32e247a956409b36629dc8c5173edb1c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Feb-05 08:20:39
Detected languages English - United States
ProductVersion 3.0.940
FileVersion 3.0.940

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • GetProcAddress
  • LoadLibraryExW
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
 Can access the registry:
  • RegQueryValueExW
  • RegOpenKeyExW
  • RegEnumKeyExW
  • RegCloseKey
 Enumerates local disk drives:
  • GetDriveTypeW
Info The PE is digitally signed. Signer: Abacus Research AG
Issuer: DigiCert SHA2 Assured ID Code Signing CA
Suspicious VirusTotal score: 2/70 (Scanned on 2023-05-11 06:56:48) tehtris: Generic.Malware
CrowdStrike: win/grayware_confidence_60% (D)

Hashes

MD5 32e247a956409b36629dc8c5173edb1c
SHA1 93878d2584e6f16b017f4b966f14ebb6b5a897d7
SHA256 32c623db0457582637d273520e38ada37f3c16eec875c0abfb57437a58107321
SHA3 a7ad0c4071dc62916799b265b8010a7c3e3838de7d84988bd5835c9d4c4f6cfb
SSDeep 6144:TTgrjzXbFAGDCCIZ7ysFw8AmM0nZKRt6FDL78HO78bjJAwZbvAOtjscRf/N:TTSKHCIZu98AmM00/6Fv5cjbZbv3sUN
Imports Hash c0a1480f7cdbc9e5d4e17f1a7f72e358

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2020-Feb-05 08:20:39
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x42a00
SizeOfInitializedData 0x3a400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0001CF3E (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x44000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x80000
SizeOfHeaders 0x400
Checksum 0x8f0e5
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 6bb29d34b8252f2d7954a6313b2c3a27
SHA1 73315e969dd9eb2ffc7868e72803d0cadc02e835
SHA256 899a3e2907e367567173af1f682b5bcb758a182b972a2f0cf7a7f5b16167189b
SHA3 65fd6e4129aff41971f7867069f3c1e7a5018af12c8cc6f74524680afadc5111
VirtualSize 0x4290f
VirtualAddress 0x1000
SizeOfRawData 0x42a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.59935

.rdata

MD5 e008283b3a73ca4da975f396220cbe3d
SHA1 c35ca724c2f26de4ce054fcdf9d80e4b67019f82
SHA256 938e1a5c831e074057a7c669502a06778c044650ce96c2b1e81d01f2fa52e8bf
SHA3 ac13b61543501ee940b7f892675e1232b62e5cb49c7f3a5160782e84b9b08e36
VirtualSize 0x13d1a
VirtualAddress 0x44000
SizeOfRawData 0x13e00
PointerToRawData 0x42e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.18428

.data

MD5 8fbbe8c7829aa550cf687a32d0a69dd4
SHA1 6dcfd45789eb2bce056e3035eb112ab710a530e5
SHA256 8515ceec32751a3dee61db041cb1b5393f3801935b75904ffcc2dde77872ac8f
SHA3 df66a562bbfd40fe4027382b8bb1cd2d601c141b0a2a371c26853a7ba4f3426a
VirtualSize 0x2904
VirtualAddress 0x58000
SizeOfRawData 0x1800
PointerToRawData 0x56c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.22765

.rsrc

MD5 d6438ce2c53197108413bf6aa715ab80
SHA1 3a155652da70342fdc5279f79bce2b55a8d914fd
SHA256 9352a46fea54ab855f7ad46d492162ea47420e9d3ce08f1ed0f97ec0626c5d24
SHA3 820cfbc1600f1ef05fa5fbe99a33df2ae333c6cb41db1371809397cd827a5587
VirtualSize 0x24df0
VirtualAddress 0x5b000
SizeOfRawData 0x24e00
PointerToRawData 0x58400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.16807

Imports

KERNEL32.dll VirtualQuery
WriteConsoleW
GetSystemInfo
CreateFileW
ReadConsoleW
SetStdHandle
GlobalMemoryStatusEx
GetCurrentProcessId
GetCurrentProcess
SetConsoleCtrlHandler
WideCharToMultiByte
SetDllDirectoryW
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
SetErrorMode
GetLastError
HeapSize
GetModuleFileNameW
GetProcessHeap
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetDriveTypeW
GetFullPathNameW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetStdHandle
WriteFile
HeapFree
GetFileType
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile
USER32.dll MessageBoxW
CreateWindowExW
DestroyWindow
ADVAPI32.dll RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
SHELL32.dll CommandLineToArgvW

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.14067
MD5 6e8b6e5d9ff43a378cc1e051c07a0e95
SHA1 4aa80d4dffed4f5792a7faa87d0fae0075972351
SHA256 af21d9ae4f59b93c2d28a76a1ab9328c65d69360b13612efe8a2270044be7455
SHA3 0cd48bd044c3a297e9317421e2512aeeaead5ba6baa5e92d46826e26d76fa8fa

2

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.62694
MD5 2fe844f74dd209f4d942d6c01e671fbd
SHA1 c70fa8f733451dcf68d07a8890bde930f4b3f50c
SHA256 041f5ba8c84ff659dd6e5be5afe9e3c6f634e9c87b1ae8093492d62e782bed18
SHA3 110dfc96dd4472fe41745dbb14727c64f0cbce4e7127273b6df90c69793d2081

