2c9f15a4395b897406b98c621d6df79d

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2051-Jul-05 11:43:57
Debug artifacts C:\Users\aless\source\repos\CeleryCracked\CeleryCracked\obj\Debug\CeleryCracked.pdb
Comments
CompanyName
FileDescription CeleryCracked
FileVersion 1.0.0.0
InternalName CeleryCracked.dll
LegalCopyright Copyright © 2024
LegalTrademarks
OriginalFilename CeleryCracked.dll
ProductName CeleryCracked
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0

Plugin Output

Info Matching compiler(s): .NET DLL -> Microsoft
Suspicious The PE is possibly packed. The PE only has 1 import(s).
Malicious VirusTotal score: 3/74 (Scanned on 2024-07-03 19:07:07) CrowdStrike: win/malicious_confidence_70% (D)
DeepInstinct: MALICIOUS
Google: Detected

Hashes

MD5 2c9f15a4395b897406b98c621d6df79d
SHA1 2a4b60d4332ec8b942fdcde38efc98a55727d42e
SHA256 e114d358e9a298573f7b89ecc526c292d0a504e1a1626233d1f01cc62cfd07fa
SHA3 623a1b01a66a222ee213cd6092a087dc7a2d94d0211991184d152c49d33bfc21
SSDeep 384:f0eaQPSlVBK+ginIR9PEjqn1wei+oEBtB3P4bPYZu9TzksoS5nVDS:8eoVBK99T1wL+VNPCD35n1S
Imports Hash dae02f32a21e03ce65412f6e56942daa

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2051-Jul-05 11:43:57
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0x6000
SizeOfInitializedData 0x600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00007F2A (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x8000
ImageBase 0x10000000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xc000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 6e8cc9728363f6cf47fe5b9e55702ffc
SHA1 892630da4f7ae41d120074d1750cfcb8114a403f
SHA256 162184ffb1d19c0eb480d37d12359e07ac092e872fe149c26c92d28c7c85addd
SHA3 ee4857e9661e116c0b4610f167fa048c5d6737a73a582c93670f3661fa43d4a9
VirtualSize 0x5f30
VirtualAddress 0x2000
SizeOfRawData 0x6000
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.66358

.rsrc

MD5 ebb66870be879c634d74746430371a68
SHA1 62186960e61e99e97c5652eae5d37276a532628f
SHA256 db6f58169496487a5386b7571754895d28237696597ad740b8f1dd5454b13910
SHA3 0de36bfa937b6bffdbae36e70ab9ac91da29fb3f95197eabe70a7bbd181406a4
VirtualSize 0x398
VirtualAddress 0x8000
SizeOfRawData 0x400
PointerToRawData 0x6200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.88129

.reloc

MD5 8f60c4d12d8ce1a32dc71f95a307472b
SHA1 e45725154362d3221364bc80080e68c2a0125192
SHA256 8fd25394e6335c70787fab80afae899f31cad0036fdce988e38fd2d7c1301a81
SHA3 36a2f7bca42137fbc5508d635b9d37974ee4383afc22e47f7a3bbb0fec91ee97
VirtualSize 0xc
VirtualAddress 0xa000
SizeOfRawData 0x200
PointerToRawData 0x6600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0815394

Imports

mscoree.dll _CorDllMain

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x33c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.26176
MD5 d2b910aae3e573770e5fda6b31afc966
SHA1 be773cab0391d6ed0c7dd1ed5b5e47a2601fe599
SHA256 40b0e60d028e0d5c882627b60ac1a4c177942d35f87c30de30d178da6cff6d1f
SHA3 d7d0df13dfe1aa6bf545ed2f54285925985c096998e2015ebc39e1ff30496516

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_DLL
Language UNKNOWN
Comments
CompanyName
FileDescription CeleryCracked
FileVersion (#2) 1.0.0.0
InternalName CeleryCracked.dll
LegalCopyright Copyright © 2024
LegalTrademarks
OriginalFilename CeleryCracked.dll
ProductName CeleryCracked
ProductVersion (#2) 1.0.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2097-Feb-10 20:41:06
Version 0.0
SizeofData 108
AddressOfRawData 0x7e6c
PointerToRawData 0x606c
Referenced File C:\Users\aless\source\repos\CeleryCracked\CeleryCracked\obj\Debug\CeleryCracked.pdb

UNKNOWN

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->