Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2012-Jul-13 22:47:16 |
Debug artifacts |
|
Comments | |
CompanyName | 17696 |
FileDescription | FiveM Cleanerino |
FileVersion | 1.0.0.0 |
InternalName | FiveM Cleanerino.exe |
LegalCopyright | Copyright © 17696 2022 |
LegalTrademarks | |
OriginalFilename | FiveM Cleanerino.exe |
ProductName | FiveM Cleanerino |
ProductVersion | 1.0.0.0 |
Assembly Version | 1.0.0.0 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Info | The PE's resources present abnormal characteristics. | Resource __ is possibly compressed or encrypted. |
Malicious | VirusTotal score: 40/68 (Scanned on 2022-06-08 11:44:04) |
Lionic:
Trojan.Win32.Generic.4!c
Elastic: malicious (high confidence) McAfee: RDN/Generic.dx Cylance: Unsafe Sangfor: Trojan.Win32.Generic.ky Alibaba: Trojan:Win32/Generic.07bf5dab CrowdStrike: win/malicious_confidence_70% (W) BitDefenderTheta: Gen:NN.ZexaF.34712.lq0@a0nkLy Cyren: W32/ABRisk.DBTE-5619 tehtris: Generic.Malware TrendMicro-HouseCall: TROJ_GEN.R002C0WCR22 Paloalto: generic.ml Kaspersky: HEUR:Trojan.Win32.Generic BitDefender: Trojan.GenericKD.48708749 MicroWorld-eScan: Trojan.GenericKD.48708749 Avast: Win32:Malware-gen Ad-Aware: Trojan.GenericKD.48708749 Sophos: Generic ML PUA (PUA) Zillya: Trojan.Generic.Win32.1651048 TrendMicro: TROJ_GEN.R002C0WCR22 McAfee-GW-Edition: BehavesLike.Win32.Generic.cc SentinelOne: Static AI - Malicious PE Trapmine: malicious.high.ml.score FireEye: Generic.mg.c4c27642b041bc79 Emsisoft: Trojan.GenericKD.48708749 (B) APEX: Malicious Gridinsoft: Trojan.Win32.Agent.cl Microsoft: Backdoor:Win32/Bladabindi!ml GData: Trojan.GenericKD.48708749 AhnLab-V3: Trojan/Win.Generic.C5028274 VBA32: Trojan.MSIL.Agent ALYac: Trojan.GenericKD.48708749 MAX: malware (ai score=82) Malwarebytes: Trojan.Spoofer Rising: Trojan.Generic@AI.100 (RDMK:hebY6EAbYDRuiYOCkn/4EQ) MaxSecure: Trojan.Malware.7164915.susgen Fortinet: W32/PossibleThreat AVG: Win32:Malware-gen Cybereason: malicious.750950 Panda: Trj/CI.A |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2012-Jul-13 22:47:16 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 9.0 |
SizeOfCode | 0x19800 |
SizeOfInitializedData | 0x14c00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000CD2F (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x1b000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.0 |
ImageVersion | 0.0 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x33000 |
SizeOfHeaders | 0x400 |
Checksum | 0x23bfb |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
RaiseException
GetLastError MultiByteToWideChar lstrlenA InterlockedDecrement GetProcAddress LoadLibraryA FreeResource SizeofResource LockResource LoadResource FindResourceA GetModuleHandleA Module32Next CloseHandle Module32First CreateToolhelp32Snapshot GetCurrentProcessId SetEndOfFile GetStringTypeW GetStringTypeA LCMapStringW LCMapStringA GetLocaleInfoA HeapFree GetProcessHeap HeapAlloc GetCommandLineA HeapCreate VirtualFree DeleteCriticalSection LeaveCriticalSection EnterCriticalSection VirtualAlloc HeapReAlloc HeapSize TerminateProcess GetCurrentProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent GetModuleHandleW Sleep ExitProcess WriteFile GetStdHandle GetModuleFileNameA WideCharToMultiByte GetConsoleCP GetConsoleMode ReadFile TlsGetValue TlsAlloc TlsSetValue TlsFree InterlockedIncrement SetLastError GetCurrentThreadId FlushFileBuffers SetFilePointer SetHandleCount GetFileType GetStartupInfoA RtlUnwind FreeEnvironmentStringsA GetEnvironmentStrings FreeEnvironmentStringsW GetEnvironmentStringsW QueryPerformanceCounter GetTickCount GetSystemTimeAsFileTime InitializeCriticalSectionAndSpinCount GetCPInfo GetACP GetOEMCP IsValidCodePage CompareStringA CompareStringW SetEnvironmentVariableA WriteConsoleA GetConsoleOutputCP WriteConsoleW SetStdHandle CreateFileA |
---|---|
ole32.dll |
OleInitialize
|
OLEAUT32.dll |
SafeArrayCreate
SafeArrayAccessData SafeArrayUnaccessData SafeArrayDestroy SafeArrayCreateVector VariantClear VariantInit SysFreeString SysAllocString |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.0.0 |
ProductVersion | 1.0.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
Comments | |
CompanyName | 17696 |
FileDescription | FiveM Cleanerino |
FileVersion (#2) | 1.0.0.0 |
InternalName | FiveM Cleanerino.exe |
LegalCopyright | Copyright © 17696 2022 |
LegalTrademarks | |
OriginalFilename | FiveM Cleanerino.exe |
ProductName | FiveM Cleanerino |
ProductVersion (#2) | 1.0.0.0 |
Assembly Version | 1.0.0.0 |
Resource LangID | UNKNOWN |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2012-Jul-13 22:47:16 |
Version | 0.0 |
SizeofData | 129 |
AddressOfRawData | 0x20de8 |
PointerToRawData | 0x1f9e8 |
Referenced File |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x422234 |
SEHandlerTable | 0x420f50 |
SEHandlerCount | 3 |
XOR Key | 0x7eea712c |
---|---|
Unmarked objects | 0 |
ASM objects (VS2008 build 21022) | 19 |
Imports (VS2012 build 50727 / VS2005 build 50727) | 7 |
Total imports | 112 |
C++ objects (VS2008 build 21022) | 48 |
C objects (VS2008 build 21022) | 142 |
Resource objects (VS2008 build 21022) | 1 |