{ "fe5e8153e3972d32d41c3a5ee53a9e99f44116fca98c480b703dca780cb3fd4c": { "DOS Header": { "e_magic": "MZ", "e_cblp": 144, "e_cp": 3, "e_crlc": 0, "e_cparhdr": 4, "e_minalloc": 0, "e_maxalloc": 65535, "e_ss": 0, "e_sp": 184, "e_csum": 0, "e_ip": 0, "e_cs": 0, "e_ovno": 0, "e_oemid": 0, "e_oeminfo": 0, "e_lfanew": 128 }, "Errors": "[*] Warning: Section .bss has a size of 0!\n", "Hashes": { "MD5": "f72cee733b1a6f30f8c850598d67b50a", "SHA1": "ffe8b9f32082320a6e444b65a118a814b3b39348", "SHA256": "fe5e8153e3972d32d41c3a5ee53a9e99f44116fca98c480b703dca780cb3fd4c", "SHA3": "4745b556a200b0c3ec8a8648b9ee50169a49fff6fbd67d26f55e345c144d2406", "SSDeep": "1536:RAMb0EJ88tVDyQADvpJyrOM1GhFNkYL2BxNRj:RAMb0aNzDyzD3yrOMGTkrNRj", "Imports Hash": "5fd4caa76ea3c961f2d530674634f64d" }, "Image Optional Header": { "Magic": "PE32", "LinkerVersion": "2.0", "SizeOfCode": 20480, "SizeOfInitializedData": 75776, "SizeOfUninitializedData": 1024, "AddressOfEntryPoint": "0x000014E0 (Section: .text)", "BaseOfCode": 4096, "BaseOfData": 24576, "ImageBase": 4194304, "SectionAlignment": 4096, "FileAlignment": 512, "OperatingSystemVersion": "4.0", "ImageVersion": "1.0", "SubsystemVersion": "4.0", "Win32VersionValue": 0, "SizeOfImage": 98304, "SizeOfHeaders": 1024, "Checksum": 104088, "Subsystem": "IMAGE_SUBSYSTEM_WINDOWS_CUI", "SizeofStackReserve": 2097152, "SizeofStackCommit": 4096, "SizeofHeapReserve": 1048576, "SizeofHeapCommit": 4096, "LoaderFlags": 0, "NumberOfRvaAndSizes": 16 }, "Imports": { "ADVAPI32.dll": [ "GetUserNameA", "RegCloseKey", "RegOpenKeyExA", "RegQueryValueExA" ], "IPHLPAPI.DLL": [ "GetAdaptersAddresses" ], "KERNEL32.dll": [ "CloseHandle", "CreateFileA", "CreateProcessA", "CreateToolhelp32Snapshot", "DeleteCriticalSection", "DeleteFileW", "DeviceIoControl", "EnterCriticalSection", "GetConsoleScreenBufferInfo", "GetCurrentProcess", "GetCurrentProcessId", "GetCurrentThreadId", "GetDiskFreeSpaceExA", "GetDriveTypeA", "GetFileAttributesA", "GetLastError", "GetLogicalDriveStringsA", "GetModuleFileNameA", "GetModuleHandleA", "GetProcAddress", "GetStartupInfoA", "GetStdHandle", "GetSystemInfo", "GetSystemTimeAsFileTime", "GetTickCount", "GetVersionExA", "GlobalMemoryStatusEx", "InitializeCriticalSection", "IsDebuggerPresent", "LeaveCriticalSection", "LocalAlloc", "LocalFree", "OutputDebugStringA", "Process32First", "Process32Next", "QueryPerformanceCounter", "SetConsoleTextAttribute", "SetLastError", "SetUnhandledExceptionFilter", "Sleep", "TerminateProcess", "TlsGetValue", "UnhandledExceptionFilter", "VirtualProtect", "VirtualQuery", "lstrcmpiA" ], "MPR.DLL": [ "WNetGetProviderNameA" ], "msvcrt.dll": [ "__dllonexit", "__getmainargs", "__initenv", "__lconv_init", "__set_app_type", "__setusermatherr", "_acmdln", "_amsg_exit", "_cexit", "_fmode", "_initterm", "_iob", "_lock", "_onexit", "calloc", "exit", "fclose", "fopen", "fprintf", "fputs", "free", "fwrite", "getchar", "malloc", "mbstowcs", "memcmp", "memcpy", "printf", "puts", "signal", "sprintf", "strlen", "strncat", "strncmp", "strncpy", "strstr", "_unlock", "abort", "toupper", "vfprintf", "wcsstr", "_vsnprintf" ], "ole32.dll": [ "CoCreateInstance", "CoInitializeEx", "CoInitializeSecurity", "CoUninitialize" ], "OLEAUT32.dll": [ "SysAllocString", "SysFreeString" ], "SHELL32.dll": [ "ShellExecuteExW" ], "USER32.dll": [ "FindWindowA", "GetCursorPos" ], "WS2_32.dll": [ "freeaddrinfo", "getaddrinfo" ] }, "PE Header": { "Signature": "PE", "Machine": "IMAGE_FILE_MACHINE_I386", "NumberofSections": 8, "TimeDateStamp": "2016-Mar-16 18:28:11", "PointerToSymbolTable": 0, "NumberOfSymbols": 0, "SizeOfOptionalHeader": 224, "Characteristics": [ "IMAGE_FILE_32BIT_MACHINE", "IMAGE_FILE_DEBUG_STRIPPED", "IMAGE_FILE_EXECUTABLE_IMAGE", "IMAGE_FILE_LINE_NUMS_STRIPPED", "IMAGE_FILE_LOCAL_SYMS_STRIPPED", "IMAGE_FILE_RELOCS_STRIPPED" ] }, "Plugins": { "strings": { "level": 2, "plugin_output": { "Contains references to system / monitoring tools": [ "Control.exe" ], "Tries to detect virtualized environments": [ "HARDWARE\\DESCRIPTION\\System", "HARDWARE\\DEVICEMAP\\Scsi\\Scsi Port 0\\Scsi Bus 0\\Target Id 0\\Logical Unit Id 0", "HARDWARE\\Description\\System" ], "Looks for VMWare presence": [ "00:05:69", "00:0C:29", "00:1C:14", "00:50:56", "VMWARE", "VMWare", "VMware", "hgfs.sys", "mhgfs.sys", "vmmouse", "vmware" ], "Looks for Sandboxie presence": [ "sbiedll.dll" ], "Looks for VirtualBox presence": [ "08:00:27", "HARDWARE\\ACPI\\DSDT\\VBOX__", "HARDWARE\\ACPI\\FADT\\VBOX__", "HARDWARE\\ACPI\\RSDT\\VBOX__", "SOFTWARE\\Oracle\\VirtualBox Guest Additions", "VBoxGuest", "VBoxMouse", "VBoxSF", "VBoxService", "VBoxTray", "VBoxTrayToolWnd", "VBoxTrayToolWndClass", "VEN_80EE", "\\\\.\\pipe\\VBoxMiniRdDN", "\\\\.\\pipe\\VBoxTrayIPC", "vboxhook.dll", "vboxservice", "vboxtray" ], "Looks for Qemu presence": [ "QEMU", "Qemu", "qemu" ], "Accesses the WMI": [ "root\\cimv2" ], "Miscellaneous malware strings": [ "VIRUS" ] }, "summary": "Strings found in the binary may indicate undesirable behavior:" }, "imports": { "level": 2, "plugin_output": { "Functions which can be used for anti-debugging purposes": [ "CreateToolhelp32Snapshot", "FindWindowA" ], "Can access the registry": [ "RegCloseKey", "RegOpenKeyExA", "RegQueryValueExA" ], "Possibly launches other programs": [ "CreateProcessA" ], "Leverages the raw socket API to access the Internet": [ "freeaddrinfo", "getaddrinfo" ], "Enumerates local disk drives": [ "GetDriveTypeA", "GetLogicalDriveStringsA" ], "Manipulates other processes": [ "Process32First", "Process32Next" ] }, "summary": "The PE contains functions most legitimate programs don't use." }, "virustotal": { "level": 