0fa129ec9de70bacb14c6901a28bb313

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2018-Oct-03 10:33:16

Plugin Output

Suspicious PEiD Signature: HQR data file
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE is possibly packed. Unusual section name found: .nv_fatb
Unusual section name found: .nvFatBi
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Safe VirusTotal score: 0/72 (Scanned on 2019-05-10 10:53:12) All the AVs think this file is safe.

Hashes

MD5 0fa129ec9de70bacb14c6901a28bb313
SHA1 4103ea7f65a4a550e0f4db695114fdb5cbe5c5e3
SHA256 db6df739edf4fada83239919adabc370163bcb4c05c37fbfdee4d4664ffa7010
SHA3 7540cc9b2e85372328eb4458846eeec2ed1c63c2b3755797f06d920f6d57b316
SSDeep 196608:LdwyE8/luDh95+5h531v13UcZq32t+vLAxEz/rNwytWCao8Nh7gi8kIkLoefMZt:LdwJLg5Dlg4+9G3
Imports Hash 67822e92050242d3e93c93bd30b2c094

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x120

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 9
TimeDateStamp 2018-Oct-03 10:33:16
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x69d000
SizeOfInitializedData 0x8bd400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000066F4EC (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xf5f000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 dfee961ad344b5dea17f72c681d65603
SHA1 167a0fef9f4c8e48895a494909b451785367c20e
SHA256 9a62317019d0c53a211adfc0a14e2379b2d10b958b1521957736eabde3cc7a04
SHA3 8565b13182d869aca9f28a240da45a1ad07cfacb94bc8ecb77f3236e99e06acd
VirtualSize 0x69cf1d
VirtualAddress 0x1000
SizeOfRawData 0x69d000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.19922

.rdata

MD5 982a752c53cf6cc05ab748017854cdab
SHA1 0628bab78c2479ac82ba772541b6d8fc9b232a65
SHA256 5547387f3b71106bb6bed97e7dce796f70d6f607b174e8d973b035ca03d395b3
SHA3 4175435da665317cfd45f50133947b345d86c2b738e486c87bc7881dfe3b4784
VirtualSize 0xa1abc
VirtualAddress 0x69e000
SizeOfRawData 0xa1c00
PointerToRawData 0x69d400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.55695

.data

MD5 71d3953c55cd1e1095f039430b982deb
SHA1 b4a7dc0b42f006811b539a3e7eee28383454d948
SHA256 8a1c291404adccc159f8987eaa216ffcbda48fef6dd87dd16bbf611527c81cfb
SHA3 6f720f0299f2376b2546cc77c02ce1068a136e3eaab1ce55e1fd2a08e308d03e
VirtualSize 0x608c
VirtualAddress 0x740000
SizeOfRawData 0x1600
PointerToRawData 0x73f000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.99579

.pdata

MD5 d727f15e8b6d078bbe54ecd3572b64a7
SHA1 57151685ab983e1cb0c15735e50dedfcdf3afcdd
SHA256 d3b19b150a63661be7e6e95938350303a115979788b9b61caef64e70dd0a19a4
SHA3 1bf4654755d328c82bc1e6f477dc31bf8dad15846b9475d4cc17355b5f61a409
VirtualSize 0x1d7a8
VirtualAddress 0x747000
SizeOfRawData 0x1d800
PointerToRawData 0x740600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.29135

.nv_fatb

MD5 b61585c02a503590692ad4f1b73bbe95
SHA1 5f5d924e41199f57f57079a21e584f6362a2a2fc
SHA256 b6f83a289482c0a4dda3680361067ea6bd9cfde1220cab89301e4b9985fb9ef9
SHA3 29ef8d052da418b1d4264824033261c66a66a8dea3e2226cee7f9cea0c4c826e
VirtualSize 0x7eec78
VirtualAddress 0x765000
SizeOfRawData 0x7eee00
PointerToRawData 0x75de00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.92529

.nvFatBi

MD5 6bf97cb5151c35089cc8c6c3c5866bd2
SHA1 e7c636e37128ade88f2d9251f5dbcf52e91f6a62
SHA256 b6cae773bd8fa651346a6ae863ec0855415088bf31221fbd66572e7f6dbe7f16
SHA3 adf3fd5923bf9db864d891a1cc3a766ab8e72ee4b0052b55aefc8d6af3ef6b10
VirtualSize 0x30
VirtualAddress 0xf54000
SizeOfRawData 0x200
PointerToRawData 0xf4cc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.434161

.gfids

MD5 3f428df773db72cc228d2c9bc558b517
SHA1 733fab0d0ab13a5f2813bbee4c46bca5f8dae4e2
SHA256 06553a8bf7ddb0f058aef5c0a6872e0fe0720e19e2c0fdea2d1d9a6a9ae78a1a
SHA3 e070fb7bdd11314088aa3d238983fafb9a2e3ac6c6df76532f73c8f9ef16fa5e
VirtualSize 0xf4
VirtualAddress 0xf55000
SizeOfRawData 0x200
PointerToRawData 0xf4ce00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.06941

_RDATA

MD5 6d14eb7565726750bb0df2c22b188ee5
SHA1 033b192a5b5a9e14ea58aae3712eac9cb3250256
SHA256 d4473faf596426b54016cbb530bc28cecee11f82c84cbdbf804b750de2830714
SHA3 103fb2414a25e15da4fe938631c1021d67151e46522a7d20282677a385da39de
VirtualSize 0x7f30
VirtualAddress 0xf56000
SizeOfRawData 0x8000
PointerToRawData 0xf4d000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.37964

.reloc

MD5 19f38bda9053f88081cf3433837ff4d5
SHA1 a5c986012fca208bc70d278ed7112e10ac5f3cb1
SHA256 24640014c479b76aac8ea0dc1ad0c9dacae7ec7751f8217a5eac0346db13da58
SHA3 8875902d21bdb40ec4eb32dda60216ff8ddbed800543e3a5d522c54dfcf464b3
VirtualSize 0xa70
VirtualAddress 0xf5e000
SizeOfRawData 0xc00
PointerToRawData 0xf55000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.13407

Imports

VCOMP140.DLL _vcomp_for_static_simple_init
_vcomp_for_static_end
omp_get_thread_num
omp_get_max_threads
_vcomp_fork
_vcomp_set_num_threads
KERNEL32.dll WriteConsoleW
FlushFileBuffers
FindNextFileA
FindFirstFileExA
FindClose
GetProcAddress
FreeLibrary
QueryPerformanceCounter
SetEnvironmentVariableA
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
CloseHandle
SwitchToThread
HeapSize
GetModuleFileNameA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapCreate
LocalAlloc
GetSystemDirectoryW
CreateFileW
LocalFree
GetModuleHandleW
SetLastError
LoadLibraryExW
SetEndOfFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
GetModuleFileNameW
RtlPcToFileHeader
EncodePointer
RaiseException
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
ReadFile
ExitProcess
GetModuleHandleExW
SetStdHandle
GetFileType
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
CompareStringW
LCMapStringW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetStringTypeW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
ADVAPI32.dll SystemFunction036

Delayed Imports

NvOptimusEnablementCuda

Ordinal 1
Address 0x740830

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2018-Oct-03 10:33:16
Version 0.0
SizeofData 1048
AddressOfRawData 0x6e70fc
PointerToRawData 0x6e64fc

TLS Callbacks

Load Configuration

Size 0x94
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140740870

RICH Header

XOR Key 0x1532af26
Unmarked objects 0
241 (40116) 24
243 (40116) 140
242 (40116) 74
Imports (65501) 2
Imports (23406) 2
ASM objects (23406) 13
C++ objects (23406) 38
C objects (23406) 19
C objects (VS2010 SP1 build 40219) 1
Imports (VS2008 SP1 build 30729) 5
Total imports 143
C++ objects (VS2010 SP1 build 40219) 16
C++ objects (VS2015 UPD1 build 23506) 4
Exports (VS2015 UPD1 build 23506) 1
Linker (VS2015 UPD1 build 23506) 1

Errors

<-- -->