Manalyzer :: 350f466f8046edcb6bc9bb61a715f0d7

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	1970-Jan-01 00:00:00

Plugin Output

Suspicious	The PE is possibly packed.	`The PE only has 8 import(s).`
Suspicious	VirusTotal score: 1/69 (Scanned on 2022-09-01 22:17:24)	`Cynet: Malicious (score: 100)`

Hashes

MD5	`350f466f8046edcb6bc9bb61a715f0d7`
SHA1	`d9f278c1c86e36b51af60c94113d2e93c5353502`
SHA256	`c620e35d668d99fb87b01314ed934e14ab54567f6e065c5ce92940737ce91d2c`
SHA3	`a4a80470e89f8d4af3bc170a4f31f5f8bb2a5faff429031404faf26985cdfb4c`
SSDeep	`12:etGSGQ6YaRKunoU8+qfSBCc/dGFznO7/0kJjusZ+xX5ZTKMhclLemtRTLB9UlKm:etGSB6KzMqO7/3JisZ+xpZTKMilB9x`
Imports Hash	`5c6e2015656164f08789890ec4380c55`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`2`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0`
SizeOfInitializedData	`0`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001100 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x3000`
SizeOfHeaders	`0x200`
Checksum	`0xf079`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6362ddfd4465b4c2b9c8b20dfc71646c`
SHA1	`27dfd084b1e9b451c3a230294696407f8c74553b`
SHA256	`47207c7afd9cd1a7ecf965de72e641115608f3c642eb8cc7ede76168f3794ca6`
SHA3	`b4681f9eb7d9d6663f7db3decbbfd90073d298d52e2d1dad7302a09ce15bbb4c`
VirtualSize	`0x1b8`
VirtualAddress	`0x1000`
SizeOfRawData	`0x200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`3.79288`

.data

MD5	`fd9b30fec7ec1c89e71d198fe980f089`
SHA1	`4c368330f202937d439d6445c7a12d4bf3e43f72`
SHA256	`4ea6b2aefacbb7405b7154793144142b89b9f6ac47c098a6dc5a49f8627c470c`
SHA3	`c39c8a0fa799cef3db04a79975e77c52bf622761599a9f946ff9afe272dcdb83`
VirtualSize	`0x160`
VirtualAddress	`0x2000`
SizeOfRawData	`0x200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.18837`

Imports

msvcrt.dll	`printf` `scanf` `strlen` `strcmp` `_controlfp` `__set_app_type` `__getmainargs` `exit`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->