Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2011-Oct-21 03:50:01 |
Detected languages |
Chinese - Taiwan
English - United States |
Debug artifacts |
d:\work\Flash\TdkPacker\2in1 release\W3DStub.pdb
|
CompanyName | Phoenix Technologies Ltd. |
FileDescription | Extractor for Windows |
FileVersion | 1, 3, 3, 0 |
InternalName | WinExtractor.exe |
LegalCopyright | Copyright (C) 2011 Phoenix Technologies Ltd. |
OriginalFilename | WinExtractor.exe |
ProductName | TDK Packer (Extractor for Windows) |
ProductVersion | 1, 3, 3, 0 |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ 8 Microsoft Visual C++ 8.0 MSVC++ v.8 (procedure 1 recognized - h) |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Malicious | The file headers were tampered with. | The RICH header checksum is invalid. |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Dell Inc
Issuer: Entrust Code Signing CA - OVCS1 |
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0 |
e_cp | 0x2a |
e_crlc | 0x1b |
e_cparhdr | 0x20 |
e_minalloc | 0x4b8 |
e_maxalloc | 0x5b8 |
e_ss | 0x8a8 |
e_sp | 0x100 |
e_csum | 0 |
e_ip | 0x54 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x1fc70 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2011-Oct-21 03:50:01 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 8.0 |
SizeOfCode | 0x27000 |
SizeOfInitializedData | 0xf000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0003146B (Section: .text) |
BaseOfCode | 0x20000 |
BaseOfData | 0x47000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x5b000 |
SizeOfHeaders | 0x20000 |
Checksum | 0x42955a |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
CreateFileA
GetCPInfo GetOEMCP SetErrorMode HeapAlloc HeapFree HeapReAlloc VirtualAlloc GetProcessHeap GetStartupInfoA RtlUnwind RaiseException ExitProcess HeapSize TerminateProcess UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent SetHandleCount GetFileType VirtualFree HeapDestroy HeapCreate GetConsoleCP GetConsoleMode SetEnvironmentVariableA SetEnvironmentVariableW Sleep GetACP IsValidCodePage FreeEnvironmentStringsA GetEnvironmentStrings FreeEnvironmentStringsW GetEnvironmentStringsW QueryPerformanceCounter GetTickCount GetSystemTimeAsFileTime SetStdHandle GetConsoleOutputCP WriteConsoleW LCMapStringA LCMapStringW GetStringTypeA GetStringTypeW GetCurrentProcess SetEndOfFile FlushFileBuffers SetFilePointer WriteFile ReadFile GlobalFlags GetThreadLocale TlsFree DeleteCriticalSection LocalReAlloc TlsSetValue TlsAlloc InitializeCriticalSection GlobalHandle GlobalReAlloc EnterCriticalSection TlsGetValue LeaveCriticalSection LocalAlloc InterlockedIncrement InterlockedDecrement GetModuleFileNameW GlobalGetAtomNameA GlobalFindAtomA LoadLibraryA lstrcmpW GetVersionExA FreeResource WritePrivateProfileStringA GlobalAddAtomA GlobalDeleteAtom GetCurrentThread GetCurrentThreadId ConvertDefaultLocale EnumResourceLanguagesA GetLocaleInfoA LoadLibraryExA lstrcmpA FreeLibrary GetModuleHandleA GetProcAddress GlobalFree GlobalAlloc GlobalLock GlobalUnlock FormatMessageA LocalFree MulDiv GetCurrentProcessId SetLastError CompareStringW InterlockedExchange GetVersion lstrlenA CompareStringA MultiByteToWideChar FindResourceA LoadResource LockResource SizeofResource WideCharToMultiByte CloseHandle WaitForSingleObject CreateProcessA GetLastError CreateDirectoryA GetTempPathA SetCurrentDirectoryA GetModuleFileNameA GetCommandLineA GetCommandLineW GetCurrentDirectoryA FreeConsole GetConsoleScreenBufferInfo WriteConsoleA GetStdHandle AttachConsole |
