0dfbcbd35f1a0496a45e13d2f1a5269c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2018-Apr-29 14:35:15
Comments KGMBFJadKuSkVXeskfeqNDORWDHnzPZYFjCDXnrwQQFcCtyFIKgEpXsxsvfCCneu
FileDescription vPWUeUdmCRjUN
FileVersion 14.56.93.13
InternalName WsatConfig.exe.rsp
LegalCopyright Copyright © laxyl
OriginalFilename WsatConfig.exe.rsp
ProductName vfmVaUw
ProductVersion 14.56.93.13
Assembly Version 14.56.93.13

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: vGvG#iy}
Section vGvG#iy} is both writable and executable.
Unusual section name found:
The PE only has 1 import(s).
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 0dfbcbd35f1a0496a45e13d2f1a5269c
SHA1 4378ca90708fd407b2deb2ee2c642d798474ba0a
SHA256 fb45f1c3ba66bb674b78a95cb095220cd93207cc089fe01e43f5fc5447ba38ba
SHA3 f4d18ea53b2b61ac317a5c739e86663a43c0529e94ee835c82bb7733881613e8
SSDeep 1536:py9zy5Qsktipm+IxDqJFhgx1MFKMspw5HL6O3tzWCF:pVebKYDqJFKLMFtspw5HL6O3tN
Imports Hash dae02f32a21e03ce65412f6e56942daa

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2018-Apr-29 14:35:15
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 11.0
SizeOfCode 0x7e00
SizeOfInitializedData 0x6a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0001600A (Section: )
BaseOfCode 0xa000
BaseOfData 0x2000
ImageBase 0x10000000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x18000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

vGvG#iy}

MD5 0488aa01353769f008dcff4c21cce16e
SHA1 031a5efa384d1b6f64fc3f401560a3bc4ef57d3a
SHA256 dcf4a34b2385fb8c7faa480c785d103bdcf99176d39d3a8a33e5c706c307db63
SHA3 9d1737be5f15574a676d7865ab9c69d116ee4c524551c684997a442e8cbd497e
VirtualSize 0x628c
VirtualAddress 0x2000
SizeOfRawData 0x6400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99162

.text

MD5 ea6356639871860f813db8416fab0d63
SHA1 0d2d10c735f323b438526f0fee4e7c167e01e593
SHA256 05706654f3d7e7407af43c150a40b5ac016542b7dbb83ca9bcdbf3c236b30010
SHA3 bce2997cc479ce910cde0367254208e7481513d968cd333d9071969189d38893
VirtualSize 0x7bf0
VirtualAddress 0xa000
SizeOfRawData 0x7c00
PointerToRawData 0x6800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.90384

.rsrc

MD5 7119d9cdb0ba1ff354da41a7e5033f29
SHA1 18c2562a314e9e8369ee2c77b9a231424ff3b092
SHA256 ab51febc6d6198b78d09a9214fabddc6b606a34a82ede081c6eeadf6d0a33e21
SHA3 9b3d65b39c15d0087d59425732608cebc7a616405bf0c1cbc4f88f4485c188bf
VirtualSize 0x3d8
VirtualAddress 0x12000
SizeOfRawData 0x400
PointerToRawData 0xe400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.37654

.reloc

MD5 f2ff62ebb5888edfe708681cfa2620c9
SHA1 1db123f71ca13bda4c7c9edf6038a680152a4418
SHA256 57a1e8245660a7b965cd5524fc57184fe0c4ee38fb9ec69248f148b09633aa78
SHA3 f922a01155f0ef8a804baf4eab2c356bde32c27c579355d56509b820ae8e3861
VirtualSize 0xc
VirtualAddress 0x14000
SizeOfRawData 0x200
PointerToRawData 0xe800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0980042

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x10
VirtualAddress 0x16000
SizeOfRawData 0x200
PointerToRawData 0xea00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 0

Imports

mscoree.dll _CorDllMain

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x380
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.62384
MD5 5fd810cfee6ef24df8be54e2a260fc2e
SHA1 6a15768372d84b209fa5849a0779cab401857f39
SHA256 f2d35be6238849f19437690669a1c4ba20466303d7db32a086d831bf6432a3ac
SHA3 9916ea236a710a58b57e8814159ac39d673cab7fd1f30954eb9ad0e6e996c011

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 14.56.93.13
ProductVersion 14.56.93.13
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_DLL
Language UNKNOWN
Comments KGMBFJadKuSkVXeskfeqNDORWDHnzPZYFjCDXnrwQQFcCtyFIKgEpXsxsvfCCneu
FileDescription vPWUeUdmCRjUN
FileVersion (#2) 14.56.93.13
InternalName WsatConfig.exe.rsp
LegalCopyright Copyright © laxyl
OriginalFilename WsatConfig.exe.rsp
ProductName vfmVaUw
ProductVersion (#2) 14.56.93.13
Assembly Version 14.56.93.13
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section is larger than the executable! [*] Warning: Section is larger than the executable! [*] Warning: Section is larger than the executable!
<-- -->