Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2024-Jan-30 21:02:42 |
TLS Callbacks | 2 callback(s) detected. |
Debug artifacts |
D:\git-sdk-64-full\usr\src\MINGW-packages\mingw-w64-openssl\src\build-MINGW32\engines\capi.pdb
|
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Suspicious | The PE is possibly packed. |
Unusual section name found: /4
Unusual section name found: .debug |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Safe | VirusTotal score: 0/72 (Scanned on 2024-03-16 00:59:40) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 11 |
TimeDateStamp | 2024-Jan-30 21:02:42 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x6a00 |
SizeOfInitializedData | 0xb200 |
SizeOfUninitializedData | 0x200 |
AddressOfEntryPoint | 0x000013B0 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x8000 |
ImageBase | 0x67980000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 1.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x14000 |
SizeOfHeaders | 0x600 |
Checksum | 0x2bd30 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x200000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
libcrypto-3.dll |
BIO_free
BIO_new_file BIO_new_fp BIO_printf BIO_snprintf BIO_vprintf BN_bin2bn BN_free BN_new BN_set_word CRYPTO_free CRYPTO_get_ex_new_index CRYPTO_malloc CRYPTO_set_mem_functions CRYPTO_strdup CRYPTO_zalloc DSA_OpenSSL DSA_SIG_new DSA_SIG_set0 DSA_free DSA_get0_engine DSA_get_ex_data DSA_meth_free DSA_meth_get_bn_mod_exp DSA_meth_get_mod_exp DSA_meth_get_verify DSA_meth_new DSA_meth_set_bn_mod_exp DSA_meth_set_finish DSA_meth_set_mod_exp DSA_meth_set_sign DSA_meth_set_verify DSA_new_method DSA_set0_key DSA_set0_pqg DSA_set_ex_data ENGINE_get_ex_data ENGINE_get_static_state ENGINE_set_DSA ENGINE_set_RSA ENGINE_set_cmd_defns ENGINE_set_ctrl_function ENGINE_set_destroy_function ENGINE_set_ex_data ENGINE_set_finish_function ENGINE_set_flags ENGINE_set_id ENGINE_set_init_function ENGINE_set_load_privkey_function ENGINE_set_load_ssl_client_cert_function ENGINE_set_name ERR_add_error_data ERR_get_next_error_library ERR_load_strings ERR_new ERR_set_debug ERR_set_error ERR_unload_strings EVP_PKEY_assign EVP_PKEY_new OPENSSL_cleanse OPENSSL_init_crypto OPENSSL_sk_free OPENSSL_sk_new_null OPENSSL_sk_num OPENSSL_sk_push OPENSSL_sk_value PEM_write_bio_X509 RSA_PKCS1_OpenSSL RSA_free RSA_get0_engine RSA_get_ex_data RSA_meth_free RSA_meth_get_bn_mod_exp RSA_meth_get_mod_exp RSA_meth_get_pub_dec RSA_meth_get_pub_enc RSA_meth_new RSA_meth_set_bn_mod_exp RSA_meth_set_finish RSA_meth_set_mod_exp RSA_meth_set_priv_dec RSA_meth_set_priv_enc RSA_meth_set_pub_dec RSA_meth_set_pub_enc RSA_meth_set_sign RSA_new_method RSA_set0_key RSA_set_ex_data RSA_size X509_NAME_cmp X509_NAME_print_ex X509_check_purpose X509_free X509_get_ex_data X509_get_issuer_name X509_get_subject_name X509_print_ex X509_set_ex_data d2i_X509 |
---|---|
ADVAPI32.dll |
CryptAcquireContextW
CryptCreateHash CryptDecrypt CryptDestroyHash CryptDestroyKey CryptEnumProvidersW CryptExportKey CryptGetProvParam CryptGetUserKey CryptReleaseContext CryptSetHashParam CryptSignHashW |
CRYPT32.dll |
CertCloseStore
CertDuplicateCertificateContext CertEnumCertificatesInStore CertFindCertificateInStore CertFreeCertificateContext CertGetCertificateContextProperty CertOpenStore |
KERNEL32.dll |
DeleteCriticalSection
EnterCriticalSection FreeLibrary GetLastError GetModuleHandleA GetProcAddress InitializeCriticalSection LeaveCriticalSection LoadLibraryA MultiByteToWideChar Sleep TlsGetValue VirtualProtect VirtualQuery WideCharToMultiByte |
msvcrt.dll |
_amsg_exit
_initterm _iob _lock _unlock abort calloc free fwrite memcpy realloc strcmp strlen strncmp vfprintf wcscmp wcslen |
Ordinal | 1 |
---|---|
Address | 0x5870 |
Ordinal | 2 |
---|---|
Address | 0x5850 |
Characteristics |
0
|
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
SizeofData | 128 |
AddressOfRawData | 0x13000 |
PointerToRawData | 0xb800 |
Referenced File | D:\git-sdk-64-full\usr\src\MINGW-packages\mingw-w64-openssl\src\build-MINGW32\engines\capi.pdb |
StartAddressOfRawData | 0x67991000 |
---|---|
EndAddressOfRawData | 0x67991004 |
AddressOfIndex | 0x6798c058 |
AddressOfCallbacks | 0x67990018 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
0x67986B20
0x67986AD0 |