2c298f978a4fa438ed4c146dab2cc7a1

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Suspicious The PE is possibly packed. The PE only has 2 import(s).
Malicious The file contains overlay data. 567 bytes of data starting at offset 0x0.
The file contains a PE Executable after the PE data.
Overlay data amounts for 100% of the executable.
Safe VirusTotal score: 0/51 (Scanned on 2018-03-06 08:44:02) All the AVs think this file is safe.

Hashes

MD5 2c298f978a4fa438ed4c146dab2cc7a1
SHA1 eaeb2d85c59bfedbebe2d93e7ffaba75156668e5
SHA256 3b4fd014a0949afb64f145ed0a36ed16a4cf4cf054081f6d20fe6aa4671de99b
SHA3 40ef180bafa6b21ca62adf5b090d8a5591c83d0091a26ca9463c513f8c465d2b
SSDeep 6:yax/F78s/MhllTylQ2bC0s8s/p5B6ta/tr:BNwsS8JlOR5Boa1r
Imports Hash 23285270545de4353386c2c1c9ed45a4

DOS Header

e_magic MZ
e_cblp 0
e_cp 0
e_crlc 0
e_cparhdr 0
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x40

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 0
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf40
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 0.0
SizeOfCode 0
SizeOfInitializedData 0
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000138 (Section: ?)
BaseOfCode 0
BaseOfData 0
ImageBase 0x400000
SectionAlignment 0x1
FileAlignment 0x1
OperatingSystemVersion 0.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x77000000
SizeOfHeaders 0x76ffffff
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0
SizeofStackCommit 0
SizeofHeapReserve 0
SizeofHeapCommit 0
LoaderFlags 0
NumberOfRvaAndSizes 16

Imports

kernel32.dll ExitProcess
msvcrt.dll printf

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: directory 1 has a size of 0! This PE may have been manually crafted!
<-- -->