bcdbd711cc704e7a8bbe3532da00b168

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2016-Sep-05 12:12:43
Detected languages English - United States
German - Germany
Debug artifacts d:\granseier\cvs_head\quellen\src\com\visustt\nativeWin32\jivexstarter\Release\JiveXStarter.pdb
Comments JiveX Windows Native Starter
CompanyName VISUS Technology Transfer
FileDescription JiveX Windows Native Starter
FileVersion 5.0.0.0
InternalName Starter.exe
LegalCopyright Copyright (C) 2002-2016 VISUS Technology Transfer
OriginalFilename START.EXE
ProductName JiveX Windows Native Starter
ProductVersion 5.0.0.0
InternalBuildNumber 4802
Platform x86

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h)
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to system / monitoring tools:
  • RunDLL32.exe
Tries to detect virtualized environments:
  • Hardware\Description\System
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to SHA1
Suspicious The PE is possibly packed. Unusual section name found: .textbss
Section .textbss is both writable and executable.
Unusual section name found: .didat
Unusual section name found: Instance
Malicious The PE contains functions mostly used by malwares. [!] The program may be hiding some of its imports:
  • LoadLibraryExA
  • LoadLibraryW
  • LoadLibraryA
  • GetProcAddress
Possibly launches other programs:
  • CreateProcessA
  • ShellExecuteA
Can create temporary files:
  • GetTempPathA
  • CreateFileA
  • CreateFileW
Uses functions commonly found in keyloggers:
  • CallNextHookEx
  • GetForegroundWindow
Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Leverages the raw socket API to access the Internet:
  • #1
  • #23
  • #18
  • #52
  • #8
  • #3
  • #11
  • #2
  • #6
  • #5
  • #4
  • #20
  • #12
  • #15
  • #9
  • #115
  • #17
  • #101
  • #19
  • #116
  • #22
  • #112
  • #111
  • #16
Functions related to the privilege level:
  • OpenProcessToken
Enumerates local disk drives:
  • GetDriveTypeA
  • GetVolumeInformationA
Manipulates other processes:
  • OpenProcess
Can take screenshots:
  • GetDCEx
  • GetDC
  • CreateCompatibleDC
  • BitBlt
Info The PE is digitally signed. Signer: VISUS Health IT GmbH.
Issuer: thawte SHA256 Code Signing CA.
Suspicious VirusTotal score: 1/67 (Scanned on 2017-12-06 11:54:59) VBA32: BScope.TrojanDownloader.Agent

Hashes

MD5 bcdbd711cc704e7a8bbe3532da00b168
SHA1 7e9b1e9164e224261ca9786a883faf697ab16989
SHA256 298d07e9e095400fd8f5af79f34ccd65fab42a4bf44dffea033942dc729e1d3b
SHA3 35e487eca924b4ad1564e81b3dfb814dfbebc0d9e84d1fc5b44304c89bc362fd
SSDeep 24576:w84V+X5hcfTS/tN+27f6JDMWpioC3QUx6YFOxTPP+:w8PPcfTS/tN+27faM2i5Hx68OxTX+
Imports Hash 06672b8c82f50fb12c231633c4124e20

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 8
TimeDateStamp 2016-Sep-05 12:12:43
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x101c00
SizeOfInitializedData 0x9a200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x7f2fc (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x219000
SizeOfHeaders 0x400
Checksum 0x14d8bc
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.textbss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470
VirtualSize 0x7787a
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.text

MD5 90b37d0ab3f0f2f32ad417ed3d127651
SHA1 c9e5a30e089ebf1adf3faf6a8c42aed2ca8fe6b9
SHA256 11463f7843cee7601f6f102f716e859b66aabf45c4c9e0a2de34950cb0198be3
SHA3 49595046e8461eceb7ee2ae5df50a6535037652754d14b56975411d1783aaac8
VirtualSize 0x101b62
VirtualAddress 0x79000
SizeOfRawData 0x101c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.79506

.rdata

MD5 59040020cd6df1b8c49f1e1a6c65fc8f
SHA1 20b1647fce22f56d0d94bd172ad2b938ddafe05c
SHA256 e4318a2680aedb13e55c1f8b4b4c708dc75d54b8f400349e7cc6c70740f6ffa5
SHA3 39e26e5eb07c0d2f8e5446efe3d6301823f0f3537d1684c0c05ed32ac7be5cac
VirtualSize 0x2df3c
VirtualAddress 0x17b000
SizeOfRawData 0x2e000
PointerToRawData 0x102000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.47128

.data

MD5 607048fe0435e7427525d9258cf6d5db
SHA1 4218576f903534102e30c3015e6e5df98e1a4dde
SHA256 de8565b7a44144c92d84835c2d07a585d2eb6ebda511213cf6fe04a4453d99e8
SHA3 676bc0b963c26e51b72792e71f57839d5e854702b22f4a606cdbf8d35fea0043
VirtualSize 0x631a8
VirtualAddress 0x1a9000
SizeOfRawData 0x4000
PointerToRawData 0x130000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.83811

