Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date |
1970-Jan-01 00:00:00
|
Suspicious |
The PE is possibly packed. |
The PE only has 7 import(s).
|
Suspicious |
VirusTotal score: 2/71 (Scanned on 2019-12-09 21:16:30) |
Trapmine:
suspicious.low.ml.score
APEX:
Malicious
|
MD5 |
01b45f7bf20cdfa16daaf19afdc62e0c
|
SHA1 |
26b10d24a9029528a75f4954ee4e47c577ccdec2
|
SHA256 |
e7b181c525745a4b7407a8ad70bfab4210b0ea5939d74e787735235061442a8f
|
SHA3 |
1521547c08b87e5a731efb10c4ba5ef68c2d01c2d8605c72f3596fe372a3e168
|
SSDeep |
24:etGSBpUHalYbcJwsuzNZTPZnUhU1B9uOut688Sno11zoSdwzoPqZ:6PUHPIgZ2m7OnwIGq
|
Imports Hash |
62fc62038779453b1d32c42d65365f98
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x80
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
2
|
TimeDateStamp |
1970-Jan-01 00:00:00
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32
|
LinkerVersion |
6.0
|
SizeOfCode |
0
|
SizeOfInitializedData |
0
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x00001100 (Section: .text)
|
BaseOfCode |
0x1000
|
BaseOfData |
0x2000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
0.0
|
SubsystemVersion |
4.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x3000
|
SizeOfHeaders |
0x200
|
Checksum |
0xbfe6
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
8d63d2f798f7477c329bdc11bede9ef8
|
SHA1 |
2fcb50058e32903b05500c2834e26b030286bef6
|
SHA256 |
f5fed241fae9381c657ff17e40907d32630915a8f206e624f392df3bbe68687b
|
SHA3 |
be98d0dc71087813168710ac101d9f24d26e48af4b94b43b355fd932fdcb9df8
|
VirtualSize |
0x1b0
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
3.97984
|
MD5 |
582bfd26316a12fcf63e8e466e3ecd22
|
SHA1 |
388caae32bbf7a25872190500eccb82128f387ed
|
SHA256 |
ecf6f57677783878758cd42e3dc42ce1be95574fa2abd1329d83171ea4940d58
|
SHA3 |
1f65fdc67d6906582e3daf976b556bec0a8beb70ac1da0bfbb1fb0c6c2b846c7
|
VirtualSize |
0x280
|
VirtualAddress |
0x2000
|
SizeOfRawData |
0x400
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
2.98465
|
msvcrt.dll |
printf
scanf
strlen
_controlfp
__set_app_type
__getmainargs
exit
|
Ordinal |
10
|
Address |
0x1100
|
Ordinal |
11
|
Address |
0x1000
|
[*] Warning: 6 invalid export(s) not shown.