374d5d204432f4d22b24a75b11601fb9

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Info Matching compiler(s): MASM/TASM - sig2(h)
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 374d5d204432f4d22b24a75b11601fb9
SHA1 cae1726456a08ebec9ed8c870d7fa516e070f98d
SHA256 a687d9ced8ddb9a83604d3fb67582614e44b9016cc0b4f5bd1c2ecd28019960e
SHA3 83708d7c11498ad558edf6eca0ba1d16eb3717a2e0961b578ca6635af7a566f5
SSDeep 384:CW765N0YtdCFG+fYWF5N7v+sK6PQPOS7e2Sn:0NVtJ+YKN7h2S
Imports Hash 322507b983aeddb89a27811817664b1d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 3.0
SizeOfCode 0x4317
SizeOfInitializedData 0x36e
SizeOfUninitializedData 0x13df1
AddressOfEntryPoint 0x0001AFC2 (Section: .text)
BaseOfCode 0x17000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1c000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x1000000
SizeofStackCommit 0x10000
SizeofHeapReserve 0x1000000
SizeofHeapCommit 0x10000
LoaderFlags 0
NumberOfRvaAndSizes 16

.idata

MD5 e8e704aa8bede6cabcf7dd97bf049a71
SHA1 29c78185d0c650e9b0c5bed2b48e9462fa290510
SHA256 6f3fd82a657644f2662844ad93c0d746dad4a72016dba1e399e4125edb1c6472
SHA3 7086937f54d5f16b62ca89ea9741a068f62aaf2ecb3300ddf1951da06e8f7c98
VirtualSize 0xc14
VirtualAddress 0x1000
SizeOfRawData 0xe00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.37351

.data

MD5 01932fcc1e41507ccb30b839addda7ea
SHA1 42dc93bb7af6e502a77d99416ecd52f1ec177c20
SHA256 2c377f74ad107e454c0f9490602a47b094b5519ba2f1ae0e749dfca5b10bc828
SHA3 bf63cf3ca53d2fa50ed49977c63aa592f6ee7737a6427f95079a33a4464af288
VirtualSize 0x36e
VirtualAddress 0x2000
SizeOfRawData 0x400
PointerToRawData 0x1200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.58326

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x13df1
VirtualAddress 0x3000
SizeOfRawData 0
PointerToRawData 0x1600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text

MD5 b6e052d527da1042a7fa8b0ba02e021c
SHA1 c88bd1f8ed5493265126ec423e8193075e730191
SHA256 bcda5aaa679c1794052a829cb32184decf70c5f4c04dcc5e55faa6592756d808
SHA3 1bd2c05659f3bcbbc1a2615bc698958466fc09a3c4468896f2b222c4fd2eab85
VirtualSize 0x4317
VirtualAddress 0x17000
SizeOfRawData 0x4400
PointerToRawData 0x1600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.83774

Imports

KERNEL32.DLL GetCommandLineA
GetProcessHeap
HeapAlloc
HeapFree
GetStdHandle
SetConsoleMode
CreateFileA
SetFilePointer
GetFileSize
WriteFile
ReadFile
CloseHandle
GetLastError
LoadLibraryA
GetProcAddress
GetTickCount
ExitProcess
GetModuleHandleA
USER32.DLL MessageBoxA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
BeginPaint
EndPaint
FillRect
InvalidateRect
GDI32.DLL Ellipse
USER32.DLL (#2) MessageBoxA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
BeginPaint
EndPaint
FillRect
InvalidateRect

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!