.idata

MD5 71f67afd73242aa1a1ad242189c815d0
SHA1 eda0b2b75e001aeeaafd84c2e3ec756f73e014bf
SHA256 77c1d5cc3f2d93b45df0a4663371045e593a5589a08095c34743173f99859150
SHA3 c7593acb9293f5b501411f398dfe663be840c755590cecc1b1bfa1ac84eb803d
VirtualSize 0x477c
VirtualAddress 0x20d000
SizeOfRawData 0x4800
PointerToRawData 0x134000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.10528

.didat

MD5 16057b16bf51a045acc0852d300bed30
SHA1 807d190368d06fba7c14f94f90980daa2de2479e
SHA256 589203980f6e269d1303df81cd0dd6b5fccac2501ac88d33d2e4e185409d7134
SHA3 82d305dcd4e6ad12025104f61e2079d4863ed19e8dad41671cab2ec5d8febf1e
VirtualSize 0x319
VirtualAddress 0x212000
SizeOfRawData 0x400
PointerToRawData 0x138800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.970421

Instance

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 d5c44f659751a819616c58c9efe38e80f2b84cf621036da99c019bbe4f1fb647
VirtualSize 0x104
VirtualAddress 0x213000
SizeOfRawData 0x200
PointerToRawData 0x138c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 3055edc0e555438208ced30c658a8875
SHA1 bc06f5809f33225ea09592f546adb207dcd65a29
SHA256 d7ece6f6f8aafde01927db5ee6b799fc7c7beac04519ec0a2e3ee12bd21adb37
SHA3 315f9a30fa63b9abb37a769284f9b6f0e544d073b0a21aa35aac30fa70014c8b
VirtualSize 0x4073
VirtualAddress 0x214000
SizeOfRawData 0x4200
PointerToRawData 0x138e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.59253

