4820611426613f6958ce0ef9de859118

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2015-Mar-16 05:21:25
Detected languages English - United States
Debug artifacts C:\Documents and Settings\SQUIRES_AP\Desktop\Freq\Debug\Freq.pdb

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • GetProcAddress
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 4820611426613f6958ce0ef9de859118
SHA1 8c77fde084895b160c66e45f9ff3c8a3797a14a3
SHA256 96807ea5597050ababaeb67683218d036972908cbb8a05982d5db269498d5f87
SHA3 0b2fc34d5f612d3fea8ee0feed0ad1031c8e9fd4dac86e6c1084404d8dc31af4
SSDeep 768:bj1RuzdZabdnXHniMCdG5YPyIUHyPmW6t3mF:agbJ3u3PyIUW6tE
Imports Hash c08d205cacaa1eefa2e86da6fef81330

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2015-Mar-16 05:21:25
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 10.0
SizeOfCode 0x7600
SizeOfInitializedData 0x5e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00005CE0 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x9000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x11000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 0535d8215eda46a305dac0e5a5deee90
SHA1 a4aed94895fa7687630d2617b35a9539cd735b62
SHA256 0dfcef3bc72c90dae87abc0d099ed3a1f29dac1dee85f88c68308de3e648078b
SHA3 784034ea7fbb60df3ea10e7a2ba0bf1ee4dc743893cc4be50734187824b6a1c3
VirtualSize 0x75c5
VirtualAddress 0x1000
SizeOfRawData 0x7600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.04378

.rdata

MD5 8046bee67e9d9879233775a478e48823
SHA1 8f457e454f8c7103b01306ef4db4cb73398a9134
SHA256 9419d2ae4f76b39fd9947695d90811d2c6c017e9ac24532d399ef536872a1b3e
SHA3 c9eaef5c973f836fb9bbbbe53709b9d201693b8834fca20e71922749d0bcad6b
VirtualSize 0x29db
VirtualAddress 0x9000
SizeOfRawData 0x2a00
PointerToRawData 0x7a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.95012

.data

MD5 642a27e5385a454805b27c3d5713895a
SHA1 61596d36ac07f3d71a034644c3b328dd13c85d5e
SHA256 fc5d62b3a9de517b597307a1a3b35e20946aeb93634af79eb2eca1673504a17d
SHA3 2b9304903b5597f11f48e09f426a1c1c6bc1317f6fb5b510eb2d552ca003dad1
VirtualSize 0x15c4
VirtualAddress 0xc000
SizeOfRawData 0x200
PointerToRawData 0xa400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.1763

.idata

MD5 47e15d337708b286c450a833eac170a8
SHA1 ceb77790829522e837ee0759c6a6cb9839ae4845
SHA256 1382fe0b6331801ddf09c89dca70bade2b4bb6b2691b74092b79333bae75d6fc
SHA3 aa5aefd73366f26cc54d6d2735788ce3efa0e16f707c1007841748d4e041166e
VirtualSize 0xa48
VirtualAddress 0xe000
SizeOfRawData 0xc00
PointerToRawData 0xa600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.84263

.rsrc

MD5 0a171ef6b26c2a2a6880ab48057921c8
SHA1 9cc7b69a0b480028dd91e357bfeef3c47342c2ba
SHA256 8c96835ec4514202c2423f876cb2051de7cb68e9168a803b303a5b68ccf6de4d
SHA3 8e5a765da7ac719febe3157b1e88928879884394db4a660134afb8881b21c181
VirtualSize 0x459
VirtualAddress 0xf000
SizeOfRawData 0x600
PointerToRawData 0xb200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.24576

.reloc

MD5 86aa1b302be63cf31fcf1c1c037b8aca
SHA1 04d9f460612eed96700e525c9f785da396bb3478
SHA256 0d08c4460179079654057fa910ae8455509f414b509e3fecd974dd5847a833db
SHA3 24fed780925fd72badf331791c33dea9440043426c76a75a8f5f0d123aabf57c
VirtualSize 0xb38
VirtualAddress 0x10000
SizeOfRawData 0xc00
PointerToRawData 0xb800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.03507

Imports

KERNEL32.dll FindFirstFileA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
FreeLibrary
GetModuleHandleW
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
EncodePointer
LoadLibraryW
GetProcAddress
lstrlenA
RaiseException
MultiByteToWideChar
IsDebuggerPresent
WideCharToMultiByte
GetSystemTimeAsFileTime
MSVCR100D.dll _exit
_XcptFilter
_cexit
__initenv
_CrtSetCheckCount
_CrtDbgReportW
_initterm
_initterm_e
__getmainargs
wcscpy_s
_wsplitpath_s
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
_controlfp_s
_invoke_watson
_unlock
__dllonexit
_lock
_onexit
_amsg_exit
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_CRT_RTC_INITW
vsprintf_s
strlen
strcpy
qsort
atof
strncpy
_write
_close
_lseek
sprintf
?_open@@YAHPBDHH@Z
_errno
strerror
_read
strncmp
remove
malloc
printf
__iob_func
fprintf
exit
_wmakepath_s

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x196
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.93317
MD5 7cb71b006fcdcf8ade80e31fd5ab8060
SHA1 655380fb2cca01b0ca707f748fc7dcf006732518
SHA256 be8918559280a2e74748bf8f6238b568ed7cbf75183b2180a6a8a979a1ebf243
SHA3 1a03e76e664cba5cc9c5b4570c991d3f72475aebcf3d870270d080dcf1246092

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2015-Mar-16 03:29:48
Version 0.0
SizeofData 89
AddressOfRawData 0xaf94
PointerToRawData 0x9994
Referenced File C:\Documents and Settings\SQUIRES_AP\Desktop\Freq\Debug\Freq.pdb

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x40c0a4
SEHandlerTable 0x40b100
SEHandlerCount 1

RICH Header

XOR Key 0xa78037cb
Unmarked objects 0
Imports (VS2010 SP1 build 40219) 2
ASM objects (VS2010 SP1 build 40219) 1
C objects (VS2010 SP1 build 40219) 19
Imports (VS2008 SP1 build 30729) 3
Total imports 79
C++ objects (VS2010 SP1 build 40219) 8
Resource objects (VS2010 SP1 build 40219) 1
Linker (VS2010 SP1 build 40219) 1

Errors

<-- -->