Architecture |
IMAGE_FILE_MACHINE_AMD64
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date |
2012-May-14 23:00:51
|
TLS Callbacks |
2 callback(s) detected.
|
Suspicious |
The PE is possibly packed. |
Unusual section name found: .xdata
|
Malicious |
The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
- GetProcAddress
- LoadLibraryA
Functions related to the privilege level:
- AdjustTokenPrivileges
- OpenProcessToken
Changes object ACLs:
|
Safe |
VirusTotal score: 0/73 (Scanned on 2019-05-11 03:58:16) |
All the AVs think this file is safe.
|
MD5 |
1a985147e4ab082a3f4da52a27525aa4
|
SHA1 |
2899fd61842ba03b7527728774d2e64491b66251
|
SHA256 |
03e7fc4b59ef56723f33c3531c292288051670a34112c1f8c896b0309fe8df78
|
SHA3 |
e061dca7766167ba7e4c3f10c78dc2322906e1ad0642f4d7a4c9d70fa8359972
|
SSDeep |
384:c8enyH3Ghd+HM79DNSh75ECRUAeDDTt/NGJ/ZWvYR8LOdwPjwhYY1DRB7MZRhSc:gFHih759RmhEboYR8aTtBIdCkU7
|
Imports Hash |
52e767394a394cd83ca527afb3ddeffe
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x80
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections |
9
|
TimeDateStamp |
2012-May-14 23:00:51
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xf0
|
Characteristics |
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32+
|
LinkerVersion |
2.0
|
SizeOfCode |
0x5600
|
SizeOfInitializedData |
0x2800
|
SizeOfUninitializedData |
0xa00
|
AddressOfEntryPoint |
0x0000000000001530 (Section: .text)
|
BaseOfCode |
0x1000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
0.0
|
SubsystemVersion |
5.2
|
Win32VersionValue |
0
|
SizeOfImage |
0xf000
|
SizeOfHeaders |
0x400
|
Checksum |
0xe388
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve |
0x200000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
e3d96a497caeea09d0f2a324078be594
|
SHA1 |
91b67bd4c19a87057c5c81661d48c014a436c4d5
|
SHA256 |
0e8a599b622426abcf86cea5973b4a2814f6c70a629c03f81e0580f3feac02c6
|
SHA3 |
b5abf42d44822838563e1df00e4a08365d1938e0c15b267446c214ee55eefd5d
|
VirtualSize |
0x54a0
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x5600
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
6.02673
|
MD5 |
86c5a14c44e58db75ec80873d17b4ba0
|
SHA1 |
29464afa80699f6207fb09c902e8a01975a0b1b4
|
SHA256 |
889bc9c7c8caffaf8d9bfaa11e33ba101d398116eabd1f51ccbf5f4c9c9dc77d
|
SHA3 |
8432b20057a48a9455853ee4e5fe65249f5cf2edf14d66d5566cbb5e4030942f
|
VirtualSize |
0x80
|
VirtualAddress |
0x7000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x5a00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.636744
|
MD5 |
13dafb57c8ebeac01dc316f469b87d56
|
SHA1 |
bc9fa58ef725f1c5e58e2db3d6a1767a7424c85c
|
SHA256 |
519d841bb0c8a921566418e96cbc2ec76156d05c01d7d741025ba2b2ea46f35b
|
SHA3 |
ba3aef5721982436b7f9fcef32390a53eaf950d1585d04d0e3c1a48e2120feb8
|
VirtualSize |
0xac0
|
VirtualAddress |
0x8000
|
SizeOfRawData |
0xc00
|
PointerToRawData |
0x5c00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
3.471
|
MD5 |
6a3c175f5fcc118f308f87eb19afa648
|
SHA1 |
faaddeaff24aa2fcda7453e0044ce2b4b0fe0aa2
|
SHA256 |
f644f81918844f261bb97ed2a8322cbe5c3defc4b9c42fc5223be81b797e4f24
|
SHA3 |
3e1bfd6932f7ce2ce46c77b708f453654f5ad0d49f8634a04102da433425ab48
