| filename | Video.scr | |
|---|---|---|
| size | 973512 (0xedac8) | |
| md5 | 2a8242105fed0d1708f56ae251c45e7e | |
|
|
||
| type | PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
| mimetype | application/octet-stream | |
|
|
||
| clamav | Trojan.Dropper-31300 FOUND | |
| virustotal | → scan with virustotal.com | |
|
|
||
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x50 |
| blocks_in_file | 2 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0xf |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0x1a |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0x100 |
DOS stub
00000000: ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 |........!..L.!..| 00000010: 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 |This program mus| 00000020: 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 |t be run under W| 00000030: 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 |in32..$7........| 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| * 000000c0:
PE Header
| Signature | PE |
| Machine | 0x14c |
| NumberOfSections | 8 |
| TimeDateStamp | 0x2a425e19 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xe0 |
| Characteristics | 0x818e |
| Magic | 0x10b |
| LinkerVersion | 2.25 |
| SizeOfCode | 0x24600 |
| SizeOfInitializedData | 0xcc00 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0x25468 |
| BaseOfCode | 0x1000 |
| BaseOfData | 0x26000 |
| ImageBase | 0x400000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 4.0 |
| ImageVersion | 0.0 |
| SubsystemVersion | 4.0 |
| Reserved1 | 0 |
| SizeOfImage | 0x38000 |
| SizeOfHeaders | 0x400 |
| CheckSum | 0x34ca7 |
| Subsystem | 2 |
| DllCharacteristics | 0 |
| SizeOfStackReserve | 0x100000 |
| SizeOfStackCommit | 0x4000 |
| SizeOfHeapReserve | 0x100000 |
| SizeOfHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 0x10 |
Packer / Compiler
|
Borland Delphi 2006 |
Sections
Data Directory
TLS
| raw start |
raw end |
index | callbks | zero fill |
flags | |
|---|---|---|---|---|---|---|
| 0x42d000 | 0x42d008 | 0x42608c | 0x42e010 | 0 | 0 |
| module_name | hint | ord | function_name |
|---|---|---|---|
| kernel32.dll | DeleteCriticalSection | ||
| kernel32.dll | LeaveCriticalSection | ||
| kernel32.dll | EnterCriticalSection | ||
| kernel32.dll | InitializeCriticalSection | ||
| kernel32.dll | VirtualFree | ||
| kernel32.dll | VirtualAlloc | ||
| kernel32.dll | LocalFree | ||
| kernel32.dll | LocalAlloc | ||
| kernel32.dll | GetVersion | ||
| kernel32.dll | GetCurrentThreadId | ||
| kernel32.dll | WideCharToMultiByte | ||
| kernel32.dll | GetThreadLocale | ||
| kernel32.dll | GetStartupInfoA | ||
| kernel32.dll | GetLocaleInfoA | ||
| kernel32.dll | GetCommandLineA | ||
| kernel32.dll | FreeLibrary | ||
| kernel32.dll | ExitProcess | ||
| kernel32.dll | WriteFile | ||
| kernel32.dll | UnhandledExceptionFilter | ||
| kernel32.dll | RtlUnwind | ||
| kernel32.dll | RaiseException | ||
| kernel32.dll | GetStdHandle | ||
| user32.dll | GetKeyboardType | ||
| user32.dll | MessageBoxA | ||
| advapi32.dll | RegQueryValueExA | ||
| advapi32.dll | RegOpenKeyExA | ||
| advapi32.dll | RegCloseKey | ||
| oleaut32.dll | SysFreeString | ||
| oleaut32.dll | SysReAllocStringLen | ||
| kernel32.dll | TlsSetValue | ||
| kernel32.dll | TlsGetValue | ||
| kernel32.dll | LocalAlloc | ||
| kernel32.dll | GetModuleHandleA | ||
| advapi32.dll | RegCloseKey | ||
| advapi32.dll | OpenThreadToken | ||
| advapi32.dll | OpenProcessToken | ||
| advapi32.dll | GetTokenInformation | ||
| advapi32.dll | FreeSid | ||
| advapi32.dll | EqualSid | ||
| advapi32.dll | AllocateAndInitializeSid | ||
| advapi32.dll | AdjustTokenPrivileges | ||
| kernel32.dll | WriteFile | ||
| kernel32.dll | WinExec | ||
| kernel32.dll | WaitForSingleObject | ||
| kernel32.dll | TerminateProcess | ||
| kernel32.dll | SystemTimeToFileTime | ||
