0887d43c83a9b3e5a4955b70dd663ef9

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2024-Jul-10 22:18:05
TLS Callbacks 2 callback(s) detected.
Debug artifacts Embedded COFF debugging symbols

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .xdata
Unusual section name found: /4
Unusual section name found: /19
Unusual section name found: /31
Unusual section name found: /45
Unusual section name found: /57
Unusual section name found: /70
Unusual section name found: /81
Unusual section name found: /92
Suspicious The file contains overlay data. 30736 bytes of data starting at offset 0x41000.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 0887d43c83a9b3e5a4955b70dd663ef9
SHA1 c66f22bb30d417e7de29c2e4c80711bd58ee78bd
SHA256 65b7c2504f24e0b1d41751e28f01819ee80c30c75b3c0d8cd5b6c878fa4e1027
SHA3 52dd47aa24b9b3f1d0c835185ab6032e8ce69099af0bc35bef735a3e75c6058e
SSDeep 6144:QmA5S+4Knkt2Ruz2uKVuGiEhHyzivCmogOKnNmi:rv8kwIqp2z2dB0i
Imports Hash 9e377166230687305909ec956ac10716

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 18
TimeDateStamp 2024-Jul-10 22:18:05
PointerToSymbolTable 0x41000
NumberOfSymbols 1395
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0x1a00
SizeOfInitializedData 0x3800
SizeOfUninitializedData 0x200
AddressOfEntryPoint 0x00000000000014F0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x4d000
SizeOfHeaders 0x600
Checksum 0x57708
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d02f0e171eda5439455653e6f96d1d6c
SHA1 bbdd1f952097d894b017996ac50870dc1c60137c
SHA256 9a4ad90ee709a60d43114b0072217d81d9865583c1aca5aa2733261bc86cf4f9
SHA3 a07e25b62730ffa9656a09d4cda8b0e7c09873a59ea3e0203ce065ec038da9d0
VirtualSize 0x1828
VirtualAddress 0x1000
SizeOfRawData 0x1a00
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.78517

.data

MD5 f76257178ecee8fe911547424e99987d
SHA1 5fb56fadc540f36087cefc89120527ba0709287a
SHA256 0f9bd4ea21d4b6e0bbb15c2a691a742d9c5833621621e425edb6b3f3bfc80112
SHA3 855c3335aef4695fe4bcceef554bb6d170066ae58f7496544e6a194da7232225
VirtualSize 0xb0
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.662281

.rdata

MD5 124930c6e9adeeb3eecab28cab9b221f
SHA1 911cd946b72d2c5f08af500d3fd2987ed8c7dd9b
SHA256 6a2033c73eb8c757b7777418f2996f2fc199bf3613dfa9e5f558c831dbd06688
SHA3 28bc6d8d8b0aed3f9028fcbadf3f14b00722b23ba0c76473da93e9d1f46ca14f
VirtualSize 0x890
VirtualAddress 0x4000
SizeOfRawData 0xa00
PointerToRawData 0x2200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.23599

.pdata

MD5 6434de6969fee0437b003af1bdf50dfc
SHA1 5f2d22dea3bc2f2fe1e41e679d0e27b2f039d0d1
SHA256 7462c74e1fd9f40652ae7572881c6a1b92ccf5c1db9f36f5a286efe5d4b2a012
SHA3 f1af09dfe8a7f3d0173a21118055409fb55ff9f49fca58a8fce1f1b61db2e41c
VirtualSize 0x234
VirtualAddress 0x5000
SizeOfRawData 0x400
PointerToRawData 0x2c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.42193

.xdata

MD5 7fbc1e07f28fb4810401bcb118ab41ea
SHA1 5c8b32449ae1910d35989c9028d533b48513ed39
SHA256 719d9a286d935bbf6fabf47e16651f5d90b47f6fffb438e2f8756071334b7f8a
SHA3 209459be70539dace0d20ef32bfec9447e8d23ec866569758ffbbe8bcffb58f7
VirtualSize 0x1b4
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x3000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.33431

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x1a0
VirtualAddress 0x7000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 f82573a020ca4a3975f796e9aeac47b2
SHA1 5a25b06b0165f8745af8f5eca624263719398e45
SHA256 451f8da43f962bb11429cf8e2aa41779bf99fdec9fdf0d2b03c2aeda3dd379dc
SHA3 10f520001da7c60683f14b83e09f63bbe82e3f42d9d5b5287133fa5b0c7df6f6
VirtualSize 0x59c
VirtualAddress 0x8000
SizeOfRawData 0x600
PointerToRawData 0x3200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.69263

.CRT

MD5 d54dbce2550b8639a04f70635e25cd71
SHA1 82fa738ae0fbba8c470baf6362df166efb321a09
SHA256 f7854afcd146b5f93a8d4cb53f895b223d6a02b70564ee5f7d70135ad4c91c2b
SHA3 df2d792e70d3308d9e0060827e6f0f78ba0ca494225995059d0fe12df9707441
VirtualSize 0x68
VirtualAddress 0x9000
SizeOfRawData 0x200
PointerToRawData 0x3800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.340642

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x10
VirtualAddress 0xa000
SizeOfRawData 0x200
PointerToRawData 0x3a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.reloc

MD5 06adcdb7c6862d938eef5913aee3e83c
SHA1 bd18df74b625865d67cf8b4efa48bd5d1cecd376
SHA256 4c9dc5a91b8970d2c2e4796e5d3c843715f7d4a47ab17cdaaeb633885692ffea
SHA3 09b9140001842bc746421286440ae7f7f7ede313c09f97f8f0283d47127165ff
VirtualSize 0x84
VirtualAddress 0xb000
SizeOfRawData 0x200
PointerToRawData 0x3c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.49201

