| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date |
2018-Jul-13 06:09:19
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
4f5c24cf23ea761a053d92925209dcbf
|
| SHA1 |
3564bf81484aeb336d1f8b0a225a71dcbbd175d3
|
| SHA256 |
939dbdecdb2a29777a042b7b978e576d4d0b23077f485e7f4f5332f48d1b91e4
|
| SHA3 |
09845b6644f5bdbdffb7f241e68e9a657f1700397886d310a9dadb6a3bdef88d
|
| SSDeep |
6144:K3X12oZhi8JIaSgk1gEBkXe3WW6kW3dGcCOpSfdCgMIID+EFUPiJmFd:KUoFJILgUgE53WLgPID1Dmj
|
| Imports Hash |
411424065c4b53efff16a9497a856836
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
5
|
| TimeDateStamp |
2018-Jul-13 06:09:19
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x6d600
|
| SizeOfInitializedData |
0x73400
|
| SizeOfUninitializedData |
0x6c00
|
| AddressOfEntryPoint |
0x00001130 (Section: .text)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0x6f000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
1.0
|
| SubsystemVersion |
4.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x7d000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x75efb
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
36dd2d34f192958c8e015802c36c22c4
|
| SHA1 |
42dd8659d5c57cc387ead116e1621fa82565808f
|
| SHA256 |
d06254e3d65cf78646ad12f31098bef2efa713c829259b1e2af1a8f98dc45f86
|
| SHA3 |
a5136447ae16ed9cd15ce6178f1cb1fbc65e70a39e6ceeb9dd23490a4baf32af
|
| VirtualSize |
0x6d410
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x6d600
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
6.1568
|
| MD5 |
d0186cc66f3c301b0da5f8cd7fba7086
|
| SHA1 |
2f1d15f2636ac5d014ae2028850f19ebbd3e4253
|
| SHA256 |
86c241cf7d6522a1e3c3c3ab9410a1f4da71acbdedf0308d0348782870bec091
|
| SHA3 |
7763f849e37f530d03b98cbc65507c90d782c757a508f0ad119d13e5179f0f7a
|
| VirtualSize |
0x288
|
| VirtualAddress |
0x6f000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x6da00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
1.3443
|
| MD5 |
f50aba7c8be9da82a4300abe8946ce5c
|
| SHA1 |
58ed490ce5845fce0391d1e6ec1b1bd617660aa5
|
| SHA256 |
36bb02e4bfd809e769041b09016555f30f47b55d555ec731a410769688f80f2c
|
| SHA3 |
9de44e6066c7b4d84eff1651d131fb9e762f7fa02925269dcefa4ec0897a44c6
|
| VirtualSize |
0x4ec0
|
| VirtualAddress |
0x70000
|
| SizeOfRawData |
0x5000
|
| PointerToRawData |
0x6de00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
5.02093
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x6b38
|
| VirtualAddress |
0x75000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
86c50da3360acd36a7a557f2ab09d2a7
|
| SHA1 |
9509c1807abc5567ef37ab192f1956c979339e8b
|
| SHA256 |
23c7d4d05bb682df3b6703aa0e01f8bb20153452955b66f6ca819407661b52da
|
| SHA3 |
86d06ecf414780218a73a3ddc06e08cd465e5a62ff7c75ea9f12e5275c9f0a12
|
| VirtualSize |
0x9a0
|
| VirtualAddress |
0x7c000
|
| SizeOfRawData |
0xa00
|
| PointerToRawData |
0x72e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
5.00393
|
| KERNEL32.dll |
AddAtomA
CloseHandle
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindAtomA
GetAtomNameA
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
|
| msvcrt.dll |
_fdopen
_read
_write
|
| msvcrt.dll (#2) |
_fdopen
_read
_write
|
[*] Warning: Section .bss has a size of 0!