139d624caa3c145423a4d4fbe4469d93

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2009-Nov-17 04:19:32

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 8.0
Suspicious The PE is possibly packed. Unusual section name found: .didat
The PE only has 0 import(s).
Suspicious The file contains overlay data. 19967 bytes of data starting at offset 0x70200.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 139d624caa3c145423a4d4fbe4469d93
SHA1 fddefb35de2be01f1eeb539c8aa8eb5fb9b93167
SHA256 fbe76d18f73bfac4cb8cc5157e75526b13ee62d46c710d52019e9b5d5b765e96
SHA3 23579eaaa2d4cddd11c693362aad23641e338d1719394d79b93a000102227510
SSDeep 48:KAVmKhoZ4Kja5JmIfGJMzS/SHSXfSf/S7SbS9A5nsun/Z5T5n7JzRLbqiHnlt8:JP5J7Jzu2+k/MMFsujFZRLOiHn
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2009-Nov-17 04:19:32
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x49c00
SizeOfInitializedData 0x26e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000045950 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x7ff99c500000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion A.0
ImageVersion A.0
SubsystemVersion A.0
Win32VersionValue 0
SizeOfImage 0x75000
SizeOfHeaders 0x400
Checksum 0x72da6
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x40000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 38a07b783b474a15d4c0d1da701ad7aa
SHA1 6e2bd35dff524a09e4915b6fced8cddf48fa8a7e
SHA256 2fd296df96dcc1d50fad7d66f8268973b58692b926f16fbc95553df416c4f71d
SHA3 a4069240417bacc85a0be192aebac8eb1c818eae8c69680da0a63e706a62a8a4
VirtualSize 0x49acb
VirtualAddress 0x1000
SizeOfRawData 0x49c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 0.163688

.rdata

MD5 79bfd1d69b2829b17ae13b80a6b48489
SHA1 a1e5f2c1b77dd5bda638afbe33db098f8e5c053a
SHA256 cd248e1cc2c0a9b30154d49ca21c8cbe35098927e06f6411b863bafdb5ce0c15
SHA3 426fa455c64c47124c10c8f59878e7f66f18f4bc5315132873ac290f73968ed9
VirtualSize 0x21ffa
VirtualAddress 0x4b000
SizeOfRawData 0x22000
PointerToRawData 0x4a000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0

.data

MD5 c99a74c555371a433d121f551d6c6398
SHA1 605db3fdbaff4ba13729371ad0c4fbab3889378e
SHA256 e5a00aa9991ac8a5ee3109844d84a55583bd20572ad3ffcd42792f3c36b183ad
SHA3 463c61ad03873aa9e82581205205acc3d3c8346c7037c43e4e241ee529f2dc27
VirtualSize 0x12a0
VirtualAddress 0x6d000
SizeOfRawData 0x800
PointerToRawData 0x6c000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.pdata

MD5 09619cad959a5c220c87f12082613988
SHA1 a226a79b48f704841e95cb923b8297f59459a984
SHA256 a5c0e37a6ba1219bc061630fe056b35f046fed334645689817a10f4be1ec5fa0
SHA3 d8d013efb38e898886183046eb539224d14a64bab13baa35bccae5a87ec55d44
VirtualSize 0x2c88
VirtualAddress 0x6f000
SizeOfRawData 0x2e00
PointerToRawData 0x6c800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0

.didat

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x1a0
VirtualAddress 0x72000
SizeOfRawData 0x200
PointerToRawData 0x6f600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 53e979547d8c2ea86560ac45de08ae25
SHA1 53ea2cb716f312714685c92b6be27e419f8c746c
SHA256 80422bc3d307b4a25bdafcc84ac7fb01cb55a09810e8b0f37bb12e0edb5c48ca
SHA3 98b444d887d755b7913e4a144d8a6ac6d1f2d7f0c3db6ba026997ec5f45d9573
VirtualSize 0x420
VirtualAddress 0x73000
SizeOfRawData 0x600
PointerToRawData 0x6f800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0

.reloc

MD5 0f343b0931126a20f133d67c2b018a3b
SHA1 60cacbf3d72e1e7834203da608037b1bf83b40e8
SHA256 5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef
SHA3 6841b2c10aa6e5f7a384143e4de58fbc9aa28a4b742e9ad4ed14ba148a723a43
VirtualSize 0x2c4
VirtualAddress 0x74000
SizeOfRawData 0x400
PointerToRawData 0x6fe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0

Imports

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_UNKNOWN

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

IMAGE_DEBUG_TYPE_UNKNOWN (#2)

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

IMAGE_DEBUG_TYPE_UNKNOWN (#3)

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

IMAGE_DEBUG_TYPE_UNKNOWN (#4)

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0
GuardCFCheckFunctionPointer 0
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0xb0f743f3
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 98
ASM objects (27412) 3
C objects (27412) 17
Total imports 401
Imports (27412) 11
C++ objects (27412) 10
Exports (27412) 1
264 (27412) 101
Resource objects (27412) 1
Linker (27412) 1

Errors

[*] Warning: Could not read the name of the DLL to be delay-loaded! [!] Error: Could not reach the TLS callback table.
<-- -->