3c6aa88b4c5be2bdcb29c2a075f9db97

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Dec-03 15:04:16
Detected languages English - United States
CompanyName HTVGBnJ
FileDescription LnBHspSWv
FileVersion 0,7,7,4
InternalName DkNIihDaw
LegalCopyright пїЅ ADiLZAts 1998-2009. All rights reserved.
OriginalFilename zKrPboc.exe
ProductName zEOwjhJjeU
ProductVersion 0,7,7,4

Plugin Output

Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 3c6aa88b4c5be2bdcb29c2a075f9db97
SHA1 ec12ed458867fea2dcd843d4ce93cfc19e978558
SHA256 3bd42722a4f499464fefbadfcc10ed5bb0adcd2e103d92a37ded574e64ee9ce1
SHA3 a4a36c7049b84a7c5187665475766918e5bbb9f74c6ea2d89fba9436414de70c
SSDeep 384:sbE/NQpcLhOmraOJuPi5kuQinJF83W/gUCG5W+1zSl0KMtD2JJ:aE/NQp2hOm+iuPimNiH82gUCGsCSzMV
Imports Hash 4dd6e11f0f6e99cf0ae83eb529f91021

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2017-Dec-03 15:04:16
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x800
SizeOfInitializedData 0x4400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000015E0 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x8000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 4b593b32c52c47ee283d130ae95447ae
SHA1 f2b4f6925ac9999499cde878fe4403ceb5e2b7d0
SHA256 49b20a67e4b40d690f945a2abf0f8a18255455b33bf778667d38a27281053226
SHA3 d4833177fbb022b1a1d9846f2e70ef6e5301c5788bbf513d1acc607e94c17d24
VirtualSize 0x641
VirtualAddress 0x1000
SizeOfRawData 0x800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.86225

.idata

MD5 2c1170e7432ed8a200de2312b791d6e7
SHA1 683c26d5690c7e2c3f1cbd91d2b5e5e236b24f9b
SHA256 c4921684e3e3332b22ba133136afbc9c796fd0f1f87b712d2845d39bb6c37d75
SHA3 a25dc2e223317476558567db709780930302ce4e2d7667a81c77f1d674318b7f
VirtualSize 0x240
VirtualAddress 0x2000
SizeOfRawData 0x400
PointerToRawData 0xc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.94979

.rsrc

MD5 717f8f695411e5274adf754890fc3289
SHA1 7ed154ee239ab3358641d8610e41454213237002
SHA256 274f760af74039c6dd87a9c9edeaa34de62308b0b034340792bc375863874ea3
SHA3 985071efedb129c41f623d7fb431049b784c21f2d54307c2637592264a22e1c9
VirtualSize 0x3cb0
VirtualAddress 0x3000
SizeOfRawData 0x3e00
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.33077

.reloc

MD5 d04b8293dc739d93129af264dceed892
SHA1 363b78334f167d4ce1ff10f92100eb736b66820e
SHA256 3d01030dc7146d04d1e77a5473d082949b559653979370ffd19a8beac2beaa40
SHA3 3e2f98db01086bbdb6e7225b9828f18629158b7698baf8de5caa2c3da744cc50
VirtualSize 0x38
VirtualAddress 0x7000
SizeOfRawData 0x200
PointerToRawData 0x4e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.849887

Imports

KERNEL32.dll LoadResource
VirtualAlloc
GetCommandLineA
ExitProcess
FindResourceA
GetModuleHandleA
USER32.dll CreateWindowExA
RegisterClassA
DefWindowProcA
GetDC
GDI32.dll SetPixelFormat
ChoosePixelFormat
OPENGL32.dll wglCreateContext
wglMakeCurrent
glGetLightiv
glLightiv

Delayed Imports

WOXG

Type DOYX
Language English - United States
Codepage UNKNOWN
Size 0x3914
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.55316
MD5 3d40ab9c59550fa4e6763a89c00e2a37
SHA1 db904984c15b868a8ccb4cca6d5897ac9e0d0388
SHA256 1ff133be6b00605502246b37da610bea103e9bc19959ebd2e5e085281b64fe79
SHA3 fe59f42029c1d2b6f6b4cfe46550b0983deb014a1271b90c55032c22a27017d7

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x2d8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.598
MD5 8d10d2177778772e2aa72f949b6612b7
SHA1 1ededd77ecc18d57d4648eee1ef76ed8e72be3db
SHA256 c03a68c81c9cbf6063d419c182dbdc21d3b17c026723b4d6fc4d4055b7d17970
SHA3 da5e461635f8de5666e1994f6506b94cc7bc98f855dd41c5fd21be1786208395

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 9.74.183.8
ProductVersion 8.15.267.7
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName HTVGBnJ
FileDescription LnBHspSWv
FileVersion (#2) 0,7,7,4
InternalName DkNIihDaw
LegalCopyright пїЅ ADiLZAts 1998-2009. All rights reserved.
OriginalFilename zKrPboc.exe
ProductName zEOwjhJjeU
ProductVersion (#2) 0,7,7,4
Resource LangID English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2017-Dec-03 15:04:16
Version 0.0
SizeofData 204
AddressOfRawData 0x103c
PointerToRawData 0x43c

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x91225190
Unmarked objects 0
Imports (VS2017 v15.?.? build 25203) 9
Total imports 16
C++ objects (VS2015 UPD3 build 24210) 1
Resource objects (VS2015 UPD3 build 24210) 1
Linker (VS2015 UPD3 build 24210) 1

Errors

<-- -->