| kernel32.dll | Sleep | ||
| kernel32.dll | SetFileTime | ||
| kernel32.dll | SetFilePointer | ||
| kernel32.dll | SetErrorMode | ||
| kernel32.dll | SetEndOfFile | ||
| kernel32.dll | ReadFile | ||
| kernel32.dll | OpenProcess | ||
| kernel32.dll | MultiByteToWideChar | ||
| kernel32.dll | LocalFileTimeToFileTime | ||
| kernel32.dll | LoadLibraryA | ||
| kernel32.dll | GlobalFree | ||
| kernel32.dll | GlobalAlloc | ||
| kernel32.dll | GetVersion | ||
| kernel32.dll | GetUserDefaultLangID | ||
| kernel32.dll | GetProcAddress | ||
| kernel32.dll | GetModuleHandleA | ||
| kernel32.dll | GetLocalTime | ||
| kernel32.dll | GetLastError | ||
| kernel32.dll | GetFileTime | ||
| kernel32.dll | GetFileSize | ||
| kernel32.dll | GetExitCodeProcess | ||
| kernel32.dll | GetCurrentThread | ||
| kernel32.dll | GetCurrentProcess | ||
| kernel32.dll | FreeLibrary | ||
| kernel32.dll | FindClose | ||
| kernel32.dll | FileTimeToSystemTime | ||
| kernel32.dll | FileTimeToLocalFileTime | ||
| kernel32.dll | DosDateTimeToFileTime | ||
| kernel32.dll | CompareFileTime | ||
| kernel32.dll | CloseHandle | ||
| gdi32.dll | StretchDIBits | ||
| gdi32.dll | StretchBlt | ||
| gdi32.dll | SetWindowOrgEx | ||
| gdi32.dll | SetTextColor | ||
| gdi32.dll | SetStretchBltMode | ||
| gdi32.dll | SetRectRgn | ||
| gdi32.dll | SetROP2 | ||
| gdi32.dll | SetPixel | ||
| gdi32.dll | SetDIBits | ||
| gdi32.dll | SetBrushOrgEx | ||
| gdi32.dll | SetBkMode | ||
| gdi32.dll | SetBkColor | ||
| gdi32.dll | SelectObject | ||
| gdi32.dll | SaveDC | ||
| gdi32.dll | RestoreDC | ||
| gdi32.dll | OffsetRgn | ||
| gdi32.dll | MoveToEx | ||
| gdi32.dll | IntersectClipRect | ||
| gdi32.dll | GetStockObject | ||
| gdi32.dll | GetPixel | ||
| gdi32.dll | GetDIBits | ||
| gdi32.dll | ExtSelectClipRgn | ||
| gdi32.dll | ExcludeClipRect | ||
| gdi32.dll | DeleteObject | ||
| gdi32.dll | DeleteDC | ||
| gdi32.dll | CreateSolidBrush | ||
| gdi32.dll | CreateRectRgn | ||
| gdi32.dll | CreateDIBitmap | ||
| gdi32.dll | CreateDIBSection | ||
| gdi32.dll | CreateCompatibleDC | ||
| gdi32.dll | CreateCompatibleBitmap | ||
| gdi32.dll | CreateBrushIndirect | ||
| gdi32.dll | CreateBitmap | ||
| gdi32.dll | CombineRgn | ||
| gdi32.dll | BitBlt | ||
| user32.dll | WaitMessage | ||
| user32.dll | ValidateRect | ||
| user32.dll | TranslateMessage | ||
| user32.dll | ShowWindow | ||
| user32.dll | SetWindowPos | ||
| user32.dll | SetTimer | ||
| user32.dll | SetParent | ||
| user32.dll | SetForegroundWindow | ||
| user32.dll | SetFocus | ||
| user32.dll | SetCursor | ||
| user32.dll | SendMessageA | ||
| user32.dll | ScreenToClient | ||
| user32.dll | ReleaseDC | ||
| user32.dll | PostQuitMessage | ||
| user32.dll | OffsetRect | ||
| user32.dll | KillTimer | ||
| user32.dll | IsZoomed | ||
| user32.dll | IsWindowVisible | ||
| user32.dll | IsWindowEnabled | ||
| user32.dll | IsWindow | ||
| user32.dll | IsIconic | ||
| user32.dll | InvalidateRect | ||
| user32.dll | GetWindowRgn | ||
| user32.dll | GetWindowRect | ||
| user32.dll | GetWindowDC | ||
| user32.dll | GetUpdateRgn | ||
| user32.dll | GetSystemMetrics | ||
| user32.dll | GetSystemMenu | ||
| user32.dll | GetSysColor | ||
| user32.dll | GetParent | ||
| user32.dll | GetWindow | ||
| user32.dll | GetKeyState | ||
| user32.dll | GetFocus | ||
| user32.dll | GetDCEx | ||
| user32.dll | GetDC | ||
| user32.dll | GetCursorPos | ||
| user32.dll | GetClientRect | ||
| user32.dll | GetCapture | ||
| user32.dll | FillRect | ||
| user32.dll | ExitWindowsEx | ||
| user32.dll | EnumWindows | ||
| user32.dll | EndPaint | ||
| user32.dll | EnableWindow | ||
| user32.dll | EnableMenuItem | ||
| user32.dll | DrawIcon | ||
| user32.dll | DestroyWindow | ||
| user32.dll | DestroyIcon | ||
| user32.dll | DeleteMenu | ||
| user32.dll | CopyImage | ||
