Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date |
2016-Mar-14 21:40:39
|
TLS Callbacks |
2 callback(s) detected.
|
Suspicious |
VirusTotal score: 1/55 (Scanned on 2021-02-07 17:30:50) |
APEX:
Malicious
|
MD5 |
337fdc1e8067d67902c9d1edb651f777
|
SHA1 |
ca8de0341581fc6dd176d3d74daf44f38122474b
|
SHA256 |
02ae73f3d52bad6d4b93d69a36d9219ad6693e900704f074a8b1931b28a425f0
|
SHA3 |
56d2415895c852e0251ee76fd625e08ef3f973d14b74cc5ed3781701b7ca5286
|
SSDeep |
768:FGSmnpG23FOI078H6vJUNQKywxxEfjaqcaXeuOZNprq1jbFCpSjL:FXUbFOp726lMKWqcruOZWDCpSjL
|
Imports Hash |
80b0f2c853ecd3a2b46700e145e12f56
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x80
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
10
|
TimeDateStamp |
2016-Mar-14 21:40:39
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic |
PE32
|
LinkerVersion |
2.0
|
SizeOfCode |
0x7800
|
SizeOfInitializedData |
0xae00
|
SizeOfUninitializedData |
0xc00
|
AddressOfEntryPoint |
0x000012A0 (Section: .text)
|
BaseOfCode |
0x1000
|
BaseOfData |
0x9000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
1.0
|
SubsystemVersion |
4.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x13000
|
SizeOfHeaders |
0x400
|
Checksum |
0xe19a
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
|
SizeofStackReserve |
0x200000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
51b3f9617a5748320e53ab231eb2396c
|
SHA1 |
386f3147451fe5c825237061610ccd672aeed48c
|
SHA256 |
bcef6432c3fe2acbc28fb54675880ef422ffea7dc714f6ce77d01b12bd3473f8
|
SHA3 |
e5ae94d7e8fa291d95cac9c94fcf2fdf86f995a3afda760ce11eecfda24d7e7b
|
VirtualSize |
0x7744
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x7800
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
6.29079
|
MD5 |
cd1dc130660aef016ba1b381b7947940
|
SHA1 |
1c5d195b6ce6e4bb9a777a11cb9558e45509d430
|
SHA256 |
56540aa688df1eb29028dd322b065e7aeeda90dc826a342e09ce27ec54aa7bb8
|
SHA3 |
7a849db0f4f6f4637a87a80caa7c951d131a2873bce27b6a2a5e73de3433b0c4
|
VirtualSize |
0x34
|
VirtualAddress |
0x9000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x7c00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.494007
|
MD5 |
88d4fa69a26e85d76cd7634ab01232bb
|
SHA1 |
011905c2d1521ba8622e2c1cf62f8759574957ee
|
SHA256 |
420682ee1c8541cb558f27052c68f8a3789631f09d78eebab35ec409abd57b14
|
SHA3 |
e4dc040a047a41ec99bf3f4be4bac0644f1f727e29a0ca609daeb8f94c6cb4f0
|
VirtualSize |
0x880
|
VirtualAddress |
0xa000
|
SizeOfRawData |
0xa00
|
PointerToRawData |
0x7e00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
4.8492
|
MD5 |
b0451b81bcc3571c2ba4dcc83b2062f8
|
SHA1 |
af743599a7f4bb8eaa403629140b392024921808
|
SHA256 |
ac0d0273557c01a5d4d6a59427016a7d4004aa5da7f82e0fe8999bd95d103db7
|
SHA3 |
9720194ac4bbdd26ef14af6ab2e0d38bb5f9fb4736b9da4ab861c2d2d1909b09
|
VirtualSize |
0x1614
|
VirtualAddress |
0xb000
|
SizeOfRawData |
0x1800
|
PointerToRawData |
0x8800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
4.64873
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0xa60
|
VirtualAddress |
0xd000
|
SizeOfRawData |
0
|
PointerToRawData |
0
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
8d385894a6b2f5d4042ea6157fe06307
|
SHA1 |
9d91dd1446b5ba4ce91f315ece7b7b55c917a12e
|
SHA256 |
c14f4d833e9819a3a1120cd1285c221d2ee86557a29443312059aeb70ec073ae
|
SHA3 |
8ab55bf7060adf625746c0747bdfd53f8e55223ef356fcaf2a99bda8171ec207
|
VirtualSize |
0xe5
|
VirtualAddress |
0xe000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0xa000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
2.39338
|
MD5 |
2a1c1a03363b13ee616a4165a282b4d6
|
SHA1 |
eba2fba1dfd8f84e54a1392e85f57eb5647cf2e4
|
SHA256 |
89719eb729784d8f96cacc06b56d92ee800c7e213da3e0ce3434c83c15b03a36
|
SHA3 |
75cd97e20e28d2792fc05ca9bb615d2f015c92ff66e957eb28efc626cf7c4e80
|
VirtualSize |
0x7b0
|
VirtualAddress |
0xf000
|
SizeOfRawData |
0x800
|
PointerToRawData |
0xa200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
4.64265
|
MD5 |
9337e7644fdbe745d78c20dba3b88055
|
SHA1 |
7fb5e0886ef09468e40abf847adebb1266c499b3
|
SHA256 |
d23790583888b85eb98e4d34b98b6eda3079af9299e4b0882e5038a25195ef29
|
SHA3 |
efed369cc74f70224f4b605eb53178b0f2d8a2fcc2bf1f26982ab7b25f833eaf
|
VirtualSize |
0x18
|
VirtualAddress |
0x10000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0xaa00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.114463
|
MD5 |
8c272c7873494026be609d689b7ee240
|
SHA1 |
bcf31243523eec26ac71227a90719471e39dcd5d
|
SHA256 |
47ea30c06e8f61da1f806de59df82a23221b1ecccd4d4d0ff3d2e559cb543c91
|
SHA3 |
e866dc7d93649881fbf0ae08488dfd8ce9d3048c8ddcf74a2ea602fdd2198690
|
VirtualSize |
0x20
|
VirtualAddress |
0x11000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0xac00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.210826
|
MD5 |
f8bf2cfcdea9624c077b8074306a6723
|
SHA1 |
5dea38eb0c0b09949608566552aed171a00ae0eb
|
SHA256 |
de84430f22a7b78eb96e95e7c981072f84117e4d4b66289832f4a87d64e2f46f
|
SHA3 |
c4620b531a9939311b1518f8f71909b53d2f44939dedbc6b9dc43a7ebb966a27
|
VirtualSize |
0x370
|
VirtualAddress |
0x12000
|
SizeOfRawData |
0x400
|
PointerToRawData |
0xae00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
5.66818
|
func.dll |
Func1
|
KERNEL32.dll |
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetCommandLineA
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
|
msvcrt.dll |
_strdup
_stricoll
|
msvcrt.dll (#2) |
_strdup
_stricoll
|
StartAddressOfRawData |
0x411001
|
EndAddressOfRawData |
0x41101c
|
AddressOfIndex |
0x40d038
|
AddressOfCallbacks |
0x410004
|
SizeOfZeroFill |
0
|
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
0x00401C80
0x00401C30
|
[*] Warning: Section .bss has a size of 0!