| Architecture |
IMAGE_FILE_MACHINE_I386
|
|---|---|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date | 2018-Dec-15 22:23:51 |
| Info | The PE contains common functions which appear in legitimate applications. |
Possibly launches other programs:
|
| Safe | VirusTotal score: 0/72 (Scanned on 2026-04-19 20:35:26) | All the AVs think this file is safe. |
| e_magic | MZ |
|---|---|
| e_cblp | 0x90 |
| e_cp | 0x3 |
| e_crlc | 0 |
| e_cparhdr | 0x4 |
| e_minalloc | 0 |
| e_maxalloc | 0xffff |
| e_ss | 0 |
| e_sp | 0xb8 |
| e_csum | 0 |
| e_ip | 0 |
| e_cs | 0 |
| e_ovno | 0 |
| e_oemid | 0 |
| e_oeminfo | 0 |
| e_lfanew | 0xc0 |
| Signature | PE |
|---|---|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections | 4 |
| TimeDateStamp | 2018-Dec-15 22:23:51 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
| Magic | PE32 |
|---|---|
| LinkerVersion | 6.0 |
| SizeOfCode | 0xc00 |
| SizeOfInitializedData | 0x1600 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x00001087 (Section: .text) |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x2000 |
| ImageBase | 0x10000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 4.0 |
| Win32VersionValue | 0 |
| SizeOfImage | 0x5000 |
| SizeOfHeaders | 0x400 |
| Checksum | 0 |
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve | 0x100000 |
| SizeofStackCommit | 0x1000 |
| SizeofHeapReserve | 0x100000 |
| SizeofHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 16 |
| KERNEL32.dll |
GetModuleHandleW
MultiByteToWideChar lstrlenA GetExitCodeProcess WaitForSingleObject Sleep TerminateProcess lstrcpyW GlobalReAlloc GlobalUnlock GlobalSize ReadFile PeekNamedPipe GetTickCount CreateProcessW GetStartupInfoW CreatePipe GetProcAddress lstrcpynW DeleteFileW lstrcmpiW GetCurrentProcess lstrcatW CloseHandle UnmapViewOfFile MapViewOfFile CreateFileMappingW CreateFileW CopyFileW GetTempFileNameW GlobalFree GlobalAlloc GetModuleFileNameW ExitProcess GetCommandLineW GlobalLock GetVersion lstrlenW |
|---|---|
| USER32.dll |
SendMessageW
FindWindowExW CharNextW wsprintfW CharPrevW |
| ADVAPI32.dll |
InitializeSecurityDescriptor
SetSecurityDescriptorDacl |
| Ordinal | 1 |
|---|---|
| Address | 0x1000 |
| Ordinal | 2 |
|---|---|
| Address | 0x102d |
| Ordinal | 3 |
|---|---|
| Address | 0x105a |
| XOR Key | 0xf79fe4ef |
|---|---|
| Unmarked objects | 0 |
| Total imports | 46 |
| Imports (VS2003 (.NET) build 4035) | 7 |
| 48 (9044) | 2 |
| Linker (VC++ 6.0 SP5 imp/exp build 8447) | 1 |
No comments yet.