| user32.dll | ClientToScreen | ||
| user32.dll | BeginPaint | ||
| user32.dll | CharLowerBuffA | ||
| advapi32.dll | RegSetValueExA | ||
| advapi32.dll | RegQueryValueExA | ||
| advapi32.dll | RegQueryInfoKeyA | ||
| advapi32.dll | RegOpenKeyExA | ||
| advapi32.dll | RegEnumKeyExA | ||
| advapi32.dll | RegCreateKeyExA | ||
| advapi32.dll | LookupPrivilegeValueA | ||
| advapi32.dll | GetUserNameA | ||
| kernel32.dll | WritePrivateProfileStringA | ||
| kernel32.dll | SetFileAttributesA | ||
| kernel32.dll | SetCurrentDirectoryA | ||
| kernel32.dll | RemoveDirectoryA | ||
| kernel32.dll | LoadLibraryA | ||
| kernel32.dll | GetWindowsDirectoryA | ||
| kernel32.dll | GetVersionExA | ||
| kernel32.dll | GetTimeFormatA | ||
| kernel32.dll | GetTempPathA | ||
| kernel32.dll | GetSystemDirectoryA | ||
| kernel32.dll | GetShortPathNameA | ||
| kernel32.dll | GetPrivateProfileStringA | ||
| kernel32.dll | GetModuleHandleA | ||
| kernel32.dll | GetModuleFileNameA | ||
| kernel32.dll | GetFullPathNameA | ||
| kernel32.dll | GetFileAttributesA | ||
| kernel32.dll | GetDiskFreeSpaceA | ||
| kernel32.dll | GetDateFormatA | ||
| kernel32.dll | GetComputerNameA | ||
| kernel32.dll | GetCommandLineA | ||
| kernel32.dll | FindNextFileA | ||
| kernel32.dll | FindFirstFileA | ||
| kernel32.dll | ExpandEnvironmentStringsA | ||
| kernel32.dll | DeleteFileA | ||
| kernel32.dll | CreateFileA | ||
| kernel32.dll | CreateDirectoryA | ||
| kernel32.dll | CompareStringA | ||
| gdi32.dll | GetTextExtentPoint32A | ||
| gdi32.dll | GetObjectA | ||
| gdi32.dll | CreateFontIndirectA | ||
| gdi32.dll | AddFontResourceA | ||
| user32.dll | wvsprintfA | ||
| user32.dll | SetWindowLongA | ||
| user32.dll | SetPropA | ||
| user32.dll | SendMessageA | ||
| user32.dll | RemovePropA | ||
| user32.dll | RegisterClassA | ||
| user32.dll | PostMessageA | ||
| user32.dll | PeekMessageA | ||
| user32.dll | MessageBoxA | ||
| user32.dll | LoadIconA | ||
| user32.dll | LoadCursorA | ||
| user32.dll | GetWindowTextLengthA | ||
| user32.dll | GetWindowTextA | ||
| user32.dll | GetWindowLongA | ||
| user32.dll | GetPropA | ||
| user32.dll | GetClassLongA | ||
| user32.dll | GetClassInfoA | ||
| user32.dll | FindWindowA | ||
| user32.dll | DrawTextA | ||
| user32.dll | DispatchMessageA | ||
| user32.dll | DefWindowProcA | ||
| user32.dll | CreateWindowExA | ||
| user32.dll | CallWindowProcA | ||
| shell32.dll | SHGetFileInfoA | ||
| comctl32.dll | ImageList_Draw | ||
| comctl32.dll | ImageList_SetBkColor | ||
| comctl32.dll | ImageList_Create | ||
| comctl32.dll | InitCommonControls | ||
| ole32.dll | OleInitialize | ||
| oleaut32.dll | SysAllocStringLen | ||
| winmm.dll | timeKillEvent | ||
| winmm.dll | timeSetEvent | ||
| shell32.dll | ShellExecuteExA | ||
| shell32.dll | ShellExecuteA | ||
| cabinet.dll | FDIDestroy | ||
| cabinet.dll | FDICopy | ||
| cabinet.dll | FDICreate | ||
| ole32.dll | OleInitialize | ||
| ole32.dll | CoTaskMemFree | ||
| ole32.dll | CoCreateInstance | ||
| ole32.dll | CoUninitialize | ||
| ole32.dll | CoInitialize | ||
| shell32.dll | SHGetSpecialFolderLocation | ||
| shell32.dll | SHGetPathFromIDListA | ||
| shell32.dll | SHGetMalloc | ||
| shell32.dll | SHChangeNotify | ||
| shell32.dll | SHBrowseForFolderA |
StringTable 040904e4
| Comments | |
| CompanyName | Asobe Systems.inc |
| FileDescription | Adobe Flash Video 3 Installation |
| FileVersion | 3 |
| LegalCopyright | Asobe Systems.inc |
VS_FIXEDFILEINFO
| FileVersion | 3.0.0.0 |
| ProductVersion | 0.0.0.0 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x3f |
| FileFlags | 0 |
| FileOS | 4 |
| FileType | 1 |
| FileSubtype | 0 |
| offset | size | type | comment | |
|---|---|---|---|---|
| 0 | 202240 | EXE | 06/19/1992 22:22:17 | # |
| 31600 | 771272 | BIN | overlay data past EOF | # |
offset:
( 0x )
everything is OK