2f6c816b54070557f45ca0365b3902da

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2017-May-10 18:30:08
Detected languages English - United States
Debug artifacts C:\Users\Inode Firewall\OneDrive\Documents\Présentations\SEC102\2017\PGSE\SEC102_Laura\bin\Debug\wininetclient.pdb

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Info The PE contains common functions which appear in legitimate applications. Has Internet access capabilities:
  • InternetReadFile
  • InternetConnectA
  • InternetCloseHandle
  • InternetOpenA
Malicious VirusTotal score: 3/69 (Scanned on 2018-12-04 21:46:51) Cylance: Unsafe
Trapmine: suspicious.low.ml.score
CrowdStrike: malicious_confidence_60% (W)

Hashes

MD5 2f6c816b54070557f45ca0365b3902da
SHA1 52702a26d171b3484f0137e72d7b9cbfcf338abd
SHA256 64a9c26fd2239521e2477a979f0941014637521f61abddb5ae521ce404c530df
SHA3 7858699cf25484c6a37d3ad5fe6d8ba61921ad086f18d2fef5b378d18d1d20de
SSDeep 384:rJMPDXpftIAwV3Z7YvD3XevuY4mjMisYpKZH7A0x3th:rJMzh+AwV3Z7YbxYpgH7A0xP
Imports Hash 8fabcebc2f7dab8e022a4e89e9bfbb18

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 8
TimeDateStamp 2017-May-10 18:30:08
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x5000
SizeOfInitializedData 0x4600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000102D (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x6000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xf000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 a844ecbcc63f5e5fadf0014ce4694d75
SHA1 930ae34052467a04b5535230a745a003a59fc5a4
SHA256 b1a978ae46c1cd2c9cd8a600e6485e73cc0030e3466724844df700a224956a28
SHA3 b5450ce43a7dd5be1b018bba16dc01987b6edf74d3213abccf854417df2afbd4
VirtualSize 0x4e94
VirtualAddress 0x1000
SizeOfRawData 0x5000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.68018

.rdata

MD5 29f7200d4d0aa2e131177bf4417c6114
SHA1 f1d86befd62cff2354e0219d97e2e42a0ce71534
SHA256 1a272be21e6675be11ef30da806f0cbaad2e04c29f792bea597e6591dc9e89b8
SHA3 2e31b28bacd2619e630acfdfc032a85d7f31a67da1597a92f6403e5d3c504eee
VirtualSize 0x213d
VirtualAddress 0x6000
SizeOfRawData 0x2200
PointerToRawData 0x5400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.95243

.data

MD5 52b713d1bc15f1eee6bc43984199c211
SHA1 be6aa341c044845fe6bb4de7f417025b118bfc70
SHA256 070d0a8b96eb12bd33cf9e0d9e109e7bc4bc697bfe4a74ef1ba8651eec6ff090
SHA3 5271aab8c84947de5ed5e4a00bd9ab57cb75e317d670f38326e29dd2319354ac
VirtualSize 0x664
VirtualAddress 0x9000
SizeOfRawData 0x200
PointerToRawData 0x7600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.48239

.idata

MD5 b7dc4480e26aa7b22178afd42223608c
SHA1 16bb1ee5c7ad155a73513118b5bb5c4b4d1b1ea5
SHA256 1d1178a8d984dbddb7cc457102366ad0de2ccde10108222926b7270aae4992e0
SHA3 fd884aa9a92669a5765ab57b0784cdedb46d98d976c481743e63e2ecd90fb772
VirtualSize 0xb9d
VirtualAddress 0xa000
SizeOfRawData 0xc00
PointerToRawData 0x7800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.03736

.gfids

MD5 96069875f941840e876cbffd348cce91
SHA1 4af701989984a91f1759292d157dc8703e5f6862
SHA256 9ff01324f9f671882e0ec39acff5b79bc791976b6da405153f620c7ef9252982
SHA3 5dc2194c26d91d3e8193b1fdf2656cc5a7bb317cfe9e3754b66f06dfa20b6cdd
VirtualSize 0x13a
VirtualAddress 0xb000
SizeOfRawData 0x200
PointerToRawData 0x8400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.214733

.00cfg

MD5 0a607e057d64bb98d46dd70d26368c3b
SHA1 16a2c03f574d9a8bf05e0c8b1c543a781937f514
SHA256 0e08056a17400dcb94675e95208aded4290a362093cdac8260e380660880aaec
SHA3 43219a66139ea3d4ce86d91e6095a56da8de290d5af8330809ae6827960822ba
VirtualSize 0x104
VirtualAddress 0xc000
SizeOfRawData 0x200
PointerToRawData 0x8600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.0611629

.rsrc

MD5 ecaa7d39e3740a45df577d77afc757a1
SHA1 0f057d27b9fa7d97f7d2109ad144bfe68d058e82
SHA256 b23903707f8c2a5a3904664d8e1c7ff813e103922bb2f76ade439c6193951eae
SHA3 7d68d00e88488522032bda440fbdc5d09d44adb5e1604515ca9404a9392e1bfd
VirtualSize 0x43c
VirtualAddress 0xd000
SizeOfRawData 0x600
PointerToRawData 0x8800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.13542

.reloc

MD5 5640e3ec510d82fe1ec7fb100497fd7d
SHA1 64825bb379bb269731a1aa2aef0ffdda51f90c92
SHA256 37f88a52fcf125d21b792536a11dfd7d1407f05fdab4529e09a5d1f38f06a2ee
SHA3 92a1bb644f7041b2878cfd5e26f953fab9fc5176576ee80b2e366a7510d84f99
VirtualSize 0x4a8
VirtualAddress 0xe000
SizeOfRawData 0x600
PointerToRawData 0x8e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.57235

Imports

WININET.dll HttpOpenRequestA
InternetReadFile
InternetConnectA
InternetCloseHandle
HttpSendRequestA
InternetOpenA
VCRUNTIME140D.dll __vcrt_LoadLibraryExW
__vcrt_GetModuleHandleW
__vcrt_GetModuleFileNameW
_except_handler4_common
memset
__std_type_info_destroy_list
ucrtbased.dll _seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_controlfp_s
terminate
_wmakepath_s
_wsplitpath_s
wcscpy_s
__p__commode
_set_new_mode
_configthreadlocale
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_set_fmode
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__setusermatherr
_set_app_type
_seh_filter_exe
_CrtDbgReportW
_CrtDbgReport
__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsprintf_s
KERNEL32.dll RaiseException
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetProcAddress
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2017-May-10 18:30:08
Version 0.0
SizeofData 140
AddressOfRawData 0x77d4
PointerToRawData 0x6bd4
Referenced File C:\Users\Inode Firewall\OneDrive\Documents\Présentations\SEC102\2017\PGSE\SEC102_Laura\bin\Debug\wininetclient.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2017-May-10 18:30:08
Version 0.0
SizeofData 20
AddressOfRawData 0x7860
PointerToRawData 0x6c60

TLS Callbacks

Load Configuration

Size 0x5c
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x4090c4
SEHandlerTable 0x4076d0
SEHandlerCount 1

RICH Header

XOR Key 0x592735cc
Unmarked objects 0
239 (40116) 2
Imports (VS2015 UPD3 build 24123) 2
C++ objects (VS2015 UPD3 build 24123) 23
C objects (VS2015 UPD3 build 24123) 13
Imports (65501) 5
Total imports 70
C objects (VS2015 UPD3.1 build 24215) 1
Resource objects (VS2015 UPD3 build 24210) 1
Linker (VS2015 UPD3.1 build 24215) 1

Errors