pnr.exe
First submission 2024-10-16 20:07:03
File details
| File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 13439.38 KB (13761926 bytes) |
| Compile time: | 1992-06-20 00:22:17 |
| MD5: | 03095ac4f252a39ed63043b4ec57a070 |
| SHA1: | 88a3c361d61cd12ec70053e76f3c24d620b8cce6 |
| SHA256: | e9a4af1ebd77f159b775c24dae1aeb4193db74e533f37fcd277d35a54e66b6e9 |
| Import Hash : | 8153e38af3edfd83dbe718abd367e38c |
| Sections 10 | CODE���� DATA���� BSS����� .idata�� .tls���� .rdata�� .reloc�� .rsrc��� .aspack� .adata�� |
| Directories 4 | import resource tls relocation |
File features detected
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://www.meteolab.it/nav/lezioni/pnr.exe  |
www.meteolab.it |
2024-10-16 20:07:03 |
PE Sections 8 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| CODE���� | 0x1000 | 0x149000 | 513024 | a6fc175a15aeb9093a5bf933c8a8c7e1167f6ae1 | 703d412e048f8c3d03a340e34e3afc0c | |
| DATA���� | 0x14a000 | 0x9000 | 9728 | e172c6c393309604b0da63f8d0e32081430083f3 | 383d7570e0fe983ef5b878c298684b54 | |
| BSS����� | 0x153000 | 0x3000 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .idata�� | 0x156000 | 0x4000 | 5120 | 87d708ce24ed176e9b4cc24dde3450f176a015ce | c6fd9ee264b4e61ce6c937a0439f0d37 | |
| .tls���� | 0x15a000 | 0x1000 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .rdata�� | 0x15b000 | 0x1000 | 512 | e509fbb2de0b85541b4ced0b19144c4d9ecf457b | 4f60477d50c5fdfd4b8ad7db1257eb50 | |
| .reloc�� | 0x15c000 | 0x11000 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .rsrc��� | 0x16d000 | 0x10000 | 21504 | 78d5c59a06456a03ddb1cb97f7a7acfc775999de | 8ae7965efe928413704abd6e5263ab1e | |
| .aspack� | 0x17d000 | 0x2000 | 6656 | 65ff8d1439eadb51bb34120f4cc461dfbb089df3 | b9f2bd0266a67b05b4e3b852dcdfa601 | |
| .adata�� | 0x17f000 | 0x1000 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e |
PE Resources 8
| Name | Language | Sublanguage | Offset | Size | Data |
|---|---|---|---|---|---|
| RT_CURSOR | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x16fba4 | 308 | |
| RT_BITMAP | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x172bf4 | 630 | |
| RT_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x17e5e8 | 744 | |
| RT_STRING | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x177584 | 708 | |
| RT_RCDATA | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x17c1f4 | 2446 | |
| RT_GROUP_CURSOR | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x17cc24 | 20 | |
| RT_GROUP_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x17e5d4 | 20 | |
| RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x17e3ac | 549 |
Packers detected 3
| ASProtect V2.X DLL -> Alexey Solodovnikov |
| ASPack v2.12 |
| ASPack v2.1 |
Strings analysis - File found
| Document |
| RUNTIME.PUB |
| Library |
| COMCTL32.dll |
| GDI32.dll |
| WSOCK32.dll |
| MSVFW32.dll |
| ole32.dll |
| SHELL32.dll |
| WINMM.dll |
| COMDLG32.dll |
| OLEAUT32.dll |
| USER32.dll |
| ADVAPI32.dll |
| KERNEL32.dll |