Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2008-Sep-16 14:17:44 |
Detected languages |
Process Default Language
Russian - Russia |
Info | Matching compiler(s): | MASM/TASM - sig1(h) |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to SHA1 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
1389050 bytes of data starting at offset 0x1a200.
The overlay data has an entropy of 7.99945 and is possibly compressed or encrypted. Overlay data amounts for 92.8473% of the executable. |
Suspicious | VirusTotal score: 1/69 (Scanned on 2020-07-30 16:33:46) | APEX: Malicious |
e_magic | MZ |
---|---|
e_cblp | 0x50 |
e_cp | 0x2 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0xf |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0x1a |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x200 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 4 |
TimeDateStamp | 2008-Sep-16 14:17:44 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 5.0 |
SizeOfCode | 0x14000 |
SizeOfInitializedData | 0x6200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00001000 (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x15000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x24000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x2000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.DLL |
AdjustTokenPrivileges
LookupPrivilegeValueA OpenProcessToken RegCloseKey RegCreateKeyExA RegOpenKeyExA RegQueryValueExA RegSetValueExA SetFileSecurityA SetFileSecurityW |
---|---|
KERNEL32.DLL |
CloseHandle
CompareStringA CreateDirectoryA CreateDirectoryW CreateFileA CreateFileW DeleteFileA DeleteFileW DosDateTimeToFileTime ExitProcess ExpandEnvironmentStringsA FileTimeToLocalFileTime FileTimeToSystemTime FindClose FindFirstFileA FindFirstFileW FindNextFileA FindNextFileW FindResourceA FreeLibrary GetCPInfo GetCommandLineA GetCurrentDirectoryA GetCurrentProcess GetDateFormatA GetFileAttributesA GetFileAttributesW GetFileType GetFullPathNameA GetLastError GetLocaleInfoA GetModuleFileNameA GetModuleFileNameW GetModuleHandleA GetNumberFormatA GetProcAddress GetProcessHeap GetStdHandle GetSystemTime GetTempPathA GetTickCount GetTimeFormatA GetVersionExA GlobalAlloc HeapAlloc HeapFree HeapReAlloc IsDBCSLeadByte LoadLibraryA LocalFileTimeToFileTime MoveFileA MoveFileExA MultiByteToWideChar ReadFile SetCurrentDirectoryA SetEndOfFile SetEnvironmentVariableA SetFileAttributesA SetFileAttributesW SetFilePointer SetFileTime SetLastError Sleep SystemTimeToFileTime WaitForSingleObject WideCharToMultiByte WriteFile lstrcmpiA lstrlenA |
COMCTL32.DLL |
#17
|
COMDLG32.DLL |
CommDlgExtendedError
GetOpenFileNameA GetSaveFileNameA |
GDI32.DLL |
DeleteObject
|
SHELL32.DLL |
SHBrowseForFolderA
SHChangeNotify SHFileOperationA SHGetFileInfoA SHGetMalloc SHGetSpecialFolderLocation ShellExecuteExA SHGetPathFromIDListA |
USER32.DLL |
CharToOemA
CharToOemBuffA CharUpperA CopyRect CreateWindowExA DefWindowProcA DestroyIcon DestroyWindow DialogBoxParamA DispatchMessageA EnableWindow EndDialog FindWindowExA GetClassNameA GetClientRect GetDlgItem GetDlgItemTextA GetMessageA GetParent GetSysColor GetSystemMetrics GetWindow GetWindowLongA GetWindowRect GetWindowTextA IsWindow IsWindowVisible LoadBitmapA LoadCursorA LoadIconA LoadStringA MapWindowPoints MessageBoxA OemToCharA OemToCharBuffA PeekMessageA PostMessageA RegisterClassExA SendDlgItemMessageA SendMessageA SetDlgItemTextA SetFocus SetMenu SetWindowLongA SetWindowPos SetWindowTextA ShowWindow TranslateMessage UpdateWindow WaitForInputIdle wsprintfA wvsprintfA |
OLE32.DLL |
CLSIDFromString
CoCreateInstance CreateStreamOnHGlobal OleInitialize OleUninitialize |
Select destination folder |
Extracting %s |
Skipping %s |
Unexpected end of archive |
The file "%s" header is corrupt |
The archive comment header is corrupt |
The archive comment is corrupt |
Not enough memory |
Unknown method in %s |
Cannot open %s |
Cannot create %s |
Cannot create folder %s |
CRC failed in the encrypted file %s (wrong password ?) |
CRC failed in %s |
Packed data CRC failed in %s |
Wrong password for %s |
Write error in the file %s. Probably the disk is full |
Read error in the file %s |
File close error |
The required volume is absent |
The archive is either in unknown format or damaged |
Extracting from %s |
Next volume |
The archive header is corrupt |
Close |
Error |
Errors encountered while performing the operation |
Look at the information window for more details |
bytes |
modified on |
folder is not accessible |
Some files could not be created. |
Please close all applications, reboot Windows and restart this installation |
Some installation files are corrupt. |
Please download a fresh copy and retry the installation |
All files |
<ul><li>Press <b>Install</b> button to start extraction.</li><br><br> |
<li>Use <b>Browse</b> button to select the destination |
folder from the folders tree. It can be also entered |
manually.</lI><br><br> |
<lI>If the destination folder does not exist, it will be |
created automatically before extraction.</lI></ul> |