Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date |
1970-Jan-01 00:00:00
|
Detected languages |
English - United Kingdom
English - United States
|
TLS Callbacks |
2 callback(s) detected.
|
CompanyName |
INVICTUS EUROPE
|
FileDescription |
Amber Packer - Reflective PE Packer
|
FileVersion |
1.3
|
InternalName |
Amber
|
LegalCopyright |
Ege Balcı
|
OriginalFilename |
amber.exe
|
ProductName |
Amber
|
ProductVersion |
1.3
|
Suspicious |
The PE contains functions most legitimate programs don't use. |
Memory manipulation functions often used by packers:
- VirtualAlloc
- VirtualProtect
|
Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
MD5 |
4d2614e1e2a2e943d4db00694039d9b5
|
SHA1 |
2fec16aa34d440ae3df6861bc026e0da1baca8b3
|
SHA256 |
9312d36a87a0a8cfa64c08d631fbdbd86680b262ce4764cac4819a7d325e6565
|
SHA3 |
eb19f626f4a95eda263cf8012277dd69080a3c695423463665930e6817ef7384
|
SSDeep |
3072:c1GDj1uZgwPlO45FrFCDhL+icZcOUmoz93z8aKDe8hNau7XcgSZS:cAj1uqMlOACtLzuKD1ue8hNauXb
|
Imports Hash |
09c3b6c93078d2fd3a1d39f61afc1e9e
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x80
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
8
|
TimeDateStamp |
1970-Jan-01 00:00:00
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32
|
LinkerVersion |
2.0
|
SizeOfCode |
0x1c00
|
SizeOfInitializedData |
0x3ca00
|
SizeOfUninitializedData |
0x400
|
AddressOfEntryPoint |
0x00001500 (Section: .text)
|
BaseOfCode |
0x1000
|
BaseOfData |
0x3000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
1.0
|
SubsystemVersion |
4.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x43000
|
SizeOfHeaders |
0x400
|
Checksum |
0x4b34a
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve |
0x200000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
10362d62e71f338bca50bfc919bbc0d2
|
SHA1 |
901e0236f694251d1123d47f7ad528a2ac76631d
|
SHA256 |
0c8d7c21a2be698d6d1a9722fc894710320bc76d91febbee81599102de53d2ff
|
SHA3 |
337819794a762fb40c6172df0e6573f28f6fc2846f290fe11bc75b68f3a1e532
|
VirtualSize |
0x1b34
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x1c00
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
5.98612
|
MD5 |
0ad00f9ec22cb82a1418a045c9568a77
|
SHA1 |
4c4ede70deb2fa08c3066f59f10e7e53747c8b0d
|
SHA256 |
1960db38c31b8c85c7210e2fc966a41f8fb778e40708107a71981101105cef4e
|
SHA3 |
e157a2cb56a5e84a3d7d613f900bfaf329e8123a03aec67fb2433c2e88b57831
|
VirtualSize |
0x131e8
|
VirtualAddress |
0x3000
|
SizeOfRawData |
0x13200
|
PointerToRawData |
0x2000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.99718
|
MD5 |
7d7a6e6311a2d17feca696f8dcdf5423
|
SHA1 |
cad7646d4e9f8f30df6dc35e2e8d4cd8a547b2dd
|
SHA256 |
e6bb24767b04d028742ce4efc1e8bb8d79e7acdaf6a7bdd60997ed1b9cfdd8c9
|
SHA3 |
7f2c59d8a30ff9bb52c8625a0b39fa1f2b7b290a731024e99b0866740a5fafdc
|
VirtualSize |
0x618
|
VirtualAddress |
0x17000
|
SizeOfRawData |
0x800
|
PointerToRawData |
0x15200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
4.52572
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x3f0
|
VirtualAddress |
0x18000
|
SizeOfRawData |
0
|
PointerToRawData |
0
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
a3c5eafff0284a524e7947139bfcdbbb
|
SHA1 |
b930d0b9ce06c188175d508c96ad3a1499837100
|
SHA256 |
100a9679ff1692e05752bfb3cb1507d8627295b4d55cf2a585b755c310b54773
|
SHA3 |
ffc2a03601bdc303743deb77a1f1feba68ae1c77e09d85ea4884e0e084be91e4
|
VirtualSize |
0x5d8
|
VirtualAddress |
0x19000
|
SizeOfRawData |
0x600
|
PointerToRawData |
0x15a00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
4.91179
|
MD5 |
3c027db43f2c8d70ffce0c1ac34291e3
|
SHA1 |
9f78b3b1f3d6a7fa0b4073f1b31f702b07db8c1b
|
SHA256 |
697ceb83bf2388363ba113b8ffd648060c0a62fc8cda3dd4997edb8cf9872996
|
SHA3 |
823c1178912dec787647fd84951eea88bc0c5ce2707abba93722efb012239e47
|
VirtualSize |
0x34
|
VirtualAddress |
0x1a000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x16000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.274825
|
MD5 |
e1cbb85daf5f84a9d5e62e45e756dfe3
|
SHA1 |
9a1484ea7a12510721d3d0771de35fd153282c54
|
SHA256 |
13e4455331cb9039da6f6b69d7398480500645770a678a79fdaaad0a1f282968
|
SHA3 |
1e82dcef7842796eaf24275c60f9d0c9afd4558197cfc82d65ccd9ee3260e424
|
VirtualSize |
0x20
|
VirtualAddress |
0x1b000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x16200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.204488
|
MD5 |
7ac9580c8fbf2b6b7cb3dc461ad78f50