2, "plugin_output": { "McAfee-GW-Edition": "BehavesLike.Win32.Sality.lc" }, "summary": "VirusTotal score: 1/53 (Scanned on 2016-08-12 08:32:11)" } }, "Resources": { "1": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 23148, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 7.91525, "Detected Filetype": "PNG graphic file", "MD5": "50a9b70330d4c9770ddbfc114a470393", "SHA1": "9d10e2e892fd4cecebd3d4e3cc0e02593f986a93", "SHA256": "a4241efc26682836a65f0f006b78c251ff407d41fc40617b1dffad2173cf054f", "SHA3": "5fc938fa7d332e47ef7cfb386f941121a3d1a2ee10793f531ed702c4dd60e17e" }, "2": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 7698, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 7.92568, "Detected Filetype": "PNG graphic file", "MD5": "92b50b5af9a20566c078c87fa2c8abb1", "SHA1": "e15925db93934112ec527e81762e51153c3b4cd3", "SHA256": "2eaf3b7d550282b5f1c039dad0a5e291b3fa1caa43f74433dde9264212388280", "SHA3": "20a18e9f93f2f8ac655d25520aee23f94bf1826379190fe1f52539006237afd8" }, "3": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 1950, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 7.84982, "Detected Filetype": "PNG graphic file", "MD5": "f8572abdedcd787fa5d734187059eafa", "SHA1": "48c1086207cb50c83db9ac72a1dcd6f53b39fd71", "SHA256": "234e6d565baaf4c43d7a36ba99b1f296de2d0bba1a48b97a96dda24b73a1701c", "SHA3": "8ad9afc9a9df90bae8b55381416180068e0dc0462d9711ac57ca1c1358043efe" }, "4": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 1196, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 7.78717, "Detected Filetype": "PNG graphic file", "MD5": "6413fac6c5a51dbd6a5f532074fd2389", "SHA1": "adb70b9e80073999494028287b99ee53a8548ac5", "SHA256": "686ea3b73c6520c38a8c399aec063391b5ed15dfc1c95442931a07b492b0a7aa", "SHA3": "0e75ac2bdb864dee729bf99512f5465c534633092b43a37e324e977d54b22ab8" }, "5": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 852, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 7.68879, "Detected Filetype": "PNG graphic file", "MD5": "ff6846f06399f549e6443052c3db7dcd", "SHA1": "3fd9fe91c888150509eb8155eecc5d583a63beb0", "SHA256": "9596025745330d9d9b63be666ed7ed2db55c71ab6be0da76d6f0bf57249bfbdb", "SHA3": "6a53b15907a5511405d38acc267e1116abac43532d852a03348f8bdd6aa61b21" }, "6": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 497, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 7.41808, "Detected Filetype": "PNG graphic file", "MD5": "87c735a12a02cfea200e24fdbb0cc9f9", "SHA1": "adebe77ca865630338bb9919e00b6d61597456a5", "SHA256": "520ca0f0f2bc979bde1cf0944da37aa5ef4fb2cd493a94d98506aa56c1f98553", "SHA3": "7830efdd7bf3b2f6408dae8daf3c932e9e7a18ae980d2245a8cc7c7e7056e360" }, "A": { "Type": "RT_GROUP_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 90, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 2.99178, "Detected Filetype": "Icon