337fdc1e8067d67902c9d1edb651f777

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2016-Mar-14 21:40:39
TLS Callbacks 2 callback(s) detected.

Plugin Output

Suspicious VirusTotal score: 1/55 (Scanned on 2021-02-07 17:30:50) APEX: Malicious

Hashes

MD5 337fdc1e8067d67902c9d1edb651f777
SHA1 ca8de0341581fc6dd176d3d74daf44f38122474b
SHA256 02ae73f3d52bad6d4b93d69a36d9219ad6693e900704f074a8b1931b28a425f0
SHA3 56d2415895c852e0251ee76fd625e08ef3f973d14b74cc5ed3781701b7ca5286
SSDeep 768:FGSmnpG23FOI078H6vJUNQKywxxEfjaqcaXeuOZNprq1jbFCpSjL:FXUbFOp726lMKWqcruOZWDCpSjL
Imports Hash 80b0f2c853ecd3a2b46700e145e12f56

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 10
TimeDateStamp 2016-Mar-14 21:40:39
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x7800
SizeOfInitializedData 0xae00
SizeOfUninitializedData 0xc00
AddressOfEntryPoint 0x000012A0 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x9000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x13000
SizeOfHeaders 0x400
Checksum 0xe19a
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 51b3f9617a5748320e53ab231eb2396c
SHA1 386f3147451fe5c825237061610ccd672aeed48c
SHA256 bcef6432c3fe2acbc28fb54675880ef422ffea7dc714f6ce77d01b12bd3473f8
SHA3 e5ae94d7e8fa291d95cac9c94fcf2fdf86f995a3afda760ce11eecfda24d7e7b
VirtualSize 0x7744
VirtualAddress 0x1000
SizeOfRawData 0x7800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.29079

.data

MD5 cd1dc130660aef016ba1b381b7947940
SHA1 1c5d195b6ce6e4bb9a777a11cb9558e45509d430
SHA256 56540aa688df1eb29028dd322b065e7aeeda90dc826a342e09ce27ec54aa7bb8
SHA3 7a849db0f4f6f4637a87a80caa7c951d131a2873bce27b6a2a5e73de3433b0c4
VirtualSize 0x34
VirtualAddress 0x9000
SizeOfRawData 0x200
PointerToRawData 0x7c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.494007

.rdata

MD5 88d4fa69a26e85d76cd7634ab01232bb
SHA1 011905c2d1521ba8622e2c1cf62f8759574957ee
SHA256 420682ee1c8541cb558f27052c68f8a3789631f09d78eebab35ec409abd57b14
SHA3 e4dc040a047a41ec99bf3f4be4bac0644f1f727e29a0ca609daeb8f94c6cb4f0
VirtualSize 0x880
VirtualAddress 0xa000
SizeOfRawData 0xa00
PointerToRawData 0x7e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.8492

.eh_fram

MD5 b0451b81bcc3571c2ba4dcc83b2062f8
SHA1 af743599a7f4bb8eaa403629140b392024921808
SHA256 ac0d0273557c01a5d4d6a59427016a7d4004aa5da7f82e0fe8999bd95d103db7
SHA3 9720194ac4bbdd26ef14af6ab2e0d38bb5f9fb4736b9da4ab861c2d2d1909b09
VirtualSize 0x1614
VirtualAddress 0xb000
SizeOfRawData 0x1800
PointerToRawData 0x8800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.64873

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xa60
VirtualAddress 0xd000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata

MD5 8d385894a6b2f5d4042ea6157fe06307
SHA1 9d91dd1446b5ba4ce91f315ece7b7b55c917a12e
SHA256 c14f4d833e9819a3a1120cd1285c221d2ee86557a29443312059aeb70ec073ae
SHA3 8ab55bf7060adf625746c0747bdfd53f8e55223ef356fcaf2a99bda8171ec207
VirtualSize 0xe5
VirtualAddress 0xe000
SizeOfRawData 0x200
PointerToRawData 0xa000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.39338

.idata

MD5 2a1c1a03363b13ee616a4165a282b4d6
SHA1 eba2fba1dfd8f84e54a1392e85f57eb5647cf2e4
SHA256 89719eb729784d8f96cacc06b56d92ee800c7e213da3e0ce3434c83c15b03a36
SHA3 75cd97e20e28d2792fc05ca9bb615d2f015c92ff66e957eb28efc626cf7c4e80
VirtualSize 0x7b0
VirtualAddress 0xf000
SizeOfRawData 0x800
PointerToRawData 0xa200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.64265

.CRT

MD5 9337e7644fdbe745d78c20dba3b88055
SHA1 7fb5e0886ef09468e40abf847adebb1266c499b3
SHA256 d23790583888b85eb98e4d34b98b6eda3079af9299e4b0882e5038a25195ef29
SHA3 efed369cc74f70224f4b605eb53178b0f2d8a2fcc2bf1f26982ab7b25f833eaf
VirtualSize 0x18
VirtualAddress 0x10000
SizeOfRawData 0x200
PointerToRawData 0xaa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.114463

.tls

MD5 8c272c7873494026be609d689b7ee240
SHA1 bcf31243523eec26ac71227a90719471e39dcd5d
SHA256 47ea30c06e8f61da1f806de59df82a23221b1ecccd4d4d0ff3d2e559cb543c91
SHA3 e866dc7d93649881fbf0ae08488dfd8ce9d3048c8ddcf74a2ea602fdd2198690
VirtualSize 0x20
VirtualAddress 0x11000
SizeOfRawData 0x200
PointerToRawData 0xac00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.210826

.reloc

MD5 f8bf2cfcdea9624c077b8074306a6723
SHA1 5dea38eb0c0b09949608566552aed171a00ae0eb
SHA256 de84430f22a7b78eb96e95e7c981072f84117e4d4b66289832f4a87d64e2f46f
SHA3 c4620b531a9939311b1518f8f71909b53d2f44939dedbc6b9dc43a7ebb966a27
VirtualSize 0x370
VirtualAddress 0x12000
SizeOfRawData 0x400
PointerToRawData 0xae00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.66818

Imports

func.dll Func1
KERNEL32.dll DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetCommandLineA
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
msvcrt.dll _strdup
_stricoll
msvcrt.dll (#2) _strdup
_stricoll

Delayed Imports

cfg

Ordinal 1
Address 0xda20

end_str

Ordinal 2
Address 0x9007

main

Ordinal 3
Address 0x1447

parse_string

Ordinal 4
Address 0x13e0

read_config

Ordinal 5
Address 0x1630

start_str

Ordinal 6
Address 0x9000

var

Ordinal 7
Address 0xa064

vuln_func

Ordinal 8
Address 0x15f4

vuln_overflow_vsprintf

Ordinal 9
Address 0x158d

Version Info

TLS Callbacks

StartAddressOfRawData 0x411001
EndAddressOfRawData 0x41101c
AddressOfIndex 0x40d038
AddressOfCallbacks 0x410004
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x00401C80
0x00401C30

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
<-- -->