Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 1992-Jun-19 22:22:17 |
Detected languages |
English - United States
Russian - Russia |
Comments | |
CompanyName | Crackingpatching.com Team |
FileDescription | Bootstrap Studio 1.0.0 Installation |
FileVersion | 1.0.0 |
LegalCopyright | Crackingpatching.com Team |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The PE header may have been manually modified. |
The resource timestamps differ from the PE header:
|
Suspicious | The file contains overlay data. |
388635 bytes of data starting at offset 0x71800.
The overlay data has an entropy of 7.99722 and is possibly compressed or encrypted. |
Malicious | VirusTotal score: 15/70 (Scanned on 2020-01-08 10:26:57) |
CAT-QuickHeal:
Trojan.Presenoker
Cylance: Unsafe ESET-NOD32: a variant of Win32/RiskWare.HackTool.Agent.K Paloalto: generic.ml Tencent: Malware.Win32.Gencirc.10b49844 Invincea: heuristic Trapmine: suspicious.low.ml.score SentinelOne: DFI - Suspicious PE Cyren: W32/Trojan.KFUF-6195 Webroot: W32.Hack.Tool Microsoft: Program:Win32/Uwasson.A!ml Endgame: malicious (moderate confidence) Ikarus: PUA.RiskWare.Hacktool eGambit: Unsafe.AI_Score_99% Fortinet: Riskware/HackTool_Agent |
e_magic | MZ |
---|---|
e_cblp | 0x50 |
e_cp | 0x2 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0xf |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0x1a |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x100 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 8 |
TimeDateStamp | 1992-Jun-19 22:22:17 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x24600 |
SizeOfInitializedData | 0x4ce00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00025468 (Section: CODE) |
BaseOfCode | 0x1000 |
BaseOfData | 0x26000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x78000 |
SizeOfHeaders | 0x400 |
Checksum | 0x7abb0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x4000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
kernel32.dll |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId WideCharToMultiByte GetThreadLocale GetStartupInfoA GetLocaleInfoA GetCommandLineA FreeLibrary ExitProcess WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
---|---|
user32.dll |
GetKeyboardType
MessageBoxA |
advapi32.dll |
RegQueryValueExA
RegOpenKeyExA RegCloseKey |
oleaut32.dll |
SysFreeString
SysReAllocStringLen |
kernel32.dll (#2) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId WideCharToMultiByte GetThreadLocale GetStartupInfoA GetLocaleInfoA GetCommandLineA FreeLibrary ExitProcess WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
advapi32.dll (#2) |
RegQueryValueExA
RegOpenKeyExA RegCloseKey |
kernel32.dll (#3) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId WideCharToMultiByte GetThreadLocale GetStartupInfoA GetLocaleInfoA GetCommandLineA FreeLibrary ExitProcess WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
gdi32.dll |
StretchDIBits
StretchBlt SetWindowOrgEx SetTextColor SetStretchBltMode SetRectRgn SetROP2 SetPixel SetDIBits SetBrushOrgEx SetBkMode SetBkColor SelectObject SaveDC RestoreDC OffsetRgn MoveToEx IntersectClipRect GetStockObject GetPixel GetDIBits ExtSelectClipRgn ExcludeClipRect DeleteObject DeleteDC CreateSolidBrush CreateRectRgn CreateDIBitmap CreateDIBSection CreateCompatibleDC CreateCompatibleBitmap CreateBrushIndirect CreateBitmap CombineRgn BitBlt |
user32.dll (#2) |
GetKeyboardType
MessageBoxA |
winmm.dll |
timeKillEvent
timeSetEvent |
oleaut32.dll (#2) |
SysFreeString
SysReAllocStringLen |
ole32.dll |
OleInitialize
|
comctl32.dll |
ImageList_Draw
ImageList_SetBkColor ImageList_Create InitCommonControls |
shell32.dll |
SHGetFileInfoA
|
user32.dll (#3) |
GetKeyboardType
MessageBoxA |
gdi32.dll (#2) |
StretchDIBits
StretchBlt SetWindowOrgEx SetTextColor SetStretchBltMode SetRectRgn SetROP2 SetPixel SetDIBits SetBrushOrgEx SetBkMode SetBkColor SelectObject SaveDC RestoreDC OffsetRgn MoveToEx IntersectClipRect GetStockObject GetPixel GetDIBits ExtSelectClipRgn ExcludeClipRect DeleteObject DeleteDC CreateSolidBrush CreateRectRgn CreateDIBitmap CreateDIBSection CreateCompatibleDC CreateCompatibleBitmap CreateBrushIndirect CreateBitmap CombineRgn BitBlt |
kernel32.dll (#4) |
DeleteCriticalSection
LeaveCriticalSection EnterCriticalSection InitializeCriticalSection VirtualFree VirtualAlloc LocalFree LocalAlloc GetVersion GetCurrentThreadId WideCharToMultiByte GetThreadLocale GetStartupInfoA GetLocaleInfoA GetCommandLineA FreeLibrary ExitProcess WriteFile UnhandledExceptionFilter RtlUnwind RaiseException GetStdHandle |
advapi32.dll (#3) |
RegQueryValueExA
RegOpenKeyExA RegCloseKey |
shell32.dll (#2) |
SHGetFileInfoA
|
cabinet.dll |
FDIDestroy
FDICopy FDICreate |
ole32.dll (#2) |
OleInitialize
|
shell32.dll (#3) |
SHGetFileInfoA
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 1.0.0.0 |
ProductVersion | 0.0.0.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
Comments | |
CompanyName | Crackingpatching.com Team |
FileDescription | Bootstrap Studio 1.0.0 Installation |
FileVersion (#2) | 1.0.0 |
LegalCopyright | Crackingpatching.com Team |
Resource LangID | Russian - Russia |
---|
StartAddressOfRawData | 0x42d000 |
---|---|
EndAddressOfRawData | 0x42d008 |
AddressOfIndex | 0x42608c |
AddressOfCallbacks | 0x42e010 |
SizeOfZeroFill | 0 |
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks | (EMPTY) |