Architecture |
IMAGE_FILE_MACHINE_AMD64
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date |
2023-Jul-18 09:30:02
|
TLS Callbacks |
2 callback(s) detected.
|
Debug artifacts |
Embedded COFF debugging symbols
|
Suspicious |
The PE is possibly packed. |
Unusual section name found: .{N3v3R}
Unusual section name found: .xdata
Unusual section name found: /4
Unusual section name found: /19
Unusual section name found: /31
Unusual section name found: /45
Unusual section name found: /57
Unusual section name found: /70
|
Suspicious |
The file contains overlay data. |
27580 bytes of data starting at offset 0x6c00.
|
Malicious |
VirusTotal score: 5/72 (Scanned on 2023-11-17 19:44:50) |
Bkav:
W64.AIDetectMalware
CrowdStrike:
win/malicious_confidence_70% (W)
Cynet:
Malicious (score: 100)
Trapmine:
suspicious.low.ml.score
Jiangmin:
Trojan.Generic.gdhav
|
MD5 |
3820bb321a82bbd19bc8119150214c57
|
SHA1 |
f33a921f460d1c55d87bce7cc1ada754f86461cf
|
SHA256 |
5a4c334c0554781aafe7fac068b22abdf3db7277a2840d9f14883ede16081dbb
|
SHA3 |
bdfd720d8c7ac90015bf2b5db9cfb0047c47a1311c2e09f52e2c38383a9f773d
|
SSDeep |
768:G86kaU2sPXvv4AO9cifEqTIYv4gKNwFP2B6lJL03ZWB+e:GZkftPX4AO95EqTIm4gKN2P2B6g3Mn
|
Imports Hash |
860fabebc1a853201f961437f9852295
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x80
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections |
15
|
TimeDateStamp |
2023-Jul-18 09:30:02
|
PointerToSymbolTable |
0x6c00
|
NumberOfSymbols |
1181
|
SizeOfOptionalHeader |
0xf0
|
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32+
|
LinkerVersion |
2.0
|
SizeOfCode |
0x1e00
|
SizeOfInitializedData |
0x3800
|
SizeOfUninitializedData |
0xa00
|
AddressOfEntryPoint |
0x00000000000014E0 (Section: .text)
|
BaseOfCode |
0x1000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
0.0
|
SubsystemVersion |
5.2
|
Win32VersionValue |
0
|
SizeOfImage |
0x13000
|
SizeOfHeaders |
0x400
|
Checksum |
0
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve |
0x200000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
e088e5b8885b644eb33836efa57a1dcb
|
SHA1 |
edbd594c7e4d86cd9634e1c167b7b0b63a62afc8
|
SHA256 |
817e868122f05c65f756cb1b301192e44f33b527be93e5646ae94ad1ae7cb822
|
SHA3 |
9a2677a21abe8d0643f1f8f30d3a4add60b1707d5f5696d89f9fcfd0163cca7d
|
VirtualSize |
0x1cc8
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x1e00
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
5.86195
|
MD5 |
2e442c72856ae82357f9aa54bfe548c3
|
SHA1 |
786f0b4a81f7480e7e99ed269eb397a08fcc0f81
|
SHA256 |
d6ecb0a0b407598b42ff1526a2edcc6b47d1c2c3c9d23e18d971dadff98c028d
|
SHA3 |
c1bbd09ce56eb7a073fa0a173d555f2773ee44361823d1eee9ea4c797f9460a1
|
VirtualSize |
0xd0
|
VirtualAddress |
0x3000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x2200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.810182
|
MD5 |
98bb827c66db6bfdeba40675b989d906
|
SHA1 |
37e7172a6ecc5e41a09171166447f47d429b6b32
|
SHA256 |
83d3b95e4e5a3c74a755a15959921bdeffa2a7a1239b8d257d66dfde990cb03f
|
SHA3 |
38b2c92eb6f04929c991e880bbfa7e702e5217c6414ad5c305b94d2afa592db7
|
VirtualSize |
0x4f0
|
VirtualAddress |
0x4000
|
SizeOfRawData |
0x600
|
PointerToRawData |
0x2400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
3.57429
|
MD5 |
6f813acf64741dbcd9aad02dea896ed5
|
SHA1 |
587ea25f3f907d4f9b69feb661039f78ca06c715
|
SHA256 |
bcbc5b883085a6169a3996edf28ef2f22ee5f407715c3a8578298ab5ab0ee8b4
|
SHA3 |
3fc0f2781e8bcb58abda504ea70b3a62d945cc25cf3df98e03be9057ff4b9604
|
VirtualSize |
0x270
|
VirtualAddress |
0x5000
|
SizeOfRawData |
0x400
|
PointerToRawData |
0x2a00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
2.62864
|
MD5 |
3ce5629c2ceb6973b253a1e9f94f123e
|
SHA1 |
3048a66b72cfa8a2fc5bcf190c902deca493ed47
|
SHA256 |
6450f191ecf1bbd26988714771f95c3c08c7c4bff45f1aed46f9c2cd023395e0
|
SHA3 |
6454a92f7fb6d68bda304d49e1c7dc02711f7629672c23ebbf3e3e2c519bc6e0
|
VirtualSize |
0x1f4
|
VirtualAddress |
0x6000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x2e00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
3.74
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x980
|
VirtualAddress |
0x7000
|
SizeOfRawData |
0
|
PointerToRawData |
0
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
b41b7cc36d2fdf63134eb6d7082b3739
|
SHA1 |
753e4badd9346e8a79e19f58da14aeb138a4edea
|
SHA256 |
