PESCAN.IO - Analysis Report Valid Code |
|||||
File Structure: | |||||
![]() |
Information: |
Size: 9,00 KB SHA-256 Hash: 54BF690F5F2C88F9372E5A98EADD1876CCE376115C2D619BD97A332CF87C716B SHA-1 Hash: 55DCB71E72400370C5010EF251832746A610FA08 MD5 Hash: 0C101AC9402FD27C216E7BD992A8AF27 Imphash: EE1698448DBF9F72A5B96446D16946D6 MajorOSVersion: 5 CheckSum: 00000000 EntryPoint (rva): 1E10 SizeOfHeaders: 400 SizeOfImage: 7000 ImageBase: 10000000 Architecture: x86 ExportTable: 2280 ImportTable: 205C Characteristics: 2102 TimeDateStamp: 4BD43970 Date: 25/04/2010 12:45:36 File Type: DLL Number Of Sections: 6 ASLR: Enabled Section Names: .text, .rdata, .data, .TrueTra, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
Sections Info: |
Section Name | Flags | ROffset | RSize | VOffset | VSize |
---|---|---|---|---|---|
.text | 60000020 (Executable) | 400 | 1000 | 1000 | F44 |
.rdata | 40000040 | 1400 | 400 | 2000 | 305 |
.data | C0000040 (Writeable) | 0 | 0 | 3000 | 28 |
.TrueTra | D0000040 (Writeable) | 1800 | 200 | 4000 | 11 |
.rsrc | 40000040 | 1A00 | 600 | 5000 | 4E8 |
.reloc | 42000040 | 2000 | 400 | 6000 | 23A |
Description: |
InternalName: TrueTransparency LegalCopyright: Lefreut 2007-2010 FileVersion: 1.4.1.189 |
Entry Point: |
The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 1210 Code -> 8B4424085633F683F80175638B4424086A0456A300300010FF150820001050FF15102000103BC6746FF60524300010017529 • MOV EAX, DWORD PTR [ESP + 8] • PUSH ESI • XOR ESI, ESI • CMP EAX, 1 • JNE 0X106F • MOV EAX, DWORD PTR [ESP + 8] • PUSH 4 • PUSH ESI • MOV DWORD PTR [0X10003000], EAX • CALL DWORD PTR [0X10002008] • PUSH EAX • CALL DWORD PTR [0X10002010] • CMP EAX, ESI • JE 0X1098 • TEST BYTE PTR [0X10003024], 1 • JNE 0X105B |
Signatures: |
Rich Signature Analyzer: Code -> 6BB9989E2FD8F6CD2FD8F6CD2FD8F6CD081E8DCD28D8F6CD2FD8F7CD3BD8F6CD26A07CCD2CD8F6CD26A064CD2ED8F6CD26A062CD2ED8F6CD26A067CD2ED8F6CD526963682FD8F6CD Footprint md5 Hash -> 8E7AFC2CDBD01AFE54C613DD9FB1E082 • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
Packer/Compiler: |
Detect It Easy (die) • PE: compiler: Microsoft Visual C/C++(2008 SP1)[-] • PE: linker: Microsoft Linker(9.0)[DLL32] • Entropy: 4.99861 |
ET Functions (carving): |
Original Name -> TrueTransparencyHook.dll _PauseHook@0 _StartHook@8 _StopHook@0 |
File Access: |
TrueTransparencyHook.dll GDI32.dll USER32.dll KERNEL32.dll |
Interest's Words: |
exec start pause |
IP Addresses: |
1.4.1.189 |
Strings/Hex Code Found With The File Rules: |
• EP Rules: Microsoft Visual C++ 8 • EP Rules: Microsoft Visual C++ 8.0 • EP Rules: TrueVision Targa Graphics format |
Resources: |
Path | DataRVA | Size | FileOffset | Code | Text |
---|---|---|---|---|---|
\VERSION\1\1033 | 5298 | 24C | 1C98 | 4C0234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000400 | L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
\24\1\1033 | 50A0 | 1F8 | 1AA0 | 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279 | <?xml version="1.0" encoding="UTF-8" standalone="y |
Intelligent String: |
• KERNEL32.dll • www.customxp.net • 1.4.1.189 |
Extra 4n4lysis: |
Metric | Value | Percentage |
---|---|---|
Ascii Code | 4454 | 48,329% |
Null Byte Code | 3753 | 40,7227% |
© 2025 All rights reserved.