---|---|
USER32.dll |
LoadCursorA
GetSysColorBrush ShowWindow SetWindowTextA IsDialogMessageA EndPaint BeginPaint ReleaseDC GetDC ClientToScreen GrayStringA DrawTextExA DrawTextA TabbedTextOutA RegisterWindowMessageA SendDlgItemMessageA WinHelpA GetCapture GetClassLongA GetClassNameA SetPropA GetPropA RemovePropA SetFocus GetWindowTextA GetForegroundWindow GetTopWindow UnhookWindowsHookEx GetMessageTime GetMessagePos MapWindowPoints SetForegroundWindow UpdateWindow GetMenu CreateWindowExA GetClassInfoExA GetClassInfoA RegisterClassA GetSysColor AdjustWindowRectEx CopyRect PtInRect GetDlgCtrlID DefWindowProcA CallWindowProcA SetWindowLongA SetWindowPos SystemParametersInfoA GetWindowPlacement GetWindowRect GetWindow GetDesktopWindow SetActiveWindow CreateDialogIndirectParamA MessageBoxA DestroyWindow IsWindow GetDlgItem GetNextDlgTabItem EndDialog SetCursor SetWindowsHookExA CallNextHookEx GetMessageA TranslateMessage DispatchMessageA GetActiveWindow IsWindowVisible GetKeyState UnregisterClassA DestroyMenu LoadIconA PostMessageA IsIconic SendMessageA GetSystemMetrics GetClientRect DrawIcon EnableWindow IsWindowEnabled GetLastActivePopup GetWindowLongA GetParent GetWindowThreadProcessId GetSubMenu GetMenuItemCount PeekMessageA GetCursorPos ValidateRect PostQuitMessage SetMenuItemBitmaps GetMenuCheckMarkDimensions LoadBitmapA GetFocus ModifyMenuA EnableMenuItem CheckMenuItem GetMenuState GetMenuItemID |
GDI32.dll |
DeleteDC
GetStockObject ScaleWindowExtEx SetWindowExtEx ScaleViewportExtEx SetViewportExtEx OffsetViewportOrgEx SetViewportOrgEx SelectObject Escape ExtTextOutA TextOutA RectVisible PtVisible GetDeviceCaps DeleteObject SetMapMode RestoreDC SaveDC GetObjectA SetBkColor SetTextColor GetClipBox CreateBitmap |
WINSPOOL.DRV |
DocumentPropertiesA
OpenPrinterA ClosePrinter |
ADVAPI32.dll |
RegEnumKeyA
RegSetValueExA RegCreateKeyExA RegQueryValueA RegCloseKey RegDeleteKeyA RegOpenKeyExA RegQueryValueExA RegOpenKeyA |
SHELL32.dll |
SHFileOperationA
CommandLineToArgvW |
COMCTL32.dll |
InitCommonControlsEx
|
SHLWAPI.dll |
PathFindExtensionA
PathFindFileNameA |
OLEAUT32.dll |
#9
#12 #8 |
OLEACC.dll (delay-loaded) |
LresultFromObject
CreateStdAccessibleObject |
Attributes | 0x1 |
---|---|
Name | OLEACC.dll |
ModuleHandle | 0x538d4 |
DelayImportAddressTable | 0x50f9c |
DelayImportNameTable | 0x4d760 |
BoundDelayImportTable | 0x4d79c |
UnloadDelayImportTable | 0 |
TimeStamp | 1970-Jan-01 00:00:00 |
Open |
Save As |
All Files (*.*) |
Untitled |
an unnamed file |
&Hide |
No error message is available. |
An unsupported operation was attempted. |
A required resource was unavailable. |
Out of memory. |
An unknown error has occurred. |
An invalid argument was encountered. |
Invalid filename. |
Failed to open document. |
Failed to save document. |
Save changes to %1? |
Failed to create empty document. |
The file is too large to open. |
Could not start print job. |
Failed to launch help. |
Internal application error. |
Command failed. |
Insufficient memory to perform operation. |
System registry entries have been removed and the INI file (if any) was deleted. |
Not all of the system registry entries (or INI file) were removed. |
This program requires the file %s, which was not found on this system. |
This program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s. |