ddb7f8a03dbb5417a4dfa34f50a6a99d4c32f0d3101001c00663ce317dab53ff
|
SHA3 |
13dc20f3ca4670a2edaf11fd34bf346255def2aeb507226f71130ccd88765209
|
VirtualSize |
0x76c
|
VirtualAddress |
0x8000
|
SizeOfRawData |
0x800
|
PointerToRawData |
0x3000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
3.43599
|
MD5 |
9687636abc388c56a56495352c7c04dc
|
SHA1 |
ae767d2694b3b230e756058f009f99e85f55747b
|
SHA256 |
ca099ae4ea3d2737427f2b9df363c37a0f70b6fc20deab67f8d9b5d4ab3baa2f
|
SHA3 |
aa56ba39fed18b87910ab455e918bd0770edf38c23961c3c10754d7b0cb9f7b7
|
VirtualSize |
0x68
|
VirtualAddress |
0x9000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x3800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.270919
|
MD5 |
bf619eac0cdf3f68d496ea9344137e8b
|
SHA1 |
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
SHA256 |
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
SHA3 |
622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
|
VirtualSize |
0x10
|
VirtualAddress |
0xa000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x3a00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0
|
MD5 |
39a7836229866ea2863d8dd3f33feab8
|
SHA1 |
66c86cae54051c15d3febf58fffc5bab73f9b09e
|
SHA256 |
b8fb7c40108351c64a742a27fb89d2fb3aa180f061a821d945ba02aa31832f8c
|
SHA3 |
c06045b6d87ab626ce84149cc20ab118c98b15ef6c6b8e0645bb1b48ff13aaf7
|
VirtualSize |
0x80
|
VirtualAddress |
0xb000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x3c00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
0.37651
|
MD5 |
2f46b24b3bab5664bb5d249b28ed607f
|
SHA1 |
0282e5c52d81195d7ad46b5c60ae62c5777bbf63
|
SHA256 |
f4c23e2830bae33db8d28aba45412ecdce40e808c86f31836ce5d2776e19108f
|
SHA3 |
84c6895f9c22a716a0b7e471a08ebe61d1e72e5056f7183c26633bf9b57ec852
|
VirtualSize |
0x224d
|
VirtualAddress |
0xc000
|
SizeOfRawData |
0x2400
|
PointerToRawData |
0x3e00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
5.78519
|
MD5 |
09ab8bbe179e7844d126ff6ec35a5f8d
|
SHA1 |
d7fe3997944c7614590aff493f6a61701956aae9
|
SHA256 |
eed30af53006bae0fd19b1bcfb861e622dddc2aa939833e876b8da0f1b59062b
|
SHA3 |
106c5e44c960fd4485e9b9360a51516588ab296dcdb564b6388bd56fe8898fd0
|
VirtualSize |
0x1d2
|
VirtualAddress |
0xf000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x6200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
4.1733
|
MD5 |
3d961ea09f23042bd427badc19b25fc5
|
SHA1 |
7accd9009144a8b029a5a9db65483d7c69287e1a
|
SHA256 |
58589ae0577d26fa7e905f20e64df17ed260c08c69a82d61671736df9ccd5eb8
|
SHA3 |
73e54339e029a474766ac3de2942ce84499b058528be4b7c4fab1b6a9bc5014a
|
VirtualSize |
0x2f6
|
VirtualAddress |
0x10000
|
SizeOfRawData |
0x400
|
PointerToRawData |
0x6400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
4.21225
|
MD5 |
7a1b8a86150eb0df7d84f3173a49eaf7
|
SHA1 |
3fe2bbdfce7aee168646f741f09ecbe4a2952354
|
SHA256 |
50669d611b638e8405f25c6f32a70fbe87674876aee5205ac1c87c5d375bcb4f
|
SHA3 |
c0176bed9e0ac5d9b6fc18bb9628e08237f778be564405e99f4410e3057eeaa4
|
VirtualSize |
0x88
|
VirtualAddress |
0x11000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x6800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
1.20191
|
MD5 |
406b70665a5983d1f1682455c669f732
|
SHA1 |
cd4948c16f5c1f704094631efdae20e951f63b2d
|
SHA256 |
7e05ddbff0b1130bbd8deab9f81bcdb16a63c8372520701bafca61b32adb62d5
|
SHA3 |
07a4212c103160e3798a7098c4fe23139d052bde8311ed7c5fac365ff818d409
|
VirtualSize |
0x9b
|
VirtualAddress |
0x12000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x6a00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
2.32078
|
KERNEL32.DLL |
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
|
msvcrt.dll |
__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
printf
signal
strlen
strncmp
vfprintf
|
StartAddressOfRawData |
0x40a000
|
EndAddressOfRawData |
0x40a008
|
AddressOfIndex |
0x4075fc
|
AddressOfCallbacks |
0x409040
|
SizeOfZeroFill |
0
|
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
0x0000000000401880
0x0000000000401850
|
[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /31!
[*] Warning: Tried to read outside the COFF string table to get the name of section /45!
[*] Warning: Tried to read outside the COFF string table to get the name of section /57!
[*] Warning: Tried to read outside the COFF string table to get the name of section /70!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!