Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2019-May-10 11:17:51 |
Detected languages |
English - United Kingdom
English - United States |
CompanyName | Barcrest Group |
FileDescription | XPEsecure BarBoot |
FileVersion | 4,6,0,44490 |
InternalName | XPEsecure BarBoot |
LegalCopyright | Copyright � 2004 |
OriginalFilename | BarBoot.exe |
ProductName | XPE Shell |
ProductVersion | 4,6,0,44490 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Contains references to system / monitoring tools:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to MD5
Microsoft's Cryptography API |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2019-May-10 11:17:51 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x25a00 |
SizeOfInitializedData | 0x12200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000171EC (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x27000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x3d000 |
SizeOfHeaders | 0x400 |
Checksum | 0x3de1f |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetEnvironmentVariableA
GetComputerNameA HeapFree HeapAlloc GetProcessHeap GetVersionExA FlushFileBuffers GetDriveTypeA GetCurrentProcess WriteFile SetFilePointerEx GetFileSizeEx SetEndOfFile SetFilePointer SetEnvironmentVariableA LoadLibraryW OutputDebugStringW GetVersionExW WriteConsoleW GetStringTypeW HeapSize GetConsoleMode WinExec GetCurrentProcessId GetTickCount QueryPerformanceCounter GetEnvironmentStringsW FreeEnvironmentStringsW HeapCreate GetModuleFileNameW DeleteCriticalSection GetStdHandle SetHandleCount MultiByteToWideChar LCMapStringW SetLastError GetLocalTime TerminateProcess GetExitCodeProcess FormatMessageA CreateFileA GetFileSize ReadFile MoveFileA GetTempFileNameA DeleteFileA SetFileAttributesA GetModuleHandleA GetModuleFileNameA FindFirstFileA CreateDirectoryA FindNextFileA FindClose GetCurrentDirectoryA SetCurrentDirectoryA CreateProcessA WaitForSingleObject CloseHandle CopyFileA LoadLibraryA GetProcAddress Sleep FreeLibrary GetFileAttributesA RemoveDirectoryA MoveFileExA WideCharToMultiByte IsValidCodePage GetOEMCP GetACP GetCPInfo InterlockedDecrement GetCurrentThreadId InterlockedIncrement TlsFree TlsSetValue TlsGetValue TlsAlloc GetLastError GetConsoleCP GetSystemTimeAsFileTime RtlUnwind RaiseException HeapReAlloc GetModuleHandleW ExitProcess DecodePointer GetCommandLineA HeapSetInformation GetStartupInfoW EncodePointer SetStdHandle EnterCriticalSection InitializeCriticalSectionAndSpinCount LeaveCriticalSection GetFileType IsProcessorFeaturePresent UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent CreateFileW |
---|---|
USER32.dll |
RegisterClassExA
CreateWindowExA UpdateWindow ShowWindow GetSystemMetrics MessageBeep MessageBoxA ShowCursor GetKeyState SetCursor SetCursorPos DefWindowProcA EnumDisplaySettingsA ChangeDisplaySettingsA DestroyWindow UnregisterClassA GetDC GetClientRect FillRect ReleaseDC PeekMessageA TranslateMessage DispatchMessageA |
GDI32.dll |
LineTo
SelectObject MoveToEx CreatePen GetTextExtentPoint32A TextOutA DeleteObject CreateSolidBrush |
COMDLG32.dll |
GetOpenFileNameA
|
ADVAPI32.dll |
RegCloseKey
RegSetValueExA CryptEncrypt CryptDecrypt CryptAcquireContextA CryptCreateHash CryptHashData CryptDeriveKey CryptDestroyHash CryptDestroyKey CryptReleaseContext OpenProcessToken LookupPrivilegeValueA AdjustTokenPrivileges InitiateSystemShutdownA RegEnumKeyExA RegCreateKeyExA RegOpenKeyExA RegQueryValueExA |
SHELL32.dll |
SHFileOperationA
|
VERSION.dll |
GetFileVersionInfoSizeA
VerQueryValueA GetFileVersionInfoA |
POWRPROF.dll |
GetActivePwrScheme
GetCurrentPowerPolicies SetActivePwrScheme |
WINMM.dll |
timeGetTime
|
IPHLPAPI.DLL |
GetAdaptersAddresses
|
Ordinal | 1 |
---|---|
Address | 0xb5e0 |
Ordinal | 2 |
---|---|
Address | 0xb2b0 |
Ordinal | 3 |
---|---|
Address | 0xb370 |
Ordinal | 4 |
---|---|
Address | 0xb430 |
Ordinal | 5 |
---|---|
Address | 0xedc0 |
Ordinal | 6 |
---|---|
Address | 0xb1c0 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 4.6.0.44490 |
ProductVersion | 4.6.0.44490 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United Kingdom |
CompanyName | Barcrest Group |
FileDescription | XPEsecure BarBoot |
FileVersion (#2) | 4,6,0,44490 |
InternalName | XPEsecure BarBoot |
LegalCopyright | Copyright � 2004 |
OriginalFilename | BarBoot.exe |
ProductName | XPE Shell |
ProductVersion (#2) | 4,6,0,44490 |
Resource LangID | English - United Kingdom |
---|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x434c68 |
SEHandlerTable | 0x42eb50 |
SEHandlerCount | 60 |
XOR Key | 0x7857d3 |
---|---|
Unmarked objects | 0 |
ASM objects (VS2010 SP1 build 40219) | 24 |
Imports (VS2008 SP1 build 30729) | 21 |
Total imports | 177 |
175 (VS2010 SP1 build 40219) | 3 |
C objects (VS2010 SP1 build 40219) | 142 |
C++ objects (VS2010 SP1 build 40219) | 72 |
Exports (VS2010 SP1 build 40219) | 1 |
Resource objects (VS2010 SP1 build 40219) | 1 |
Linker (VS2010 SP1 build 40219) | 1 |