Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2006-Dec-06 23:48:12 |
Detected languages |
English - United States
|
Debug artifacts |
sfxcab.pdb
|
CompanyName | Microsoft Corporation |
FileDescription | Self-Extracting Cabinet |
FileVersion | 6.3.0004.1 built by: dnsrv |
InternalName | SFXCAB.EXE |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | SFXCAB.EXE |
ProductName | Microsoft® Windows® Operating System |
ProductVersion | 6.3.0004.1 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Info | Libraries used to perform cryptographic operations: | Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Info | The PE is digitally signed. |
Signer: Microsoft Corporation
Issuer: Microsoft Code Signing PCA |
Safe | VirusTotal score: 0/67 (Scanned on 2022-05-25 10:30:13) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe0 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 3 |
TimeDateStamp | 2006-Dec-06 23:48:12 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
|
Magic | PE32 |
---|---|
LinkerVersion | 7.2 |
SizeOfCode | 0x8600 |
SizeOfInitializedData | 0x11e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000063FF (Section: .text) |
BaseOfCode | 0x2000 |
BaseOfData | 0xc000 |
ImageBase | 0x1000000 |
SectionAlignment | 0x2000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.2 |
ImageVersion | 5.2 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x20000 |
SizeOfHeaders | 0x400 |
Checksum | 0x24d9b0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x40000 |
SizeofStackCommit | 0x2000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
msvcrt.dll |
__setusermatherr
_initterm __getmainargs __initenv exit _cexit _adjust_fdiv _exit _c_exit strncpy strstr _strlwr strrchr _stricmp __p__commode __p__fmode __set_app_type _except_handler3 _controlfp _XcptFilter _snprintf sprintf strchr _strnicmp _vsnprintf |
---|---|
ADVAPI32.dll |
InitializeAcl
AddAccessAllowedAce SetSecurityDescriptorDacl CryptAcquireContextA CryptGenRandom CryptReleaseContext AllocateAndInitializeSid OpenProcessToken GetTokenInformation GetLengthSid InitiateSystemShutdownA InitializeSecurityDescriptor |
KERNEL32.dll |
CreateThread
GetFileSize ExpandEnvironmentStringsA CreateProcessA GetExitCodeProcess InitializeCriticalSectionAndSpinCount LocalFileTimeToFileTime SetFileTime SetEndOfFile CreateEventA QueryDosDeviceA GetDiskFreeSpaceA GetSystemTime QueryPerformanceCounter GetCurrentThreadId GetCurrentProcessId GetSystemTimeAsFileTime UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentDirectoryA GetProcessHeap CopyFileA SetFileAttributesA DosDateTimeToFileTime SetEvent GetVersionExA ReadFile SetFilePointer MoveFileExA RemoveDirectoryA GetLastError CreateDirectoryA GetTickCount SetErrorMode FreeLibrary GetProcAddress LoadLibraryA GetSystemDirectoryA CloseHandle DeviceIoControl CreateFileA GetDriveTypeA HeapFree FormatMessageA LeaveCriticalSection DeleteFileA EnterCriticalSection TerminateProcess WaitForMultipleObjects CreateEventW FindFirstFileA Sleep SetEnvironmentVariableA GetEnvironmentVariableA WideCharToMultiByte HeapAlloc SetLastError WriteFile MoveFileA ExitProcess DeleteCriticalSection FlushFileBuffers WaitForSingleObject OpenEventA GetCurrentProcess GetFileAttributesA GetCommandLineA GetModuleFileNameA FindClose FindNextFileA SystemTimeToFileTime |
USER32.dll |
SendDlgItemMessageA
SendMessageA DialogBoxParamA MessageBoxA SetParent EndDialog LoadStringA ShowWindow |
ntdll.dll |
NtOpenProcessToken
NtAdjustPrivilegesToken NtClose NtShutdownSystem |
COMCTL32.dll |
#17
|
SHELL32.dll |
SHBrowseForFolderA
SHGetPathFromIDListA |
File is corrupt |
Extraction Complete |
Extraction Failed |
Extracting File: |
Choose Directory For Extracted Files |
To Directory: |
Setup was unable to shutdown system. |
Please shutdown your system manually. |
Unable to find a volume for file extraction. |
Please verify that you have proper permissions. |
Unable to find a volume with enough disk space for file extraction. |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 6.3.4.1 |
ProductVersion | 6.3.4.1 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Microsoft Corporation |
FileDescription | Self-Extracting Cabinet |
FileVersion (#2) | 6.3.0004.1 built by: dnsrv |
InternalName | SFXCAB.EXE |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | SFXCAB.EXE |
ProductName | Microsoft® Windows® Operating System |
ProductVersion (#2) | 6.3.0004.1 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2006-Dec-06 23:48:12 |
Version | 0.0 |
SizeofData | 35 |
AddressOfRawData | 0x2740 |
PointerToRawData | 0xb40 |
Referenced File | sfxcab.pdb |
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x100c028 |
SEHandlerTable | 0x1002770 |
SEHandlerCount | 1 |
XOR Key | 0x121e42a4 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2003 (.NET) build 4035) | 1 |
Total imports | 125 |
Imports (VS2003 (.NET) build 4035) | 15 |
C objects (VS2003 (.NET) build 4035) | 32 |
94 (VS2003 (.NET) build 4035) | 1 |
Linker (VS2003 (.NET) build 4035) | 1 |