55c2a3f946272234daeadaf749f8c7f1

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1989-Jun-04 00:00:00

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE is possibly packed. Unusual section name found: No
Unusual section name found: Looking
Unusual section name found: Please
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Malicious VirusTotal score: 4/72 (Scanned on 2020-05-11 14:14:30) APEX: Malicious
Invincea: heuristic
Trapmine: malicious.high.ml.score
CrowdStrike: win/malicious_confidence_60% (W)

Hashes

MD5 55c2a3f946272234daeadaf749f8c7f1
SHA1 1cdd1898763507f157a79b70f805c4bfa3dc68a2
SHA256 28ef3109a1dd7603d00c7eabd089f297e196ec498a920c52db066e7a81217d4d
SHA3 0f82dfad4966e3c4398796028a8855070c9bc82e27e3be55bcc0d81f09b33199
SSDeep 49152:uLDayE7ugD2f5Hcqnq0UBphknpzP0TD9vAlrz0mJ:iDaPOfl
Imports Hash 8dc36e57094d3192e15e50c7340f6886

DOS Header

e_magic MZ
e_cblp 0
e_cp 0
e_crlc 0
e_cparhdr 0
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x40

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 3
TimeDateStamp 1989-Jun-04 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 89.0
SizeOfCode 0x1f1200
SizeOfInitializedData 0x5ea00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000001D2440 (Section: No)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x252000
SizeOfHeaders 0x400
Checksum 0x1f8241
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

No

MD5 1b9640b27f1731b58c76620c8f598e46
SHA1 912df14febda97aa6412f6d4a4c0f9c0c8036d3f
SHA256 7324f1f4c73310a12dda6af9584f2d8d89a08c7bb15b5dde2aa59cce5f642925
SHA3 d681c2aadf956cb11027d0234e3649c90a25fe6537d6a4162dfd52faa478b6a3
VirtualSize 0x1f10a4
VirtualAddress 0x1000
SizeOfRawData 0x1f1200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.68485

Looking

MD5 dd60f0332bb77b9a5197e650cb8096e4
SHA1 cdab2975f50b282cf72e26bc6083dc96cc3f72f7
SHA256 acb2bc971e5366cbe058e5838451efba50eb84669e9006d54f4eb07c7e5aef08
SHA3 18449df41e43181162b5bda95f5abf12eb1dea40f0eb1b908276b7cc3bd0791f
VirtualSize 0x5debc
VirtualAddress 0x1f3000
SizeOfRawData 0xc00
PointerToRawData 0x1f1600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.31704

Please

MD5 a9efd10208254a4976740bd512ba9d80
SHA1 bae25c4e996511a8edc1960dd73a76589b58d0f3
SHA256 4acca28c6c287c0ca6b031f0d4bfad4c08e68ed7d57f6e869b8483e278473cef
SHA3 63fbee7c35d072c76466edb83ad721ea16870a2fd1fc7723999939ac36cb05f7
VirtualSize 0x97e
VirtualAddress 0x251000
SizeOfRawData 0xa00
PointerToRawData 0x1f2200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.54816

Imports

KERNEL32.dll WriteFile
WriteConsoleW
CloseHandle
CreateFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetFileType
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

Size 0x108
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1401f3038

RICH Header

Errors

<-- -->