Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_IA T is in. Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_LO AD_CONFIG is in. Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_BA SERELOC is in. Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_RE SOURCE is in. Static PE information: Data direc tory: IMAG E_DIRECTOR Y_ENTRY_IM PORT is in. PE file contains a valid data directory to section mapping Key opened: HKEY_CURRE NT_USER\So ftware\Pol icies\Micr osoft\Wind ows\Safer\ CodeIdenti fiers text IMAGE _SCN_MEM_E XECUTE, IM AGE_SCN_CN T_CODE, IM AGE_SCN_ME M_READ text section and no other executable section
Static PE information: 32BIT_MACH INE, EXECU TABLE_IMAG EĬontains functionality to instantiate COM classesĬode function: 1_2_010A14 20 CoCreat eInstance,Ĭontains functionality to load and extract PE file embedded resourcesĬode function: 1_2_010DAB F5 LoadRes ource,Lock Resource,_ malloc,Get SysColor,G etSysColor ,GetSysCol or,GetSysC olor,GetDC ,CreateCom patibleBit map,Create Compatible DC,SelectO bject,Sele ctObject,S tretchDIBi ts,SelectO bject,Dele teDC,Relea seDC,FreeR esource, Sample file is different than original file name gathered from version info Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST exeįound potential string decryption / allocating functionsĬode function: String fun ction: 010 F2053 appe ars 59 tim esĬode function: String fun ction: 010 F3D40 appe ars 33 tim es Source: C:\Users\u ser\Deskto p\pestudio.
0 kommentar(er)