|
SHA1 |
60adbf02a998fc24900dde865b1898634a28a03d
|
SHA256 |
cd25fdf7850da9fc34386f9ec1248b3df1ad5c143fb16f41160779d98f90992a
|
SHA3 |
25e4f8ecf32bde2d989527e8e4561b7a85d952054f015300181a15f48b5d2b70
|
VirtualSize |
0x268d8
|
VirtualAddress |
0x1c000
|
SizeOfRawData |
0x26a00
|
PointerToRawData |
0x16400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
4.79483
|
KERNEL32.dll |
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery
|
msvcrt.dll |
__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_iob
_lock
_onexit
_unlock
calloc
exit
fprintf
free
fwrite
malloc
memcpy
memset
signal
strlen
strncmp
abort
vfprintf
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x1e0
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.82052
|
MD5 |
90123f1c8a84f19666117dbbdce2e8b2
|
SHA1 |
d004ce6f0c2a361fdaaf9474a8f9b6d408a7a541
|
SHA256 |
7e3e53e20ff357be0c22ff414612d82e76782e557356ed8ab5f308352d2b7c7c
|
SHA3 |
6451ba609adfe15dcf73967ec86602791105d34751b53210e71496453136d05f
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x760
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.68736
|
MD5 |
4c937cad60f79c692753c2abdab744cf
|
SHA1 |
877e25885e6f77c7e5146b3dfe6375f58de9c9cd
|
SHA256 |
ff822dc97c6d0f99621ae87f42aa67ceb078709e06269b50eaf5995179a1e10d
|
SHA3 |
a726a0104be9872a4a6cb4bf80b04004798b2a0abea8fff6997e7820ce3425bc
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0xfa8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.46016
|
MD5 |
b23d85bf99d6adc94f5af6ab7bd08204
|
SHA1 |
2a5f6e957ecd05cdab1c010af9b0f22b3307d73f
|
SHA256 |
77d0de4845cde6852794027ef846b1a6b848d03305f9b87ac75b4ab18a17a4b8
|
SHA3 |
bc173331f4f293fc980ff71e076c9b3833cee0a9b8eaf9d716a29fe418da4acf
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x1d08
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.24781
|
MD5 |
22d5f0b79f43b277c6fa7ddcfd58156d
|
SHA1 |
c9e6b3946cf3194e685bcd3cc5f12b8fee740315
|
SHA256 |
d28050f03ccbd39b22a46b4ead19749d198a7d4b104daf5f98adc68feeb40feb
|
SHA3 |
a8ce4b3567a68f6b9a24b2d5051b12e46ffe09be525e3d68f0b09322d68c2af5
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x6fb0
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4.86883
|
MD5 |
4c4475a8b9aed443a9ef95b06a3f2b70
|
SHA1 |
9e7b217be4c2000fe2210cd755f1efbae21843a1
|
SHA256 |
2cee916ca0ea08cf1da50e70e4a646caca73337aa81df6cd0ce26b59ef7ce6cd
|
SHA3 |
8f0e293bb191491d303d10a8ab0d905af7b25af8af0f3b4abb69211ae7f3aa42
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x1be48
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4.6699
|
MD5 |
f9f791b2009f4cb1f86b60fd9a4b9a46
|
SHA1 |
95cd526b5ea2193e314476327bb33717f8958a4c
|
SHA256 |
c066d515cea70f15d03ce38ee9d7d6ce434a14a51d9f645d9b9cebbbbbd48a67
|
SHA3 |
5c9a53d71b1caac2ce2eaae90b82b76e024dca4f933f0bdf71dea8f8130445ef
|
Type |
RT_GROUP_ICON
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x5a
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.04894
|
Detected Filetype |
Icon file
|
MD5 |
9a0215e2d31499191f024dd23043b36e
|
SHA1 |
5bb5700c23721320ad63d72e0db5bdb29cf00095
|
SHA256 |
fae1455c46b95c247b19d0ade45766248262a70d41b5c79934222d7f7b7a619b
|
SHA3 |
db22ddb70ada784aba73f6afd57adedfc3164fc8fdd601cc71264050fd31e9bc
|
Type |
RT_VERSION
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x2b0
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.37389
|
MD5 |
d92b8bf97f37eee6958162950fae163a
|
SHA1 |
c779bd649c1dbf521c570972dc846740a40ce49c
|
SHA256 |
6bdf7704851cc1cbc8eee801e49979390227b3bc8f8a735047d9d8cd6231d50b
|
SHA3 |
b49cf6eaca80b73f2969db29fb1d528a5f33cd525b8dfcd3b8f138f990ea5d97
|
Signature |
0xfeef04bd
|
StructVersion |
0x10000
|
FileVersion |
1.3.0.0
|
ProductVersion |
1.3.0.0
|
FileFlags |
(EMPTY)
|
FileOs |
(EMPTY)
|
FileType |
VFT_UNKNOWN
|
Language |
English - United Kingdom
|
CompanyName |
INVICTUS EUROPE
|
FileDescription |
Amber Packer - Reflective PE Packer
|
FileVersion (#2) |
1.3
|
InternalName |
Amber
|
LegalCopyright |
Ege Balcı
|
OriginalFilename |
amber.exe
|
ProductName |
Amber
|
ProductVersion (#2) |
1.3
|
Resource LangID |
English - United States
|
StartAddressOfRawData |
0x41b000
|
EndAddressOfRawData |
0x41b01c
|
AddressOfIndex |
0x418390
|
AddressOfCallbacks |
0x41a020
|
SizeOfZeroFill |
0
|
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
0x00401CD0
0x00401C80
|
[*] Warning: Section .bss has a size of 0!