2ce1ac91abe69e4c9d4964c0de8b6344

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2014-Jun-24 22:53:56

Plugin Output

Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Functions which can be used for anti-debugging purposes:
  • QueryPerformanceCounter
Code injection capabilities:
  • VirtualAllocEx
  • WriteProcessMemory
  • CreateRemoteThread
  • OpenProcess
Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
Interacts with services:
  • CreateServiceA
  • OpenServiceA
  • QueryServiceStatus
  • ControlService
  • DeleteService
  • OpenSCManagerA
Manipulates other processes:
  • EnumProcesses
  • WriteProcessMemory
  • OpenProcess
Safe VirusTotal score: 0/67 (Scanned on 2018-10-05 15:21:19) All the AVs think this file is safe.

Hashes

MD5 2ce1ac91abe69e4c9d4964c0de8b6344
SHA1 33ad569918b8b0930c050d4357322bfabbf19cef
SHA256 aa2fe2858467dc8517d788af3b19cfa993f9dcc2afdfeb6d4e240edffe245ce5
SHA3 4cc9f643de3b912ce6c1f34df618d1d95949cd4f9fd78b87342cc599ea0de456
SSDeep 1536:XRTBbOBm0jQpCL+4wjxxEswyN+84Ahmui5so:BThOBmw24axEswykAhXi5
Imports Hash 17c6528daf44fa91e868d2b56b767008

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 4
TimeDateStamp 2014-Jun-24 22:53:56
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 9.0
SizeOfCode 0x9800
SizeOfInitializedData 0x6c00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000027B4 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.2
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x13000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 13540bdf90d78351fd77413c620f1a22
SHA1 c8ea8eb340e4b40c9b9d769c1053849b75f57bf0
SHA256 c1d1509315a0905c8121753a6c8406560a4b3e7dc4957d1076d06339ce7c8cb1
SHA3 9ea8618cd45ece3953612690b19fa35f5ff2371d5200ef231c41d053954faacd
VirtualSize 0x963d
VirtualAddress 0x1000
SizeOfRawData 0x9800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.26037

.rdata

MD5 997769f3cdf3029b406af004e6449c88
SHA1 53e469e7cdaa707ccd333acdef1127f4f0419b69
SHA256 e9ed832e780700b08cc1647282dbb01c702510e94e8b1032d1afbd973ac47ca2
SHA3 f87d1c62a596ed098d3dbc0122b36d8b89ce9efa47de40c5b41a7a0c28131117
VirtualSize 0x2c2e
VirtualAddress 0xb000
SizeOfRawData 0x2e00
PointerToRawData 0x9c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.22128

.data

MD5 c7bdafb8c0ee9427a30320d8b5ed6006
SHA1 01e4642f6f0da025c4df330c3e602475d45a3f92
SHA256 96ab696afd58dce566bd69d01b008f8e7c782dfe283b3200189331707c548b38
SHA3 8bb8b6f9028f0fa8c59846652707d067b05e22498ef0162e9bd7ea5c2e1b8a41
VirtualSize 0x3518
VirtualAddress 0xe000
SizeOfRawData 0x1600
PointerToRawData 0xca00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.81133

.pdata

MD5 5065282d098b77f4deee3e2fcda009f9
SHA1 dcbdacb6937dafc83754328c0dbaa9b57f945fb5
SHA256 1657e2ff41a9f81731fca034bed980a7d846b75bab088a1827f68f015003ccfd
SHA3 40f4e3a09a768a62647686654918ced92edfe1a39362d50a7e7ae3c1bb457ef9
VirtualSize 0x7d4
VirtualAddress 0x12000
SizeOfRawData 0x800
PointerToRawData 0xe000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.3738

Imports

PSAPI.DLL EnumProcesses
GetModuleBaseNameA
KERNEL32.dll ReleaseMutex
CreateThread
SetEvent
CreateEventA
DeleteFileA
GetCurrentProcess
Sleep
LocalFree
FormatMessageA
GetLastError
CreateMutexA
GetModuleHandleA
GetModuleFileNameA
GetProcAddress
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
WaitForSingleObject
OpenProcess
CloseHandle
GetWindowsDirectoryA
GetEnvironmentStringsW
RtlUnwindEx
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
ADVAPI32.dll CreateServiceA
CloseServiceHandle
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x3acddd8d
Unmarked objects 0
C objects (VS2008 SP1 build 30729) 91
ASM objects (VS2008 SP1 build 30729) 9
Imports (VS2012 build 50727 / VS2005 build 50727) 7
Total imports 116
C++ objects (VS2008 SP1 build 30729) 32
Resource objects (VS2008 SP1 build 30729) 1

Errors