45134e239f946afee58fcf000c23f975

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE contains functions most legitimate programs don't use. Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 45134e239f946afee58fcf000c23f975
SHA1 db03f4cb466cec3a26e3c36ef9ff7e17c0806a3c
SHA256 34021144a975064a5c9de942f78cb78584863545921cdbae8b60ab7b3f65952c
SHA3 4475d16629128a1d5aae60d0664672f235fb47c6900961538791de70c3d29440
SSDeep 768:GHtHseXjelZN8VhPPdbf12rlIPY5QXTFLW3xoW/t3Ig6lQ:uBsflL+DSWDFWv/FIb
Imports Hash 8046a90bd7e2c28efd7802ff62230336

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x4a00
SizeOfInitializedData 0x6600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x9CAF0000 (Section: ?)
BaseOfCode 0x1000
BaseOfData 0x6000
ImageBase 0x63510000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0xf000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 2c747915ce3342914e05969b9585d220
SHA1 22a0a7181cc25ad33b4e3348310079d9c64066cc
SHA256 ed181576940d72ebd1e0286520c5efa5f4879726d8ea77e2ae3dff0b3b3f2e48
SHA3 3856809ba11210f0e18c3d7317b01688f7328b55e87574475d4b57e5d8609228
VirtualSize 0x5000
VirtualAddress 0x1000
SizeOfRawData 0x4a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.33248

.data

MD5 cbfb7e1a41afe229f5fddf562acf6da5
SHA1 9217244ad07d75bafcbe9fb0904f3310138ca2ef
SHA256 f99c75443f5ef79ed744717c48a7e9693ab21b3b5e1e2d6b6c583c30ee6e16e4
SHA3 da52141ade5ab9c890e712ab61f3e48bb78a0eec6778d9b0e9511d2950a1e1e8
VirtualSize 0x7000
VirtualAddress 0x6000
SizeOfRawData 0x6200
PointerToRawData 0x4e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.42767

.idata

MD5 88a2b42100e1317aeaf3c68a4f48fb0a
SHA1 9cb457a7325bbd129c41c1f3e9bab89d4fec0822
SHA256 0114c12ecef2b02b6974b2e3e2913bf99b5f4b732f0b41a22f7ce6a437829201
SHA3 6c71638ff94c57708cd34111609927853343e2b4b3678627b27518c0b0f07c35
VirtualSize 0x1000
VirtualAddress 0xd000
SizeOfRawData 0x200
PointerToRawData 0xb000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.17342

.reloc

MD5 3dc8af4ccb696993a0c3aeca4ab376a0
SHA1 91bca527aa2619be86b6ee2a85e074c9ae74d786
SHA256 45356d797ebc69ea1b8c7c8fc442d1f13d663e6f02a9f7ce71c3695d2b66e1dd
SHA3 395e0e0e918cc414b47e1246c38e6440f1b40f8c7798ae512a28f63c980d75b4
VirtualSize 0x1000
VirtualAddress 0xe000
SizeOfRawData 0x200
PointerToRawData 0xb200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.82906

Imports

KERNEL32.dll VirtualFree
VirtualAlloc
GetSystemInfo
VirtualProtect
GetModuleHandleA
GetProcAddress
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
CompareStringW
lstrlenW
lstrcatW
GetStdHandle

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2019-Mar-18 18:21:57
Version 0.0
SizeofData 112
AddressOfRawData 0x2990
PointerToRawData 0x1d90

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2019-Mar-18 18:21:57
Version 0.0
SizeofData 20
AddressOfRawData 0x2a00
PointerToRawData 0x1e00

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2019-Mar-18 18:21:57
Version 0.0
SizeofData 328
AddressOfRawData 0x2a14
PointerToRawData 0x1e14

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2019-Mar-18 18:21:57
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read the exported DLL name.