44612d225d93c39fe460eacb659054e6

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Suspicious This PE is packed with RPCrypt Unusual section name found:
Section is both writable and executable.
The PE only has 2 import(s).
Suspicious The file contains overlay data. 40 bytes of data starting at offset 0x400.
Malicious VirusTotal score: 5/66 (Scanned on 2018-03-06 08:53:01) Cylance: Unsafe
AegisLab: Malware.Gen!c
Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9753
AVG: FileRepMalware
Avast: FileRepMalware

Hashes

MD5 44612d225d93c39fe460eacb659054e6
SHA1 16dd4dd8dc52ba30633ff2baa47b786d18325a38
SHA256 39d41e1814a82488f14acfb06e96920ca5a633dc90acb31b21ab98b3cebdef5b
SHA3 bb9782fd60923b6aa4514d018ed32e53492a67c3cb8f3a9edd925b1bc2acd22a
SSDeep 3:GltlVg//t/Kknlldvl/zllVNz1Wll1XNllbuhzAQjEqL+VVAL0llH/l/N/13wllk:ya3t/KpuUQoVVucZ5B6tGR
Imports Hash 23285270545de4353386c2c1c9ed45a4

DOS Header

e_magic MZ
e_cblp 0
e_cp 0
e_crlc 0
e_cparhdr 0
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x40

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 1
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0x3a8
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 0.0
SizeOfCode 0
SizeOfInitializedData 0
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001000 (Section: )
BaseOfCode 0
BaseOfData 0
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 0.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x2000
SizeOfHeaders 0x428
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0
SizeofStackCommit 0
SizeofHeapReserve 0
SizeofHeapCommit 0
LoaderFlags 0
NumberOfRvaAndSizes 16

MD5 a4ec3ac9d9de0b5857951715a255667c
SHA1 44c05a0404985eb88796b9be367d26879ff12c1e
SHA256 9860ced7eb9530577f1fdd34af232e4de6087465a9c7f55931acbcbeb8edbb44
SHA3 e91f048636fc342a9f8490eb1e80866f96da1662995fd6d6d5c5bd97a79d2379
VirtualSize 0x1000
VirtualAddress 0x1000
SizeOfRawData 0x200
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE
Entropy 1.87651

Imports

kernel32.dll ExitProcess
msvcrt.dll printf

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: directory 1 has a size of 0! This PE may have been manually crafted!