Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2005-Oct-25 21:53:12 |
TLS Callbacks | 1 callback(s) detected. |
Info | Matching compiler(s): |
Borland C++ DLL
Borland C++ for Win32 1999 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. | 88 bytes of data starting at offset 0xa5a8. |
Suspicious | VirusTotal score: 2/68 (Scanned on 2018-10-18 13:33:08) |
Kingsoft:
Win32.Malware.Heur_Generic.A.(kcloud)
Cylance: Unsafe |
e_magic | MZ |
---|---|
e_cblp | 0x6b |
e_cp | 0x1 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0x1 |
e_ss | 0 |
e_sp | 0 |
e_csum | 0 |
e_ip | 0x1e |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x70 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 3 |
TimeDateStamp | 2005-Oct-25 21:53:12 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 1.0 |
SizeOfCode | 0x7cae |
SizeOfInitializedData | 0x2da4 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000014C8 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x9000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 1.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xd000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x2000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.DLL |
GetStringTypeW
GetFileType SetHandleCount GetVersionExA GetLastError SetFilePointer VirtualFree VirtualAlloc LoadLibraryA GlobalMemoryStatus SetConsoleCtrlHandler CloseHandle CreateFileA GetModuleHandleA GetLocalTime RtlUnwind RaiseException WriteFile GetStdHandle GetModuleFileNameA GetCurrentThreadId HeapAlloc GetVersion GetCPInfo GetACP GetOEMCP UnhandledExceptionFilter GetStartupInfoA GetCommandLineA GetEnvironmentStrings GetProcAddress TlsSetValue TlsGetValue TlsFree TlsAlloc ExitProcess HeapFree GetProcessHeap |
---|---|
USER32.DLL |
EnumThreadWindows
MessageBoxA wsprintfA |
Ordinal | 1 |
---|---|
Address | 0x1521 |
Ordinal | 2 |
---|---|
Address | 0x9124 |
StartAddressOfRawData | 0x40c000 |
---|---|
EndAddressOfRawData | 0x40c09c |
AddressOfIndex | 0x409117 |
AddressOfCallbacks | 0x408bb0 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
0x00401618
|