Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2011-Aug-02 17:41:58 |
Detected languages |
English - United States
|
CompanyName | Viatech Inc. - www.elicense.com |
FileDescription | elicen40.dll |
FileVersion | 4, 0, 0, 2 |
InternalName | elicen40.dll |
LegalCopyright | Copyright © 1998-2009, ViaTech Inc. |
OriginalFilename | elicen40.dll |
ProductName | Elicense System |
ProductVersion | 4, 0, 0, 2 |
Info | Matching compiler(s): |
Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ 8.0 MSVC++ v.8 (procedure 1 recognized - h) |
Suspicious | PEiD Signature: | ASPack v2.12 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains another PE executable:
|
Info | Cryptographic algorithms detected in the binary: | Uses constants related to MD5 |
Suspicious | The PE is possibly packed. |
Unusual section name found: .itext
Unusual section name found: .triple Section .triple is both writable and executable. |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE is possibly a dropper. | Resource 101 detected as a PE Executable. |
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 7 |
TimeDateStamp | 2011-Aug-02 17:41:58 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 8.0 |
SizeOfCode | 0x1f000 |
SizeOfInitializedData | 0xc000 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00005F6D (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x20000 |
ImageBase | 0x2480000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x1000 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x32000 |
SizeOfHeaders | 0x1000 |
Checksum | 0x37827 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
StartServiceA
OpenProcessToken LookupPrivilegeValueA AdjustTokenPrivileges OpenSCManagerA OpenServiceA QueryServiceStatus ControlService CloseServiceHandle |
---|---|
kernel32.dll |
CreateFileA
GetModuleFileNameA VirtualQuery Sleep GetLastError TerminateProcess OpenProcess lstrcmpiA GetProcAddress GetModuleHandleA DisableThreadLibraryCalls GetCurrentProcess WriteFile LocalFree FormatMessageA lstrcatA GetWindowsDirectoryA SizeofResource LockResource LoadResource FindResourceA FreeLibrary SetFilePointer MoveFileExA ExitProcess lstrlenA FindClose FindNextFileA FindFirstFileA MoveFileA GetSystemDirectoryA CreateProcessA DeleteFileA LoadLibraryA lstrcpyA GetTempPathA GetVersionExA RtlUnwind FileTimeToSystemTime FileTimeToLocalFileTime GetDriveTypeA HeapFree HeapAlloc GetCurrentThreadId GetCommandLineA GetProcessHeap RaiseException UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent TlsGetValue TlsAlloc TlsSetValue TlsFree InterlockedIncrement ReadFile InterlockedDecrement GetFullPathNameA GetCurrentDirectoryA GetCurrentProcessId DeleteCriticalSection LeaveCriticalSection EnterCriticalSection GetFileAttributesA GetFileType HeapDestroy HeapCreate VirtualFree VirtualAlloc HeapReAlloc GetStdHandle SetHandleCount GetStartupInfoA FreeEnvironmentStringsA GetEnvironmentStrings FreeEnvironmentStringsW WideCharToMultiByte GetEnvironmentStringsW QueryPerformanceCounter GetTickCount GetSystemTimeAsFileTime HeapSize GetCPInfo GetACP GetOEMCP IsValidCodePage MultiByteToWideChar GetConsoleCP GetConsoleMode GetTimeZoneInformation LCMapStringA LCMapStringW InitializeCriticalSection SetStdHandle GetLocaleInfoA GetStringTypeA GetStringTypeW WriteConsoleA GetConsoleOutputCP WriteConsoleW FlushFileBuffers CompareStringA CompareStringW SetEnvironmentVariableA CloseHandle VirtualProtect SetLastError |
USER32.dll |
ExitWindowsEx
LoadStringA MessageBoxA |
version.dll |
GetFileVersionInfoA
VerQueryValueA GetFileVersionInfoSizeA |
wsock32.dll |
WSAStartup
WSACleanup |
Ordinal | 1 |
---|---|
Address | 0x191e0 |
In order to finish initializing, this application must |
first be run by a user with administrator privileges. |
Please contact your system administrator for help. |
eLicense Control |
It is necessary to restart your computer in order to update the eLicense Control. |
Do you want to reboot now? |
Unable to force a system restart. |
Please reboot your system manually. |
eLicense Control - Prepare Reboot |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 4.0.0.2 |
ProductVersion | 4.0.0.2 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language | English - United States |
CompanyName | Viatech Inc. - www.elicense.com |
FileDescription | elicen40.dll |
FileVersion (#2) | 4, 0, 0, 2 |
InternalName | elicen40.dll |
LegalCopyright | Copyright © 1998-2009, ViaTech Inc. |
OriginalFilename | elicen40.dll |
ProductName | Elicense System |
ProductVersion (#2) | 4, 0, 0, 2 |
Resource LangID | English - United States |
---|
XOR Key | 0x796076c7 |
---|---|
Unmarked objects | 0 |
Unmarked objects (#2) | 52 |
Imports (VS2003 (.NET) build 4035) | 11 |
Total imports | 137 |
ASM objects (VS2012 build 50727 / VS2005 build 50727) | 20 |
C objects (VS2012 build 50727 / VS2005 build 50727) | 140 |
C++ objects (VS2012 build 50727 / VS2005 build 50727) | 53 |
Exports (VS2012 build 50727 / VS2005 build 50727) | 1 |
Resource objects (VS2012 build 50727 / VS2005 build 50727) | 1 |
Linker (VS2012 build 50727 / VS2005 build 50727) | 1 |