Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2007-Mar-13 22:21:01 |
Detected languages |
English - United States
|
Debug artifacts |
dw20.pdb
|
CompanyName | Microsoft Corporation |
FileDescription | Microsoft Application Error Reporting |
FileVersion | 11.0.8160 |
InternalName | DW20 |
LegalCopyright | Copyright © 1999-2003 Microsoft Corporation. All rights reserved. |
LegalTrademarks1 | Microsoft® is a registered trademark of Microsoft Corporation. |
LegalTrademarks2 | Windows® is a registered trademark of Microsoft Corporation. |
OriginalFilename | DW20.Exe |
ProductName | Microsoft Application Error Reporting |
ProductVersion | 11.0.8160 |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
|
Suspicious | The PE is possibly packed. |
Section .text is both writable and executable.
Unusual section name found: .cdata Unusual section name found: .heb\x07 Section .heb\x07 is both writable and executable. |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
177786 bytes of data starting at offset 0x9b958.
The overlay data has an entropy of 7.92731 and is possibly compressed or encrypted. |
Malicious | The PE's digital signature is invalid. |
Signer: Microsoft Corporation
Issuer: Microsoft Code Signing PCA The file was modified after it was signed. |
Malicious | VirusTotal score: 54/60 (Scanned on 2017-05-24 01:23:12) |
Bkav:
W32.Pinfi.B
MicroWorld-eScan: Win32.Parite.B nProtect: Virus/W32.Parite.C CMC: Virus.Win32.Parite.b!O CAT-QuickHeal: W32.Perite.A ALYac: Win32.Parite.B Zillya: Virus.Parite.Win32.9 TheHacker: W32/Pate.B K7GW: Virus ( 00001b711 ) K7AntiVirus: Virus ( 00001b711 ) Arcabit: Win32.Parite.B Invincea: virus.win32.parite.b F-Prot: W32/Parite.B@mm Symantec: W32.Pinfi.B TotalDefense: Win32/Pinfi.A TrendMicro-HouseCall: PE_PARITE.A ClamAV: Heuristics.W32.Parite.B Kaspersky: Virus.Win32.Parite.b BitDefender: Win32.Parite.B NANO-Antivirus: Virus.Win32.Parite.bgvo ViRobot: Win32.Parite.A[h] Avast: Win32:Parite Ad-Aware: Win32.Parite.B Emsisoft: Win32.Parite.B (B) Comodo: Virus.Win32.Parite.gen F-Secure: Win32.Parite.B DrWeb: Win32.Parite.2 VIPRE: Win32.Parite.b (v) TrendMicro: PE_PARITE.A McAfee-GW-Edition: BehavesLike.Win32.Pate.bc Sophos: W32/Parite-B Ikarus: Virus.Win32.Parite Cyren: W32/Parite.LAQX-0866 Jiangmin: Win32/Parite.b Avira: W32/Parite Kingsoft: Win32.Parite.b.5756 Endgame: malicious (high confidence) Microsoft: Virus:Win32/Parite.B ZoneAlarm: Virus.Win32.Parite.b GData: Win32.Parite.B AhnLab-V3: Win32/Parite McAfee: W32/Pate.b AVware: Win32.Parite.b (v) VBA32: Virus.Win32.Parite.b Zoner: Win32.Parite.B ESET-NOD32: Win32/Parite.B Rising: Virus.Parite!1.9B80 (classic) Yandex: Win32.Parite.B SentinelOne: static engine - malicious Fortinet: W32/Parite.B AVG: Win32/Parite Panda: W32/Parite.B CrowdStrike: malicious_confidence_100% (D) Qihoo-360: Virus.Win32.Parite.H |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x148 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2007-Mar-13 22:21:01 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 7.0 |
SizeOfCode | 0x64600 |
SizeOfInitializedData | 0x5a400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000C2000 (Section: .heb\x07) |
BaseOfCode | 0x1000 |
BaseOfData | 0x6c000 |
ImageBase | 0x30000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xc3000 |
SizeOfHeaders | 0x400 |
Checksum | 0xa229c |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
RegCloseKey
