19927f9acb00ca90b7c24e7660ae6c9c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2018-Mar-02 12:17:54
Detected languages English - United States

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The PE's resources are bigger than it is.
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Suspicious The PE is possibly a dropper. Resource 105 is possibly compressed or encrypted.
Resource 101 is possibly compressed or encrypted.
Resource 102 is possibly compressed or encrypted.
Resource 103 is possibly compressed or encrypted.
Resource 104 is possibly compressed or encrypted.
Resources amount for 205.587% of the executable.
Suspicious VirusTotal score: 2/67 (Scanned on 2018-03-11 10:13:37) Invincea: heuristic
CrowdStrike: malicious_confidence_80% (W)

Hashes

MD5 19927f9acb00ca90b7c24e7660ae6c9c
SHA1 1666e82df5fcb2754c4585d5097be74ac3ae7796
SHA256 a99b5976bd45c2b86a3da2470b3e07f9355c3319b3724cfb1021a6eaa2c805f1
SHA3 6ff4fdd1acb9653cdde6c447d9a80ad9c26c731c832aa8af111d890d220a5c57
SSDeep 12288:GNd8tJ43nmU9KFSogb33nGuLsJrRKKQEl1Dzivmt+:1tMmU9KFSogb32uLs+Sl1Dcm
Imports Hash e97d94ba5e8ddd5e4d5c6105f18030e1

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2018-Mar-02 12:17:54
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x7c000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x9c000
AddressOfEntryPoint 0x118680 (Section: UPX1)
BaseOfCode 0x9d000
BaseOfData 0x119000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x11a000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470
VirtualSize 0x9c000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

UPX1

MD5 532678647d519d6714d2b0deee90c9d5
SHA1 9159f95a4bd9b689d1242e603d03064a77f9d444
SHA256 34d090973b9ae2c852e4a74ce54c001ab571aac1b2c834228b0501d4bbe1f034
SHA3 fac4875402a34d8fc1d300a64f573a1a83a42427daad652171400cd956850c32
VirtualSize 0x7c000
VirtualAddress 0x9d000
SizeOfRawData 0x7ba00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.84038

.rsrc

MD5 ab9bc1064bf5da32ce719ec6ff325cbc
SHA1 953b6574448aea42acbc236f64743af16f337289
SHA256 b1a1adfe1079f73d6d643991340ece87aec470d8e4427caf9c71a04a1c36738e
SHA3 5cf6c5bd29b6b62b7191fca6c92c6f993f61eb613b0cc8efec5e576521a52161
VirtualSize 0x1000
VirtualAddress 0x119000
SizeOfRawData 0x800
PointerToRawData 0x7be00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.34552

Imports

api-ms-win-crt-heap-l1-1-0.dll free
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-math-l1-1-0.dll sin
api-ms-win-crt-runtime-l1-1-0.dll exit
api-ms-win-crt-stdio-l1-1-0.dll _set_fmode
api-ms-win-crt-time-l1-1-0.dll clock
api-ms-win-crt-utility-l1-1-0.dll abs
GDI32.dll CreateFontA
GLU32.dll gluPerspective
KERNEL32.DLL LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
MSVCP140.dll ?_Xbad_alloc@std@@YAXXZ
OPENGL32.dll glEnd
USER32.dll GetDC
VCRUNTIME140.dll memcpy
WINMM.dll waveOutOpen

Delayed Imports

105

Type MODFILE
Language English - United States
Codepage UNKNOWN
Size 0xdee0
Entropy 7.7953
MD5 4728fbf442c8ba70cfbba03b1c39b2cb
SHA1 3236b7de7535078e24e2965811d85541445376c6
SHA256 26cc1464d80a25346ad1822ba19abb0050270585d9be6991937eabd566f9a567
SHA3 2e04c7b668a661a4e69c86e129f4850f6c82372fd93551434e745602d4c4b26c

101

Type RAW
Language English - United States
Codepage UNKNOWN
Size 0xc000
Entropy 7.72344
MD5 d49db82c2a595f2eec69e5b185cfd052
SHA1 1836edd470e65416ec9a80e2091b4e75b66cef74
SHA256 4a4ef30e6390babe2b2d1c1903b00f88db63ad533273d3acdcd3b6172c285e30
SHA3 5c916bb6832fbaeb9caf34a889d4a6cd4ab146af395dcba8ae4256fa2d17110f

102

Type RAW
Language English - United States
Codepage UNKNOWN
Size 0x46b9c
Entropy 7.81204
MD5 1dc017936c383820aacf2f38da9874d8
SHA1 b27a849959e3eec4a37202d6893422450ef47a09
SHA256 818090c25b23257406db4e382476865274390d87aa05c77a4b6c4844aa0c98f2
SHA3 4d425ba1a77dbff31fb32dbb66eb6526330bcd196dc6f38a168dba1e1b7e0ce0

103

Type RAW
Language English - United States
Codepage UNKNOWN
Size 0x5be00
Entropy 7.81223
MD5 7e93bc9730beeaf7065fa7d2c8509ff9
SHA1 b29d7ce188c0bb2557270aa621aa20f91843ad9a
SHA256 f9db3e6b7220cf3578c258fa79d2fcbcbdc92987af5756ea0c8c8de0322cfa06
SHA3 0ed0b52461123f8d8f9a5141026f8eeb55239f6b50d88a970e0961ce0b3ca18f

104

Type RAW
Language English - United States
Codepage UNKNOWN
Size 0x43134
Entropy 7.8158
MD5 043bf6d2bebeba19ad984f794d3eab2b
SHA1 7e2889adb45ef4d0bd88847bd82528f903373f1a
SHA256 00afed005b863efeb7b36028a27c1a6bfe8320ca0c37dcfdb3e34b3474272c09
SHA3 d14977390ba2b7977a6cb0ed7be4cb7b651b7aae4731ba489840634e376c2740

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 f9bb44aef537881abf673616b9f61c56530cf3a96292ccf2ae5654beffc84ec6

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not reach the TLS callback table. [*] Warning: Section UPX0 has a size of 0! [*] Warning: Section UPX0 has a size of 0!