Imports

VERSION.dll GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
KERNEL32.dll GetFileSizeEx
lstrcmpA
LoadLibraryExA
EnumResourceLanguagesA
ConvertDefaultLocale
ResumeThread
SetEvent
SuspendThread
GetModuleHandleW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetAtomNameA
GlobalFlags
GetCPInfo
GetOEMCP
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
LoadLibraryW
GetSystemDirectoryW
RtlUnwind
GetDiskFreeSpaceA
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
SetCurrentDirectoryA
GetTimeZoneInformation
SystemTimeToFileTime
GetDateFormatA
ExitThread
CreateThread
GetStartupInfoA
VirtualProtect
VirtualAlloc
ExitProcess
GetFileType
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
CompareStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
GetProcessHeap
GetFileAttributesExA
WaitForMultipleObjects
CreateEventA
ReleaseSemaphore
CreateSemaphoreA
GetFullPathNameA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GetStringTypeExA
SetErrorMode
GetModuleFileNameW
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
lstrlenW
GetVersion
LocalAlloc
FileTimeToSystemTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
lstrcmpiA
SetLastError
GetDiskFreeSpaceExA
GetLogicalDrives
GetDriveTypeA
GetVolumeInformationA
GetStdHandle
CreatePipe
DuplicateHandle
ReadFile
PeekNamedPipe
DebugBreak
SetStdHandle
lstrcpynA
MulDiv
GetExitCodeProcess
Beep
lstrcatA
SetPriorityClass
GetCurrentThread
SetThreadPriority
ProcessIdToSessionId
TerminateThread
GetLocaleInfoA
FindFirstFileA
FindNextFileA
FindClose
CreateProcessA
SetFileAttributesA
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateFileMappingA
MapViewOfFile
GetCurrentDirectoryA
GetTempPathA
CopyFileA
GetCommandLineA
MoveFileA
CreateDirectoryA
GetEnvironmentVariableA
GetLongPathNameA
GetTempFileNameA
SetEnvironmentVariableA
UnmapViewOfFile
InterlockedDecrement
InterlockedIncrement
ExpandEnvironmentStringsA
GetShortPathNameA
MultiByteToWideChar
GetModuleHandleA
FormatMessageA
LocalFree
InterlockedExchange
GetTickCount
Sleep
GetFileAttributesA
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OpenProcess
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
GetSystemTimeAsFileTime
GlobalMemoryStatus
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileSize
GetFileTime
GetSystemInfo
RaiseException
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
lstrlenA
WriteFile
GetModuleFileNameA
lstrcpyA
OutputDebugStringA
SetFilePointer
VirtualQuery
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
GetVersionExA
CreateFileA
DeviceIoControl
CloseHandle
GetTimeFormatA
CreateFileW
USER32.dll DestroyIcon
ReleaseCapture
WindowFromPoint
SetCapture
DeleteMenu
GetSysColorBrush
DestroyMenu
GetMenuItemInfoA
WaitMessage
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
ShowOwnedPopups
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
PostQuitMessage
MsgWaitForMultipleObjects
CharUpperA
UnregisterClassA
InflateRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GrayStringA
DrawTextExA
TabbedTextOutA
ScrollWindowEx
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetDialogBaseUnits
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
PostMessageA
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
PtInRect
GetDlgCtrlID
CallWindowProcA
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
LoadBitmapA
CopyRect
FillRect
TranslateAcceleratorA
BringWindowToTop
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
GetMenuBarInfo
LoadMenuA
ReuseDDElParam
UnpackDDElParam
DrawEdge
SetRectEmpty
SetRect
GetKeyNameTextA
MapVirtualKeyA
IsRectEmpty
SetParent
UnionRect
LockWindowUpdate
IsWindow
GetDCEx
SetCursor
InvalidateRect
UpdateWindow
IsIconic
DrawIcon
SendMessageA
GetSystemMenu
AppendMenuA
LoadIconA
GetDesktopWindow
EnumChildWindows
GetDC
GetSystemMetrics
GetWindowTextA
GetClassNameA
MessageBoxA
wvsprintfA
wsprintfA
DrawTextA
GetParent
GetFocus
GetKeyState
IsWindowVisible
KillTimer
SetTimer
GetClassInfoA
DefWindowProcA
LoadCursorA
RedrawWindow
ClientToScreen
GetClientRect
GetWindowRect
GetCursorPos
EnableWindow
GetSysColor
TrackPopupMenuEx
GDI32.dll SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
CreateRectRgnIndirect
GetCharWidthA
ExtCreatePen
StretchDIBits
GetBkColor
GetTextMetricsA
SelectClipRgn
CreateHatchBrush
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreatePatternBrush
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetDeviceCaps
SelectObject
GetStockObject
CreateFontA
GetTextExtentPoint32A
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
GetClipBox
GetDCOrgEx
CopyMetaFileA
StretchBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetCurrentObject
SetBkMode
SetTextColor
PlgBlt
BitBlt
DeleteDC
CreateDCA
DeleteObject
CreateFontIndirectA
CreateSolidBrush
GetObjectA
GetClipRgn
COMDLG32.dll GetFileTitleA
WINSPOOL.DRV ClosePrinter
OpenPrinterA
DocumentPropertiesA
ADVAPI32.dll IsValidSecurityDescriptor
RegCreateKeyA
RegQueryValueA
RegSetValueA
RegDeleteValueA
RegDeleteKeyA
LookupAccountNameW
ImpersonateSelf
OpenThreadToken
OpenProcessToken
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetUserNameA
AccessCheck
RevertToSelf
IsValidSid
EqualSid
RegConnectRegistryA
RegEnumKeyExA
AllocateAndInitializeSid
LookupAccountSidA
FreeSid
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
SHELL32.dll ShellExecuteA
ShellExecuteExA
SHChangeNotify
SHGetFileInfoA
ExtractIconA
DragFinish
DragQueryFileA
SHGetFolderPathA
COMCTL32.dll _TrackMouseEvent
SHLWAPI.dll PathAppendA
PathRemoveFileSpecA
PathRemoveBackslashA
PathFindFileNameA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathRemoveExtensionA
PathRemoveFileSpecW
ole32.dll CoInitializeEx
CoUninitialize
CLSIDFromString
CoTaskMemFree
SetConvertStg
WriteFmtUserTypeStg
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
StringFromCLSID
CoTreatAsClass
CreateBindCtx
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
StringFromGUID2
CoDisconnectObject
CoCreateInstance
OLEAUT32.dll #197
#232
#113
#94
#5
#184
#185
#38
#39
#16
#22
#21
#148
#27
#36
#37
#10
#40
#17
#18
#20
#19
#23
#24
#6
#4
#150
#149
#25
#26
#15
#7
#313
#314
#9
#12
#8
#163
#161
#104
#114
#162
WS2_32.dll #1
#23
#18
#52
#8
#3
#11
#2
#6
#5
#4
#20
#12
#15
#9
#115
#17
#101
#19
#116
#22
#112
#111
#16
OLEACC.dll (delay-loaded) AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

Delayed Imports

Attributes 0x1
Name OLEACC.dll
ModuleHandle 0x20ac50
DelayImportAddressTable 0x212078
DelayImportNameTable 0x212040
BoundDelayImportTable 0x212208
UnloadDelayImportTable 0
TimeStamp 1970-Jan-01 00:00:00

