01b45f7bf20cdfa16daaf19afdc62e0c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Suspicious The PE is possibly packed. The PE only has 7 import(s).
Suspicious VirusTotal score: 2/71 (Scanned on 2019-12-09 21:16:30) Trapmine: suspicious.low.ml.score
APEX: Malicious

Hashes

MD5 01b45f7bf20cdfa16daaf19afdc62e0c
SHA1 26b10d24a9029528a75f4954ee4e47c577ccdec2
SHA256 e7b181c525745a4b7407a8ad70bfab4210b0ea5939d74e787735235061442a8f
SHA3 1521547c08b87e5a731efb10c4ba5ef68c2d01c2d8605c72f3596fe372a3e168
SSDeep 24:etGSBpUHalYbcJwsuzNZTPZnUhU1B9uOut688Sno11zoSdwzoPqZ:6PUHPIgZ2m7OnwIGq
Imports Hash 62fc62038779453b1d32c42d65365f98

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 2
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0
SizeOfInitializedData 0
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001100 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x3000
SizeOfHeaders 0x200
Checksum 0xbfe6
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 8d63d2f798f7477c329bdc11bede9ef8
SHA1 2fcb50058e32903b05500c2834e26b030286bef6
SHA256 f5fed241fae9381c657ff17e40907d32630915a8f206e624f392df3bbe68687b
SHA3 be98d0dc71087813168710ac101d9f24d26e48af4b94b43b355fd932fdcb9df8
VirtualSize 0x1b0
VirtualAddress 0x1000
SizeOfRawData 0x200
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 3.97984

.data

MD5 582bfd26316a12fcf63e8e466e3ecd22
SHA1 388caae32bbf7a25872190500eccb82128f387ed
SHA256 ecf6f57677783878758cd42e3dc42ce1be95574fa2abd1329d83171ea4940d58
SHA3 1f65fdc67d6906582e3daf976b556bec0a8beb70ac1da0bfbb1fb0c6c2b846c7
VirtualSize 0x280
VirtualAddress 0x2000
SizeOfRawData 0x400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.98465

Imports

msvcrt.dll printf
scanf
strlen
_controlfp
__set_app_type
__getmainargs
exit

Delayed Imports

_edata

Ordinal 7
Address 0x2080

_end

Ordinal 8
Address 0x2280

_etext

Ordinal 9
Address 0x1177

_start

Ordinal 10
Address 0x1100

main

Ordinal 11
Address 0x1000

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: 6 invalid export(s) not shown.
<-- -->