[prev in list] [next in list] [prev in thread] [next in thread]
List: cuckoo
Subject: [cuckoo] Several problems (analysis of resource entries and missing file)
From: sstaciwa () gmail ! com (=?ISO-8859-2?Q?S=B3awomir_Staciwa?=)
Date: 2012-04-19 9:12:40
Message-ID: CAMVvr-1e-5zr1_zP+S6sm4PrF0aiGPQ+m+9LaeevcyqreZo0gA () mail ! gmail ! com
[Download RAW message or body]
It is an output from pefile, compliant with pescanner, different from
cuckoo - so there is a parse error probably.
----------Resource directory----------
[IMAGE_RESOURCE_DIRECTORY]
0xDA00 0x0 Characteristics: 0x0
0xDA04 0x4 TimeDateStamp: 0x0 [Thu Jan 1
00:00:00 1970 UTC]
0xDA08 0x8 MajorVersion: 0x0
0xDA0A 0xA MinorVersion: 0x0
0xDA0C 0xC NumberOfNamedEntries: 0x1
0xDA0E 0xE NumberOfIdEntries: 0x2
Name: [DLL]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDA10 0x0 Name: 0x800001A8
0xDA14 0x4 OffsetToData: 0x80000028
[IMAGE_RESOURCE_DIRECTORY]
0xDA28 0x0 Characteristics: 0x0
0xDA2C 0x4 TimeDateStamp: 0x0 [Thu
Jan 1 00:00:00 1970 UTC]
0xDA30 0x8 MajorVersion: 0x0
0xDA32 0xA MinorVersion: 0x0
0xDA34 0xC NumberOfNamedEntries: 0x0
0xDA36 0xE NumberOfIdEntries: 0x2
Id: [0x67]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDA38 0x0 Name: 0x67
0xDA3C 0x4 OffsetToData: 0x80000048
[IMAGE_RESOURCE_DIRECTORY]
0xDA48 0x0 Characteristics: 0x0
0xDA4C 0x4 TimeDateStamp: 0x0
[Thu Jan 1 00:00:00 1970 UTC]
0xDA50 0x8 MajorVersion: 0x0
0xDA52 0xA MinorVersion: 0x0
0xDA54 0xC NumberOfNamedEntries: 0x0
0xDA56 0xE NumberOfIdEntries: 0x1
\--- LANG [4,2][LANG_CHINESE,SUBLANG_CHINESE_SIMPLIFIED]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDA58 0x0 Name: 0x804
0xDA5C 0x4 OffsetToData: 0x60
[IMAGE_RESOURCE_DATA_ENTRY]
0xDA60 0x0 OffsetToData: 0x131B0
0xDA64 0x4 Size: 0x13000
0xDA68 0x8 CodePage: 0x0
0xDA6C 0xC Reserved: 0x0
Id: [0x6E]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDA40 0x0 Name: 0x6E
0xDA44 0x4 OffsetToData: 0x80000070
[IMAGE_RESOURCE_DIRECTORY]
0xDA70 0x0 Characteristics: 0x0
0xDA74 0x4 TimeDateStamp: 0x0
[Thu Jan 1 00:00:00 1970 UTC]
0xDA78 0x8 MajorVersion: 0x0
0xDA7A 0xA MinorVersion: 0x0
0xDA7C 0xC NumberOfNamedEntries: 0x0
0xDA7E 0xE NumberOfIdEntries: 0x1
\--- LANG [4,2][LANG_CHINESE,SUBLANG_CHINESE_SIMPLIFIED]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDA80 0x0 Name: 0x804
0xDA84 0x4 OffsetToData: 0x88
[IMAGE_RESOURCE_DATA_ENTRY]
0xDA88 0x0 OffsetToData: 0x261B0
0xDA8C 0x4 Size: 0x619E
0xDA90 0x8 CodePage: 0x0
0xDA94 0xC Reserved: 0x0
Id: [0x3] (RT_ICON)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDA18 0x0 Name: 0x3
0xDA1C 0x4 OffsetToData: 0x80000098
[IMAGE_RESOURCE_DIRECTORY]
0xDA98 0x0 Characteristics: 0x0
0xDA9C 0x4 TimeDateStamp: 0x0 [Thu
Jan 1 00:00:00 1970 UTC]
0xDAA0 0x8 MajorVersion: 0x0
0xDAA2 0xA MinorVersion: 0x0
0xDAA4 0xC NumberOfNamedEntries: 0x0
0xDAA6 0xE NumberOfIdEntries: 0x4
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDAA8 0x0 Name: 0x1
0xDAAC 0x4 OffsetToData: 0x800000C8
[IMAGE_RESOURCE_DIRECTORY]
0xDAC8 0x0 Characteristics: 0x0
0xDACC 0x4 TimeDateStamp: 0x0
[Thu Jan 1 00:00:00 1970 UTC]
0xDAD0 0x8 MajorVersion: 0x0
0xDAD2 0xA MinorVersion: 0x0
0xDAD4 0xC NumberOfNamedEntries: 0x0
0xDAD6 0xE NumberOfIdEntries: 0x1
\--- LANG [4,2][LANG_CHINESE,SUBLANG_CHINESE_SIMPLIFIED]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDAD8 0x0 Name: 0x804
