Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date |
2009-May-15 01:12:00
|
Debug artifacts |
Embedded COFF debugging symbols
|
Info |
Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
|
Suspicious |
The PE is possibly packed. |
Unusual section name found: .stab
Unusual section name found: .stabstr
|
Suspicious |
The file contains overlay data. |
24010 bytes of data starting at offset 0xece00.
|
Safe |
VirusTotal score: 0/65 (Scanned on 2018-04-01 18:25:03) |
All the AVs think this file is safe.
|
MD5 |
2bd9418e8873037f3cf938094620053a
|
SHA1 |
c051a46ceff5c304fe91f1af9a79169d11083be7
|
SHA256 |
4aad966b2efc7861d249ede8b294b32b1af06326080b801544dbbec7020342a0
|
SHA3 |
5ef8075c7fb2374e288349f7fab2ea90cebf6219d53b428e365444d17d6955db
|
SSDeep |
12288:+vLTIoOQHZ/POBEwIEA8tAiC1sngzHawKrWKUYUZh60EUE:+DTImVP8tAiCkgLZYUZh60Q
|
Imports Hash |
969450f170e523a114f3efdb1cd0ce9f
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x80
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
7
|
TimeDateStamp |
2009-May-15 01:12:00
|
PointerToSymbolTable |
0xece00
|
NumberOfSymbols |
1099
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32
|
LinkerVersion |
2.0
|
SizeOfCode |
0x6e00
|
SizeOfInitializedData |
0x4600
|
SizeOfUninitializedData |
0x200
|
AddressOfEntryPoint |
0x00001280 (Section: .text)
|
BaseOfCode |
0x1000
|
BaseOfData |
0x8000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
1.0
|
SubsystemVersion |
4.0
|
Win32VersionValue |
0
|
SizeOfImage |
0xf2000
|
SizeOfHeaders |
0x400
|
Checksum |
0xf33dd
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve |
0x200000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
c87729ddb31a84497fd4596cb3e67368
|
SHA1 |
4951d6a8baa36c983ecc0271ccf1f8c61c0849e7
|
SHA256 |
018c124a551ca73a7f1ff361b1b57179983075c30eb03130e31580dadfea9d39
|
SHA3 |
18aba900458d83cb93f725401db090aff6c7fc68c99807da2fd85e32ae0abf87
|
VirtualSize |
0x6d08
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x6e00
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
6.32806
|
MD5 |
fcaebcaaed552c04415ad1d57bd542ff
|
SHA1 |
91dc5b6b35761fc16359efd7a23bbcd833928bd2
|
SHA256 |
af29f4ac882d9ff7ec3e805bbd4b141c791a469a09215095531c598eff3690bf
|
SHA3 |
114813cf15366443bd396507921f8b53e88d7ea016db3e9da8ccb748b55df525
|
VirtualSize |
0xc
|
VirtualAddress |
0x8000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x7200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.143459
|
MD5 |
0d69d155f618e34a6a9bf382f727daea
|
SHA1 |
0110ee4bdad5e9edfa096d525bd1949c22eae2c9
|
SHA256 |
a90bc66fdf672da986afe9aacbbe6fee20bdf043f811a08cc78fbd3683daa44e
|
SHA3 |
0dba77f0e5ad08874f5d9b1a6e8d4aa19ebee49759cfa6e69d089a9def2c3831
|
VirtualSize |
0x3b60
|
VirtualAddress |
0x9000
|
SizeOfRawData |
0x3c00
|
PointerToRawData |
0x7400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
7.15569
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x148
|
VirtualAddress |
0xd000
|
SizeOfRawData |
0
|
PointerToRawData |
0
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
f457e240e1a4dc4f6cd1bb6fe774afab
|
SHA1 |
ae0f38f59debbec19b3b16c7ccd8ca199fd9f63b
|
SHA256 |
d9cb3f8fd4c7db2e2eb2ab9a2fb75b7a4a32ea3ea8f306131e0b52511ae40f7f
|
SHA3 |
b0fee7ea08bdcbe4f3e0192e7bfd99046c575c2b974ddcbdfb7c12f1b920a712
|
VirtualSize |
0x710
|
VirtualAddress |
0xe000
|
SizeOfRawData |
0x800
|
PointerToRawData |
0xb000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
4.3034
|
MD5 |
c9fc2267705e41407813849c48d3cec3
|
SHA1 |
094aba4ab8c715ddb9a1afcf37e1bea20ca9fa61
|
SHA256 |
3a3d11eb12ddf0b74d13cb8c2ab3be1640afdd1222308a2ba67908dda824d4ec
|
SHA3 |
4c0f479a76d0f4e5ee4bb0492092d41e170f0d54ee219ddc489669d71e666aad
|
VirtualSize |
0x2814c
|
VirtualAddress |
0xf000
|
SizeOfRawData |
0x28200
|
PointerToRawData |
0xb800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_LNK_REMOVE
IMAGE_SCN_MEM_DISCARDABLE
|
Entropy |
3.7095
|
MD5 |
b4a5ac8c774e1ddcd477c4929e8f9158
|
SHA1 |
ae3fee029483cbfb8d5397ea56800def7b082551
|
SHA256 |
fea8332878e610d293a1d606ba85e64fc0b78efea0092ffcfbddd2cf78ff5dd7
|
SHA3 |
50118805396f69b7fcf43ce7ea0218c6371dbfa5689d2af7c143d4ed2eb607ff
|
VirtualSize |
0xb92f3
|
VirtualAddress |
0x38000
|
SizeOfRawData |
0xb9400
|
PointerToRawData |
0x33a00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_LNK_REMOVE
IMAGE_SCN_MEM_DISCARDABLE
|
Entropy |
5.48479
|
msvcrt.dll |
_strdup
|
msvcrt.dll (#2) |
_strdup
|
KERNEL32.dll |
CloseHandle
CreateFileA
ExitProcess
GetFileSize
GetLastError
GetModuleFileNameA
ReadFile
SetLastError
SetUnhandledExceptionFilter
Sleep
|
AdbWinApi.dll |
AdbCloseHandle
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetInterfaceName
AdbGetSerialNumber
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbReadEndpointSync
AdbWriteEndpointSync
|
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!