Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2023-May-30 19:52:07 |
TLS Callbacks | 2 callback(s) detected. |
Debug artifacts |
D:\git-sdk-64-full\usr\src\MINGW-packages\mingw-w64-openssl\src\build-i686\engines\capi.pdb
|
Suspicious | PEiD Signature: | HQR data file |
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Suspicious | The PE is possibly packed. |
Unusual section name found: /4
Unusual section name found: .debug |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | VirusTotal score: 2/72 (Scanned on 2024-03-18 13:55:23) |
DeepInstinct:
MALICIOUS
MaxSecure: Trojan.Malware.209277537.susgen |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 11 |
TimeDateStamp | 2023-May-30 19:52:07 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x5c00 |
SizeOfInitializedData | 0xa600 |
SizeOfUninitializedData | 0x200 |
AddressOfEntryPoint | 0x000013B0 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x7000 |
ImageBase | 0x67980000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 1.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x13000 |
SizeOfHeaders | 0x600 |
Checksum | 0x37828 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x200000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
libcrypto-1_1.dll |
BIO_free
BIO_new_file BIO_new_fp BIO_printf BIO_snprintf BIO_vprintf BN_bin2bn BN_free BN_new BN_set_word CRYPTO_free CRYPTO_get_ex_new_index CRYPTO_malloc CRYPTO_set_mem_functions CRYPTO_strdup CRYPTO_zalloc DSA_OpenSSL DSA_SIG_new DSA_SIG_set0 DSA_free DSA_get0_engine DSA_get_ex_data DSA_meth_free DSA_meth_get_bn_mod_exp DSA_meth_get_mod_exp DSA_meth_get_verify DSA_meth_new DSA_meth_set_bn_mod_exp DSA_meth_set_finish DSA_meth_set_mod_exp DSA_meth_set_sign DSA_meth_set_verify DSA_new_method DSA_set0_key DSA_set0_pqg DSA_set_ex_data ENGINE_get_ex_data ENGINE_get_static_state ENGINE_set_DSA ENGINE_set_RSA ENGINE_set_cmd_defns ENGINE_set_ctrl_function ENGINE_set_destroy_function ENGINE_set_ex_data ENGINE_set_finish_function ENGINE_set_flags ENGINE_set_id ENGINE_set_init_function ENGINE_set_load_privkey_function ENGINE_set_load_ssl_client_cert_function ENGINE_set_name ERR_add_error_data ERR_get_next_error_library ERR_load_strings ERR_put_error ERR_unload_strings EVP_PKEY_assign EVP_PKEY_new OPENSSL_cleanse OPENSSL_init_crypto OPENSSL_sk_free OPENSSL_sk_new_null OPENSSL_sk_num OPENSSL_sk_push OPENSSL_sk_value PEM_write_bio_X509 RSA_PKCS1_OpenSSL RSA_free RSA_get0_engine RSA_get_ex_data RSA_meth_free RSA_meth_get_bn_mod_exp RSA_meth_get_mod_exp RSA_meth_get_pub_dec RSA_meth_get_pub_enc RSA_meth_new RSA_meth_set_bn_mod_exp RSA_meth_set_finish RSA_meth_set_mod_exp RSA_meth_set_priv_dec RSA_meth_set_priv_enc RSA_meth_set_pub_dec RSA_meth_set_pub_enc RSA_meth_set_sign RSA_new_method RSA_set0_key RSA_set_ex_data RSA_size X509_NAME_cmp X509_NAME_print_ex X509_check_purpose X509_free X509_get_ex_data X509_get_issuer_name X509_get_subject_name X509_print_ex X509_set_ex_data d2i_X509 |
---|---|
ADVAPI32.dll |
CryptAcquireContextW
CryptCreateHash CryptDecrypt CryptDestroyHash CryptDestroyKey CryptEnumProvidersW CryptExportKey CryptGetProvParam CryptGetUserKey CryptReleaseContext CryptSetHashParam CryptSignHashW |
CRYPT32.dll |
CertCloseStore
CertDuplicateCertificateContext CertEnumCertificatesInStore CertFindCertificateInStore CertFreeCertificateContext CertGetCertificateContextProperty CertOpenStore |
KERNEL32.dll |
DeleteCriticalSection
EnterCriticalSection FreeLibrary GetLastError GetModuleHandleA GetProcAddress InitializeCriticalSection LeaveCriticalSection LoadLibraryA MultiByteToWideChar Sleep TlsGetValue VirtualProtect VirtualQuery WideCharToMultiByte |
msvcrt.dll |
_amsg_exit
_initterm _iob _lock _unlock abort calloc free fwrite memcpy realloc strcmp strlen strncmp vfprintf wcscmp wcslen |
Ordinal | 1 |
---|---|
Address | 0x4b70 |
Ordinal | 2 |
---|---|
Address | 0x54c0 |
Ordinal | 3 |
---|---|
Address | 0x58a0 |
Ordinal | 4 |
---|---|
Address | 0x4df0 |
Ordinal | 5 |
---|---|
Address | 0x4b50 |
Characteristics |
0
|
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
SizeofData | 128 |
AddressOfRawData | 0x12000 |
PointerToRawData | 0xac00 |
Referenced File | D:\git-sdk-64-full\usr\src\MINGW-packages\mingw-w64-openssl\src\build-i686\engines\capi.pdb |
StartAddressOfRawData | 0x67990000 |
---|---|
EndAddressOfRawData | 0x67990004 |
AddressOfIndex | 0x6798b058 |
AddressOfCallbacks | 0x6798f018 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
0x67985D30
0x67985CE0 |