0xDADC 0x4 OffsetToData: 0xE0
[IMAGE_RESOURCE_DATA_ENTRY]
0xDAE0 0x0 OffsetToData: 0x301B4
0xDAE4 0x4 Size: 0x128
0xDAE8 0x8 CodePage: 0x0
0xDAEC 0xC Reserved: 0x0
Id: [0x2]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDAB0 0x0 Name: 0x2
0xDAB4 0x4 OffsetToData: 0x800000F0
[IMAGE_RESOURCE_DIRECTORY]
0xDAF0 0x0 Characteristics: 0x0
0xDAF4 0x4 TimeDateStamp: 0x0
[Thu Jan 1 00:00:00 1970 UTC]
0xDAF8 0x8 MajorVersion: 0x0
0xDAFA 0xA MinorVersion: 0x0
0xDAFC 0xC NumberOfNamedEntries: 0x0
0xDAFE 0xE NumberOfIdEntries: 0x1
\--- LANG [4,2][LANG_CHINESE,SUBLANG_CHINESE_SIMPLIFIED]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDB00 0x0 Name: 0x804
0xDB04 0x4 OffsetToData: 0x108
[IMAGE_RESOURCE_DATA_ENTRY]
0xDB08 0x0 OffsetToData: 0x302E0
0xDB0C 0x4 Size: 0x568
0xDB10 0x8 CodePage: 0x0
0xDB14 0xC Reserved: 0x0
Id: [0x3]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDAB8 0x0 Name: 0x3
0xDABC 0x4 OffsetToData: 0x80000118
[IMAGE_RESOURCE_DIRECTORY]
0xDB18 0x0 Characteristics: 0x0
0xDB1C 0x4 TimeDateStamp: 0x0
[Thu Jan 1 00:00:00 1970 UTC]
0xDB20 0x8 MajorVersion: 0x0
0xDB22 0xA MinorVersion: 0x0
0xDB24 0xC NumberOfNamedEntries: 0x0
0xDB26 0xE NumberOfIdEntries: 0x1
\--- LANG [4,2][LANG_CHINESE,SUBLANG_CHINESE_SIMPLIFIED]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDB28 0x0 Name: 0x804
0xDB2C 0x4 OffsetToData: 0x130
[IMAGE_RESOURCE_DATA_ENTRY]
0xDB30 0x0 OffsetToData: 0x3084C
0xDB34 0x4 Size: 0x2E8
0xDB38 0x8 CodePage: 0x0
0xDB3C 0xC Reserved: 0x0
Id: [0x4]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDAC0 0x0 Name: 0x4
0xDAC4 0x4 OffsetToData: 0x80000140
[IMAGE_RESOURCE_DIRECTORY]
0xDB40 0x0 Characteristics: 0x0
0xDB44 0x4 TimeDateStamp: 0x0
[Thu Jan 1 00:00:00 1970 UTC]
0xDB48 0x8 MajorVersion: 0x0
0xDB4A 0xA MinorVersion: 0x0
0xDB4C 0xC NumberOfNamedEntries: 0x0
0xDB4E 0xE NumberOfIdEntries: 0x1
\--- LANG [4,2][LANG_CHINESE,SUBLANG_CHINESE_SIMPLIFIED]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDB50 0x0 Name: 0x804
0xDB54 0x4 OffsetToData: 0x158
[IMAGE_RESOURCE_DATA_ENTRY]
0xDB58 0x0 OffsetToData: 0x30B38
0xDB5C 0x4 Size: 0x8A8
0xDB60 0x8 CodePage: 0x0
0xDB64 0xC Reserved: 0x0
Id: [0xE] (RT_GROUP_ICON)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDA20 0x0 Name: 0xE
0xDA24 0x4 OffsetToData: 0x80000168
[IMAGE_RESOURCE_DIRECTORY]
0xDB68 0x0 Characteristics: 0x0
0xDB6C 0x4 TimeDateStamp: 0x0 [Thu
Jan 1 00:00:00 1970 UTC]
0xDB70 0x8 MajorVersion: 0x0
0xDB72 0xA MinorVersion: 0x0
0xDB74 0xC NumberOfNamedEntries: 0x0
0xDB76 0xE NumberOfIdEntries: 0x1
Id: [0x71]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDB78 0x0 Name: 0x71
0xDB7C 0x4 OffsetToData: 0x80000180
[IMAGE_RESOURCE_DIRECTORY]
0xDB80 0x0 Characteristics: 0x0
0xDB84 0x4 TimeDateStamp: 0x0
[Thu Jan 1 00:00:00 1970 UTC]
0xDB88 0x8 MajorVersion: 0x0
0xDB8A 0xA MinorVersion: 0x0
0xDB8C 0xC NumberOfNamedEntries: 0x0
0xDB8E 0xE NumberOfIdEntries: 0x1
\--- LANG [4,2][LANG_CHINESE,SUBLANG_CHINESE_SIMPLIFIED]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xDB90 0x0 Name: 0x804
0xDB94 0x4 OffsetToData: 0x198
[IMAGE_RESOURCE_DATA_ENTRY]
0xDB98 0x0 OffsetToData: 0x313E4
0xDB9C 0x4 Size: 0x3E
0xDBA0 0x8 CodePage: 0x0
0xDBA4 0xC Reserved: 0x0
Regards
Slawek
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic