Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2018-Oct-03 10:33:16 |
Suspicious | PEiD Signature: | HQR data file |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Suspicious | The PE is possibly packed. |
Unusual section name found: .nv_fatb
Unusual section name found: .nvFatBi |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Safe | VirusTotal score: 0/72 (Scanned on 2019-05-10 10:53:12) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x120 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 9 |
TimeDateStamp | 2018-Oct-03 10:33:16 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x69d000 |
SizeOfInitializedData | 0x8bd400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x000000000066F4EC (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.0 |
ImageVersion | 0.0 |
SubsystemVersion | 6.0 |
Win32VersionValue | 0 |
SizeOfImage | 0xf5f000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
VCOMP140.DLL |
_vcomp_for_static_simple_init
_vcomp_for_static_end omp_get_thread_num omp_get_max_threads _vcomp_fork _vcomp_set_num_threads |
---|---|
KERNEL32.dll |
WriteConsoleW
FlushFileBuffers FindNextFileA FindFirstFileExA FindClose GetProcAddress FreeLibrary QueryPerformanceCounter SetEnvironmentVariableA TlsAlloc TlsFree TlsGetValue TlsSetValue InitializeCriticalSection DeleteCriticalSection EnterCriticalSection TryEnterCriticalSection LeaveCriticalSection GetCurrentProcessId GetCurrentThreadId CloseHandle SwitchToThread HeapSize GetModuleFileNameA HeapDestroy HeapAlloc HeapFree HeapReAlloc HeapCreate LocalAlloc GetSystemDirectoryW CreateFileW LocalFree GetModuleHandleW SetLastError LoadLibraryExW SetEndOfFile RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent IsDebuggerPresent GetStartupInfoW GetSystemTimeAsFileTime InitializeSListHead GetLastError GetModuleFileNameW RtlPcToFileHeader EncodePointer RaiseException RtlUnwindEx InitializeCriticalSectionAndSpinCount ReadFile ExitProcess GetModuleHandleExW SetStdHandle GetFileType MultiByteToWideChar WideCharToMultiByte GetStdHandle WriteFile GetCommandLineA GetCommandLineW GetACP CompareStringW LCMapStringW GetConsoleMode ReadConsoleW SetFilePointerEx GetConsoleCP GetStringTypeW IsValidCodePage GetOEMCP GetCPInfo GetEnvironmentStringsW FreeEnvironmentStringsW GetProcessHeap |
ADVAPI32.dll |
SystemFunction036
|
Ordinal | 1 |
---|---|
Address | 0x740830 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2018-Oct-03 10:33:16 |
Version | 0.0 |
SizeofData | 1048 |
AddressOfRawData | 0x6e70fc |
PointerToRawData | 0x6e64fc |
Size | 0x94 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140740870 |
XOR Key | 0x1532af26 |
---|---|
Unmarked objects | 0 |
241 (40116) | 24 |
243 (40116) | 140 |
242 (40116) | 74 |
Imports (65501) | 2 |
Imports (23406) | 2 |
ASM objects (23406) | 13 |
C++ objects (23406) | 38 |
C objects (23406) | 19 |
C objects (VS2010 SP1 build 40219) | 1 |
Imports (VS2008 SP1 build 30729) | 5 |
Total imports | 143 |
C++ objects (VS2010 SP1 build 40219) | 16 |
C++ objects (VS2015 UPD1 build 23506) | 4 |
Exports (VS2015 UPD1 build 23506) | 1 |
Linker (VS2015 UPD1 build 23506) | 1 |