05450face243b3a7472407b999b03a72

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2006-Aug-31 08:46:27

Plugin Output

Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Manipulates other processes:
  • OpenProcess
Suspicious VirusTotal score: 1/72 (Scanned on 2019-04-18 22:34:02) Acronis: suspicious

Hashes

MD5 05450face243b3a7472407b999b03a72
SHA1 ffd88af2e338ae606c444390f7eaaf5f4aef2cd9
SHA256 95fe9d92512ff2318cc2520311ef9145b2cee01209ab0e1b6e45c7ce1d4d0e89
SHA3 eba9d1d4c4c29cf9211ee8a314119b0d8dd17d4ecc0a52cba01e3295fc2ddab1
SSDeep 48:SKgfJzwtr95f5wiXnfkm4ZixVWmWDYWWDYvt6ENGAa4GW6ENcuHdtjq6vo:hZ9Htnfd/xVJ3W3V6aQ4GW6azdtj
Imports Hash c9fc7f6df8fedf8f8f1f9f820c072664

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2006-Aug-31 08:46:27
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 7.0
SizeOfCode 0x600
SizeOfInitializedData 0xc00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000109F (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x5000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NO_SEH
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 4d7099f7a08f816eb085d3a46f915d95
SHA1 f16d68a33266492cb2e502f7fdd298c63cc827f6
SHA256 3194be9a2dd44b66b020b47933e2aabdcc942d36cdf72732fc6a89b99634d8cc
SHA3 9ceb53978007ea75bc4480ef1ba3b42c679aab91eca50295b8f934762ad6a679
VirtualSize 0x47d
VirtualAddress 0x1000
SizeOfRawData 0x600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.14059

.rdata

MD5 a7701301a4783f937191c58dca6d038a
SHA1 4fd38c326b5230e425631b475aa007c791903d7c
SHA256 7e7116f0822a558b880cf1390ee4f1255820895466ed8b2e30e6254777e724dd
SHA3 192d1cd507b137e4158de4494af050e60cad2c3e1607f85489a03b214cfa5eea
VirtualSize 0x286
VirtualAddress 0x2000
SizeOfRawData 0x400
PointerToRawData 0xa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.42321

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x40c
VirtualAddress 0x3000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc

MD5 c6f515c1e5e177cb4614796aaaeb9c0a
SHA1 a99d93bbd27060e135a0bb01afdc036ffe66a9ee
SHA256 9b05ecd68b7b09b880971dc91e357dbb50f7cd1354e5be6a6c8fde2e3717033e
SHA3 10287ac916189d75fe3fa8a779c513ecaa60f5449072b1c50ba37dce7a79fdc1
VirtualSize 0x92
VirtualAddress 0x4000
SizeOfRawData 0x200
PointerToRawData 0xe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.47762

Imports

KERNEL32.dll lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Delayed Imports

_FindProcess

Ordinal 1
Address 0x13ff

_KillProcess

Ordinal 2
Address 0x143e

_Unload

Ordinal 3
Address 0x109e

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xd61fa57
Unmarked objects 0
Imports (VS2003 (.NET) build 4035) 3
Total imports 15
C objects (VS2003 (.NET) build 3077) 1
Exports (VS2003 (.NET) build 3077) 1
Linker (VS2003 (.NET) build 3077) 1

Errors

[*] Warning: Section .data has a size of 0!
<-- -->