| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2020-Sep-16 16:27:43 |
| Detected languages |
English - United States
|
| Debug artifacts |
C:\Users\Patrick\Dropbox\Projects\InControlNative\Windows\Build\x86_64\Release\InControlNative.pdb
|
| Suspicious | Strings found in the binary may indicate undesirable behavior: |
Accesses the WMI:
|
| Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
| Suspicious | VirusTotal score: 1/68 (Scanned on 2026-06-29 04:09:04) | Cynet: Malicious (score: 100) |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0x128 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections | 8 |
| TimeDateStamp | 2020-Sep-16 16:27:43 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics |
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic | PE32+ |
|---|---|
| LinkerVersion | 14.0 |
| SizeOfCode | 0x40200 |
| SizeOfInitializedData | 0x21400 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x00000000000084FC (Section: .text) |
| BaseOfCode | 0x1000 |
| ImageBase | 0x180000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 6.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x67000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| KERNEL32.dll |
GetLastError
HeapReAlloc CloseHandle RaiseException HeapAlloc DecodePointer DeleteCriticalSection GetProcessHeap GetModuleHandleW SetThreadExecutionState LoadLibraryW GetProcAddress FreeLibrary HeapSize SetFilePointerEx SetStdHandle GetConsoleMode GetConsoleCP WriteFile FlushFileBuffers FreeEnvironmentStringsW GetEnvironmentStringsW GetCommandLineW GetCommandLineA GetCPInfo GetOEMCP IsValidCodePage FindNextFileA CreateFileW InitializeCriticalSectionEx HeapFree CreateThread Sleep WriteConsoleW WaitForSingleObject FindFirstFileExA EnterCriticalSection LeaveCriticalSection TryEnterCriticalSection GetCurrentThreadId WideCharToMultiByte QueryPerformanceCounter SetLastError InitializeCriticalSectionAndSpinCount CreateEventW TlsAlloc TlsGetValue TlsSetValue TlsFree GetSystemTimeAsFileTime GetTickCount SetEvent WaitForSingleObjectEx RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent IsDebuggerPresent GetStartupInfoW GetCurrentProcessId InitializeSListHead OutputDebugStringW SignalObjectAndWait SwitchToThread SetThreadPriority GetThreadPriority GetLogicalProcessorInformation CreateTimerQueueTimer ChangeTimerQueueTimer DeleteTimerQueueTimer GetNumaHighestNodeNumber GetProcessAffinityMask SetThreadAffinityMask RegisterWaitForSingleObject UnregisterWait EncodePointer GetCurrentThread GetThreadTimes FreeLibraryAndExitThread GetModuleFileNameW GetModuleHandleA LoadLibraryExW GetVersionExW VirtualAlloc VirtualFree VirtualProtect DuplicateHandle ReleaseSemaphore InterlockedPopEntrySList InterlockedPushEntrySList InterlockedFlushSList QueryDepthSList UnregisterWaitEx CreateTimerQueue RtlPcToFileHeader RtlUnwindEx ExitProcess GetModuleHandleExW GetModuleFileNameA MultiByteToWideChar GetStringTypeW GetACP GetStdHandle GetFileType LCMapStringW FindClose |
|---|---|
| USER32.dll |
ShowWindow
SendInput GetForegroundWindow UnregisterClassW DefWindowProcW LoadCursorW CreateWindowExW RegisterClassExW DestroyWindow RegisterDeviceNotificationW DispatchMessageW PeekMessageW TranslateMessage |
| ole32.dll |
CoInitialize
CoUninitialize CoCreateInstance CoSetProxyBlanket |
| OLEAUT32.dll |
SysFreeString
SysAllocString |
| DINPUT8.dll |
DirectInput8Create
|
| HID.DLL |
HidD_GetSerialNumberString
HidD_GetManufacturerString HidD_GetAttributes HidD_GetProductString |
| SHLWAPI.dll |
StrCmpW
|
| Ordinal | 1 |
|---|---|
| Address | 0x2790 |
| Ordinal | 2 |
|---|---|
| Address | 0x25d0 |
| Ordinal | 3 |
|---|---|
| Address | 0x2710 |
| Ordinal | 4 |
|---|---|
| Address | 0x25a0 |
| Ordinal | 5 |
|---|---|
| Address | 0x24c0 |
| Ordinal | 6 |
|---|---|
| Address | 0x2b40 |
| Ordinal | 7 |
|---|---|
| Address | 0x2b90 |
| Ordinal | 8 |
|---|---|
| Address | 0x2bf0 |
| Ordinal | 9 |
|---|---|
| Address | 0x2550 |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2020-Sep-16 16:27:43 |
| Version | 0.0 |
| SizeofData | 123 |
| AddressOfRawData | 0x528d4 |
| PointerToRawData | 0x50ed4 |
| Referenced File | C:\Users\Patrick\Dropbox\Projects\InControlNative\Windows\Build\x86_64\Release\InControlNative.pdb |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2020-Sep-16 16:27:43 |
| Version | 0.0 |
| SizeofData | 20 |
| AddressOfRawData | 0x52950 |
| PointerToRawData | 0x50f50 |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2020-Sep-16 16:27:43 |
| Version | 0.0 |
| SizeofData | 964 |
| AddressOfRawData | 0x52964 |
| PointerToRawData | 0x50f64 |
| Characteristics |
0
|
|---|---|
| TimeDateStamp | 2020-Sep-16 16:27:43 |
| Version | 0.0 |
| SizeofData | 0 |
| AddressOfRawData | 0 |
| PointerToRawData | 0 |
| StartAddressOfRawData | 0x180064000 |
|---|---|
| EndAddressOfRawData | 0x180064008 |
| AddressOfIndex | 0x18005c858 |
| AddressOfCallbacks | 0x180042548 |
| SizeOfZeroFill | 0 |
| Characteristics |
IMAGE_SCN_ALIGN_4BYTES
|
| Callbacks | (EMPTY) |
| Size | 0x94 |
|---|---|
| TimeDateStamp | 1970-Jan-01 00:00:00 |
| Version | 0.0 |
| GlobalFlagsClear | (EMPTY) |
| GlobalFlagsSet | (EMPTY) |
| CriticalSectionDefaultTimeout | 0 |
| DeCommitFreeBlockThreshold | 0 |
| DeCommitTotalFreeThreshold | 0 |
| LockPrefixTable | 0 |
| MaximumAllocationSize | 0 |
| VirtualMemoryThreshold | 0 |
| ProcessAffinityMask | 0 |
| ProcessHeapFlags | (EMPTY) |
| CSDVersion | 0 |
| Reserved1 | 0 |
| EditList | 0 |
| SecurityCookie | 0x180059008 |
| XOR Key | 0x2ebd3a20 |
|---|---|
| Unmarked objects | 0 |
| 241 (40116) | 14 |
| 243 (40116) | 124 |
| 242 (40116) | 18 |
| C++ objects (23013) | 2 |
| C++ objects (65501) | 1 |
| 208 (65501) | 1 |
| ASM objects (VS2015 UPD3 build 24123) | 8 |
| C++ objects (VS2015 UPD3 build 24123) | 95 |
| C objects (VS2015 UPD3 build 24123) | 19 |
| Imports (65501) | 15 |
| Total imports | 157 |
| C++ objects (LTCG) (VS2015 UPD3.1 build 24215) | 8 |
| Exports (VS2015 UPD3.1 build 24215) | 1 |
| Resource objects (VS2015 UPD3 build 24210) | 1 |
| Linker (VS2015 UPD3.1 build 24215) | 1 |
No comments yet.