Manalyze report for 2357c65ab3d504a065c0ac4c19f74f28

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-May-15 17:32:44
TLS Callbacks	2 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: /14` `Unusual section name found: /29` `Unusual section name found: /45` `Unusual section name found: /61` `Unusual section name found: /73` `Unusual section name found: /87` `Unusual section name found: /99` `Unusual section name found: /112` `Unusual section name found: /123` `Unusual section name found: /134`
Suspicious	The file contains overlay data.	`18659 bytes of data starting at offset 0x7c00.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`2357c65ab3d504a065c0ac4c19f74f28`
SHA1	`753b265e42baa1241e58036f29885094729a780a`
SHA256	`2d839a21b7ca7176c9366fd7305b011dacd8ce6608092a02e321fd0ab680a0a6`
SHA3	`87fd0bb1ef6af8f86355edd41dc2c7b4e1019aa89dbbfc2103baef725567dd0d`
SSDeep	`384:+dnBjuFsLPA9cw5bqerT8hgzbNljkvmWYOr9b6QgrUFM/6IysW7wFtqLr5i0IV6J:69uFlcYHNljk/YOrJrKkNmE`
Imports Hash	`9b2cffd12bfa89e743ecdb219a36071d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`18`
TimeDateStamp	2019-May-15 17:32:44
PointerToSymbolTable	`0x7c00`
NumberOfSymbols	`845`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xe00`
SizeOfInitializedData	`0x1c00`
SizeOfUninitializedData	`0x200`
AddressOfEntryPoint	`0x0000126C (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x15000`
SizeOfHeaders	`0x600`
Checksum	`0xead0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`576f2f027cb6e6e9e3cb99efb623461e`
SHA1	`bb98e9b1ea632581c41636c5a0c6ab5c2e4ee603`
SHA256	`99d62e9078d502456fd172a62f20d1d3df821720fe5918075764c423bd75585f`
SHA3	`384d78c40e595930f6dd63484ef6b2b6d3c922175ebf2565ab0e3360b207ca50`
VirtualSize	`0xcd8`
VirtualAddress	`0x1000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.62654`

.data

MD5	`540bc9098fe365dbc0291dd5c996e3e2`
SHA1	`e2d73fb3fdb79d1b08380770cbe1c9a0126276b3`
SHA256	`e468aca91a6eaf08ba6a13091ee5196e27a0a9bb3001c176dea5db6572352157`
SHA3	`7909aaafcd0806164b4352a70845beff1513cb2ed5bf9d7cce6df3a11132c290`
VirtualSize	`0x28`
VirtualAddress	`0x2000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.394359`

.rdata

MD5	`8f115629a3280040840eaa0c2585951c`
SHA1	`f5021851d3ddd8e6fe58a9ca57cdb0dcf1c6b302`
SHA256	`cad2124669783d2a3b5784348f8f11b35fdd6a15617dd5013f2d60e628555b1d`
SHA3	`6579c5a21e69cf5a7fad2002bfd46c7d87208c22ec92e23795a2fa79fbaee8c4`
VirtualSize	`0x114`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.38003`

/4

MD5	`2ea60627820df51e77552f9a684a5fc7`
SHA1	`07b4b4efe153c79842bbcb2a9acac91f55d0ac30`
SHA256	`166e07faf21acd24d552950fc7b62ac42ce8492731342e43db13c13459ca5cf8`
SHA3	`3ac2b7b142fc25af9c16a1ff3c92d37bc9e88814fb42a1df278b306955fc3315`
VirtualSize	`0xf4`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.2759`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x78`
VirtualAddress	`0x5000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`e8459073b9b983829f07f5589db26a46`
SHA1	`bb30106e91679d9c67b5170a120f026fe0a42e5d`
SHA256	`e6a87009cfe1dd76b69e284ef6bb69167c0380c65598f55ced3523cdc00c24ff`
SHA3	`11ec3ed5c6988023c4ca9026bea411f30b1f6dcf3ac0acef98b2d4afc61d94d2`
VirtualSize	`0x3e0`
VirtualAddress	`0x6000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.37195`

