FlushFileBuffers TerminateProcess QueueUserWorkItem UnhandledExceptionFilter IsProcessorFeaturePresent IsDebuggerPresent GetStartupInfoW InitializeSListHead ReleaseSRWLockExclusive AcquireSRWLockExclusive TryAcquireSRWLockExclusive GetStringTypeW QueryPerformanceFrequency CreateDirectoryW FindFirstFileExW SwitchToThread ReleaseSRWLockShared AcquireSRWLockShared GetLocaleInfoEx EncodePointer LCMapStringEx CompareStringEx GetCPInfo RtlUnwind InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree SetConsoleCtrlHandler ExitThread FreeLibraryAndExitThread |
USER32.dll |
GetDesktopWindow
CharNextW PostThreadMessageW CharUpperW LoadStringW GetMessageW TranslateMessage DispatchMessageW |
ADVAPI32.dll |
InitializeSecurityDescriptor
RegNotifyChangeKeyValue FreeSid AllocateAndInitializeSid SetEntriesInAclW GetLengthSid InitializeAcl SetSecurityDescriptorSacl RegDeleteKeyExW RegEnumValueW EnumDependentServicesW CreateServiceW QueryServiceStatusEx QueryServiceConfigW ChangeServiceConfigW DeleteService ControlService CloseServiceHandle OpenServiceW OpenSCManagerW StartServiceCtrlDispatcherW RegQueryValueExW DeregisterEventSource ReportEventW RegisterEventSourceW RegisterServiceCtrlHandlerW SetServiceStatus RegDeleteValueW RegCreateKeyExW RegSetValueExW RegOpenKeyExW RegEnumKeyExW RegQueryInfoKeyW RegCloseKey RegDeleteKeyW SetSecurityDescriptorDacl |
ole32.dll |
CoTaskMemAlloc
CoInitializeSecurity CoRegisterClassObject CoRegisterPSClsid CoRevokeClassObject CoTaskMemRealloc CoAddRefServerProcess CoUninitialize CoInitializeEx CoResumeClassObjects StringFromGUID2 CoCreateInstance CoReleaseServerProcess CoTaskMemFree |
OLEAUT32.dll |
VariantTimeToSystemTime
VarUdateFromDate BSTR_UserSize BSTR_UserFree BSTR_UserUnmarshal BSTR_UserMarshal VarUI4FromStr UnRegisterTypeLib SysAllocString VariantClear LoadTypeLib SysStringLen RegisterTypeLib SysFreeString SystemTimeToVariantTime |
SHLWAPI.dll |
PathAddBackslashW
PathAppendW PathFileExistsW PathRemoveBackslashW |
VERSION.dll |
VerQueryValueW
GetFileVersionInfoExW GetFileVersionInfoSizeExW |
USERENV.dll |
GetProfilesDirectoryW
|
SHELL32.dll |
SHCreateDirectoryExW
SHGetFolderPathW SHGetSpecialFolderPathW |
NETAPI32.dll |
NetShareGetInfo
NetApiBufferFree Netbios |
MPR.dll |
WNetGetUniversalNameW
|
ncrypt.dll |
BCryptOpenAlgorithmProvider
BCryptDestroyHash BCryptHashData BCryptGetProperty BCryptFinishHash BCryptCloseAlgorithmProvider BCryptCreateHash |
IPHLPAPI.DLL |
GetAdaptersInfo
|
WS2_32.dll |
WSACleanup
FreeAddrInfoW GetNameInfoW ntohl WSAStartup InetNtopW GetAddrInfoW htonl |
STEventService |
Open |
Save As |
All Files (*.*) |
Untitled |
an unnamed file |
&Hide |
No error message is available. |
Attempted an unsupported operation. |
A required resource was unavailable. |
Out of memory. |
An unknown error has occurred. |
Encountered an improper argument. |
Incorrect filename. |
Failed to open document. |
Failed to save document. |
Save changes to %1? |
Failed to create empty document. |
The file is too large to open. |
Could not start print job. |
Failed to launch help. |
Internal application error. |
Command failed. |
Insufficient memory to perform operation. |
System registry entries have been removed and the INI file (if any) was deleted. |
Not all of the system registry entries (or INI file) were removed. |
This program requires the file %Ts, which was not found on this system. |
This program is linked to the missing export %Ts in the file %Ts. This machine may have an incompatible version of %Ts. |
Enter an integer. |
Enter a number. |
Enter an integer between %1 and %2. |
Enter a number between %1 and %2. |
Enter no more than %1 characters. |
Select a button. |
Enter an integer between 0 and 255. |
Enter a positive integer. |
Enter a date and/or time. |
Enter a currency. |
Enter a GUID. |
Enter a time. |
Enter a date. |
Unexpected file format. |
%1 |
Cannot find this file. |