Please enter an integer. |
Please enter a number. |
Please enter an integer between %1 and %2. |
Please enter a number between %1 and %2. |
Please enter no more than %1 characters. |
Please select a button. |
Please enter an integer between 0 and 255. |
Please enter a positive integer. |
Please enter a date and/or time. |
Please enter a currency. |
Please enter a GUID. |
Please enter a time. |
Please enter a date. |
Unexpected file format. |
%1 |
Cannot find this file. |
Please verify that the correct path and file name are given. |
Destination disk drive is full. |
Unable to read from %1, it is opened by someone else. |
Unable to write to %1, it is read-only or opened by someone else. |
An unexpected error occurred while reading %1. |
An unexpected error occurred while writing %1. |
%1: %2 |
Continue running script? |
Dispatch exception: %1 |
Unable to read write-only property. |
Unable to write read-only property. |
Unable to load mail system support. |
Mail system DLL is invalid. |
Send Mail failed to send message. |
No error occurred. |
An unknown error occurred while accessing %1. |
%1 was not found. |
%1 contains an invalid path. |
%1 could not be opened because there are too many open files. |
Access to %1 was denied. |
An invalid file handle was associated with %1. |
%1 could not be removed because it is the current directory. |
%1 could not be created because the directory is full. |
Seek failed on %1 |
A hardware I/O error was reported while accessing %1. |
A sharing violation occurred while accessing %1. |
A locking violation occurred while accessing %1. |
Disk full while accessing %1. |
An attempt was made to access %1 past its end. |
No error occurred. |
An unknown error occurred while accessing %1. |
An attempt was made to write to the reading %1. |
An attempt was made to access %1 past its end. |
An attempt was made to read from the writing %1. |
%1 has a bad format. |
%1 contained an unexpected object. |
%1 contains an incorrect schema. |
pixels |
Uncheck |
Check |
Mixed |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.3.3.0 |
ProductVersion | 1.3.3.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Phoenix Technologies Ltd. |
FileDescription | Extractor for Windows |
FileVersion (#2) | 1, 3, 3, 0 |
InternalName | WinExtractor.exe |
LegalCopyright | Copyright (C) 2011 Phoenix Technologies Ltd. |
OriginalFilename | WinExtractor.exe |
ProductName | TDK Packer (Extractor for Windows) |
ProductVersion (#2) | 1, 3, 3, 0 |
Resource LangID | Chinese - Taiwan |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2011-Oct-21 03:50:01 |
Version | 0.0 |
SizeofData | 73 |
AddressOfRawData | 0x4add0 |
PointerToRawData | 0x4add0 |
Referenced File | d:\work\Flash\TdkPacker\2in1 release\W3DStub.pdb |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x44fab8 |
SEHandlerTable | 0x44bf30 |
SEHandlerCount | 56 |
XOR Key | 0x684313fb |
---|---|
Unmarked objects | 0 |
126 (50327) | 1 |
C objects (VS2008 SP1 build 30729) | 7 |
Imports (VS2008 SP1 build 30729) | 23 |
Total imports | 515 |
ASM objects (VS2012 build 50727 / VS2005 build 50727) | 25 |
C objects (VS2012 build 50727 / VS2005 build 50727) | 156 |
C++ objects (VS2012 build 50727 / VS2005 build 50727) | 140 |
114 (VS2012 build 50727 / VS2005 build 50727) | 9 |
Resource objects (VS2012 build 50727 / VS2005 build 50727) | 1 |
Linker (VS2012 build 50727 / VS2005 build 50727) | 1 |