Manalyze report for 3cd1a0301c22df1409cefd2486f7e342

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-May-23 11:58:52

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX -> www.upx.sourceforge.net` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `The PE only has 6 import(s).`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc`
Malicious	The file contains overlay data.	`478 bytes of data starting at offset 0x1c000.` `The file contains a Zip Compressed Archive after the PE data.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`3cd1a0301c22df1409cefd2486f7e342`
SHA1	`9bd9b3d7bcbdcef0ada31f0efa1f8e88e96c2901`
SHA256	`7812446d1d309647e58dc436b12d3d5851fbd86cd29acc9436f9fced0d275370`
SHA3	`9c40f405a57c56c45bb67d9ffb7bcba4c8f3f570385c1f60a810a0729b6cd32a`
SSDeep	`1536:8ctc+AsTqAjg0ae2wbTbryvwq9c4ZVXNqXvGLUH5EUcAtGW+tc8BsYuz2o20:xtc+9njgy2w6vvzfXYftuEn+tLu2H0`
Imports Hash	`e58ab46f2a279ded0846d81bf0fa21f7`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2017-May-23 11:58:52
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x1a000`
SizeOfInitializedData	`0x3000`
SizeOfUninitializedData	`0x4f000`
AddressOfEntryPoint	`0x00069460 (Section: UPX1)`
BaseOfCode	`0x50000`
BaseOfData	`0x6a000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x6d000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4f000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`009bfd1d682b069a8263461ae157cc4c`
SHA1	`ef927ff40b3bc150e962766448df560503d41f48`
SHA256	`577bdfa2b4b03a14f3a47cd051afd9212e98764804aa1613072b28a86e795bb7`
SHA3	`28420ac7c2cf25b0958b63590170c512034d8cde0fbf52745fe351d495391c9d`
VirtualSize	`0x1a000`
VirtualAddress	`0x50000`
SizeOfRawData	`0x19800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.88759`

.rsrc

MD5	`a7db6c4b7d9a56f8044cf917104c1e72`
SHA1	`715d814a0af3f193528bfaf7e1aae69905352dd1`
SHA256	`d35b0badacc6b420bfc576f6651434dc4498704240c3e057d8a27cee2ef262a2`
SHA3	`f70b71dcbcbbf90e0462f72694a68280b2c6c41dd661070251a360db1efe6eaa`
VirtualSize	`0x3000`
VirtualAddress	`0x6a000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x19c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.3116`

Imports

KERNEL32.DLL	`LoadLibraryA` `GetProcAddress` `VirtualProtect` `VirtualAlloc` `VirtualFree` `ExitProcess`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Could not read the Delay-Load Directory Table!
[!] Error: Could not read the IMAGE_EXPORT_DIRECTORY.
[*] Warning: Section UPX0 has a size of 0!