Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date |
2018-Apr-29 14:35:15
|
Comments |
KGMBFJadKuSkVXeskfeqNDORWDHnzPZYFjCDXnrwQQFcCtyFIKgEpXsxsvfCCneu
|
FileDescription |
vPWUeUdmCRjUN
|
FileVersion |
14.56.93.13
|
InternalName |
WsatConfig.exe.rsp
|
LegalCopyright |
Copyright © laxyl
|
OriginalFilename |
WsatConfig.exe.rsp
|
ProductName |
vfmVaUw
|
ProductVersion |
14.56.93.13
|
Assembly Version |
14.56.93.13
|
Suspicious |
The PE is possibly packed. |
Unusual section name found: vGvG#iy}
Section vGvG#iy} is both writable and executable.
Unusual section name found:
The PE only has 1 import(s).
|
Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
MD5 |
0dfbcbd35f1a0496a45e13d2f1a5269c
|
SHA1 |
4378ca90708fd407b2deb2ee2c642d798474ba0a
|
SHA256 |
fb45f1c3ba66bb674b78a95cb095220cd93207cc089fe01e43f5fc5447ba38ba
|
SHA3 |
f4d18ea53b2b61ac317a5c739e86663a43c0529e94ee835c82bb7733881613e8
|
SSDeep |
1536:py9zy5Qsktipm+IxDqJFhgx1MFKMspw5HL6O3tzWCF:pVebKYDqJFKLMFtspw5HL6O3tN
|
Imports Hash |
dae02f32a21e03ce65412f6e56942daa
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x80
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
5
|
TimeDateStamp |
2018-Apr-29 14:35:15
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic |
PE32
|
LinkerVersion |
11.0
|
SizeOfCode |
0x7e00
|
SizeOfInitializedData |
0x6a00
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x0001600A (Section: )
|
BaseOfCode |
0xa000
|
BaseOfData |
0x2000
|
ImageBase |
0x10000000
|
SectionAlignment |
0x2000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
0.0
|
SubsystemVersion |
4.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x18000
|
SizeOfHeaders |
0x400
|
Checksum |
0
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
0488aa01353769f008dcff4c21cce16e
|
SHA1 |
031a5efa384d1b6f64fc3f401560a3bc4ef57d3a
|
SHA256 |
dcf4a34b2385fb8c7faa480c785d103bdcf99176d39d3a8a33e5c706c307db63
|
SHA3 |
9d1737be5f15574a676d7865ab9c69d116ee4c524551c684997a442e8cbd497e
|
VirtualSize |
0x628c
|
VirtualAddress |
0x2000
|
SizeOfRawData |
0x6400
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.99162
|
MD5 |
ea6356639871860f813db8416fab0d63
|
SHA1 |
0d2d10c735f323b438526f0fee4e7c167e01e593
|
SHA256 |
05706654f3d7e7407af43c150a40b5ac016542b7dbb83ca9bcdbf3c236b30010
|
SHA3 |
bce2997cc479ce910cde0367254208e7481513d968cd333d9071969189d38893
|
VirtualSize |
0x7bf0
|
VirtualAddress |
0xa000
|
SizeOfRawData |
0x7c00
|
PointerToRawData |
0x6800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
4.90384
|
MD5 |
7119d9cdb0ba1ff354da41a7e5033f29
|
SHA1 |
18c2562a314e9e8369ee2c77b9a231424ff3b092
|
SHA256 |
ab51febc6d6198b78d09a9214fabddc6b606a34a82ede081c6eeadf6d0a33e21
|
SHA3 |
9b3d65b39c15d0087d59425732608cebc7a616405bf0c1cbc4f88f4485c188bf
|
VirtualSize |
0x3d8
|
VirtualAddress |
0x12000
|
SizeOfRawData |
0x400
|
PointerToRawData |
0xe400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
3.37654
|
MD5 |
f2ff62ebb5888edfe708681cfa2620c9
|
SHA1 |
1db123f71ca13bda4c7c9edf6038a680152a4418
|
SHA256 |
57a1e8245660a7b965cd5524fc57184fe0c4ee38fb9ec69248f148b09633aa78
|
SHA3 |
f922a01155f0ef8a804baf4eab2c356bde32c27c579355d56509b820ae8e3861
|
VirtualSize |
0xc
|
VirtualAddress |
0x14000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0xe800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
0.0980042
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x10
|
VirtualAddress |
0x16000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0xea00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
0
|
Type |
RT_VERSION
|
Language |
UNKNOWN
|
Codepage |
UNKNOWN
|
Size |
0x380
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.62384
|
MD5 |
5fd810cfee6ef24df8be54e2a260fc2e
|
SHA1 |
6a15768372d84b209fa5849a0779cab401857f39
|
SHA256 |
f2d35be6238849f19437690669a1c4ba20466303d7db32a086d831bf6432a3ac
|
SHA3 |
9916ea236a710a58b57e8814159ac39d673cab7fd1f30954eb9ad0e6e996c011
|
Signature |
0xfeef04bd
|
StructVersion |
0x10000
|
FileVersion |
14.56.93.13
|
ProductVersion |
14.56.93.13
|
FileFlags |
(EMPTY)
|
FileOs |
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
|
FileType |
VFT_DLL
|
Language |
UNKNOWN
|
Comments |
KGMBFJadKuSkVXeskfeqNDORWDHnzPZYFjCDXnrwQQFcCtyFIKgEpXsxsvfCCneu
|
FileDescription |
vPWUeUdmCRjUN
|
FileVersion (#2) |
14.56.93.13
|
InternalName |
WsatConfig.exe.rsp
|
LegalCopyright |
Copyright © laxyl
|
OriginalFilename |
WsatConfig.exe.rsp
|
ProductName |
vfmVaUw
|
ProductVersion (#2) |
14.56.93.13
|
Assembly Version |
14.56.93.13
|
[*] Warning: Section is larger than the executable!
[*] Warning: Section is larger than the executable!
[*] Warning: Section is larger than the executable!