Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-Jan-03 19:13:08 |
Detected languages |
English - United States
|
Comments | TLauncher Setup |
CompanyName | TLauncher Inc. |
FileDescription | TLauncher Setup |
FileVersion | 1.1.3.0 |
InternalName | TLauncher |
LegalCopyright | TLauncher Copyright © 2023 |
LegalTrademarks | TLauncher |
OriginalFilename | suf_launch.exe |
ProductName | TLauncher |
ProductVersion | 2.885.0.0 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains a XORed PE executable:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Uses constants related to SHA1 Uses constants related to SHA256 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: TLauncher Inc.
Issuer: Trustwave Global Code Signing CA |
Suspicious | VirusTotal score: 1/70 (Scanned on 2024-02-11 18:50:35) | CrowdStrike: win/grayware_confidence_70% (D) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2019-Jan-03 19:13:08 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x5c00 |
SizeOfInitializedData | 0x22c00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00002CE1 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x7000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x2c000 |
SizeOfHeaders | 0x400 |
Checksum | 0x169873b |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
LoadLibraryA
lstrcpyA lstrcatA lstrlenA GetSystemDirectoryA GetProcAddress GetModuleHandleA _lclose GetModuleFileNameA _lread _llseek _lopen _lwrite _lcreat CreateDirectoryA SetCurrentDirectoryA GetDiskFreeSpaceA GetFileAttributesA CompareStringA DeleteFileA GetTempPathA GetCurrentDirectoryA CloseHandle GetExitCodeProcess GetLastError LocalFree GetCurrentProcess MoveFileExA GetStringTypeW MultiByteToWideChar LCMapStringW HeapReAlloc RtlUnwind HeapSize Sleep RemoveDirectoryA FreeLibrary IsValidCodePage GetOEMCP GetModuleHandleW ExitProcess DecodePointer HeapFree HeapAlloc GetCommandLineA HeapSetInformation GetStartupInfoW InitializeCriticalSectionAndSpinCount DeleteCriticalSection LeaveCriticalSection EnterCriticalSection EncodePointer LoadLibraryW UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent TerminateProcess TlsAlloc TlsGetValue TlsSetValue TlsFree InterlockedIncrement SetLastError GetCurrentThreadId InterlockedDecrement WriteFile GetStdHandle GetModuleFileNameW IsProcessorFeaturePresent HeapCreate FreeEnvironmentStringsW WideCharToMultiByte GetEnvironmentStringsW SetHandleCount GetFileType QueryPerformanceCounter GetTickCount GetCurrentProcessId GetSystemTimeAsFileTime GetCPInfo GetACP |
---|---|
USER32.dll |
TranslateMessage
DispatchMessageA PeekMessageA wsprintfA LoadCursorA SetCursor MessageBoxA MsgWaitForMultipleObjects |
ADVAPI32.dll |
GetTokenInformation
OpenProcessToken |
SHELL32.dll |
ShellExecuteExA
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0 |
FileVersion | 1.1.3.0 |
ProductVersion | 2.885.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
Comments | TLauncher Setup |
CompanyName | TLauncher Inc. |
FileDescription | TLauncher Setup |
FileVersion (#2) | 1.1.3.0 |
InternalName | TLauncher |
LegalCopyright | TLauncher Copyright © 2023 |
LegalTrademarks | TLauncher |
OriginalFilename | suf_launch.exe |
ProductName | TLauncher |
ProductVersion (#2) | 2.885.0.0 |
Resource LangID | English - United States |
---|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x40a020 |
SEHandlerTable | 0x409510 |
SEHandlerCount | 3 |
XOR Key | 0x948cbac7 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2010 SP1 build 40219) | 14 |
C objects (VS2010 SP1 build 40219) | 67 |
Imports (VS2008 SP1 build 30729) | 9 |
Total imports | 102 |
C++ objects (VS2010 SP1 build 40219) | 25 |
Resource objects (VS2010 SP1 build 40219) | 1 |
Linker (VS2010 SP1 build 40219) | 1 |