Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2009-Jul-13 23:42:48 |
Detected languages |
English - United States
|
Debug artifacts |
wscript.pdb
|
CompanyName | Microsoft Corporation |
FileDescription | Microsoft ® Windows Based Script Host |
FileVersion | 5.8.7600.16385 |
InternalName | wscript.exe |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | wscript.exe |
ProductName | Microsoft ® Windows Script Host |
ProductVersion | 5.8.7600.16385 |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Safe | VirusTotal score: 0/66 (Scanned on 2018-12-05 10:09:32) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2009-Jul-13 23:42:48 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 9.1 |
SizeOfCode | 0x17600 |
SizeOfInitializedData | 0xb000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00002F3B (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x18000 |
ImageBase | 0x1000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.1 |
ImageVersion | 6.1 |
SubsystemVersion | 5.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x26000 |
SizeOfHeaders | 0x400 |
Checksum | 0x2b2d4 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x8000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
RegCreateKeyA
RegCloseKey RegSetValueA RegOpenKeyA RegQueryValueA RegDeleteKeyA RegSetValueExW RegQueryValueExW RegCreateKeyExW RegCreateKeyExA RegOpenKeyExW ImpersonateLoggedOnUser RegisterEventSourceW GetUserNameW LookupAccountNameW ReportEventW DeregisterEventSource IsTextUnicode RegQueryValueExA RegEnumKeyExA RegOpenKeyExA RegSetValueExA |
---|---|
KERNEL32.dll |
GetCommandLineA
lstrlenW GetCommandLineW HeapAlloc HeapFree GetProcessHeap GetProcAddress SearchPathW GetUserDefaultUILanguage GetSystemDefaultUILanguage GetLocaleInfoW GetVersionExW CreateFileMappingW LoadLibraryExW SetLastError LoadResource FindResourceExW CreateFileW GetFileSize CreateFileMappingA MapViewOfFile UnmapViewOfFile GetPrivateProfileIntW GetPrivateProfileIntA GetPrivateProfileStringW GetPrivateProfileStringA GetFullPathNameW GetFullPathNameA GetLocaleInfoA LoadLibraryExA LoadLibraryW HeapReAlloc GetStdHandle GetConsoleMode GetSystemDirectoryA GetTempPathA GetTempFileNameA CreateFileA WriteFile FlushFileBuffers GetUserDefaultLCID GetCPInfo GetFileAttributesW FindFirstFileW GetFileAttributesA FindFirstFileA FindClose GetACP CreateEventA CreateThread CloseHandle SetEvent FormatMessageW LocalAlloc LocalFree FormatMessageA GetVersionExA GetModuleFileNameW LoadLibraryA FreeLibrary lstrlenA SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess RtlUnwind OutputDebugStringA GetSystemTimeAsFileTime GetCurrentProcessId GetTickCount QueryPerformanceCounter InitializeCriticalSection DeleteCriticalSection EnterCriticalSection LeaveCriticalSection GetCurrentThreadId InterlockedIncrement InterlockedCompareExchange InterlockedExchange InterlockedDecrement ExitProcess GetModuleHandleA GetStartupInfoA GetLastError WideCharToMultiByte MultiByteToWideChar GetModuleFileNameA |
USER32.dll |
GetMessageA
DispatchMessageA GetActiveWindow MessageBoxW PostThreadMessageA GetParent TranslateMessage PeekMessageA MsgWaitForMultipleObjects SendMessageA PostMessageA LoadStringW LoadStringA CharNextA GetClassInfoA RegisterClassA CreateWindowExA GetWindowLongA SetWindowLongA SetTimer DefWindowProcA PostQuitMessage KillTimer EnumThreadWindows IsWindowVisible GetClassNameA |
msvcrt.dll |
_iob
_vsnwprintf _errno _vsnprintf _beginthread memcpy memmove malloc free mbtowc isleadbyte _snprintf _itoa wctomb ferror _swab wcsrchr _itow __badioinfo __pioinfo _fileno _lseeki64 _write _isatty ??3@YAXPAX@Z wcsncmp _wcsnicmp _wcsicmp __mb_cur_max ??2@YAPAXI@Z memset _endthread bsearch |
OLEAUT32.dll |
#20
#150 #201 #202 #9 #10 #8 #27 #15 #26 #161 #12 #25 #19 #6 #4 #16 #186 #183 #2 #162 #7 |
ole32.dll |
CLSIDFromString
CLSIDFromProgID MkParseDisplayName CoGetClassObject CoInitializeSecurity CreateFileMoniker CreateBindCtx CoMarshalInterThreadInterfaceInStream CoGetInterfaceAndReleaseStream CoUninitialize CoInitialize CoCreateInstance CoRevokeClassObject CoRegisterClassObject StringFromCLSID CoGetMalloc CoRegisterMessageFilter |
VERSION.dll |
GetFileVersionInfoSizeW
GetFileVersionInfoA VerQueryValueA GetFileVersionInfoW VerQueryValueW GetFileVersionInfoSizeA |
Ordinal | 1 |
---|---|
Address | 0x2bb9 |
Windows Script Host |
Windows Script Host (debugging disabled) |
Windows Script Host Error |
Windows Script Host Input Error |
This Unicode version of Windows Script Host will only execute under Windows NT. |
Please use the ANSI version of Windows Script Host." |
Usage: |
Options: |
