Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date |
2004-Oct-19 18:29:41
|
Detected languages |
English - United States
French - France
|
CompanyName |
Newbie Center
|
FileVersion |
1.0.0
|
FileDescription |
Stegano
|
OriginalFilename |
Stegano
|
ProductName |
Stegano
|
ProductVersion |
1.0.0
|
XML |
596561684C6550617373776F726445737447726F756D7066
|
Plateforme |
Windows
|
Version du framework |
1.4.24b
|
Certifié .NET |
1
|
Interface |
Microsoft unified
|
Type de produit |
Application pour Microsoft Windows
|
Info |
Matching compiler(s): |
Microsoft Visual C# v7.0 / Basic .NET
|
Suspicious |
The PE is possibly packed. |
The PE only has 5 import(s).
|
Suspicious |
VirusTotal score: 1/51 (Scanned on 2014-12-21 18:42:59) |
Qihoo-360:
Malware.QVM20.Gen
|
MD5 |
d5d32d15f89d14ce99f9e5520a86d029
|
SHA1 |
68b60eeaded0863e9bdcef49c609eb080a7804b8
|
SHA256 |
88773e4019ed616784cd0224f3b18c800368d649b3b1aa15ccfaf97bc5a88c03
|
SHA3 |
4f4c74484f7d555c67d31c1860e2e9a36e330dadd275d657f5c9d9f6e5e31b1a
|
SSDeep |
48:ycb3ya2tlSqBi4zC1SYxiuziR5VEHRQE78pB7cWc:Zb3O5ZzKSuiVLEmgacWc
|
Imports Hash |
2b7f1830f1398749bbd5f50d56fe197c
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0xb8
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
4
|
TimeDateStamp |
2004-Oct-19 18:29:41
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32
|
LinkerVersion |
5.0
|
SizeOfCode |
0x200
|
SizeOfInitializedData |
0xc00
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x00001000 (Section: .text)
|
BaseOfCode |
0x1000
|
BaseOfData |
0x2000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
4.0
|
SubsystemVersion |
4.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x5000
|
SizeOfHeaders |
0x400
|
Checksum |
0x7585
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
7cacae9f44293d75952ba371d44395f8
|
SHA1 |
fdd243432b0172fdcd5eacdb6dc109406e6eadd1
|
SHA256 |
a4d70743248e9a8d4755fb93091abaed98e79890b8150b1a6291b9be725fb6fa
|
SHA3 |
fa407ee1b1921c7a889843dde7161c0e8cff9050e84e15d19088afb4fbf2b6c0
|
VirtualSize |
0x88
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
1.57061
|
MD5 |
8a7047df9fd9421f3509df9b15c723ec
|
SHA1 |
d2227a35e315ccb3ce08652f39e29e663cda72d9
|
SHA256 |
e2b6b2834be090cac4044b5e1a41d2e99aa79db5d03ee0b862a02b30cc375af0
|
SHA3 |
182418da6e11990a7aca13ec5233733cacc546d31542aa727432ec053edee23a
|
VirtualSize |
0x10e
|
VirtualAddress |
0x2000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
2.28054
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x4
|
VirtualAddress |
0x3000
|
SizeOfRawData |
0
|
PointerToRawData |
0
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
e5adb5e1e7eaefb2b2d6b43972b70051
|
SHA1 |
9d702971f3fec8e6563e99b8ed52ae0c4ef7c1e8
|
SHA256 |
38069ce0a1dbdd6e93d38e6d42067fe095e79caf6d6c361e3234259f3da5a54c
|
SHA3 |
122e3a177c2b2f091e4780290188600c1083ddb3188af906d80cf335853058b9
|
VirtualSize |
0x7b0
|
VirtualAddress |
0x4000
|
SizeOfRawData |
0x800
|
PointerToRawData |
0x800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
3.20306
|
kernel32.dll |
GetModuleHandleA
ExitProcess
|
user32.dll |
DialogBoxParamA
EndDialog
|
comctl32.dll |
InitCommonControls
|
Type |
RT_DIALOG
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x142
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.26017
|
MD5 |
743150672a88f63a52976ca660853124
|
SHA1 |
ba9b080ad8407a9460d12ef94bbd0a9c83d774c2
|
SHA256 |
b9fdf7c5fecf129f1dbbe466f5082eec384ab6a495e6a08e25722227dc3d0bd6
|
SHA3 |
f32b7531730d52d6b6c7df84fbb2f87363d813c472adc96725096aaf47eb1e34
|
Type |
RT_STRING
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x1b8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
2.42714
|
MD5 |
9f13f6515450a8d555299f9a008e22a1
|
SHA1 |
fbbb364acc49f739cd645063f320d529fc4a3b19
|
SHA256 |
01d54e0897f4591f645fdfba44723bd2c873c5808bea2cb395fc4fb83dfcb6e6
|
SHA3 |
16fab4e77be1d48322e86f877846547f35fa76349e75618549b7753c0a17e5bf
|
Type |
RT_VERSION
|
Language |
French - France
|
Codepage |
UNKNOWN
|
Size |
0x3cc
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.40047
|
MD5 |
4c6448763aef85ff5086c1302125bac7
|
SHA1 |
fab6353e50492b3ffc9222f0beadd51e5e60f25e
|
SHA256 |
fedc05c11fd6b326a8fa67d1f63c29fa99d55ba7c74dd0240113bb79cbc6dc5e
|
SHA3 |
663fcde970726aed21cfad97026ae7bdc32c75f71d57d18aad8bca8e6df8479b
|
Pas de password ici non plus ;-) |
N'importe quoi ce fichier |
??h??????????????????????????????????????????????????????????????? |
????????????????????S???????????????? ??????????????????)??? |
Overflow |
Stack Error |
Signature |
0xfeef04bd
|
StructVersion |
0x10000
|
FileVersion |
1.0.0.0
|
ProductVersion |
1.0.0.0
|
FileFlags |
(EMPTY)
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language |
French - France
|
CompanyName |
Newbie Center
|
FileVersion (#2) |
1.0.0
|
FileDescription |
Stegano
|
OriginalFilename |
Stegano
|
ProductName |
Stegano
|
ProductVersion (#2) |
1.0.0
|
XML |
596561684C6550617373776F726445737447726F756D7066
|
Plateforme |
Windows
|
Version du framework |
1.4.24b
|
Certifié .NET |
1
|
Interface |
Microsoft unified
|
Type de produit |
Application pour Microsoft Windows
|
Resource LangID |
French - France
|
XOR Key |
0xec7143a9
|
Unmarked objects |
0
|
19 (8078) |
13
|
18 (8444) |
1
|
Resource objects (VS98 SP6 cvtres build 1736) |
1
|
[*] Warning: Section .data has a size of 0!