RegOpenKeyExA RegSetValueExA RegCreateKeyExA DeregisterEventSource ReportEventA RegisterEventSourceW ReportEventW RegQueryValueExA RegEnumKeyExA RegQueryInfoKeyA RegEnumValueA GetUserNameA RegQueryValueExW RegSetValueExW RegDeleteValueW ConvertStringSecurityDescriptorToSecurityDescriptorA ConvertSidToStringSidA SetNamedSecurityInfoW GetSecurityDescriptorDacl RegDeleteValueA FreeSid CheckTokenMembership AllocateAndInitializeSid RegEnumValueW RegQueryInfoKeyW GetLengthSid AddAccessAllowedAce AddAccessDeniedAce InitializeAcl IsValidSid CopySid GetTokenInformation OpenProcessToken OpenThreadToken SetSecurityDescriptorDacl InitializeSecurityDescriptor ConvertStringSecurityDescriptorToSecurityDescriptorW AddAce |
---|---|
COMCTL32.dll |
ImageList_Destroy
ImageList_Create ImageList_ReplaceIcon #17 |
GDI32.dll |
GetTextMetricsA
DeleteDC RestoreDC DeleteObject GetTextFaceA SelectObject CreateFontA GetDeviceCaps SetMapMode SaveDC CreateFontIndirectW GetObjectW GetTextExtentPoint32W SetTextAlign CreateFontIndirectA GetObjectA ExtTextOutW SetTextColor SetBkMode |
KERNEL32.dll |
LoadLibraryA
GetProcAddress GetSystemDefaultLCID FreeLibrary MultiByteToWideChar GetProcAddress GetVersionExW GetVersionExA GetModuleFileNameW InitializeCriticalSection GetProcessHeap DeleteCriticalSection GetModuleHandleA lstrcpynA SetEvent CreateProcessW ExpandEnvironmentStringsW CreateFileMappingA GetFileSize CreateFileA UnmapViewOfFile CreateFileW GetTickCount WideCharToMultiByte WriteFile SetFilePointer GetTempPathW GetFileAttributesW SetEndOfFile IsDBCSLeadByte GetSystemDirectoryA SetThreadPriority CreateRemoteThread OpenProcess GetSystemDefaultUILanguage SetEnvironmentVariableA CreateDirectoryW GetLocalTime ReadProcessMemory VirtualQueryEx GetSystemInfo FindClose FindNextFileW FindFirstFileW GetComputerNameA SetPriorityClass SuspendThread ExitThread GetSystemTimeAsFileTime GetTimeFormatW GetDateFormatW LocalFree GetSystemWindowsDirectoryW MoveFileW lstrcmpiW GetLongPathNameW GetShortPathNameW GlobalFree GetSystemDefaultLangID QueryPerformanceCounter VirtualProtect UnhandledExceptionFilter GetCurrentThread LocalAlloc RaiseException GetLocaleInfoA GetVersion GetShortPathNameA OpenEventA CreateEventA OpenSemaphoreA CreateSemaphoreA OpenMutexA CreateMutexA GetProcessTimes GetModuleHandleW TlsGetValue TlsSetValue TlsFree TlsAlloc InitializeCriticalSectionAndSpinCount SetFileAttributesW InterlockedExchange InterlockedIncrement InterlockedDecrement GetUserDefaultLCID CompareStringW IsValidCodePage GetStringTypeExW IsValidLocale VirtualAlloc VirtualFree DuplicateHandle GetThreadSelectorEntry TerminateThread HeapCreate HeapFree HeapReAlloc HeapAlloc HeapDestroy LoadLibraryW GetPriorityClass GetThreadPriority GetThreadTimes GetThreadContext GetStartupInfoA ResumeThread GetCurrentThreadId OutputDebugStringA DebugBreak LoadLibraryA GetModuleFileNameA MulDiv SetLastError SetUnhandledExceptionFilter GetCurrentProcessId GetLastError CloseHandle CreateThread DeleteFileW TerminateProcess Sleep GetCurrentProcess SetProcessWorkingSetSize EnterCriticalSection LeaveCriticalSection WaitForMultipleObjects WaitForSingleObject ReleaseMutex MapViewOfFile GetCommandLineW GlobalAlloc LoadLibraryExA |
OLEACC.dll |
LresultFromObject
CreateStdAccessibleObject |
ole32.dll |
CoCreateInstance
CoInitializeEx CoUninitialize StringFromIID CoTaskMemFree |
OLEAUT32.dll |
#13
#2 #6 #184 #7 |
MSVCRT.dll |
__getmainargs
_initterm __setusermatherr _adjust_fdiv __p__commode __p__fmode __set_app_type __dllonexit _onexit _controlfp _amsg_exit _acmdln exit _cexit _ismbblead _XcptFilter _exit _c_exit time memset memcpy memmove tolower ceil strchr wcschr _except_handler3 |