file", "MD5": "60ae129a955f853471899e9f7ac97fbf", "SHA1": "f918b7a57887c4dbc9e1f5a6628c222c4627fec2", "SHA256": "d124b8c6d80c0d4bf86bc6ee14cb849d21efe510534e659239f7e6b8e3bb9f63", "SHA3": "93476e8f2cc02abedcd98ad8eb3f1af18d1236fcdc8d916ac306280e25c7e722" }, "1 (#2)": { "Type": "RT_VERSION", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 648, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 3.13852, "MD5": "901a252f68f546915e368ccb4e61deac", "SHA1": "cf75d098ba9d7cf4ff1bc22083c8018fe7b04368", "SHA256": "4246a668eb250575a711e8d56f7fdd40b61c09d9fc88a807f3dfb9acdfaa33c2", "SHA3": "1e176d9beae249920c95d72510efd182530d36405d92b642c9cc92adc58663c1" } }, "Sections": { ".text": { "MD5": "4eae880ed5114a2ebdb739766ac940c1", "SHA1": "76d37f51b41ed3222990e20a0005213253df56f5", "SHA256": "cae2ce23379c5eea091c8240242f17ff9b3a76d2bbd4efa841c5ca28e548ff61", "SHA3": "c5caf918a7b7e919a8ea15cf58ef29155d44dcac8459585b5f99ad51c8392584", "VirtualSize": 20180, "VirtualAddress": 4096, "SizeOfRawData": 20480, "PointerToRawData": 1024, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_ALIGN_1024BYTES", "IMAGE_SCN_ALIGN_16BYTES", "IMAGE_SCN_ALIGN_1BYTES", "IMAGE_SCN_ALIGN_2048BYTES", "IMAGE_SCN_ALIGN_256BYTES", "IMAGE_SCN_ALIGN_32BYTES", "IMAGE_SCN_ALIGN_4096BYTES", "IMAGE_SCN_ALIGN_4BYTES", "IMAGE_SCN_ALIGN_64BYTES", "IMAGE_SCN_ALIGN_8192BYTES", "IMAGE_SCN_ALIGN_8BYTES", "IMAGE_SCN_ALIGN_MASK", "IMAGE_SCN_CNT_CODE", "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_EXECUTE", "IMAGE_SCN_MEM_READ" ], "Entropy": 5.83109 }, ".data": { "MD5": "bc82c47f57b621ed26c346099fc9863b", "SHA1": "bef90db09ac61c9bbfe40a2b7c639d141f3c75d7", "SHA256": "7b4783397dcb3d8ed88efdd9ab9bc26b5eb9258425646790a883a81748a03d91", "SHA3": "19ed473f6ee50d0a9cf1305d1c2fecfe84f1ff702fa760a38e571757fac17bb5", "VirtualSize": 48, "VirtualAddress": 24576, "SizeOfRawData": 512, "PointerToRawData": 21504, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_ALIGN_1024BYTES", "IMAGE_SCN_ALIGN_16BYTES", "IMAGE_SCN_ALIGN_1BYTES", "IMAGE_SCN_ALIGN_256BYTES", "IMAGE_SCN_ALIGN_2BYTES", "IMAGE_SCN_ALIGN_32BYTES", "IMAGE_SCN_ALIGN_4096BYTES", "IMAGE_SCN_ALIGN_4BYTES", "IMAGE_SCN_ALIGN_512BYTES", "IMAGE_SCN_ALIGN_64BYTES", "IMAGE_SCN_ALIGN_8192BYTES", "IMAGE_SCN_ALIGN_MASK", "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ", "IMAGE_SCN_MEM_WRITE" ], "Entropy": 0.530922 }, ".rdata": { "MD5": "dc6c657562148deb626a4f13ac9d3056", "SHA1": "a5506866abf5ecbf512f79d6ca37673eb87fedce", "SHA256": "294239a253495ed9a2953614f4b5edd4bf07ebce7c890100f75e65923254d059", "SHA3": "5773ce865798436f5fb26dea955cc00a4fb1e9070f002c703e7a985a99236400", "VirtualSize": 12984, "VirtualAddress": 28672, "SizeOfRawData": 13312, "PointerToRawData": 