.CRT

MD5	`f6f7558cb93beda9e72dd316949ff3c3`
SHA1	`5544b5f39d08772e971613b8d41e2467a41b036c`
SHA256	`913bd0355d33fd7ca079e70401bc885359499627470a09b5d84941540d80290e`
SHA3	`1c1d2e27034e7f500ce440c9e6b5c59866e9857786c4a8f83c59e37848b74e93`
VirtualSize	`0x18`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.114463`

.tls

MD5	`69165bcf9e02462018de8688c4b2d0b2`
SHA1	`099afd17e5e39e9522f8dc649406a36bd9d2655b`
SHA256	`33c31f52ff9cbc3c4468602bf1298c335ed283bb6f4320e524e420930c3dc936`
SHA3	`d9e2bee24f44b66b2d458d0d32c475cb1234398758f6af14853a1b0546ca56d3`
VirtualSize	`0x20`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.22482`

/14

MD5	`f4e78d09041377571fa242247c341b77`
SHA1	`05dff02d6358d266ba87b1ac3e87b6096b66f467`
SHA256	`6380a426726087b49ad11c381053abe3f544ff12bd794257dddb57fa8d15f32b`
SHA3	`c5a817a9cf9150056fe19941d8240eb160947a23548cf4451e223a9793424472`
VirtualSize	`0x100`
VirtualAddress	`0x9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.22163`

/29

MD5	`1e1f6cc716a3e6c3c404ba45cba146c3`
SHA1	`604ba365d911ae9d4b08b0c656f98b1a711bf27c`
SHA256	`27097b421ca3afb9b8bae9463c4e38da8db69c7374fed5a58fd6510bb06219ad`
SHA3	`602ab54a611cb37160e73ef2c2e9bba8ad37cb74ed87eca0e4c184606ab27e60`
VirtualSize	`0x388`
VirtualAddress	`0xa000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.34518`

/45

MD5	`a2fdb39bcc8efe976d07dc96d1fe5973`
SHA1	`5b75cc644bcdb3cd3d3e590b51c343972a1e2f80`
SHA256	`fc4590730431a5109879cfbd4f31f2f23e0939ddfb2a976c32fd09c6dcf2f4b9`
SHA3	`332bcd0e3b004400b0c7be261fe4488d8995fee78423291c8910502ebceb5dd0`
VirtualSize	`0x469`
VirtualAddress	`0xb000`
SizeOfRawData	`0x600`
PointerToRawData	`0x2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.15289`

/61

MD5	`9cdc78d6695952275ac0b2b6671d9193`
SHA1	`d89d351e5a0d6c1b147856f90465e247afb67d2c`
SHA256	`c9378fbcc02deaf0d1c9e417df165e38724129f01d9fec4bd67be51ac9024ad9`
SHA3	`d091f93acefccfe760f96d554327b9b1e66305d2a41f328d33cdfd2a5e5924b9`
VirtualSize	`0x27f7`
VirtualAddress	`0xc000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.84328`

/73

MD5	`4a7364d68243fae7242f99a037374997`
SHA1	`af5b126536d2c74ee571a406ec854b7e012dcdf1`
SHA256	`ab62e1e4cac81ffd0403ef66a609eeaba7c2fd9cd80b8b45f9cb46dac86d68b0`
SHA3	`15e1633cceace58c5b2d261a7a6cc4e71113104ec62863ab5944e396305de400`
VirtualSize	`0x967`
VirtualAddress	`0xf000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x5600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.29634`

/87

MD5	`dacd6a3acc6f8a2ca13a47fee25cfa95`
SHA1	`7fa4ba5251eb057f64cbfb37bdf0f8b76e717fce`
SHA256	`05922bed72923b7d9c0b0414b07b101a683b0ed5db96a4af9f8c53afd488a84e`
SHA3	`c38474df0f12d38549025501e120f7e554e98a77fa07ea7992e48594dd987c41`
VirtualSize	`0x71a`
VirtualAddress	`0x10000`
SizeOfRawData	`0x800`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.06071`

/99

MD5	`dd685b72c286b461b26a6557d9b53df8`
SHA1	`551272699d168fa60cb7c07a8ee4883b7a1d124e`
SHA256	`a0f5605b0a9154c7a20d21aac801a17fd9577a5f6fcf36123b305a626254fec0`
SHA3	`eef4fd2e257bf0a44d82c330b857b6b6d68284d6047641b645da6c0e8596201a`
VirtualSize	`0x3c4`
VirtualAddress	`0x11000`
SizeOfRawData	`0x400`
PointerToRawData	`0x6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.47499`

/112

MD5	`b90aa1c9e8c9d17c3525daca94b36f9a`
SHA1	`9c41d520b95dfe9f7da38c0c686895f9c5e4157f`
SHA256	`438f4201e2f2416b433e6f9e29de330370179ee43026a725ec5688be172193f9`
SHA3	`a0882377a934e2e12b2bec413a1ee4f7d795653077ed6567f867eeb806519cc1`
VirtualSize	`0x10f`
VirtualAddress	`0x12000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.26695`

/123

MD5	`c4c2c1f3b8037581172297ef6bd89625`
SHA1	`57db293067bb78e5439e063d965dea6b7a64c73d`
SHA256	`97d1a870bf9e2cf5feb879fdbf6b75712ae272cd7823006cbd3e77aa37c3e59d`
SHA3	`d9fab73053dd06408593da764b0e125a208eedbf4b1ba6cc41535484f3a53493`
VirtualSize	`0xb61`
VirtualAddress	`0x13000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x6e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.0116`

/134

MD5	`2b228197f02cb510723b1b89f65e4de0`
SHA1	`eab48cac2a79f7e661d2616b95db26c26cc06c76`
SHA256	`56d9676f13d6dbe9227a52ce3d4641f738d68fe234507bc8518cb5dc9de05563`
SHA3	`f1c130cd9cd16134b3456b9d5e0048824e8b898672aa163c77d228e116c147ad`
VirtualSize	`0x48`
VirtualAddress	`0x14000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.36917`

Imports

KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `ExitProcess` `GetLastError` `GetModuleHandleA` `GetProcAddress` `InitializeCriticalSection` `LeaveCriticalSection` `SetUnhandledExceptionFilter` `TlsGetValue` `VirtualProtect` `VirtualQuery`
msvcrt.dll	`__getmainargs` `__p__environ` `__p__fmode` `__set_app_type` `_cexit` `_iob` `_onexit` `_setmode` `abort` `atexit` `calloc` `fflush` `fgets` `fputs` `free` `fwrite` `printf` `putchar` `puts` `scanf` `signal` `vfprintf`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x408019`
EndAddressOfRawData	`0x40801c`
AddressOfIndex	`0x405020`
AddressOfCallbacks	`0x407004`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x004014C8` `0x00401494`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /14!
[*] Warning: Tried to read outside the COFF string table to get the name of section /29!
[*] Warning: Tried to read outside the COFF string table to get the name of section /45!
[*] Warning: Tried to read outside the COFF string table to get the name of section /61!
[*] Warning: Tried to read outside the COFF string table to get the name of section /73!
[*] Warning: Tried to read outside the COFF string table to get the name of section /87!
[*] Warning: Tried to read outside the COFF string table to get the name of section /99!
[*] Warning: Tried to read outside the COFF string table to get the name of section /112!
[*] Warning: Tried to read outside the COFF string table to get the name of section /123!
[*] Warning: Tried to read outside the COFF string table to get the name of section /134!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!