3b167739e144158ba1cef008a87e54e0

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2012-May-11 19:50:35

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • LoadLibraryW
  • GetProcAddress
Safe VirusTotal score: 0/60 (Scanned on 2020-10-05 10:09:04) All the AVs think this file is safe.

Hashes

MD5 3b167739e144158ba1cef008a87e54e0
SHA1 d395ff24b1cd950740a0f68e978ca34364ee9a29
SHA256 80e76144d7c37f9f73f76d8fb5fb32147dac2910af7b89d10d43ea84a5f69547
SHA3 02d8482900c2919768b4ea17679d62206daf039a961a02a28f9932049771048b
SSDeep 384:EbDTRhgYWoXLX4AYyfcVfjyuQez0xdsT9GPBbF/+:ETXlWMZU14x+TI1F/
Imports Hash 137b94cb2a7dfb4595a5dc13b869b52b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 4
TimeDateStamp 2012-May-11 19:50:35
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 8.0
SizeOfCode 0x2e00
SizeOfInitializedData 0x1a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000038C0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x7000
SizeOfHeaders 0x400
Checksum 0x68b3
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 414723823ee4df637a0c4dcb7f5b6863
SHA1 8deba974216ac6555e8b208a0f0e60200b03eb69
SHA256 5b2ddda0a66d2b8981b256061f799c7f211233107e5a5090254e060b1e27e9a5
SHA3 28ac8b9706c562bef11b629e0ad6a383fc49f9bd15e66aa0f2c2453d38fdeae7
VirtualSize 0x2cde
VirtualAddress 0x1000
SizeOfRawData 0x2e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.33711

.rdata

MD5 56366d40f5ed100be3cd60d13f17392b
SHA1 6c30ec6169c6f4e19e0420f706d5eec8aa3bfec1
SHA256 95a9c352a8d981a0c0bd29748fe4c9b5b947aaa5303c630af02b2e58e905d023
SHA3 511c2013cffe65523438168bca39fd6c22e1d5c2506c8ba31b43ef30bf7be10e
VirtualSize 0xace
VirtualAddress 0x4000
SizeOfRawData 0xc00
PointerToRawData 0x3200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.90783

.data

MD5 9ae077863204a76bdc0a97f2c2719d22
SHA1 61d72cb5a8aeb14ec6fd0f9306d8ad48377fd8d4
SHA256 039c757550cc4a6a292a8a8fc9607071b7dc229c562e97320ba04fa5c2d5f365
SHA3 7250c76b150fb5ec8da74107cf9a0cb94540a80c09c9f0a4fa18fd25dabdfb78
VirtualSize 0xa80
VirtualAddress 0x5000
SizeOfRawData 0x600
PointerToRawData 0x3e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.40402

.pdata

MD5 6f131dad83140f8f4aec9a021cec04c1
SHA1 f23a22e47c3bb0c3e4514422e273e5b563d67cae
SHA256 0b3180854bda32dc870120fd907d8322defc0c3ff59ceef2a4eec0162d0e0d2e
SHA3 60d0137aea98c92d0ba3da21c6f962b538d54d81a07b6a46a3702fab4acab3f7
VirtualSize 0x1a4
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x4400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.34872

Imports

KERNEL32.dll WideCharToMultiByte
FindClose
FindNextFileW
FindFirstFileW
LoadLibraryExW
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
GetProcAddress
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
FreeLibrary
MultiByteToWideChar
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
USER32.dll MessageBoxW
CreateWindowExW
LoadIconW
SetClassLongPtrW
COMCTL32.dll #17
msvcrt.dll wcscat
_wcsicmp
wcscpy
_wgetcwd
towupper
wcsrchr
_wstat
wcslen
swscanf
realloc
fgetws
_wfopen
wcsncpy
_wgetenv
wcstol
memset
wcsncmp
_errno
wcspbrk
wcscmp
_XcptFilter
_c_exit
_exit
_cexit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
swprintf
_iob
fwprintf
exit
malloc
free
setlocale
memcpy
wcschr
__C_specific_handler
_wcsdup
fclose

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x5231962f
Unmarked objects 0
ASM objects (40310) 1
Imports (40310) 9
Total imports 73
C objects (40310) 15
Linker (40310) 1

Errors