Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2017-Aug-01 00:33:52 |
Detected languages |
English - United States
|
Suspicious | The PE is an NSIS installer | Unusual section name found: .ndata |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
12495432 bytes of data starting at offset 0xc600.
The overlay data has an entropy of 7.99999 and is possibly compressed or encrypted. Overlay data amounts for 99.596% of the executable. |
Suspicious | VirusTotal score: 2/67 (Scanned on 2019-09-02 00:11:43) |
McAfee:
RDN/Generic.RP
McAfee-GW-Edition: BehavesLike.Win32.Dropper.wc |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xd8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2017-Aug-01 00:33:52 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 6.0 |
SizeOfCode | 0x6400 |
SizeOfInitializedData | 0x22a00 |
SizeOfUninitializedData | 0x800 |
AddressOfEntryPoint | 0x0000333D (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x8000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 6.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x4c000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
SetEnvironmentVariableW
SetFileAttributesW Sleep GetTickCount GetFileSize GetModuleFileNameW GetCurrentProcess CopyFileW SetCurrentDirectoryW GetFileAttributesW GetWindowsDirectoryW GetTempPathW GetCommandLineW GetVersion SetErrorMode lstrlenW lstrcpynW GetDiskFreeSpaceW ExitProcess GetShortPathNameW CreateThread GetLastError CreateDirectoryW CreateProcessW RemoveDirectoryW lstrcmpiA CreateFileW GetTempFileNameW WriteFile lstrcpyA MoveFileExW lstrcatW GetSystemDirectoryW GetProcAddress GetModuleHandleA GetExitCodeProcess WaitForSingleObject lstrcmpiW MoveFileW GetFullPathNameW SetFileTime SearchPathW CompareFileTime lstrcmpW CloseHandle ExpandEnvironmentStringsW GlobalFree GlobalLock GlobalUnlock GlobalAlloc FindFirstFileW FindNextFileW DeleteFileW SetFilePointer ReadFile FindClose lstrlenA MulDiv MultiByteToWideChar WideCharToMultiByte GetPrivateProfileStringW WritePrivateProfileStringW FreeLibrary LoadLibraryExW GetModuleHandleW |
---|---|
USER32.dll |
GetSystemMenu
SetClassLongW EnableMenuItem IsWindowEnabled SetWindowPos GetSysColor GetWindowLongW SetCursor LoadCursorW CheckDlgButton GetMessagePos LoadBitmapW CallWindowProcW IsWindowVisible CloseClipboard SetClipboardData EmptyClipboard OpenClipboard ScreenToClient GetWindowRect GetDlgItem GetSystemMetrics SetDlgItemTextW GetDlgItemTextW MessageBoxIndirectW CharPrevW CharNextA wsprintfA DispatchMessageW PeekMessageW ReleaseDC EnableWindow InvalidateRect SendMessageW DefWindowProcW BeginPaint GetClientRect FillRect DrawTextW EndDialog RegisterClassW SystemParametersInfoW CreateWindowExW GetClassInfoW DialogBoxParamW CharNextW ExitWindowsEx DestroyWindow GetDC SetTimer SetWindowTextW LoadImageW SetForegroundWindow ShowWindow IsWindow SetWindowLongW FindWindowExW TrackPopupMenu AppendMenuW CreatePopupMenu EndPaint CreateDialogParamW SendMessageTimeoutW wsprintfW PostQuitMessage |
GDI32.dll |
SelectObject
SetBkMode CreateFontIndirectW SetTextColor DeleteObject GetDeviceCaps CreateBrushIndirect SetBkColor |
SHELL32.dll |
SHGetSpecialFolderLocation
ShellExecuteExW SHGetPathFromIDListW SHBrowseForFolderW SHGetFileInfoW SHFileOperationW |
ADVAPI32.dll |
AdjustTokenPrivileges
RegCreateKeyExW RegOpenKeyExW SetFileSecurityW OpenProcessToken LookupPrivilegeValueW RegEnumValueW RegDeleteKeyW RegDeleteValueW RegCloseKey RegSetValueExW RegQueryValueExW RegEnumKeyW |
COMCTL32.dll |
ImageList_Create
ImageList_AddMasked ImageList_Destroy #17 |
ole32.dll |
OleUninitialize
OleInitialize CoTaskMemFree CoCreateInstance |
XOR Key | 0xd26650e9 |
---|---|
Unmarked objects | 0 |
C objects (VS2003 (.NET) build 4035) | 2 |
Total imports | 165 |
Imports (VS2003 (.NET) build 4035) | 15 |
48 (9044) | 10 |
Resource objects (VS98 SP6 cvtres build 1736) | 1 |