Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 1992-Jun-19 22:22:17 |
Detected languages |
English - United States
|
CompanyName | Inzone Software |
FileDescription | E-Publisher Gold |
FileVersion | 1.0.2.364 |
InternalName | E-Publisher Gold |
LegalCopyright | Copyright 1999-2000 Inzone Software Limited |
LegalTrademarks | E-Publisher Gold is a Trademark of Inzone Software Limited |
OriginalFilename | E-Publisher Gold |
ProductName | E-Publisher Gold |
ProductVersion | 1.0.2.364 |
Comments | E-Publisher Gold |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Suspicious | The PE is packed with Aspack | Unusual section name found: .aspack |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE header may have been manually modified. |
Resource 1 is possibly compressed or encrypted.
Resource 2 is possibly compressed or encrypted. Resource 3 is possibly compressed or encrypted. Resource 4 is possibly compressed or encrypted. Resource 5 is possibly compressed or encrypted. Resource 6 is possibly compressed or encrypted. Resource 7 is possibly compressed or encrypted. Resource BBABORT is possibly compressed or encrypted. Resource BBALL is possibly compressed or encrypted. Resource BBCANCEL is possibly compressed or encrypted. Resource BBCLOSE is possibly compressed or encrypted. Resource BBHELP is possibly compressed or encrypted. Resource BBIGNORE is possibly compressed or encrypted. Resource BBNO is possibly compressed or encrypted. Resource BBOK is possibly compressed or encrypted. Resource BBRETRY is possibly compressed or encrypted. Resource BBYES is possibly compressed or encrypted. Resource CURRENTFOLDER is possibly compressed or encrypted. Resource EXECUTABLE is possibly compressed or encrypted. Resource KNOWNFILE is possibly compressed or encrypted. Resource OPENFOLDER is possibly compressed or encrypted. Resource UNKNOWNFILE is possibly compressed or encrypted. Resource TSPLASHFORM is possibly compressed or encrypted. Resource TTRIALFORM is possibly compressed or encrypted. The resource timestamps differ from the PE header:
|
Suspicious | The file contains overlay data. |
5762700 bytes of data starting at offset 0x2f000.
The overlay data has an entropy of 7.99192 and is possibly compressed or encrypted. Overlay data amounts for 96.7673% of the executable. |
Malicious | VirusTotal score: 4/70 (Scanned on 2020-02-20 20:13:57) |
Trapmine:
malicious.high.ml.score
Microsoft: Ransom:Win32/Genasom Rising: Ransom.Genasom!8.293 (CLOUD) eGambit: Unsafe.AI_Score_98% |
e_magic | MZ |
---|---|
e_cblp | 0x50 |
e_cp | 0x2 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0xf |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0x1a |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 10 |
TimeDateStamp | 1992-Jun-19 22:22:17 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x5e200 |
SizeOfInitializedData | 0x19400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0007E001 (Section: .aspack) |
BaseOfCode | 0x1000 |
BaseOfData | 0x60000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 1.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x81000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x4000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
kernel32.dll |
GetProcAddress
GetModuleHandleA LoadLibraryA |
---|---|
user32.dll |
GetKeyboardType
|
advapi32.dll |
RegQueryValueExA
|
oleaut32.dll |
VariantChangeTypeEx
|
advapi32.dll (#2) |
RegQueryValueExA
|
version.dll |
VerQueryValueA
|
gdi32.dll |
UnrealizeObject
|
user32.dll (#2) |
GetKeyboardType
|
ole32.dll |
CreateStreamOnHGlobal
|
oleaut32.dll (#2) |
VariantChangeTypeEx
|
comctl32.dll |
ImageList_SetIconSize
|
shell32.dll |
ShellExecuteA
|
쌀쾋 |
贀 |
lename E-Publisher Gold BProductName E-Publisher Gold 8 |
ProductVersion 1.0.2.364 :Comments E-Publ |
sher Gold D VarFileInfo $ Translation ЉӤ † ࢨ ( @ Ҁ Ā 接c캜Î뵂ïÿÿÿÿÿÿÿÿÿÿÿ |
āāāā̃̃̃̃̃̃̃̃̃Āāāāā̃̃̃̃̃̃̃̃̃Āāāāā̃̃̃̃̃̃̃̃̃Āāāāā̃̃̃̃̃̃̃̃̃Āāāāā̃̃̃̃̃̃̃̃̃Āāāāā̃̃̃̃̃̃̃̃̃Āāāāā̃̃̃̃̃̃̃̃̃Āāāāā̃̃̃̃̃̃̃̃̃Āāāāā̃̃̃̃̃̃̃̃̃ |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.2.364 |
ProductVersion | 1.0.2.364 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Inzone Software |
FileDescription | E-Publisher Gold |
FileVersion (#2) | 1.0.2.364 |
InternalName | E-Publisher Gold |
LegalCopyright | Copyright 1999-2000 Inzone Software Limited |
LegalTrademarks | E-Publisher Gold is a Trademark of Inzone Software Limited |
OriginalFilename | E-Publisher Gold |
ProductName | E-Publisher Gold |
ProductVersion (#2) | 1.0.2.364 |
Comments | E-Publisher Gold |
Resource LangID | English - United States |
---|
StartAddressOfRawData | 0x467000 |
---|---|
EndAddressOfRawData | 0x467010 |
AddressOfIndex | 0x4634d4 |
AddressOfCallbacks | 0x468010 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks | (EMPTY) |