0a02f355c82d833484735fb18cecac79

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2001-Feb-09 01:29:31

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h)
Microsoft Visual C++
Microsoft Visual C++ v6.0
Microsoft Visual C++ v5.0/v6.0 (MFC)
Suspicious The PE is packed or was manually edited. The number of imports reported in the RICH header is inconsistent.
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Can access the registry:
  • RegOpenKeyExA
  • RegCloseKey
  • RegQueryValueExA
Enumerates local disk drives:
  • GetVolumeInformationA
Safe VirusTotal score: 0/61 (Scanned on 2017-04-19 05:07:26) All the AVs think this file is safe.

Hashes

MD5 0a02f355c82d833484735fb18cecac79
SHA1 785095f691830c25bb06ead8838178884aac0efe
SHA256 f47ef28ef0dc63f8bb29821a36667416434cd09bb7eaf7ca0cf668ab256e37ff
SHA3 4f9573964206ca1f2fc4020bae639ead8b93fa5714bf3d69a06a3136e97f26ed
SSDeep 12288:c7o93VTkWpl/kMV28rT9VKjca/kb/JdGXiV+jdzDe2V1Xbnwxff/WXJTH9rgVM+:lf9/F/rxa/k10m+jdzC2fIn/kW+Q
Imports Hash 8babb062ef768cebb24e3fa4ef76afcc

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2001-Feb-09 01:29:31
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x119000
SizeOfInitializedData 0x124000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00105B03 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x11a000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x23e000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 ea0b0a73f6a272fcbc277fc0d1c86993
SHA1 055135a52c64e919ac544810d6a4e0f37501cfff
SHA256 44d3c0414db6eca843c4167d849131b9799c59c37245d5242d42e7a017e97e67
SHA3 215535f3c161e45c9878ab252e4fb63c523747547c0f3fe894a8b7c362ae992e
VirtualSize 0x11840e
VirtualAddress 0x1000
SizeOfRawData 0x119000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.96885

.rdata

MD5 aa03cb186f64eaea4492236cafecefcc
SHA1 55d66a3588f88b1cf6c5862229e57b87a81314b2
SHA256 a42d27b910634eb1973484f98a900b879b76985ee6427b6272382cee2f5e3ddf
SHA3 be27206243731c7cab6d170dbbb23a387408ef0a29a21e79569444be1e0dcafe
VirtualSize 0x2fd6
VirtualAddress 0x11a000
SizeOfRawData 0x3000
PointerToRawData 0x11a000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.85666

.data

MD5 cb29e67b3e15ae5e432549fad7d42c50
SHA1 b1e68f8fc47871dac6557bc594c439e782fa647c
SHA256 b9f8a68da1a294ed6830e6141db455eb53b857856e371ae733a81e2e1e767c1f
SHA3 68a8348ec4088f7e7452c73c08b1b3e9fa7f9568e4b4defd175bb999ddeb1dea
VirtualSize 0x10da2c
VirtualAddress 0x11d000
SizeOfRawData 0x1c000
PointerToRawData 0x11d000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.91877

.idata

MD5 998aee22a39acff0f9d234c1558dddd5
SHA1 e68ce1fc624190cbca78e14f536f6419ac1e593e
SHA256 895baaaeadcd5447fbd5498964ba803e90caf06a26227ca8399477e6a6498132
SHA3 0c0b0ba344e23cc02a40affe95ee374edc7c4db672174f7b1f95383d226c8f5b
VirtualSize 0x13c1
VirtualAddress 0x22b000
SizeOfRawData 0x2000
PointerToRawData 0x139000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.06735

.reloc

MD5 78045ab94104bd60c43f0108806b8add
SHA1 c46134aa7983527fc40afc1ac4cc25caad06b58d
SHA256 e39b694aaadc99316dfd1b9a9e8b2d9206baf3e14ae23a5090c9b889108aae3f
SHA3 82cb5c13d716f3fc0062cc6a26ce1ae5f5b810d4a7a4fc602698b23818a5db4d
VirtualSize 0x102a2
VirtualAddress 0x22d000
SizeOfRawData 0x11000
PointerToRawData 0x13b000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.15808

Imports

KERNEL32.dll SetFilePointer
ReadFile
CreateFileA
GetFileSize
GetLastError
WriteFile
MoveFileA
DeleteFileA
FlushFileBuffers
FindClose
FindNextFileA
GetProcessHeap
HeapFree
FindFirstFileA
VirtualAlloc
VirtualFree
GlobalMemoryStatus
TerminateThread
SetThreadPriority
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
CreateThread
ResumeThread
SuspendThread
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
GetVolumeInformationA
GetCommandLineA
Sleep
WaitForMultipleObjects
ReleaseSemaphore
CreateSemaphoreA
GetVersionExA
GetSystemInfo
CreateEventA
WaitForSingleObject
ResetEvent
CloseHandle
DeleteCriticalSection
DuplicateHandle
GetCurrentThread
HeapAlloc
CompareStringW
SetStdHandle
CompareStringA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetEvent
UnhandledExceptionFilter
RtlUnwind
HeapSize
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
SetConsoleCtrlHandler
RaiseException
SetEndOfFile
GetStartupInfoA
GetModuleHandleA
HeapCreate
HeapDestroy
LoadLibraryA
SetEnvironmentVariableA
GetVersion
GetEnvironmentVariableA
GetOEMCP
GetACP
HeapReAlloc
GetModuleFileNameA
TerminateProcess
GetCPInfo
ExitProcess
GetProcAddress
WideCharToMultiByte
USER32.dll ShowWindow
SetCursor
PostQuitMessage
CreateWindowExA
GetSystemMetrics
RegisterClassA
LoadCursorA
LoadIconA
UpdateWindow
PostMessageA
DispatchMessageA
TranslateMessage
GetMessageA
SendMessageA
DefMDIChildProcA
SetScrollPos
GetWindowRect
SetWindowWord
SetWindowPos
GetDC
ReleaseDC
SetScrollInfo
ShowScrollBar
EndPaint
DefWindowProcA
MessageBoxA
BeginPaint
GetWindowWord
GDI32.dll GetStockObject
SelectObject
TextOutA
GetTextMetricsA
WINMM.dll timeKillEvent
timeGetTime
timeBeginPeriod
timeSetEvent
timeEndPeriod
ADVAPI32.dll RegOpenKeyExA
RegCloseKey
RegQueryValueExA
ole32.dll StringFromGUID2
DDRAW.dll DirectDrawCreateEx
DirectDrawEnumerateExA
DirectDrawCreate
DINPUT.dll DirectInputCreateA
DSOUND.dll #1
#2

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x975492c2
Unmarked objects 0
12 (7291) 2
C++ objects (8797) 6
14 (7299) 28
C objects (8797) 109
C objects (VS98 build 8168) 2
48 (8943) 19
C objects (8830) 3
37 (8755) 9
19 (8034) 13
Total imports 128
C objects (8799) 25
5 (VC++ 6.0 SP5 imp/exp build 8447) 2
C++ objects (8799) 147

Errors

<-- -->