Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2020-May-10 16:52:12 |
Detected languages |
English - United States
|
TLS Callbacks | 1 callback(s) detected. |
Debug artifacts |
C:\Users\Ilya\Projects\sdmmlauncher\target\release\deps\sdmmlauncher.pdb
|
FileVersion | 1.1.0 |
ProductVersion | 1.1.0 |
ProductName | sdmmlauncher |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Safe | VirusTotal score: 0/69 (Scanned on 2021-03-23 18:16:31) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2020-May-10 16:52:12 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32 |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x28d200 |
SizeOfInitializedData | 0x10be00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0028D5BF (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x28f000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x39d000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
RegOpenKeyExW
RegQueryValueExW RegCloseKey SystemFunction036 |
---|---|
WS2_32.dll |
WSAGetLastError
getpeername WSAIoctl WSASocketW shutdown ioctlsocket getsockopt getaddrinfo freeaddrinfo WSAStartup WSACleanup recv WSASend WSARecv setsockopt WSAGetOverlappedResult closesocket bind |
KERNEL32.dll |
UnhandledExceptionFilter
SetUnhandledExceptionFilter TerminateProcess IsProcessorFeaturePresent GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead ReadFile GetLastError GetProcessHeap HeapFree CloseHandle HeapAlloc SetLastError GetTempPathW TlsGetValue TlsSetValue HeapReAlloc WaitForSingleObjectEx LoadLibraryA GetProcAddress GetCurrentProcess CreateMutexA ReleaseMutex GetStdHandle GetFileInformationByHandleEx GetConsoleScreenBufferInfo SetConsoleCursorPosition DeleteCriticalSection GetConsoleMode FillConsoleOutputCharacterA FillConsoleOutputAttribute SetConsoleMode SwitchToThread IsDebuggerPresent GetQueuedCompletionStatusEx PostQueuedCompletionStatus CreateIoCompletionPort SetFileCompletionNotificationModes SetHandleInformation SetFileInformationByHandle FindClose WaitForSingleObject SetFilePointerEx WriteFile AddVectoredExceptionHandler GetModuleFileNameW lstrlenW GetEnvironmentStringsW FreeEnvironmentStringsW RemoveDirectoryW CreateProcessW ReadConsoleW TlsAlloc GetModuleHandleW InitializeCriticalSection EnterCriticalSection LeaveCriticalSection GetEnvironmentVariableW WriteConsoleW GetCurrentThread RtlCaptureContext GetCurrentDirectoryW FormatMessageW CreateFileW GetFileInformationByHandle DeviceIoControl FindNextFileW CreateDirectoryW FindFirstFileW GetCurrentProcessId CreateNamedPipeW DuplicateHandle ExitProcess QueryPerformanceCounter QueryPerformanceFrequency MoveFileExW DeleteFileW SetFileAttributesW CreateThread GetFinalPathNameByHandleW TryEnterCriticalSection GetSystemInfo SetConsoleTextAttribute CancelIoEx |
CRYPT32.dll |
CertFreeCertificateContext
CertCloseStore CertFreeCertificateChain CertDuplicateStore CertEnumCertificatesInStore CertDuplicateCertificateContext CertAddCertificateContextToStore CertGetCertificateChain CertDuplicateCertificateChain CertOpenStore CertVerifyCertificateChainPolicy |
ole32.dll |
CoTaskMemFree
|
Secur32.dll |
ApplyControlToken
EncryptMessage InitializeSecurityContextW AcquireCredentialsHandleA AcceptSecurityContext QueryContextAttributesW DeleteSecurityContext FreeCredentialsHandle FreeContextBuffer DecryptMessage |
SHELL32.dll |
SHGetKnownFolderPath
|
VCRUNTIME140.dll |
memmove
_CxxThrowException __CxxFrameHandler3 memset memcmp __current_exception __current_exception_context _except_handler4_common memcpy |
api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
trunc |
api-ms-win-crt-heap-l1-1-0.dll |
malloc
_set_new_mode free |
api-ms-win-crt-runtime-l1-1-0.dll |
_cexit
_c_exit _register_thread_local_exe_atexit_callback __p___argc _exit exit _initialize_onexit_table _register_onexit_function _crt_atexit _controlfp_s terminate __p___argv _initterm_e _initterm _get_initial_narrow_environment _initialize_narrow_environment _set_app_type _configure_narrow_argv _seh_filter_exe |
api-ms-win-crt-stdio-l1-1-0.dll |
_set_fmode
__p__commode |
api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.1.0.0 |
ProductVersion | 1.1.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
FileVersion (#2) | 1.1.0 |
ProductVersion (#2) | 1.1.0 |
ProductName | sdmmlauncher |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-May-10 16:52:12 |
Version | 0.0 |
SizeofData | 97 |
AddressOfRawData | 0x35e018 |
PointerToRawData | 0x35c618 |
Referenced File | C:\Users\Ilya\Projects\sdmmlauncher\target\release\deps\sdmmlauncher.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-May-10 16:52:12 |
Version | 0.0 |
SizeofData | 20 |
AddressOfRawData | 0x35e07c |
PointerToRawData | 0x35c67c |
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-May-10 16:52:12 |
Version | 0.0 |
SizeofData | 780 |
AddressOfRawData | 0x35e090 |
PointerToRawData | 0x35c690 |
StartAddressOfRawData | 0x75e3ac |
---|---|
EndAddressOfRawData | 0x75e3ad |
AddressOfIndex | 0x77dffc |
AddressOfCallbacks | 0x68f2f0 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_ALIGN_1BYTES
|
Callbacks |
0x00639630
|
Size | 0xb8 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x77dd28 |
SEHandlerTable | 0x75c7b0 |
SEHandlerCount | 1562 |
XOR Key | 0xaf6bae1e |
---|---|
Unmarked objects | 0 |
Imports (VS2008 SP1 build 30729) | 10 |
Imports (VS 2015/2017/2019 runtime 28427) | 2 |
C++ objects (VS 2015/2017/2019 runtime 28427) | 24 |
C objects (VS 2015/2017/2019 runtime 28427) | 12 |
ASM objects (VS 2015/2017/2019 runtime 28427) | 6 |
Imports (26715) | 15 |
Total imports | 171 |
C objects (VS2019 Update 5 (16.5.2-3) compiler 28612) | 7 |
Unmarked objects (#2) | 3 |
Resource objects (VS2019 Update 5 (16.5.2-3) compiler 28612) | 1 |
Linker (VS2019 Update 5 (16.5.2-3) compiler 28612) | 1 |