20ecdda404a5575763ecb22a76c6a5ba

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Apr-28 18:14:06
Detected languages English - United States

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Safe VirusTotal score: 0/63 (Scanned on 2017-09-07 10:41:50) All the AVs think this file is safe.

Hashes

MD5 20ecdda404a5575763ecb22a76c6a5ba
SHA1 c4bcca5c385f5d5753c9c42c42cbacf450d6000c
SHA256 2fbca35e033a0bd34b43ebbbb023bb98e6ac4063f9bb7800dd0f45b8bfe9a3e0
SHA3 e1fc180f22290b27e6b023bae764998aaec805c953d0ea5358033c0c15faa6b9
SSDeep 1536:7/Wo8RqJrTcg+j4UundDphQWonnmRJlgckfF2vgUBsW1Idc9dlhIqcpt:bN8Ry4j4UufG9nnxckfFWl5SUoqc
Imports Hash a9ac3b80f482f75f81322b02a7763284

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x110

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2017-Apr-28 18:14:06
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xec00
SizeOfInitializedData 0xc000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000006200 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1f000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1cf239d8e11877bfd035cc109adb1e0b
SHA1 b691d513d78263c266da0c7188061e8d14f962d3
SHA256 4a45448d6ff5b5fac05eb0174b5151bf85dd20d335f61b109c064959c9b7145d
SHA3 b30dfa7a7cfc46af646d4ab15b4b2d4ad84d16ac8c7b2c9306e655ce27a6e626
VirtualSize 0xead0
VirtualAddress 0x1000
SizeOfRawData 0xec00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.10357

.rdata

MD5 6c64dc5b6b3749996df7275e7f6306bd
SHA1 a48aac19f21f4f4317f212675020473fa2eacb4b
SHA256 b6d867773ca70fbc84f54663f8f27b38891b438f7b08813d20ee066475f30be3
SHA3 491abab48e6510c327b30b74032d32f03974593b2f373dee0e5c3b69a832be96
VirtualSize 0x87fa
VirtualAddress 0x10000
SizeOfRawData 0x8800
PointerToRawData 0xf000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.81596

.data

MD5 f5f260a3bcf75e4875b7b738ccddc32a
SHA1 876358142e6e3d98b613b8ac298b7fb83d88d174
SHA256 3bada4a19b53f84c88a0de083128e9c1d84e3522a67e50c5ef525fbd2f5bf0bb
SHA3 7fbeb54559d33e883dc176076a1b15839afb26972916dbfa5662baf1994d761f
VirtualSize 0x1b98
VirtualAddress 0x19000
SizeOfRawData 0xa00
PointerToRawData 0x17800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.14076

.pdata

MD5 2dbcfd0bd89ac6333af856a8a2aaf384
SHA1 44abc43e705053617728a7f1a3c4ce39d679cd52
SHA256 e319922a9e3c367f99975ca1cb781eca04730e7d0ba7c7b9081adc4038b5457c
SHA3 51818a8d2ee98003fd463435c47334ebbc3e2d6534c222c7db231250c24bc9e4
VirtualSize 0xe34
VirtualAddress 0x1b000
SizeOfRawData 0x1000
PointerToRawData 0x18200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.42414

.gfids

MD5 2639c8b341ea1cb496c6622763896bb2
SHA1 027d71360440d65b5f0b2d8ad2bdb01dcd74185f
SHA256 a6908ccbc63a588a103b0b6808f5690dc30774de070d7b35f9136a76a2d45cb7
SHA3 eabbcb51da4fdd307423cce22a9b7b839647247b44b38cfda19a9c8136b3daff
VirtualSize 0x94
VirtualAddress 0x1c000
SizeOfRawData 0x200
PointerToRawData 0x19200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.21892

.rsrc

MD5 de5145d161ed080ad6598d7d6aee86e2
SHA1 f0c6a4c0a61e7301e3a27cec0aaf6a8ddcd52cec
SHA256 b51d11c56b0ea76aa0be644621238cee40099a411ed8cf5de2fe2829eaa1c6bf
SHA3 01fab57493a43c2d8a37fcf428139fd1affc7ca461fc3920747ddf42e2a3148f
VirtualSize 0x1e0
VirtualAddress 0x1d000
SizeOfRawData 0x200
PointerToRawData 0x19400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.71768

.reloc

MD5 1810e915cf7f5d89a7c42a9174680624
SHA1 d979d8a467b295fbc082e992516acf3a712e0f97
SHA256 eaf9c2209ad90ea8307dbb41e721e3b6811300986e9e35c3e30d2dae4ccf95c8
SHA3 5299f9a7f360122c1cac68cf6da6be3aa23df045feae0793bd8ea8a7dfa749e6
VirtualSize 0x640
VirtualAddress 0x1e000
SizeOfRawData 0x800
PointerToRawData 0x19600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.81177

Imports

KERNEL32.dll VirtualProtect
GetCurrentProcess
VirtualProtectEx
GetSystemTime
CreateFileW
WriteConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
RaiseException
USER32.dll MessageBoxA

Delayed Imports

EntryPoint

Ordinal 1
Address 0x5c00

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2017-Apr-28 18:14:06
Version 0.0
SizeofData 732
AddressOfRawData 0x172a8
PointerToRawData 0x162a8

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2017-Apr-28 18:14:06
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0x94
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x180019000

RICH Header

XOR Key 0x68b77c31
Unmarked objects 0
241 (40116) 4
243 (40116) 117
242 (40116) 13
ASM objects (VS2015 UPD3 build 24123) 7
C++ objects (VS2015 UPD3 build 24123) 20
C objects (VS2015 UPD3 build 24123) 16
Imports (65501) 5
Total imports 89
265 (VS2015 UPD3 build 24213) 1
ASM objects (VS2015 UPD3 build 24210) 1
Exports (VS2015 UPD3 build 24213) 1
Resource objects (VS2015 UPD3 build 24210) 1
Linker (VS2015 UPD3 build 24213) 1

Errors

<-- -->