Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Aug-06 17:54:21 |
Detected languages |
English - United States
Process Default Language Russian - Russia |
Debug artifacts |
C:\Users\gerg\Documents\WindowsProject4\Release\WindowsProject4.pdb
|
CompanyName | fgdfsdfsd |
FileDescription | dfsdfdsfsdfds |
FileVersion | 1.0.0.1 |
InternalName | WindowsP.exe |
LegalCopyright | Copyright (C) 2019 |
OriginalFilename | WindowsP.exe |
ProductName | dfsdfsdfsdfsd |
ProductVersion | 1.0.0.1 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Miscellaneous malware strings:
|
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 13/69 (Scanned on 2019-08-06 18:39:38) |
Qihoo-360:
HEUR/QVM20.1.076F.Malware.Gen
Cylance: Unsafe Cybereason: malicious.81b41c Symantec: ML.Attribute.HighConfidence APEX: Malicious Rising: Trojan.Generic@ML.91 (RDML:5MD+8UL8qEDSQPsRzyZe+Q) FireEye: Generic.mg.b589506faf68e99c SentinelOne: DFI - Malicious PE Webroot: W32.Adware.Gen Endgame: malicious (high confidence) Acronis: suspicious VBA32: suspected of Trojan.Downloader.gen.h CrowdStrike: win/malicious_confidence_60% (D) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2019-Aug-06 17:54:21 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0xdc00 |
SizeOfInitializedData | 0x2a200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00002AEF (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0xf000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x3b000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetProcessHeap
HeapFree GetProcAddress HeapAlloc ExitProcess GetTempPathA Sleep WriteConsoleW CreateProcessA CloseHandle CreateFileW SetFilePointerEx GetConsoleMode GetConsoleCP FlushFileBuffers UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent GetStartupInfoW GetModuleHandleW RtlUnwind RaiseException GetLastError SetLastError EncodePointer EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree FreeLibrary LoadLibraryExW GetStdHandle WriteFile GetModuleFileNameW GetModuleHandleExW FindClose FindFirstFileExW FindNextFileW IsValidCodePage GetACP GetOEMCP GetCPInfo GetCommandLineA GetCommandLineW MultiByteToWideChar WideCharToMultiByte GetEnvironmentStringsW FreeEnvironmentStringsW SetStdHandle GetFileType GetStringTypeW LCMapStringW HeapSize HeapReAlloc DecodePointer |
---|---|
ADVAPI32.dll |
RegGetValueA
|
WININET.dll |
InternetOpenW
InternetCloseHandle InternetReadFile HttpSendRequestW HttpOpenRequestW InternetConnectW |
urlmon.dll |
URLDownloadToFileA
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.0.1 |
ProductVersion | 1.0.0.1 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | Process Default Language |
CompanyName | fgdfsdfsd |
FileDescription | dfsdfdsfsdfds |
FileVersion (#2) | 1.0.0.1 |
InternalName | WindowsP.exe |
LegalCopyright | Copyright (C) 2019 |
OriginalFilename | WindowsP.exe |
ProductName | dfsdfsdfsdfsd |
ProductVersion (#2) | 1.0.0.1 |
Resource LangID | Russian - Russia |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Aug-06 17:54:21 |
Version | 0.0 |
SizeofData | 92 |
AddressOfRawData | 0x140b4 |
PointerToRawData | 0x130b4 |
Referenced File | C:\Users\gerg\Documents\WindowsProject4\Release\WindowsProject4.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Aug-06 17:54:21 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x14110 |
PointerToRawData | 0x13110 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Aug-06 17:54:21 |
Version | 0.0 |
SizeofData | 708 |
AddressOfRawData | 0x14124 |
PointerToRawData | 0x13124 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2019-Aug-06 17:54:21 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
Size | 0xa0 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x416004 |
SEHandlerTable | 0x414090 |
SEHandlerCount | 9 |
XOR Key | 0x8f21d91f |
---|---|
Unmarked objects | 0 |
ASM objects (26213) | 10 |
C++ objects (26213) | 141 |
C objects (26213) | 18 |
C++ objects (VS 2015/2017 runtime 26706) | 40 |
C objects (VS 2015/2017 runtime 26706) | 17 |
ASM objects (VS 2015/2017 runtime 26706) | 17 |
Imports (26213) | 9 |
Total imports | 98 |
265 (VS2017 v15.9.12-13 compiler 27031) | 2 |
Resource objects (VS2017 v15.9.12-13 compiler 27031) | 1 |
151 | 1 |
Linker (VS2017 v15.9.12-13 compiler 27031) | 1 |