b29680f5eea7c35873f26427534edd29

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2009-May-19 14:21:01
Detected languages English - United States
German - Germany
FileDescription Forward Executer
FileVersion 999, 999, 999, 999
InternalName Forward Executer
LegalCopyright Copyright © 2009, Steinberg Media Technologies GmbH
OriginalFilename ForwardExecuter.exe
ProductName Forward Executer
ProductVersion 999, 999, 999, 999

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ 8
Microsoft Visual C++ 8.0
MSVC++ v.8 (procedure 1 recognized - h)
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Possibly launches other programs:
  • CreateProcessA
Suspicious VirusTotal score: 1/70 (Scanned on 2021-01-02 05:25:35) APEX: Malicious

Hashes

MD5 b29680f5eea7c35873f26427534edd29
SHA1 12ec40900638d3cc44ff8ad3a3abda9ee5cd51d6
SHA256 89abd843360c8310ce046ebcffb6a19efd86482015ac97570a8a853d28fa225a
SHA3 4d1213bddeb56bf0606baeb0f831cec795ab4f2ed71211bc81adb58574de377c
SSDeep 768:PsF2oX0zA3Z1oJYkP2+ubO/NHTui/FJjZrcxJZduUGcei5qT5iCbGoD7CheafzsY:ElXWYkP2+uW6YDZMqMei5iFTYtXnt
Imports Hash 9b6780004d51abdda71a269504bdd6b9

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2009-May-19 14:21:01
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0xe000
SizeOfInitializedData 0x6000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00002B35 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xf000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x16000
SizeOfHeaders 0x1000
Checksum 0x19ec3
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 f7f4d834c33a62d46f6011938c5f1a40
SHA1 46b7b482f5da9ce82f3d9cc4e0bfaf0dbcee2c51
SHA256 7a71ec0e771a1c13b1fd131055815cb3193902aaa088bd42a090de557fb41e7d
SHA3 21907b1906b174ea562d4b8e12eea07ba3cb1bedbe58131104ffd2c619275fe9
VirtualSize 0xd6e7
VirtualAddress 0x1000
SizeOfRawData 0xe000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.49917

.rdata

MD5 501ae0137ef0a232862ea3fd22570545
SHA1 90b8fc61118e8ac9642d188ff1212b09aebdbe8a
SHA256 9e22b92a8eb886c882fee86460d4d40cdcb5157dfaef28146fad730c15b7af52
SHA3 009cc45fd139997b7fcc4124e21eca06ed788e780a3367e1f27d1089cadc2662
VirtualSize 0x2c68
VirtualAddress 0xf000
SizeOfRawData 0x3000
PointerToRawData 0xf000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.09005

.data

MD5 03528a7350aafc1fe1ae43eaf13bd818
SHA1 9b3bab32fad8e9713c2c636c53e3abd8423a7864
SHA256 b06c40c6b49afaff95a7ba7b56acac8619f11985ea0bc9af8e085853fc31e28d
SHA3 20da3347921a8c3876444a3c499e9f2d31b2afb1e8876ec8de84b731488ca4ba
VirtualSize 0x2da0
VirtualAddress 0x12000
SizeOfRawData 0x2000
PointerToRawData 0x12000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.49223

.rsrc

MD5 b9573254ec8625069820393d0ec54b08
SHA1 c64309ab50c36906c6c471d30f3bae6331b944f9
SHA256 287f8b27d1e8cd7108848e7795c5d04ffe05ce1ea52d9c6cf58e101b6da37b7a
SHA3 da4917e5278b6459dfa7ba2f84982a1dc2c0ad8722c075e9b98b4df16383ca35
VirtualSize 0x418
VirtualAddress 0x15000
SizeOfRawData 0x1000
PointerToRawData 0x14000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.76944

Imports

KERNEL32.dll GetProcAddress
GetModuleHandleA
ExitProcess
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
MultiByteToWideChar
ReadFile
CloseHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapSize
GetLocaleInfoA
CreateFileA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetFileAttributesA
SetFilePointer
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA

Delayed Imports

1

Type RT_VERSION
Language German - Germany
Codepage Latin 1 / Western European
Size 0x320
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.46178
MD5 f04c299fda61721d8c13a30160afa302
SHA1 6581e9651050bb8a0c72e5e9bbe20ae1bd3c8505
SHA256 6d6223f0ed7a51b5e34a5fa076707efcf2c47c2ac28573cb5741f79a4a80971a
SHA3 e929499c905735bd66d9c154a3a66d9c6b1a69de4f0e5f9b6ed867d95544042f

1 (#2)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x56
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.65542
MD5 bd62b6f553a2d1d012cc53fc325221d2
SHA1 c5353cec27b30fb35e414dd5f3d0e9205aaf1c07
SHA256 388f75e900f0c15fd66249d7b2e7edf6e14eeefb859e6f766b75058e44f27af6
SHA3 b59854a353caba5e0be1002399bcb847b4dd99e37cff0c7967dd0d42c1eab089

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 999.999.999.999
ProductVersion 999.999.999.999
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language German - Germany
FileDescription Forward Executer
FileVersion (#2) 999, 999, 999, 999
InternalName Forward Executer
LegalCopyright Copyright © 2009, Steinberg Media Technologies GmbH
OriginalFilename ForwardExecuter.exe
ProductName Forward Executer
ProductVersion (#2) 999, 999, 999, 999
Resource LangID German - Germany

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x4120a0
SEHandlerTable 0x410d30
SEHandlerCount 10

RICH Header

XOR Key 0xee368321
Unmarked objects 0
ASM objects (VS2012 build 50727 / VS2005 build 50727) 19
C objects (VS2012 build 50727 / VS2005 build 50727) 109
C++ objects (VS2012 build 50727 / VS2005 build 50727) 43
Imports (VS2003 (.NET) build 4035) 3
Total imports 92
114 (VS2012 build 50727 / VS2005 build 50727) 1
Resource objects (VS2012 build 50727 / VS2005 build 50727) 1
Linker (VS2012 build 50727 / VS2005 build 50727) 1

Errors

<-- -->