44733585b25d35d307cd946de0ed974c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2019-Apr-12 17:40:08
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
  • LoadLibraryExW
  • LoadLibraryW
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 44733585b25d35d307cd946de0ed974c
SHA1 977f9176acb5ea747c40a3b610bdc473927df633
SHA256 fe6238fcba28ba9969b46e3216699dcc8209fc175f70004f2be8edabde103015
SHA3 cf75aad227ee5ca498bd7134a28f255c2217bed3d671c61b1ff0abfaad72a779
SSDeep 6144:Mr253CfPpENCF26NFQuTJQJtIgnqsEkKN3I4pYngbe9bLIEbZhwSOVOrD+0tcHl:RFoAY28PJQXIgnZEkKN44pQ9bLI4wSO
Imports Hash a7c631e8bf7340f7c53df7285359b596

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2019-Apr-12 17:40:08
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 11.0
SizeOfCode 0xa600
SizeOfInitializedData 0x47e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001000 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xc000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x56000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 66d529d2195660a16025ca5eb5e02d6f
SHA1 2c9edd23949e879850cf38be5222e9a4db559cad
SHA256 f2c88c2d32adebbd34a69620acd6e0173520455aa22302da6ece6e8020324856
SHA3 c8056bce8e92b220541d43481d8cd552a81d497918e480151fc3f505dc4bc582
VirtualSize 0xa5b0
VirtualAddress 0x1000
SizeOfRawData 0xa600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.67793

.rdata

MD5 6063d688039c263c2e616db6738dcfb4
SHA1 634db026ec48106ccd026f489f4bf1dce4a876c2
SHA256 a4e6404cf3a1b8259dfd27a969a784f8b8c352b4745b2053cc0ba4c173340353
SHA3 6d5ad485d312aab8cec9bee9570da1eb8ae4e5a27f467a13edb0f4c3e1fae433
VirtualSize 0x2cf0
VirtualAddress 0xc000
SizeOfRawData 0x2e00
PointerToRawData 0xaa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.87644

.data

MD5 fe997ad384397e56e936f682f3e2bb5c
SHA1 326b58b92d7a0778409670f0cdd8ff38413f47b5
SHA256 5070f92dd6b801fdec53ff1b740bf46df22f670dd99e9a52264327d7b6b81dd1
SHA3 bbd446ce13521938558fa6b108749e2fe8e2c2b8441b5d14eac4d9fd67723cbc
VirtualSize 0x42010
VirtualAddress 0xf000
SizeOfRawData 0x40400
PointerToRawData 0xd800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.51856

.rsrc

MD5 28c1b0e4a2260600cd16044bfa04b8b9
SHA1 40aa8928f30e0ea8837808b61c8edd77c47e9b86
SHA256 5abcb38ecfb7005cbd414b29b8f671cdf2b26c011639611b793a33e08fca0bb8
SHA3 ae6befaf49124cdec6f0f04b0bf1ae6f68bb3535230ea4bee05fab186069822d
VirtualSize 0x1e0
VirtualAddress 0x52000
SizeOfRawData 0x200
PointerToRawData 0x4dc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.70436

.reloc

MD5 a1fb1afbf96e614df45f1e1386b8b85c
SHA1 02a735e907ab13cbd32e1e5ee5f0037c32c15d84
SHA256 ca2b187affbf69a50e4ce9148da9fc8981908634465640434f29a935ac822b51
SHA3 c6a89d680c55b81cc0d3e1dd6a67380fab3e26658985c6bfc85e93ed606318a7
VirtualSize 0x2a40
VirtualAddress 0x53000
SizeOfRawData 0x2c00
PointerToRawData 0x4de00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.99843

Imports

KERNEL32.dll GetProcAddress
LoadLibraryA
CreateFileW
CloseHandle
LocalFree
GetLastError
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
RtlUnwind
EncodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsGetValue
FlsSetValue
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetModuleHandleW
DecodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapAlloc
InterlockedIncrement
InterlockedDecrement
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
Sleep
WideCharToMultiByte
GetStringTypeW
LoadLibraryExW
OutputDebugStringW
LoadLibraryW
LCMapStringEx
GetFileType
InitOnceExecuteOnce
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
OLEAUT32.dll #411

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x40f040
SEHandlerTable 0x40e310
SEHandlerCount 7

RICH Header

XOR Key 0x84de57a0
Unmarked objects 0
ASM objects (50628) 16
C objects (50628) 96
C++ objects (50628) 37
Total imports 82
185 (30716) 5
211 (VS2012 build 50727 / VS2005 build 50727) 1
Resource objects (VS2012 build 50727 / VS2005 build 50727) 1
Linker (VS2012 build 50727 / VS2005 build 50727) 1

Errors

<-- -->