Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2021-Aug-05 14:38:04 |
Detected languages |
English - United States
|
CompanyName | Wavesor Software |
FileDescription | WaveBrowser |
FileVersion | 1.1.2.9 |
LegalCopyright | Copyright 2021 Wavesor Software. All rights reserved. |
OriginalFilename | Wave Browser |
ProductName | WaveBrowser |
ProductVersion | 1.1.2.9 |
Info | Interesting strings found in the binary: |
Contains domain names:
|
Suspicious | The PE is an NSIS installer | Unusual section name found: .ndata |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Wavesor Software
Issuer: DigiCert EV Code Signing CA (SHA2) |
Suspicious | VirusTotal score: 1/69 (Scanned on 2021-08-15 15:50:13) | APEX: Malicious |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2021-Aug-05 14:38:04 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x6000 |
SizeOfInitializedData | 0x1d000 |
SizeOfUninitializedData | 0x400 |
AddressOfEntryPoint | 0x000031D6 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x7000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 6.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x3f000 |
SizeOfHeaders | 0x400 |
Checksum | 0xfa60c |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetTempPathA
GetFileSize GetModuleFileNameA GetCurrentProcess CopyFileA ExitProcess SetEnvironmentVariableA Sleep GetTickCount GetCommandLineA lstrlenA GetVersion SetErrorMode lstrcpynA GetDiskFreeSpaceA GlobalUnlock GetWindowsDirectoryA SetCurrentDirectoryA GetLastError CreateDirectoryA CreateProcessA RemoveDirectoryA CreateFileA GetTempFileNameA ReadFile WriteFile lstrcpyA MoveFileExA lstrcatA GetSystemDirectoryA GetProcAddress GetExitCodeProcess WaitForSingleObject CompareFileTime SetFileAttributesA GetFileAttributesA GetShortPathNameA MoveFileA GetFullPathNameA SetFileTime SearchPathA CloseHandle lstrcmpiA CreateThread GlobalLock lstrcmpA FindFirstFileA FindNextFileA DeleteFileA SetFilePointer GetPrivateProfileStringA FindClose MultiByteToWideChar FreeLibrary MulDiv WritePrivateProfileStringA LoadLibraryExA GetModuleHandleA GlobalAlloc GlobalFree ExpandEnvironmentStringsA |
---|---|
USER32.dll |
ScreenToClient
GetSystemMenu SetClassLongA IsWindowEnabled SetWindowPos GetSysColor GetWindowLongA SetCursor LoadCursorA CheckDlgButton GetMessagePos LoadBitmapA CallWindowProcA IsWindowVisible CloseClipboard SetClipboardData EmptyClipboard PostQuitMessage GetWindowRect EnableMenuItem CreatePopupMenu GetSystemMetrics SetDlgItemTextA GetDlgItemTextA MessageBoxIndirectA CharPrevA DispatchMessageA PeekMessageA ReleaseDC EnableWindow InvalidateRect SendMessageA DefWindowProcA BeginPaint GetClientRect FillRect DrawTextA EndDialog RegisterClassA SystemParametersInfoA CreateWindowExA GetClassInfoA DialogBoxParamA CharNextA ExitWindowsEx GetDC CreateDialogParamA SetTimer GetDlgItem SetWindowLongA SetForegroundWindow LoadImageA IsWindow SendMessageTimeoutA FindWindowExA OpenClipboard TrackPopupMenu AppendMenuA EndPaint DestroyWindow wsprintfA ShowWindow SetWindowTextA |
GDI32.dll |
SelectObject
SetBkMode CreateFontIndirectA SetTextColor DeleteObject GetDeviceCaps CreateBrushIndirect SetBkColor |
SHELL32.dll |
SHGetSpecialFolderLocation
ShellExecuteExA SHGetPathFromIDListA SHBrowseForFolderA SHGetFileInfoA SHFileOperationA |
ADVAPI32.dll |
AdjustTokenPrivileges
RegCreateKeyExA RegOpenKeyExA SetFileSecurityA OpenProcessToken LookupPrivilegeValueA RegEnumValueA RegDeleteKeyA RegDeleteValueA RegCloseKey RegSetValueExA RegQueryValueExA RegEnumKeyA |
COMCTL32.dll |
ImageList_Create
ImageList_AddMasked ImageList_Destroy #17 |
ole32.dll |
OleUninitialize
OleInitialize CoTaskMemFree CoCreateInstance |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0 |
FileVersion | 1.1.2.9 |
ProductVersion | 1.1.2.9 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Wavesor Software |
FileDescription | WaveBrowser |
FileVersion (#2) | 1.1.2.9 |
LegalCopyright | Copyright 2021 Wavesor Software. All rights reserved. |
OriginalFilename | Wave Browser |
ProductName | WaveBrowser |
ProductVersion (#2) | 1.1.2.9 |
Resource LangID | English - United States |
---|
XOR Key | 0xd246d0e9 |
---|---|
Unmarked objects | 0 |
C objects (VS2003 (.NET) build 4035) | 2 |
Total imports | 159 |
Imports (VS2003 (.NET) build 4035) | 15 |
48 (9044) | 10 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |