28a7894e39cf301d09a3988b0f1b367d

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00
TLS Callbacks 1 callback(s) detected.

Plugin Output

Suspicious The PE contains functions most legitimate programs don't use. Manipulates other processes:
  • ReadProcessMemory
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 28a7894e39cf301d09a3988b0f1b367d
SHA1 3b65c62a2f3abb90a33d665b42f074070f78112f
SHA256 d42f2472a97f7845a12e6e6286301f677add52e35c9e12cfe43f7ad1f4b7d2f2
SHA3 bf94222b6ec33164f580fdeb5bfbe79e605986023937265133bc82c493d08f8a
SSDeep 384:giZq1A/ES7kTwoh3b14T+caKILPfYYnVdLdJYO+a1EGseQ1f7GHtHwt34CJA2/:giZqU053PcPgPfYIVd0OWlrT
Imports Hash 1f689577e75d6c80b1c5c8ff7a30ed7b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 3.0
SizeOfCode 0x6630
SizeOfInitializedData 0x4f4
SizeOfUninitializedData 0x15610
AddressOfEntryPoint 0x000075F0 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x8000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x22000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x1000000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 7f17546a1fb2a37dcb984aebd5f34d97
SHA1 19c99207390af5246fe9baa8ba9a826823f0b2f8
SHA256 bd09cc6cf113164639c66d8093e1fc428cc226987a061daaad30faacd494110e
SHA3 c40f26d10d4d13291e723419491c21053fac32f3fecd492c236ea95155807127
VirtualSize 0x6630
VirtualAddress 0x1000
SizeOfRawData 0x6800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.94189

.data

MD5 baa243423701fdd14ec1532c281477ab
SHA1 a1e5ce6d0041ed212f4760027df23f825a7a057b
SHA256 ae8b197802ea2a7e86f6c72f5f74127e518221cd93507974bb75f3ba560384b6
SHA3 d4caa63b182ea6b7a0f08665d260e29dccdd3e9d0b6e4f2e058689c81f67a59f
VirtualSize 0x4f4
VirtualAddress 0x8000
SizeOfRawData 0x600
PointerToRawData 0x6c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.8956

.rdata

MD5 08dc633968815d8223e740d1a5e51e14
SHA1 81be9e59e9067b2cc63b177eb436af292417e1e7
SHA256 e50c92862b43408792bc6b3b31e363902d13be5c8400b77e626f4cc4791a53e0
SHA3 62bc8fad8bc79f0445a542263d24c3c2af31d7223c80939aafb0dc6bcc7af5c6
VirtualSize 0x130
VirtualAddress 0x9000
SizeOfRawData 0x200
PointerToRawData 0x7200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.99307

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x15610
VirtualAddress 0xa000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT

MD5 fc35c363cd1ef3933ed59531bbcbc642
SHA1 28987a8d7a57c7abdec96f2fa1449b3851a4275b
SHA256 83ac208986faa92f7de2dd58ea17a8fe1bc3f6cdeeabfd66bd7ab66a4917be13
SHA3 6b03b5a684a86a4c6d447289778b2617eda166bce5fd03f226d36824612adb74
VirtualSize 0xc
VirtualAddress 0x20000
SizeOfRawData 0x200
PointerToRawData 0x7400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0611629

.idata

MD5 72884975552fe28f70a6e04411458404
SHA1 15f2a90e82eaacbb9ba1ca4f4a8336685d5bcfd1
SHA256 df0fdee981a485875d2b6501b417448631b463def6b615b6d5b55164878680d8
SHA3 cb563365f6d2aaa743230c3a6dbc4d6e810c81938390c4f8ed957025cc758066
VirtualSize 0x8d7
VirtualAddress 0x21000
SizeOfRawData 0xa00
PointerToRawData 0x7600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.54663

Imports

KERNEL32.DLL GetModuleHandleA
USER32.DLL MessageBoxA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
BeginPaint
EndPaint
FillRect
InvalidateRect
PostQuitMessage
GDI32.DLL Ellipse
kernel32.dll GetLastError
SetLastError
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
WriteFile
ReadFile
CloseHandle
SetFilePointer
CreateFileW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
oleaut32.dll SysAllocStringLen
SysFreeString
SysReAllocStringLen
user32.dll CharUpperBuffW
CharLowerBuffW

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData 0x400000
EndAddressOfRawData 0x400000
AddressOfIndex 0x4084f0
AddressOfCallbacks 0x420000
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x00407590

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!