Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2017-Sep-03 19:50:03 |
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2017-Sep-03 19:50:03 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 2.0 |
SizeOfCode | 0x12800 |
SizeOfInitializedData | 0x3800 |
SizeOfUninitializedData | 0x6800 |
AddressOfEntryPoint | 0x000022CA (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x14000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 1.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x20000 |
SizeOfHeaders | 0x400 |
Checksum | 0x235ba |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve | 0x200000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.DLL |
CryptAcquireContextA
CryptCreateHash CryptDestroyHash CryptGetHashParam CryptHashData CryptReleaseContext RegCloseKey RegCreateKeyExA RegDeleteKeyA RegDeleteValueA RegEnumKeyExA RegEnumValueA RegOpenKeyExA RegQueryValueExA RegSetValueExA |
---|---|
CRYPT32.DLL |
CryptUnprotectData
|
GDI32.dll |
BitBlt
CreateCompatibleBitmap CreateCompatibleDC DeleteDC DeleteObject GetDIBits SelectObject |
KERNEL32.dll |
CloseHandle
CreateDirectoryA CreateFileA CreateMutexA CreatePipe CreateProcessA CreateToolhelp32Snapshot DeleteFileA EnterCriticalSection ExitProcess FileTimeToSystemTime FindClose FindFirstFileA FindNextFileA FreeLibrary GetCommandLineA GetComputerNameA GetCurrentProcessId GetCurrentThreadId GetDiskFreeSpaceExA GetDriveTypeA GetFileAttributesA GetFileAttributesExA GetLastError GetLocalTime GetLogicalDriveStringsA GetModuleFileNameA GetProcAddress GetProcessTimes GetStartupInfoA GetSystemInfo GetSystemTime GetTickCount GetVersionExA GetVolumeInformationA InitializeCriticalSection LeaveCriticalSection LoadLibraryA LocalFree MoveFileA OpenProcess PeekNamedPipe Process32First Process32Next ReadFile ReleaseMutex ResumeThread SetErrorMode SetFileAttributesA SetFilePointer Sleep TerminateProcess WideCharToMultiByte WriteFile |
msvcrt.dll |
_beginthreadex
_filelengthi64 _vscprintf _vsnprintf calloc fclose fflush fgetpos fgets fopen fread free fsetpos fwrite getenv malloc realloc strcat strchr strcpy |
NETAPI32.DLL |
NetApiBufferFree
NetWkstaGetInfo |
SHELL32.DLL |
SHFileOperationA
|
USER32.dll |
CreateWindowExA
DefWindowProcA DispatchMessageA EnumWindows GetDC GetDesktopWindow GetForegroundWindow GetKeyNameTextA GetKeyState GetKeyboardState GetMessageA GetSystemMetrics GetWindowTextA IsWindowVisible MapVirtualKeyA PostQuitMessage RegisterClassExA ReleaseDC SendMessageA SetCursorPos SetWindowTextA ShowWindow ToAscii TranslateMessage keybd_event mouse_event |
WS2_32.dll |
WSACleanup
WSAGetLastError WSAIoctl WSAStartup __WSAFDIsSet closesocket connect gethostbyname gethostname htons inet_ntoa ioctlsocket ntohs recv select send setsockopt shutdown socket |