22e765620ad2c1c14d5945df9eb50990

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE contains functions most legitimate programs don't use. Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 22e765620ad2c1c14d5945df9eb50990
SHA1 2e654d9d81fe67fc10c63c2c119fb56b289a9fdc
SHA256 7027cc91d66c9c16b173b636b6067c80cdfa1ba5067dd7c7cd07dd8286fc5d0b
SHA3 f0ba8c43ff1f2bd0445831fa33131bb75870c5084d1be4ce0f5109dc83d04fe0
SSDeep 768:dcHtHkWHjulRN8VpPPdbAWl2baAIQXTFLW3xoB/t3Ig6lQ:OBk3lzWD6xDFWo/FIb
Imports Hash 8046a90bd7e2c28efd7802ff62230336

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x4a00
SizeOfInitializedData 0x6600
SizeOfUninitializedData 0
AddressOfEntryPoint 0xF0030000 (Section: ?)
BaseOfCode 0x1000
BaseOfData 0x6000
ImageBase 0xffd0000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0xf000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 aeda28b550e15d9d042fae536624da6c
SHA1 420a2bf6388b5aa3514c18880f0bcbddac8f88dd
SHA256 aa71614c226e4cbd16b9d0a25c0236f58da53f1ed1a36e4382f94ef8e6a0d61f
SHA3 dba34a175714e762a09f2b837fa56fd146ca71ef00ea108181c55b268495eb58
VirtualSize 0x5000
VirtualAddress 0x1000
SizeOfRawData 0x4a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.31573

.data

MD5 b643f03f70d8ef77ea710af36ca7a7f5
SHA1 e244d3f138f8f9e5c582fba6d65ddc08e691d674
SHA256 87f48172dc7fa5cb75f8e12c0bd0361fa30768af5cdff6428ec12417d8f1821c
SHA3 08eebe23a91dd2b51ee9edfffc8c7b5f9b7ebc7373d09c323b6b06086c4b7f93
VirtualSize 0x7000
VirtualAddress 0x6000
SizeOfRawData 0x6200
PointerToRawData 0x4e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.43057

.idata

MD5 88a2b42100e1317aeaf3c68a4f48fb0a
SHA1 9cb457a7325bbd129c41c1f3e9bab89d4fec0822
SHA256 0114c12ecef2b02b6974b2e3e2913bf99b5f4b732f0b41a22f7ce6a437829201
SHA3 6c71638ff94c57708cd34111609927853343e2b4b3678627b27518c0b0f07c35
VirtualSize 0x1000
VirtualAddress 0xd000
SizeOfRawData 0x200
PointerToRawData 0xb000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.17342

.reloc

MD5 3dc8af4ccb696993a0c3aeca4ab376a0
SHA1 91bca527aa2619be86b6ee2a85e074c9ae74d786
SHA256 45356d797ebc69ea1b8c7c8fc442d1f13d663e6f02a9f7ce71c3695d2b66e1dd
SHA3 395e0e0e918cc414b47e1246c38e6440f1b40f8c7798ae512a28f63c980d75b4
VirtualSize 0x1000
VirtualAddress 0xe000
SizeOfRawData 0x200
PointerToRawData 0xb200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.82906

Imports

KERNEL32.dll VirtualFree
VirtualAlloc
GetSystemInfo
VirtualProtect
GetModuleHandleA
GetProcAddress
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
CompareStringW
lstrlenW
lstrcatW
GetStdHandle

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2019-Mar-26 21:04:57
Version 0.0
SizeofData 112
AddressOfRawData 0x2990
PointerToRawData 0x1d90

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2019-Mar-26 21:04:57
Version 0.0
SizeofData 20
AddressOfRawData 0x2a00
PointerToRawData 0x1e00

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2019-Mar-26 21:04:57
Version 0.0
SizeofData 328
AddressOfRawData 0x2a14
PointerToRawData 0x1e14

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2019-Mar-26 21:04:57
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read the exported DLL name.