/4

MD5 79c3464d052585be907e6400e36d3ac8
SHA1 5e2a457373311092c0cae9a8cfec8ff5c4f345d4
SHA256 aa60f9d75fe8ca62f53804791aa61f70cfcde806ae9ea8d8787ac6a714c4ba13
SHA3 ad659f98e0ce3cfdb53dff8948fcea342d11af71dee2c124f32737e020f0bdf7
VirtualSize 0x470
VirtualAddress 0xc000
SizeOfRawData 0x600
PointerToRawData 0x3e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.41261

/19

MD5 f0249eedc5dc9d151df8b0fbf2574a74
SHA1 be7595d1c098d23a1c7c11bb6413be4518f9951c
SHA256 91a24226455687bd61d528525fa1b94e9e1d54e35e4470033ae9e78347027d99
SHA3 9b9a800d54828d0b2977b5b643220cada64a0e7d2344527d381d66e456787a87
VirtualSize 0x33ab5
VirtualAddress 0xd000
SizeOfRawData 0x33c00
PointerToRawData 0x4400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.02015

/31

MD5 f2ae43c7d448058e4828bbcec1a52850
SHA1 92a9db749c36f731a711f4688191d9014923a3a2
SHA256 20fb9c9eae3e49aad99bbc28da24a75972f82bd83692b1ecf938343100329586
SHA3 052fb73f584125159a53aec70335aa7535a28a25e0316cfd25d0b8740b6613dd
VirtualSize 0x22ad
VirtualAddress 0x41000
SizeOfRawData 0x2400
PointerToRawData 0x38000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.59145

/45

MD5 3620c53717343b669ab66a4c8f508a2b
SHA1 398163457a67bdcf51938b36bbf12da32d634896
SHA256 a3489c84ccd5744e78918d0a8306d9d7d217483a79c41b52ae8d6ab0ec7d6a75
SHA3 77b8a057e4a5a2d93f37646e241b9a37e0eb5761427103f3e32a3f206ec36996
VirtualSize 0x2c07
VirtualAddress 0x44000
SizeOfRawData 0x2e00
PointerToRawData 0x3a400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.31403

/57

MD5 c94525146eb12116991146d0f937a227
SHA1 8a1851492f29dfca61b3d433d81c373987503da7
SHA256 ed5ef8451ee46a5c39856c846480547f73a84069f9a678a67bfef16912992882
SHA3 39fa959bd3d96044978f2a11a9c8cf7cfeb7366bd5b303d077b78505fdedc666
VirtualSize 0x8e8
VirtualAddress 0x47000
SizeOfRawData 0xa00
PointerToRawData 0x3d200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.84962

/70

MD5 5f22ac69883406ddcc1112259ff4b447
SHA1 531f909f4a977c2493b3a8c720a930e62eaacd98
SHA256 3bc07ca58d6bcbef9c858257a3c3f4b001026769fd5d1c811fbad2b7f0ae95f0
SHA3 b47ace84bbd972728eda6140eeb95519e52d8f46526635f1f9f0b21222ff24cb
VirtualSize 0x58a
VirtualAddress 0x48000
SizeOfRawData 0x600
PointerToRawData 0x3dc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.61171

/81

MD5 46dd0ebb083eef73cb3052c44648b9c9
SHA1 659d3ada92963a4841b826262027bd7c72befc9f
SHA256 cd7e44150ae387810af32e9d25b4c77c0dc1be0daae1e266823dde8bb34c3a06
SHA3 a3f82f6cc3f29c146be2e258738dc8c3709f14c1eb56bf1eac89561f757c7484
VirtualSize 0x2700
VirtualAddress 0x49000
SizeOfRawData 0x2800
PointerToRawData 0x3e200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 2.06677

/92

MD5 50e27940802a645bb4aa42f933923872
SHA1 c4782aebcb070994473bd5a79a09e7cdb8e48fc0
SHA256 5eae22cebe5b210e2fcc29276c42806f90b7ca6677f0a2fab3da359f8c32a760
SHA3 8c781df85ccf95b3fd221d71f591203d75870fe2d946e04a6697e17ba0eedb8c
VirtualSize 0x4d0
VirtualAddress 0x4c000
SizeOfRawData 0x600
PointerToRawData 0x40a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.33444

Imports

KERNEL32.dll DeleteCriticalSection
EnterCriticalSection
GetLastError
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
msvcrt.dll __C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData 0x14000a000
EndAddressOfRawData 0x14000a008
AddressOfIndex 0x14000707c
AddressOfCallbacks 0x140009040
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x00000001400016A0
0x0000000140001670

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4! [*] Warning: Tried to read outside the COFF string table to get the name of section /19! [*] Warning: Tried to read outside the COFF string table to get the name of section /31! [*] Warning: Tried to read outside the COFF string table to get the name of section /45! [*] Warning: Tried to read outside the COFF string table to get the name of section /57! [*] Warning: Tried to read outside the COFF string table to get the name of section /70! [*] Warning: Tried to read outside the COFF string table to get the name of section /81! [*] Warning: Tried to read outside the COFF string table to get the name of section /92! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF symbol's section number is bigger than the number of sections! [*] Warning: COFF String Table's reported size is bigger than the remaining bytes! [*] Warning: Section .bss has a size of 0!
<-- -->