54e8914d704e4b564720bacf7c665f50

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2007-Sep-12 15:08:17
Detected languages French - France

Plugin Output

Info Matching compiler(s): Installer VISE Custom
Microsoft Visual C++
Microsoft Visual C++ v6.0
Microsoft Visual C++ v5.0/v6.0 (MFC)
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Malicious The PE is possibly a dropper. Resource 101 detected as a PE Executable.
Malicious VirusTotal score: 5/66 (Scanned on 2018-05-15 15:42:36) McAfee: Artemis!E3870BDD69F7
Cylance: Unsafe
TrendMicro-HouseCall: Suspicious_GEN.F47V0418
Babable: Malware.HighConfidence
Jiangmin: Trojan.Generic.drng

Hashes

MD5 54e8914d704e4b564720bacf7c665f50
SHA1 892aa886b9f7ea34dbfb8db18a5fe89e2ba4f4f4
SHA256 1a7766bdcbe9d3a545028a5f1cb9b813b614fdf8245e41e045df7ddf76f1f188
SHA3 c5874607ebd95554ff40b3a40f492406572468519a00549be8fd3951d9ffe1c7
SSDeep 384:q5Iw9hJUml3txtnyymerh6oZxCIw9hJUml3txtnyymerh6oZU:K1DJdnyPQh6oe1DJdnyPQh6ou
Imports Hash 88468a2aad02cc7597aabe5e483f5202

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2007-Sep-12 15:08:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x3000
SizeOfInitializedData 0x9000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000101D (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x4000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xd000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 7c6b95642c33f402b4f2608b1d4afd17
SHA1 4b8c396bcffe06a1aa0afbbfb5035ae440365e3f
SHA256 e91b96735704a151f4b13c6a219b46fd4de660451c0bec1e2dea24e62c72f9c5
SHA3 2f2d99446da0ec43382133ca74d7a3a84d2bfd9f3233f8beae1b96218ed75f5f
VirtualSize 0x289e
VirtualAddress 0x1000
SizeOfRawData 0x3000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.91786

.rdata

MD5 cfa4f2c2aad49d75a12a734177384bb8
SHA1 2118308132ed588caa526d93aa7d12f3c538f130
SHA256 a32a4bc6e687599849833af9f48108a9d4c6122b38a7c04fcd53b6fbddedae4f
SHA3 bcd18dd9fb534289d253b6ea00cf12bcdb7de0a19b9f746689f7160279346556
VirtualSize 0x774
VirtualAddress 0x4000
SizeOfRawData 0x1000
PointerToRawData 0x4000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.06355

.data

MD5 78f59be21639ecbed325f811aae8300a
SHA1 1c1e1c0c5bcbac90f409e64106a5919a31c4ab6e
SHA256 78a607ee0b7b3d07101187ffdd72711aa89794c9cfefd8d510477830457a53c2
SHA3 04e2a5662cc98d2908249e5f52e3ebd5a4d974f2b5890aad219144a739e9ab4a
VirtualSize 0x9dc
VirtualAddress 0x5000
SizeOfRawData 0x1000
PointerToRawData 0x5000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.985097

.rsrc

MD5 4ab5a261a9fead597213ced6e97900e2
SHA1 6cb2f3c78c7f2d14845b7227952196d3559ee2d1
SHA256 d49307412418513ceea33ef3be1d2029690e028b0580ec33f2d0b6187099217b
SHA3 cbaa4405dbe7bd5a1fbe03a68fc80ddccc6de5a0062f592cfcc57b864a3bd9be
VirtualSize 0x6060
VirtualAddress 0x6000
SizeOfRawData 0x7000
PointerToRawData 0x6000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.51269

Imports

USER32.dll MessageBoxA
KERNEL32.dll HeapCreate
GetStringTypeW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA

Delayed Imports

101

Type BIN
Language French - France
Codepage Latin 1 / Western European
Size 0x6000
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.2125
Detected Filetype PE Executable
MD5 e3870bdd69f7dec28041edd69aef5618
SHA1 c4ffd1da58fc370cacb453044da7704821f0d67c
SHA256 33ae8ae0635afcfe1aa76d1fe41781fa50abe6f8bcdcd8af5dd4be170091aeb3
SHA3 4fab2544a3895cdc2a06f982472581fb31c2a871d12c7b63b9ccfd404cf9f2be

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xa158a888
Unmarked objects 0
C objects (VS98 build 8168) 22
14 (7299) 9
Total imports 38
19 (8034) 5
C++ objects (VS98 build 8168) 2

Errors