3

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.32158
MD5 249ad6d33714fa948acf5cd274352e1a
SHA1 671876db73e063b57a11ea4968e1534585a1393b
SHA256 48c869886da2826f5cbccc317bcd1625221a60056d2f9743fa45999a2f75a9fe
SHA3 84c53f50c3950ba603407af05b7b42de2e3bf0b8eeaf8f04b579a5b8df97d2f9

4

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.0571
MD5 d5b1cc2a49e1e0f524495ad6e9e733d2
SHA1 1a78945c9f918d774146538aedff6640cb59153c
SHA256 f2c6db848a52a30dc392b6da2523e9fb0384ff93349c3d6eeed8cf973a3f8ac5
SHA3 97a6348ad2bc4c95ec8ab8eeb442a78c89533d675478d91e954823d9909e8a4c

5

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x4228
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.67172
MD5 08ad3905c22eaf8eadbc3bd99468d36e
SHA1 02d72dd6c60208e6151b80280a1b0dd5ddf1c646
SHA256 d3bd460b3fbed431ee8e9baec54c102cb869490ac22f06ec3821e98dad761d57
SHA3 72ec4ca585c19f9dfe38a2901148cf0ec7ca1f356506d846462869323bd3c4ad

6

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x94a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.56451
MD5 2eae37227c373541464d94649259f886
SHA1 1ea8315f771c519a630614fd652569562a3e1605
SHA256 7c314f15b21ee2266f056a3d6c625ba5e9c1eb9de856310665b0c4b2fb97466d
SHA3 f8c267591164b23efac2c643b76d1a6e46d6a06c0611185f1f7e9bc487547f3b

7

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.29071
MD5 b492a46bffbc53eb28d1b89b51fac576
SHA1 0603a1eeee2605d2f42f7fcf74dcb2494e1138dc
SHA256 98c3f08161a445394a291f6b8578c3efeb42032f29c29a612485b6c81a89ccfa
SHA3 500c6619746cfaae676c2ad2f5356de3d5425c08767d87f5c6383fa7aa8d8a3a

8

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x243c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.92342
Detected Filetype PNG graphic file
MD5 37ad11a0c0c1e9e1c895a664e50de003
SHA1 431263a432547836379f5e00e06958d4a0ba45cb
SHA256 ca1866d9d53afab816db149bab583d5ac57abfce78c91ad4b7cf51d95eb3bdf3
SHA3 f1ed3bd3534f5f243b11d93c66f2a7afbf4217048fe652e1ce938da9809ed5d6

101

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x76
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.97321
Detected Filetype Icon file
MD5 1cdfeebe6e39cee1efb3ac4c0ab87807
SHA1 5bdc4b6fa582bd6d9bacdde6e1743597377bebae
SHA256 ade6203322124743ed2296ecaa8ef6b5b00aff0791fc2d4b7bdc48452608ffb5
SHA3 780e28d9b496cad25fcc8d4588567746b1b73d9e1b5fbfd46950c0737abe6d0a

1 (#2)

Type RT_VERSION
Language English - United States
Codepage Latin 1 / Western European
Size 0x140
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.06793
MD5 ec397f1951c1d1a0c97bc01bd9fef3c2
SHA1 255837ecd4eff39960faee34938055ec824c7a35
SHA256 6322cf7f7f42d09e289ba2eee0d5902ef63e5f16e8d3f8c8c1e7e1771f4e5142
SHA3 905d46ab7f9ee4433dfd502baf27ed0525510a481405c2dd309afe25b2d667a9

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x243
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.05005
MD5 2cb807865e378a306b6d4dbe98f8298e
SHA1 5d3046b181fa0a37eb38fe7a4452d543a4374aa4
SHA256 f02cf1d9736c57e00c364f3f0972cb86635f06d4c359b5b8291e2cc90adf03ec
SHA3 96c887f26d0300bd846e0fa8cc7f6971fcf90aeca16b7205befaee6258e581cc

Version Info

Signature 0xfeef04bd
StructVersion 0
FileVersion 3.0.940.0
ProductVersion 3.0.940.0
FileFlags (EMPTY)
FileOs (EMPTY)
FileType VFT_APP
Language English - United States
ProductVersion (#2) 3.0.940
FileVersion (#2) 3.0.940
Resource LangID English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2020-Feb-05 08:20:39
Version 0.0
SizeofData 920
AddressOfRawData 0x54070
PointerToRawData 0x52e70

TLS Callbacks

StartAddressOfRawData 0x454418
EndAddressOfRawData 0x454420
AddressOfIndex 0x459d1c
AddressOfCallbacks 0x4442d0
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0xa4
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x4585c4
SEHandlerTable 0x453eb0
SEHandlerCount 112

RICH Header

XOR Key 0x9c211626
Unmarked objects 0
ASM objects (VS2017 v14.15 compiler 26715) 14
C++ objects (VS2017 v14.15 compiler 26715) 180
C objects (VS2017 v14.15 compiler 26715) 22
C objects (26504) 18
ASM objects (26504) 22
C++ objects (26504) 80
Imports (VS2017 v14.15 compiler 26715) 9
Total imports 118
C++ objects (VS2019 Update 2 (16.2) compiler 27905) 13
Resource objects (VS2019 Update 2 (16.2) compiler 27905) 1
151 1
Linker (VS2019 Update 2 (16.2) compiler 27905) 1

Errors

<-- -->