e789bc2e320f49a8898cd586ad3f68a5eb35e0b2ae2c8b88a69121ad3a9422bb

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2010-Sep-09 06:18:35
Debug artifacts DLL\proRFL\proRFL\Debug\proRFL.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++
Microsoft Visual C++ v6.0
Microsoft Visual C++ v6.0 (Debug Version)
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Suspicious The file contains overlay data. 59 bytes of data starting at offset 0x3c000.
Safe VirusTotal score: 0/71 (Scanned on 2025-03-17 10:31:36) All the AVs think this file is safe.

Hashes

MD5 f3a764e8908f11dc8f6bc343a58f360c
SHA1 5cde2934da5bdc9963c41e39ff042b91ffb5ce17
SHA256 e789bc2e320f49a8898cd586ad3f68a5eb35e0b2ae2c8b88a69121ad3a9422bb
SHA3 cdac6d01a5dfc7a1f1eef38b9dc7b85b6ff74a1403245dc20cd87c059a01913e
SSDeep 1536:qyALI66HCEz1/th6Oyt5gIIaePSypAnQTuR1xpdV5jhIaEJZe0K3hwY/jaz/Tdc3:YI66Hd/tApnLGaEJvK32YeNt6WeoXkf
Imports Hash 0f27a4656ddb52c698f480f490d6b624

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2010-Sep-09 06:18:35
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x30000
SizeOfInitializedData 0xd000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00007040 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x3e000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d98619509d5189c3fd75036df4a79a10
SHA1 1edff86bbdb832eac504120f73668353e6d06fbd
SHA256 012ab72c8201024819f27bd2615fdd9e776ded743966a2202413a0fb0294a6af
SHA3 884bc9e99c46c33f8c8a923f0a4056ef59ca11bb06d59cb7e110196d7ba9f445
VirtualSize 0x2fc20
VirtualAddress 0x1000
SizeOfRawData 0x30000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.39381

.rdata

MD5 10d467a1807d3473448b50d4834b220e
SHA1 32acab1f02208bdd29af67883a6386ceb4675208
SHA256 62419dff0f037cacc0b36def4c89cd41b1ae725a8be90d52a1bd9113c6a05050
SHA3 4df0eee00ab7c79c4f346e909d0057f80511952d2f26f3b59044a427cd1f1c7e
VirtualSize 0x2531
VirtualAddress 0x31000
SizeOfRawData 0x3000
PointerToRawData 0x31000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.90285

.data

MD5 461002f78e33415338c7a2ecf63026f9
SHA1 526fa49afd56956fd41784d75b51870fbe698ace
SHA256 823b18dc0a6f38ee0678355f3cef5655a42fb56335e1b3ea96e0f18b438f643a
SHA3 6083b821493032f4506437f1b9299171b3e26c5b43994e28b85600fad40a5467
VirtualSize 0x65d4
VirtualAddress 0x34000
SizeOfRawData 0x5000
PointerToRawData 0x34000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.18873

.idata

MD5 c61810fe74295cba4cfc14576661ccf6
SHA1 5b9e6bafe4ca8289f0a8a6a4e7906668515767b9
SHA256 bbe8fd91bc80b7357e2eeb692d2946f5d309fb9865932106a1d384b5b27c6fd5
SHA3 bc7e7f0abfcb8ca23579188c4f0125d900ea10321c95456333710bd833df0ce2
VirtualSize 0xb9c
VirtualAddress 0x3b000
SizeOfRawData 0x1000
PointerToRawData 0x39000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.51852

.reloc

MD5 5048bc110681da3c24015b0bcc251785
SHA1 4e92138124347b6dfc8a701ee52edd9c0a9aaf6d
SHA256 b715b536951378791e6bb869d17b428d4cf1c4b88e120642a3ee598bdcf8f7ce
SHA3 fd811c5ca12e389b49b119ed00a7d950f3281f7cce3853f82319cc2fc5a125b5
VirtualSize 0x1869
VirtualAddress 0x3c000
SizeOfRawData 0x2000
PointerToRawData 0x3a000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.04894

Imports

KERNEL32.dll Sleep
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
SetFilePointer
GetLocaleInfoW
GetTimeZoneInformation
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
DebugBreak
GetStdHandle
WriteFile
OutputDebugStringA
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
TerminateProcess
GetCurrentProcess
SetHandleCount
GetFileType
GetStartupInfoA
IsBadWritePtr
IsBadReadPtr
HeapValidate
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
RtlUnwind
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
UnhandledExceptionFilter
HeapAlloc
HeapReAlloc
VirtualAlloc
GetACP
CloseHandle
d12.dll readPortb
writePortb
IniUsb
d12c.dll writePortPro
IniUsbPro
CloseHandles
readPortPro

Delayed Imports

BuildingCard

Ordinal 1
Address 0x104b

Buzzer

Ordinal 2
Address 0x1014

CardErase

Ordinal 3
Address 0x10be

CheckOutCard

Ordinal 4
Address 0x1005

CloseCard

Ordinal 5
Address 0x100f

CloseUSB

Ordinal 6
Address 0x1091

DirectReadUSB

Ordinal 7
Address 0x10b4

DirectWriteUSB

Ordinal 8
Address 0x1032

EmergencyCard

Ordinal 9
Address 0x1096

FloorCard

Ordinal 10
Address 0x100a

GetCardTypeByCardDataStr

Ordinal 11
Address 0x10a0

GetDLLVersion

Ordinal 12
Address 0x102d

GetGuestETimeByCardDataStr

Ordinal 13
Address 0x1041

GetGuestLockNoByCardDataStr

Ordinal 14
Address 0x1028

GetOpenRecordByDataStr

Ordinal 15
Address 0x10aa

GroupCard

Ordinal 16
Address 0x10af

GroupSetCard

Ordinal 17
Address 0x1087

GuestCard1

Ordinal 18
Address 0x10a5

GuestCard

Ordinal 19
Address 0x107d

IniCard1

Ordinal 20
Address 0x105f

IniCard2

Ordinal 21
Address 0x108c

IniCard

Ordinal 22
Address 0x1073

LimitCard

Ordinal 23
Address 0x1050

MasterCard

Ordinal 24
Address 0x1069

ReadCard

Ordinal 25
Address 0x1023

ReadE2

Ordinal 26
Address 0x1037

ReadRecord

Ordinal 27
Address 0x10b9

RecordCard

Ordinal 28
Address 0x1046

ResetCard

Ordinal 29
Address 0x1055

RoomSetCard

Ordinal 30
Address 0x1064

TimeSetCard

Ordinal 31
Address 0x10c8

WriteCard

Ordinal 32
Address 0x109b

WriteE2

Ordinal 33
Address 0x1019

initializeUSB

Ordinal 34
Address 0x106e

a_hex

Ordinal 35
Address 0x10c3

hex_a

Ordinal 36
Address 0x101e

proTest

Ordinal 37
Address 0x105a

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2010-Sep-09 06:18:16
Version 0.0
SizeofData 59
AddressOfRawData 0
PointerToRawData 0x3c000
Referenced File DLL\proRFL\proRFL\Debug\proRFL.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x8378b9a1
Unmarked objects 0
C++ objects (VS98 SP6 build 8804) 1
14 (7299) 20
C objects (VS98 SP6 build 8804) 83
19 (8034) 3
Total imports 81
C++ objects (VS98 build 8168) 1
Linker (VS98 build 8168) 5

Errors

Leave a comment

No comments yet.