value |
wsh |
Windows Script Host |
Windows Script Host (debugging disabled) |
Usage: WScript scriptname.extension [option...] [arguments...] |
Options: |
//B Batch mode: Suppresses script errors and prompts from displaying |
//D Enable Active Debugging |
//E:engine Use engine for executing script |
//H:CScript Changes the default script host to CScript.exe |
//H:WScript Changes the default script host to WScript.exe (default) |
//I Interactive mode (default, opposite of //B) |
//Job:xxxx Execute a WSF job |
//Logo Display logo (default) |
//Nologo Prevent logo display: No banner will be shown at execution time |
//S Save current command line options for this user |
//T:nn Time out in seconds: Maximum time a script is permitted to run |
//X Execute script in debugger |
WScript Error - Windows Script Host |
Input Error - Windows Script Host |
This Unicode version of WScript will only execute under Windows NT. |
Please use the ANSI version of WScript. |
Script: %1!ls! |
Line: %2!lu! |
Char: %3!ld! |
Error: %4!ls! |
Code: %5!lX! |
Source: %6!ls! |
WScript - Script Execution Error |
Windows Script Host Remote Script |
Remote script object can only be executed once. |
Unable to execute remote script. |
The Windows Script Host settings have been reset to default. |
Command line options are saved. |
The default script host is now set to "wscript.exe". |
The default script host is now set to "cscript.exe". |
Successful execution of Windows Script Host. |
Successful remote execution of Windows Script Host. |
Script execution time was exceeded on script "%1!ls!". |
Script execution was terminated. |
Could not locate automation class named "%1!ls!". |
Could not connect object. |
Could not create object named "%1!ls!". |
Initialization of the Windows Script Host failed. |
Can't find script engine "%2!ls!" for script "%1!ls!". |
Can't change default script host. |
An attempt at saving your settings via the //S option failed. |
Loading script "%1!ls!" failed (%2!ls!). |
Loading your settings failed. |
Execution of the Windows Script Host failed. |
Unexpected error of the Windows Script Host. |
Windows Script Host access is disabled on this machine. Contact your administrator for details. |
Attempt to execute Windows Script Host while it is disabled. |
Attempt to execute Windows Script Host remotely while remote execution is disabled. |
//T option requires timeout value. |
Invalid timeout value for //T option. |
Unknown option "%1!ls!" specified. |
Extra argument specified to option "%1!ls!". |
There is no script file specified. |
Command line option mismatch. |
There is no file extension in "%1!ls!". |
//H option requires host name. |
Host name for //H option must be "cscript" or "wscript". |
There is no script engine for file extension "%1!ls!". |
Can not find script file "%1!ls!". |
Invalid pathname. |
Need -E option. |
-E option requires name of script engine. |
Can't read script from stdin. |
//CP option requires code page value. |
Invalid code page value for //CP option. |
Missing job name. |
Unicode is not supported on this platform. |
Unable to find job "%1!ls!". |
Script setting file "%1!ls!" is invalid. |
Invalid #codepage directive. |
Win32 Error 0x%X |
%1!ls! (%2!ls!) |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 5.8.7600.16385 |
ProductVersion | 5.8.7600.16385 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Microsoft Corporation |
FileDescription | Microsoft ® Windows Based Script Host |
FileVersion (#2) | 5.8.7600.16385 |
InternalName | wscript.exe |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | wscript.exe |
ProductName | Microsoft ® Windows Script Host |
ProductVersion (#2) | 5.8.7600.16385 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2009-Jul-13 23:42:48 |
Version | 0.0 |
SizeofData | 36 |
AddressOfRawData | 0x18558 |
PointerToRawData | 0x17958 |
Referenced File | wscript.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2009-Jul-13 23:42:48 |
Version | 565.6526 |
SizeofData | 4 |
AddressOfRawData | 0x18554 |
PointerToRawData | 0x17954 |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x1019004 |
SEHandlerTable | 0x100b6d0 |
SEHandlerCount | 2 |
XOR Key | 0x99c414f3 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2008 SP1 build 30729) | 9 |
C objects (VS2008 SP1 build 30729) | 66 |
Imports (VS2008 SP1 build 30729) | 15 |
Total imports | 257 |
C++ objects (VS2008 SP1 build 30729) | 58 |
126 (VS2012 build 50727 / VS2005 build 50727) | 1 |
Exports (VS2008 SP1 build 30729) | 1 |
Linker (VS2008 SP1 build 30729) | 1 |
Resource objects (VS2008 SP1 build 30729) | 1 |