22016, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_ALIGN_1024BYTES", "IMAGE_SCN_ALIGN_16BYTES", "IMAGE_SCN_ALIGN_1BYTES", "IMAGE_SCN_ALIGN_256BYTES", "IMAGE_SCN_ALIGN_2BYTES", "IMAGE_SCN_ALIGN_32BYTES", "IMAGE_SCN_ALIGN_4096BYTES", "IMAGE_SCN_ALIGN_4BYTES", "IMAGE_SCN_ALIGN_512BYTES", "IMAGE_SCN_ALIGN_64BYTES", "IMAGE_SCN_ALIGN_8192BYTES", "IMAGE_SCN_ALIGN_MASK", "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ" ], "Entropy": 5.83296 }, ".bss": { "MD5": "d41d8cd98f00b204e9800998ecf8427e", "SHA1": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "SHA256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "SHA3": "a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a", "VirtualSize": 1024, "VirtualAddress": 45056, "SizeOfRawData": 0, "PointerToRawData": 0, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_ALIGN_1024BYTES", "IMAGE_SCN_ALIGN_16BYTES", "IMAGE_SCN_ALIGN_2048BYTES", "IMAGE_SCN_ALIGN_2BYTES", "IMAGE_SCN_ALIGN_32BYTES", "IMAGE_SCN_ALIGN_4096BYTES", "IMAGE_SCN_ALIGN_4BYTES", "IMAGE_SCN_ALIGN_512BYTES", "IMAGE_SCN_ALIGN_64BYTES", "IMAGE_SCN_ALIGN_8192BYTES", "IMAGE_SCN_ALIGN_8BYTES", "IMAGE_SCN_ALIGN_MASK", "IMAGE_SCN_CNT_UNINITIALIZED_DATA", "IMAGE_SCN_MEM_READ", "IMAGE_SCN_MEM_WRITE" ] }, ".idata": { "MD5": "aab2bb441a368f3c6952b605daa56c47", "SHA1": "f283c8c5a5f13053e27d38958a0356ef8e03d86a", "SHA256": "1f3d517c5f614f6f8a7465bb089109110082e29977d0892fb4a0d3a8dec04c5c", "SHA3": "091f4079cc58197ce42f4676ea20a92b6829577d67f5e80c8adda772bc683b8d", "VirtualSize": 3364, "VirtualAddress": 49152, "SizeOfRawData": 3584, "PointerToRawData": 35328, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_ALIGN_1024BYTES", "IMAGE_SCN_ALIGN_16BYTES", "IMAGE_SCN_ALIGN_1BYTES", "IMAGE_SCN_ALIGN_256BYTES", "IMAGE_SCN_ALIGN_2BYTES", "IMAGE_SCN_ALIGN_32BYTES", "IMAGE_SCN_ALIGN_4096BYTES", "IMAGE_SCN_ALIGN_4BYTES", "IMAGE_SCN_ALIGN_512BYTES", "IMAGE_SCN_ALIGN_64BYTES", "IMAGE_SCN_ALIGN_8192BYTES", "IMAGE_SCN_ALIGN_MASK", "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ", "IMAGE_SCN_MEM_WRITE" ], "Entropy": 4.76454 }, ".CRT": { "MD5": "0aa4bc8f5c4effdb820d9399574783aa", "SHA1": "f805190d1b4e056b2310e642a6bfb492b125d480", "SHA256": "2d4943c5fee845924b4b56893281f438d5b76ef21033895fe5bb3777bc5a3b39", "SHA3": "208b60236f714574a8c068ff0479397623effa9696aa8a653ed5e3a1590dc6a1", "VirtualSize": 52, "VirtualAddress": 53248, "SizeOfRawData": 512, "PointerToRawData": 38912, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_ALIGN_1024BYTES", "IMAGE_SCN_ALIGN_16BYTES", "IMAGE_SCN_ALIGN_1BYTES", "IMAGE_SCN_ALIGN_256BYTES", "IMAGE_SCN_ALIGN_2BYTES", "IMAGE_SCN_ALIGN_32BYTES", "IMAGE_SCN_ALIGN_4096BYTES", "IMAGE_SCN_ALIGN_4BYTES", "IMAGE_SCN_ALIGN_512BYTES", "IMAGE_SCN_ALIGN_64BYTES", "IMAGE_SCN_ALIGN_8192BYTES", "IMAGE_SCN_ALIGN_MASK", "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ", "IMAGE_SCN_MEM_WRITE" ], "Entropy": 0.269445 }, ".tls": { "MD5": "4d0db56ecaa4036333d178cca8b31a98", "SHA1": "1dc68a50dddc8c43fcec57f1bc28fa09ac97e3d1", "SHA256": "7d5bdd702ce665911f1479d55557d1a5c66068b78838cf41ac8a0bec6ef9db6c", "SHA3": "84eed999b42d169ad11eb93e204b272cbe723e21ef4079dd524926f161c443d3", "VirtualSize": 32, "VirtualAddress": 57344, "SizeOfRawData": 512, "PointerToRawData": 39424, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_ALIGN_1024BYTES", "IMAGE_SCN_ALIGN_16BYTES", "IMAGE_SCN_ALIGN_1BYTES", "IMAGE_SCN_ALIGN_256BYTES", "IMAGE_SCN_ALIGN_2BYTES", "IMAGE_SCN_ALIGN_32BYTES", "IMAGE_SCN_ALIGN_4096BYTES", "IMAGE_SCN_ALIGN_4BYTES", "IMAGE_SCN_ALIGN_512BYTES", "IMAGE_SCN_ALIGN_64BYTES", "IMAGE_SCN_ALIGN_8192BYTES", "IMAGE_SCN_ALIGN_MASK", "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ", "IMAGE_SCN_MEM_WRITE" ], "Entropy": 0.204488 }, ".rsrc": { "MD5": "69fe12111a5a4d32b7a974be96f0a174", "SHA1": "53673dd9561595a7b084182851a8a0d1a59b4381", "SHA256": "a9d5daf66185afadc5fc2f854d4f7bae756f65cdc9da3504a36335610cf7bf2a", "SHA3": "e79aa19ced2937a059eadd5556ec59d4dfb28df9807745036b389c62ba47513b", "VirtualSize": 36592, "VirtualAddress": 61440, "SizeOfRawData": 36864, "PointerToRawData": 39936, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_ALIGN_1024BYTES", "IMAGE_SCN_ALIGN_16BYTES", "IMAGE_SCN_ALIGN_1BYTES", "IMAGE_SCN_ALIGN_256BYTES", "IMAGE_SCN_ALIGN_2BYTES", "IMAGE_SCN_ALIGN_32BYTES", "IMAGE_SCN_ALIGN_4096BYTES", "IMAGE_SCN_ALIGN_4BYTES", "IMAGE_SCN_ALIGN_512BYTES", "IMAGE_SCN_ALIGN_64BYTES", "IMAGE_SCN_ALIGN_8192BYTES", "IMAGE_SCN_ALIGN_MASK", "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ", "IMAGE_SCN_MEM_WRITE" ], "Entropy": 7.85411 } }, "Summary": { "Architecture": "IMAGE_FILE_MACHINE_I386", "Subsystem": "IMAGE_SUBSYSTEM_WINDOWS_CUI", "Compilation Date": "2016-Mar-16 18:28:11", "Detected languages": [ "English - United States" ], "TLS Callbacks": "2 callback(s) detected.", "CompanyName": "", "FileVersion": "", "FileDescription": "Paranoid Fish is paranoid", "InternalName": "", "LegalCopyright": "", "LegalTrademarks": "", "OriginalFilename": "", "ProductName": "Paranoid Fish", "ProductVersion": "" }, "TLS Callbacks": { "StartAddressOfRawData": 4251648, "EndAddressOfRawData": 4251676, "AddressOfIndex": 4240272, "AddressOfCallbacks": 4247584, "SizeOfZeroFill": 0, "Characteristics": "IMAGE_SCN_TYPE_REG", "Callbacks": [ "0x00404E60", "0x00404E10" ] }, "Version Info": { "Resource LangID": "English - United States", "VS_VERSION_INFO": { "Signature": 4277077181, "StructVersion": 65536, "FileVersion": "0.5.7.1", "ProductVersion": "0.5.7.1", "FileFlags": [], "FileOs": [], "FileType": "VFT_APP", "Language": "English - United States", "CompanyName": "", "FileVersion (#2)": "", "FileDescription": "Paranoid Fish is paranoid", "InternalName": "", "LegalCopyright": "", "LegalTrademarks": "", "OriginalFilename": "", "ProductName": "Paranoid Fish", "ProductVersion (#2)": "" } } } }