RPCRT4.dll |
UuidCreate
|
SHELL32.dll |
ShellExecuteExA
SHGetSpecialFolderPathW ExtractIconExA |
SHLWAPI.dll |
wnsprintfA
AssocQueryStringW UrlGetPartA wvnsprintfA wnsprintfW |
urlmon.dll |
CreateURLMoniker
|
USER32.dll |
CreateDialogIndirectParamA
MapDialogRect CallWindowProcA CallWindowProcW LoadBitmapA UpdateWindow GetParent SendMessageTimeoutA EnumWindows GetWindowThreadProcessId IsIconic GetWindowPlacement DestroyIcon GetForegroundWindow FlashWindowEx GetFocus SetScrollInfo SystemParametersInfoA GetScrollInfo SetDlgItemTextA IsDlgButtonChecked LoadStringA SetFocus CheckDlgButton DestroyWindow IsWindow SendDlgItemMessageA GetSysColor DialogBoxParamW CreateDialogParamW SetWindowTextA GetDC MapWindowPoints GetSysColorBrush FillRect ReleaseDC SetWindowLongA LoadIconA GetSystemMetrics SetForegroundWindow GetWindowLongA GetWindowRect SetWindowPos DialogBoxParamA RegisterClassExA CreateWindowExA GetMessageA IsDialogMessageA TranslateMessage DispatchMessageA PostQuitMessage KillTimer SetTimer DefWindowProcA SendMessageA EnableWindow GetWindow GetDlgCtrlID IsWindowVisible MoveWindow SetRectEmpty DrawTextA DrawTextW GetWindowLongW IsWindowUnicode GetClassNameA SendMessageW EndDialog SetWindowTextW DrawFocusRect GetClientRect SetCursor InvalidateRect LoadCursorA ShowWindow LoadStringW DrawIconEx GetDlgItem EnumDisplayMonitors PostMessageA |
VERSION.dll |
GetFileVersionInfoSizeW
GetFileVersionInfoW VerQueryValueA |
WININET.dll |
InternetCloseHandle
HttpQueryInfoA InternetReadFileExA InternetWriteFile HttpSendRequestExA HttpOpenRequestA InternetConnectA InternetOpenA InternetSetStatusCallback InternetGetConnectedState InternetCanonicalizeUrlA InternetCrackUrlA HttpEndRequestA |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 11.0.8160.0 |
ProductVersion | 11.0.8160.0 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | UNKNOWN |
CompanyName | Microsoft Corporation |
FileDescription | Microsoft Application Error Reporting |
FileVersion (#2) | 11.0.8160 |
InternalName | DW20 |
LegalCopyright | Copyright © 1999-2003 Microsoft Corporation. All rights reserved. |
LegalTrademarks1 | Microsoft® is a registered trademark of Microsoft Corporation. |
LegalTrademarks2 | Windows® is a registered trademark of Microsoft Corporation. |
OriginalFilename | DW20.Exe |
ProductName | Microsoft Application Error Reporting |
ProductVersion (#2) | 11.0.8160 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2007-Mar-13 22:21:01 |
Version | 0.0 |
SizeofData | 70 |
AddressOfRawData | 0x65494 |
PointerToRawData | 0x64894 |
Referenced File | dw20.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2007-Mar-13 22:21:01 |
Version | 545.2318 |
SizeofData | 4 |
AddressOfRawData | 0x65490 |
PointerToRawData | 0x64890 |
XOR Key | 0x7eeea5d0 |
---|---|
Unmarked objects | 0 |
C objects (9178) | 2 |
C objects (2067) | 6 |
Linker (VS98 build 8168) | 2 |
14 (7299) | 6 |
C objects (VS98 build 8168) | 7 |
C++ objects (VS2003 (.NET) build 3077) | 1 |
ASM objects (VS2003 (.NET) build 3077) | 3 |
C objects (VS2003 (.NET) build 3077) | 4 |
C objects (5060) | 2 |
37 (8755) | 2 |
Imports (2035) | 2 |
C++ objects (40816) | 8 |
C objects (VS2003 (.NET) build 4035) | 38 |
Imports (9210) | 12 |
Imports (2067) | 13 |
Total imports | 379 |
C++ objects (5060) | 26 |
94 (VS2003 (.NET) build 3052) | 1 |
Linker (VS2003 (.NET) build 3077) | 1 |