|
VirtualSize |
0x3cc
|
VirtualAddress |
0x9000
|
SizeOfRawData |
0x400
|
PointerToRawData |
0x6800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
3.94505
|
MD5 |
a88de21247c7ce362796737745e90e7e
|
SHA1 |
d1f6c70bb1b05ad94346ceacf213599e5ca4a2ce
|
SHA256 |
ad6a7d98c7f1118f6371651314662e4717f88bd42456d3ddb7bce1ef0b4a4873
|
SHA3 |
3673cf3fcd62193b350cfdf21271f66497b2dc2ccc38e1a7ad4ff793457f4b4e
|
VirtualSize |
0x3cc
|
VirtualAddress |
0xa000
|
SizeOfRawData |
0x400
|
PointerToRawData |
0x6c00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
4.14213
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x9e0
|
VirtualAddress |
0xb000
|
SizeOfRawData |
0
|
PointerToRawData |
0
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
fac53ee0587b7104be7fe0c531e790b4
|
SHA1 |
c80c105ee511809f4a6da641c51a9e3fb97475a9
|
SHA256 |
3b58d29c37a9e872c0076ae3cfa3c61d80e7f6165310a72eed24650cb21eadaa
|
SHA3 |
f158196e61b6db1a89c18d17c8b1619dc91534634a9f3b0461b7fe8d49554183
|
VirtualSize |
0xcec
|
VirtualAddress |
0xc000
|
SizeOfRawData |
0xe00
|
PointerToRawData |
0x7000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
4.00744
|
MD5 |
af82bac555a92d8af193465e18002822
|
SHA1 |
075588e112cbc72cdd896f4017927ab87c7ea4f6
|
SHA256 |
fbeac63ce7700e75314229d48fea26707899f2a1299b0ffa05cd7fc1e26e4b5d
|
SHA3 |
aecc9f1932792ff4e477b94d474d84325df44861917c3f91dbf518cacc6aac91
|
VirtualSize |
0x68
|
VirtualAddress |
0xd000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x7e00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.269445
|
MD5 |
afb4a111f85adf566145c36f40df1c4f
|
SHA1 |
e3fcf847a2025b5d42a5851d045c4fe5e5404063
|
SHA256 |
9da2a2fd448b260a473da971d2be371feb34fa8d583c5f999af68467086e2bf8
|
SHA3 |
c493d9ea1e8eaf973b3cefdea4f115d3c858d3f4bf34ace930ef233d5cae2507
|
VirtualSize |
0x48
|
VirtualAddress |
0xe000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x8000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.21777
|
ADVAPI32.dll |
AdjustTokenPrivileges
GetTokenInformation
LookupPrivilegeValueW
OpenProcessToken
SetEntriesInAclW
SetNamedSecurityInfoW
|
KERNEL32.dll |
CloseHandle
CreateFileW
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FindClose
FindFirstFileExW
FindNextFileW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
QueryPerformanceCounter
RemoveDirectoryW
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetFileAttributesW
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
|
msvcrt.dll |
__C_specific_handler
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
__wgetmainargs
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_lock
_onexit
_snwprintf
_unlock
abort
calloc
exit
fprintf
free
fwprintf
fwrite
malloc
memcpy
memmove
realloc
signal
strlen
strncmp
vfprintf
wcschr
wcscmp
wcslen
wcsncpy
wcsrchr
wprintf
|
SHELL32.dll |
SHFileOperationW
|
StartAddressOfRawData |
0x40e041
|
EndAddressOfRawData |
0x40e044
|
AddressOfIndex |
0x40b06c
|
AddressOfCallbacks |
0x40d040
|
SizeOfZeroFill |
0
|
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
0x0000000000404F20
0x0000000000404EF0
|
[*] Warning: Section .bss has a size of 0!