| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2004-Oct-19 18:29:41
|
| Detected languages |
English - United States
French - France
|
| CompanyName |
Newbie Center
|
| FileVersion |
1.0.0
|
| FileDescription |
Stegano
|
| OriginalFilename |
Stegano
|
| ProductName |
Stegano
|
| ProductVersion |
1.0.0
|
| XML |
596561684C6550617373776F726445737447726F756D7066
|
| Plateforme |
Windows
|
| Version du framework |
1.4.24b
|
| Certifié .NET |
1
|
| Interface |
Microsoft unified
|
| Type de produit |
Application pour Microsoft Windows
|
| Info |
Matching compiler(s): |
Microsoft Visual C# v7.0 / Basic .NET
|
| Suspicious |
The PE is possibly packed. |
The PE only has 5 import(s).
|
| Suspicious |
VirusTotal score: 1/51 (Scanned on 2014-12-21 18:42:59) |
Qihoo-360:
Malware.QVM20.Gen
|
| MD5 |
d5d32d15f89d14ce99f9e5520a86d029
|
| SHA1 |
68b60eeaded0863e9bdcef49c609eb080a7804b8
|
| SHA256 |
88773e4019ed616784cd0224f3b18c800368d649b3b1aa15ccfaf97bc5a88c03
|
| SHA3 |
4f4c74484f7d555c67d31c1860e2e9a36e330dadd275d657f5c9d9f6e5e31b1a
|
| SSDeep |
48:ycb3ya2tlSqBi4zC1SYxiuziR5VEHRQE78pB7cWc:Zb3O5ZzKSuiVLEmgacWc
|
| Imports Hash |
2b7f1830f1398749bbd5f50d56fe197c
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0xb8
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
4
|
| TimeDateStamp |
2004-Oct-19 18:29:41
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
5.0
|
| SizeOfCode |
0x200
|
| SizeOfInitializedData |
0xc00
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x00001000 (Section: .text)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0x2000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
4.0
|
| SubsystemVersion |
4.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x5000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x7585
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
7cacae9f44293d75952ba371d44395f8
|
| SHA1 |
fdd243432b0172fdcd5eacdb6dc109406e6eadd1
|
| SHA256 |
a4d70743248e9a8d4755fb93091abaed98e79890b8150b1a6291b9be725fb6fa
|
| SHA3 |
fa407ee1b1921c7a889843dde7161c0e8cff9050e84e15d19088afb4fbf2b6c0
|
| VirtualSize |
0x88
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
1.57061
|
| MD5 |
8a7047df9fd9421f3509df9b15c723ec
|
| SHA1 |
d2227a35e315ccb3ce08652f39e29e663cda72d9
|
| SHA256 |
e2b6b2834be090cac4044b5e1a41d2e99aa79db5d03ee0b862a02b30cc375af0
|
| SHA3 |
182418da6e11990a7aca13ec5233733cacc546d31542aa727432ec053edee23a
|
| VirtualSize |
0x10e
|
| VirtualAddress |
0x2000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.28054
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x4
|
| VirtualAddress |
0x3000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
e5adb5e1e7eaefb2b2d6b43972b70051
|
| SHA1 |
9d702971f3fec8e6563e99b8ed52ae0c4ef7c1e8
|
| SHA256 |
38069ce0a1dbdd6e93d38e6d42067fe095e79caf6d6c361e3234259f3da5a54c
|
| SHA3 |
122e3a177c2b2f091e4780290188600c1083ddb3188af906d80cf335853058b9
|
| VirtualSize |
0x7b0
|
| VirtualAddress |
0x4000
|
| SizeOfRawData |
0x800
|
| PointerToRawData |
0x800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
3.20306
|
| kernel32.dll |
GetModuleHandleA
ExitProcess
|
| user32.dll |
DialogBoxParamA
EndDialog
|
| comctl32.dll |
InitCommonControls
|
| Type |
RT_DIALOG
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x142
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.26017
|
| MD5 |
743150672a88f63a52976ca660853124
|
| SHA1 |
ba9b080ad8407a9460d12ef94bbd0a9c83d774c2
|
| SHA256 |
b9fdf7c5fecf129f1dbbe466f5082eec384ab6a495e6a08e25722227dc3d0bd6
|
| SHA3 |
f32b7531730d52d6b6c7df84fbb2f87363d813c472adc96725096aaf47eb1e34
|
| Type |
RT_STRING
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x1b8
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.42714
|
| MD5 |
9f13f6515450a8d555299f9a008e22a1
|
| SHA1 |
fbbb364acc49f739cd645063f320d529fc4a3b19
|
| SHA256 |
01d54e0897f4591f645fdfba44723bd2c873c5808bea2cb395fc4fb83dfcb6e6
|
| SHA3 |
16fab4e77be1d48322e86f877846547f35fa76349e75618549b7753c0a17e5bf
|
| Type |
RT_VERSION
|
| Language |
French - France
|
| Codepage |
UNKNOWN
|
| Size |
0x3cc
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.40047
|
| MD5 |
4c6448763aef85ff5086c1302125bac7
|
| SHA1 |
fab6353e50492b3ffc9222f0beadd51e5e60f25e
|
| SHA256 |
fedc05c11fd6b326a8fa67d1f63c29fa99d55ba7c74dd0240113bb79cbc6dc5e
|
| SHA3 |
663fcde970726aed21cfad97026ae7bdc32c75f71d57d18aad8bca8e6df8479b
|
| Pas de password ici non plus ;-) |
| N'importe quoi ce fichier |
| ??h??????????????????????????????????????????????????????????????? |
| ????????????????????S?????????????�??? ??????????????????)??? |
| Overflow |
| Stack Error |
| Signature |
0xfeef04bd
|
| StructVersion |
0x10000
|
| FileVersion |
1.0.0.0
|
| ProductVersion |
1.0.0.0
|
| FileFlags |
(EMPTY)
|
| FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
| FileType |
VFT_APP
|
| Language |
French - France
|
| CompanyName |
Newbie Center
|
| FileVersion (#2) |
1.0.0
|
| FileDescription |
Stegano
|
| OriginalFilename |
Stegano
|
| ProductName |
Stegano
|
| ProductVersion (#2) |
1.0.0
|
| XML |
596561684C6550617373776F726445737447726F756D7066
|
| Plateforme |
Windows
|
| Version du framework |
1.4.24b
|
| Certifié .NET |
1
|
| Interface |
Microsoft unified
|
| Type de produit |
Application pour Microsoft Windows
|
| Resource LangID |
French - France
|
| XOR Key |
0xec7143a9
|
| Unmarked objects |
0
|
| 19 (8078) |
13
|
| 18 (8444) |
1
|
| Resource objects (VS98 SP6 cvtres build 1736) |
1
|
[*] Warning: Section .data has a size of 0!