Verify that the correct path and file name are given. |
Destination disk drive is full. |
Unable to read from %1, it is opened by someone else. |
Unable to write to %1, it is read-only or opened by someone else. |
Encountered an unexpected error while reading %1. |
Encountered an unexpected error while writing %1. |
%1: %2 |
Continue running script? |
Dispatch exception: %1 |
Unable to read write-only property. |
Unable to write read-only property. |
Unable to load mail system support. |
Mail system DLL is invalid. |
Send Mail failed to send message. |
No error occurred. |
An unknown error occurred while accessing %1. |
%1 was not found. |
%1 contains an incorrect path. |
Could not open %1 because there are too many open files. |
Access to %1 was denied. |
An incorrect file handle was associated with %1. |
Could not remove %1 because it is the current directory. |
Could not create %1 because the directory is full. |
Seek failed on %1 |
Encountered a hardware I/O error while accessing %1. |
Encountered a sharing violation while accessing %1. |
Encountered a locking violation while accessing %1. |
Disk full while accessing %1. |
Attempted to access %1 past its end. |
No error occurred. |
An unknown error occurred while accessing %1. |
Attempted to write to the reading %1. |
Attempted to access %1 past its end. |
Attempted to read from the writing %1. |
%1 has a bad format. |
%1 contained an unexpected object. |
%1 contains an incorrect schema. |
pixels |
Uncheck |
Check |
Mixed |
One or more auto-saved documents were found. |
These are more recently saved than the currently open documents and contain changes that were made before the application closed. |
Do you want to recover these auto-saved documents? |
Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted. |
Recover the auto-saved documents |
Open the auto-saved versions instead of the explicitly saved versions |
Don't recover the auto-saved documents |
Use the last explicitly saved versions of the documents |
%Ts [Recovered] |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 11.4.6.0 |
ProductVersion | 11.4.6.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
FileDescription | Event Service |
FileVersion (#2) | 11,4,6,0 |
InternalName | Event Service |
OriginalFilename | STEventService.exe |
ProductName | Event Service |
ProductVersion (#2) | 11.4.6 |
Resource LangID | UNKNOWN |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-May-16 00:20:28 |
Version | 0.0 |
SizeofData | 92 |
AddressOfRawData | 0x1f1f34 |
PointerToRawData | 0x1ef934 |
Referenced File | D:\JiRoAgent-1\2\s\Shared\Compiled\Win32\Release\STEventService.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-May-16 00:20:28 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x1f1f90 |
PointerToRawData | 0x1ef990 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-May-16 00:20:28 |
Version | 0.0 |
SizeofData | 1028 |
AddressOfRawData | 0x1f1fa4 |
PointerToRawData | 0x1ef9a4 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2024-May-16 00:20:28 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
StartAddressOfRawData | 0x5f23b8 |
---|---|
EndAddressOfRawData | 0x5f23c0 |
AddressOfIndex | 0x610348 |
AddressOfCallbacks | 0x5a75f8 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
Callbacks | (EMPTY) |
Size | 0xc0 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x60000c |
SEHandlerTable | 0x5f14e0 |
SEHandlerCount | 597 |
XOR Key | 0xadab6cb3 |
---|---|
Unmarked objects | 0 |
ASM objects (29395) | 13 |
C++ objects (29395) | 193 |
C++ objects (VS 2015-2022 runtime 32533) | 108 |
C objects (VS 2015-2022 runtime 32533) | 19 |
ASM objects (VS 2015-2022 runtime 32533) | 25 |
C objects (29395) | 28 |
C objects (CVTCIL) (29395) | 1 |
Imports (29395) | 33 |
Total imports | 448 |
C objects (LTCG) (32826) | 64 |
Resource objects (32826) | 1 |
151 | 1 |
Linker (32826) | 1 |