20ecdda404a5575763ecb22a76c6a5ba

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Apr-28 18:14:06
Detected languages English - United States

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Safe VirusTotal score: 0/63 (Scanned on 2017-09-07 10:41:50) All the AVs think this file is safe.

Hashes

MD5 20ecdda404a5575763ecb22a76c6a5ba
SHA1 c4bcca5c385f5d5753c9c42c42cbacf450d6000c
SHA256 2fbca35e033a0bd34b43ebbbb023bb98e6ac4063f9bb7800dd0f45b8bfe9a3e0
SHA3 579d80faefe304f96db8c030f7df0a069c644a550a06676f05f17c13de251221
SSDeep 1536:7/Wo8RqJrTcg+j4UundDphQWonnmRJlgckfF2vgUBsW1Idc9dlhIqcpt:bN8Ry4j4UufG9nnxckfFWl5SUoqc
Imports Hash a9ac3b80f482f75f81322b02a7763284

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x110

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2017-Apr-28 18:14:06
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xec00
SizeOfInitializedData 0xc000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x6200 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1f000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1cf239d8e11877bfd035cc109adb1e0b
SHA1 b691d513d78263c266da0c7188061e8d14f962d3
SHA256 4a45448d6ff5b5fac05eb0174b5151bf85dd20d335f61b109c064959c9b7145d
SHA3 3ff638d7c545af7aa9a6328ab8d35b846d728e3ff5c3d1544d93a3f083165eec
VirtualSize 0xead0
VirtualAddress 0x1000
SizeOfRawData 0xec00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.10357

.rdata

MD5 6c64dc5b6b3749996df7275e7f6306bd
SHA1 a48aac19f21f4f4317f212675020473fa2eacb4b
SHA256 b6d867773ca70fbc84f54663f8f27b38891b438f7b08813d20ee066475f30be3
SHA3 64c6c5f27222a96c8aac1905bb57ce0fb91bd822eb9f56d3bfd61007dd948694
VirtualSize 0x87fa
VirtualAddress 0x10000
SizeOfRawData 0x8800
PointerToRawData 0xf000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.81596

.data

MD5 f5f260a3bcf75e4875b7b738ccddc32a
SHA1 876358142e6e3d98b613b8ac298b7fb83d88d174
SHA256 3bada4a19b53f84c88a0de083128e9c1d84e3522a67e50c5ef525fbd2f5bf0bb
SHA3 0ab37fc45af5fad1a1b404c30d09ff2fe0a0a4a02994a0553697b5dc203ce70d
VirtualSize 0x1b98
VirtualAddress 0x19000
SizeOfRawData 0xa00
PointerToRawData 0x17800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.14076

.pdata

MD5 2dbcfd0bd89ac6333af856a8a2aaf384
SHA1 44abc43e705053617728a7f1a3c4ce39d679cd52
SHA256 e319922a9e3c367f99975ca1cb781eca04730e7d0ba7c7b9081adc4038b5457c
SHA3 14bd2266eae59e540b2db1e27cc8caf93c0918142956a4d7db14d6d9cfa4a79a
VirtualSize 0xe34
VirtualAddress 0x1b000
SizeOfRawData 0x1000
PointerToRawData 0x18200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.42414

.gfids

MD5 2639c8b341ea1cb496c6622763896bb2
SHA1 027d71360440d65b5f0b2d8ad2bdb01dcd74185f
SHA256 a6908ccbc63a588a103b0b6808f5690dc30774de070d7b35f9136a76a2d45cb7
SHA3 9d35201e7cbfc5d89b6b8e4c12ad014d736961d78cc76d76280eef90a6e55b50
VirtualSize 0x94
VirtualAddress 0x1c000
SizeOfRawData 0x200
PointerToRawData 0x19200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.21892

.rsrc

MD5 de5145d161ed080ad6598d7d6aee86e2
SHA1 f0c6a4c0a61e7301e3a27cec0aaf6a8ddcd52cec
SHA256 b51d11c56b0ea76aa0be644621238cee40099a411ed8cf5de2fe2829eaa1c6bf
SHA3 376b70bf68a22c1a5062d5f55a7a8eb12106de95ae550bb20750c07902d66d25
VirtualSize 0x1e0
VirtualAddress 0x1d000
SizeOfRawData 0x200
PointerToRawData 0x19400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.71768

.reloc

MD5 1810e915cf7f5d89a7c42a9174680624
SHA1 d979d8a467b295fbc082e992516acf3a712e0f97
SHA256 eaf9c2209ad90ea8307dbb41e721e3b6811300986e9e35c3e30d2dae4ccf95c8
SHA3 032be97cf8a929224c6560c6f3602c435f7250d9006b8f58b21b5fb8445cce14
VirtualSize 0x640
VirtualAddress 0x1e000
SizeOfRawData 0x800
PointerToRawData 0x19600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.81177

Imports

KERNEL32.dll VirtualProtect
GetCurrentProcess
VirtualProtectEx
GetSystemTime
CreateFileW
WriteConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
RaiseException
USER32.dll MessageBoxA

Delayed Imports

EntryPoint

Ordinal 1
Address 0x5c00

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 f9bb44aef537881abf673616b9f61c56530cf3a96292ccf2ae5654beffc84ec6

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2017-Apr-28 18:14:06
Version 0.0
SizeofData 732
AddressOfRawData 0x172a8
PointerToRawData 0x162a8

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2017-Apr-28 18:14:06
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0x94
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x180019000
SEHandlerTable 0
SEHandlerCount 0

Errors