187844dd97b627aebbfe8f1fa98dd2b2

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2024-Oct-30 21:04:21

Plugin Output

Suspicious The PE is possibly packed. The PE only has 3 import(s).
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 187844dd97b627aebbfe8f1fa98dd2b2
SHA1 4f4c386c7e234e05369fea5a9051ef323761cefc
SHA256 dfa91ee05fe21f1238f5bf6275266e789dd7de0f08059b131db24349499e0921
SHA3 4a346d1aff7d22db11e76c625ddb0bffc09ded6774b3fdcf8e33a40867e308ea
SSDeep 6:idqIHVg3F+X32w7j2S0nNGOjj/t4n4E5CmTluqEF7wg25Bo7Sk:ev1GSGw7jxgZvC3hTXLg25Bo7Sk
Imports Hash 41d950c3843f28a4ffc77f7236207d3d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 3
TimeDateStamp 2024-Oct-30 21:04:21
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x200
SizeOfInitializedData 0x400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001000 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x4000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 ec2fb14ab62559ecb4ab01a60ba2d52b
SHA1 858d4e089def62b841367779114f914f13ddda7d
SHA256 3134d446a7920beb70be60c7b248439f4b6d8afa9933f4cf05e16d69e4d2f5cd
SHA3 0fd4df0eb41ae843d11bcce796b5e68ba99232368e9059fee09308a4cdf847c2
VirtualSize 0x54
VirtualAddress 0x1000
SizeOfRawData 0x200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 0.97336

.rdata

MD5 eb5c9efe54d29a370fed5d23c1147bef
SHA1 b3fd61cf418aa73f2b6edb3aa63a997bb4d0ac7f
SHA256 aa4b76a5a8c85f9c018c54a4df45355f46aa9221d0f34ba5108834b6482897db
SHA3 ecb7a9e154bdd0ddade74fbb07d3cd9b6b1db0f8f5fa70da9c4a242e4d75a4bf
VirtualSize 0xbc
VirtualAddress 0x2000
SizeOfRawData 0x200
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.30759

.data

MD5 33d51d25387cf298dd6377b1f31b8b8c
SHA1 a40f99b2d356765255489133494fca4e4cec777c
SHA256 4fb040cf25a6e8118c64857e300a93325c3d2b96ea0e4b7825ad547051ddc972
SHA3 a8bb7e3d74740825d8a558e01955f4e2aaa16b626e62b4d383c1da2a35b268bd
VirtualSize 0x13
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.261561

Imports

KERNEL32.dll ExitProcess
WriteConsoleA
GetStdHandle

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x946f06c5
Unmarked objects 0
Imports (30795) 3
Total imports 3
ASM objects (33811) 1
Linker (33811) 1

Errors

<-- -->