1

Type RT_ICON
Language German - Germany
Codepage UNKNOWN
Size 0x25a8
Entropy 3.26597
MD5 a210fee87600659422792bdd9e418dbe
SHA1 09d2654b820fded7fce5ee64859c059e62e4d9c4
SHA256 a18be6faa69dc8536b0556e480b928e085dfcebac45462a52694f5216f9043c8
SHA3 a883983aee1bb5f5817b3422771d584d18ad6980e6bb0474159fc9d72c5e4a0e

100

Type RT_DIALOG
Language German - Germany
Codepage UNKNOWN
Size 0x12a
Entropy 3.35876
MD5 66c184009d076a932a9be630ef2475d4
SHA1 c67cefa7245167f71d763343ee2f13d4bef0f00c
SHA256 2e4121db6284dc6f217ca2adbbb3c18fec9367584ed8d32e21d973aab39cf968
SHA3 e84b609ce311bff498f4b7bd356e6b664264dbdfb5de408caf9e6be025fa18d2

102

Type RT_DIALOG
Language German - Germany
Codepage UNKNOWN
Size 0x12a
Entropy 3.00917
MD5 ab89ef17019d68e5af3fcc3399a6e8a5
SHA1 50975011acb975fb352303e27b3ae8cab02dc153
SHA256 b17f73a5718fa29a3f6bae60044162e553623a7698d61380927a1fded3812606
SHA3 1ef4c7cca82eca7a587c271c70aa4db24574307a051e8867d74fc2512d0f563e

7

Type RT_STRING
Language German - Germany
Codepage UNKNOWN
Size 0x452
Entropy 3.2253
MD5 273892710d8a5b52ede6717ad7872e23
SHA1 51d6b3b8a49a8908b271ae52707fa222d3797ae9
SHA256 58774fedbd5333662a88b1483f630d63f4b38f4a8466a89386f945ae393711ec
SHA3 f2c0da503ab7614823b8a7d84b3d8b6b82b696aa3bdb7600446d2c7fe2dcf667

128

Type RT_GROUP_ICON
Language German - Germany
Codepage UNKNOWN
Size 0x14
Entropy 1.91924
Detected Filetype Icon file
MD5 6da8e7d5ae1d5d15e0230a67a7c16c6d
SHA1 678db52cbe5d617c33c6269bfd4b6d8d1a17f956
SHA256 6eb54801f91b6d8effccbfaefe6b2d7705a274a75940e6226e24e0d4ec58c396
SHA3 dcbf1bfb32d9168408fb83893793e2f83f80c1f6ff8be6acbfd2599b8c71ef43

1 (#2)

Type RT_VERSION
Language German - Germany
Codepage UNKNOWN
Size 0x400
Entropy 3.43474
MD5 8f36b516818d4b54d2c5806cbc92c4ec
SHA1 51eb43ba79475c488a616d898b5541d9acf0fef7
SHA256 a29d782fd5dc94cdda5edb4ed50e4804f59052a36ca61581231f1370bcc68830
SHA3 8057a098d1e6f839c3ec1f8fc978f209230ba3f7b668d1eb6933d61d86916506

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x196
Entropy 4.93317
MD5 7cb71b006fcdcf8ade80e31fd5ab8060
SHA1 655380fb2cca01b0ca707f748fc7dcf006732518
SHA256 be8918559280a2e74748bf8f6238b568ed7cbf75183b2180a6a8a979a1ebf243
SHA3 1a736703ce2b626d9e5e0b4f3203c893144aa9ea060c4a42b04d7c4acc05cb48

String Table contents

Inf&o ├╝ber JiveXStarter...
An error occurred while attempting to download the file, Error:%1
An error occurred connecting to the server, Error:%1
An error occurred while downloading the file, Error:%1
An error occured while opening the file to be downloaded, Error:%1
An error occurred while seeking to the end of the file to be downloaded, Error:%1
Failed to receive a valid response from the server, Error:%1
Failed to receive a valid HTTP response from the server, Response Code:%1
Aborting transfer
Getting file information
Retrieving the file

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 5.0.0.0
ProductVersion 5.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language German - Germany
Comments JiveX Windows Native Starter
CompanyName VISUS Technology Transfer
FileDescription JiveX Windows Native Starter
FileVersion (#2) 5.0.0.0
InternalName Starter.exe
LegalCopyright Copyright (C) 2002-2016 VISUS Technology Transfer
OriginalFilename START.EXE
ProductName JiveX Windows Native Starter
ProductVersion (#2) 5.0.0.0
InternalBuildNumber 4802
Platform x86
Resource LangID German - Germany

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2016-Sep-05 12:12:43
Version 0.0
SizeofData 120
AddressOfRawData 0x196568
PointerToRawData 0x11d568
Referenced File d:\granseier\cvs_head\quellen\src\com\visustt\nativeWin32\jivexstarter\Release\JiveXStarter.pdb

TLS Callbacks

Load Configuration

Errors

[*] Warning: Section .textbss has a size of 0! [*] Warning: Section .textbss has a size of 0!