4375eb7eda2960a8741492b8286dde4c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2021-Jan-19 15:30:09

Plugin Output

Info Matching compiler(s): Microsoft Visual C# v7.0 / Basic .NET
.NET executable -> Microsoft
Info Interesting strings found in the binary: Contains domain names:
  • .x.qxyuop.com
  • http://schemas.microsoft.com
  • http://schemas.microsoft.com/SMI/2005/WindowsSettings
  • microsoft.com
  • qxyuop.com
  • schemas.microsoft.com
  • x.qxyuop.com
Suspicious The PE is possibly packed. The PE only has 0 import(s).
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 4375eb7eda2960a8741492b8286dde4c
SHA1 631a447750fd9b9c0d49adb33b7bef3917afc43e
SHA256 67b9c254031daeed2f21be27e586765fe3a3e2d374a558d17f9af0d15bede27f
SHA3 26c005af1c8240bb70eb294f23c106cfb9b05759a37b6d2744a2ae0ef826ac9f
SSDeep 384:pNU30s+MLoTUf3eLoYQjNyjPC9wtjWFthuUoc5tu+Q3VRxi3hFW:pNUEs+MLoTUf3EQ+Audc5tu+QlRxYhY
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2021-Jan-19 15:30:09
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32
LinkerVersion 48.0
SizeOfCode 0x2200
SizeOfInitializedData 0x1400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000401E (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x6000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xa000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 fc25a551bb73a6d75df5bbebd1e67414
SHA1 aead34b2deae639a0f54a6725d8f6beebacafbbe
SHA256 0d400a75db5e17786b34d53fd36cf373d90036af21d9cf47a5ac3ce2fee521cd
SHA3 0439f687ecf0bf1e33118709e5b95354a3397f202ceec6b85a5fc384de10838c
VirtualSize 0x2024
VirtualAddress 0x2000
SizeOfRawData 0x2200
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.61271

.rsrc

MD5 f3f90d579f8ad4efbb6efd3c448da788
SHA1 51b2b3f0ba2dcd3e4f18c3714f4e5ef9d8714409
SHA256 624b5d8c0094b866fdc546a5bf9c7f24d4bd1848645b9b6e68f060c0605fdd18
SHA3 947bc152809987f9739a6e7a723dcd616ce8b6622ab80fb9ee90bd6efc5bada2
VirtualSize 0x109c
VirtualAddress 0x6000
SizeOfRawData 0x1200
PointerToRawData 0x2400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.96498

.reloc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xc
VirtualAddress 0x8000
SizeOfRawData 0x200
PointerToRawData 0x3600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read an import's name. [*] Warning: Section .reloc is larger than the executable! [*] Warning: Section .reloc is larger than the executable! [*] Warning: Section .reloc is larger than the executable!
<-- -->