Architecture |
IMAGE_FILE_MACHINE_AMD64
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date |
2018-Feb-06 10:32:46
|
Detected languages |
English - United States
|
Suspicious |
The PE is possibly packed. |
Unusual section name found: .AKS1
Section .AKS1 is both writable and executable.
Unusual section name found: .AKS2
Section .AKS2 is both writable and executable.
Unusual section name found: .AKS3
Section .AKS3 is both writable and executable.
The PE only has 5 import(s).
|
Suspicious |
The file contains overlay data. |
984324 bytes of data starting at offset 0x3f0000.
The overlay data has an entropy of 7.99984 and is possibly compressed or encrypted.
|
Suspicious |
VirusTotal score: 1/67 (Scanned on 2019-04-11 03:56:37) |
Trapmine:
suspicious.low.ml.score
|
MD5 |
5b2e541fc765aa68b10783d79ff18d25
|
SHA1 |
d844905ae890392c455b89de8ca84aa14dbc900f
|
SHA256 |
3d0f5642bb1015824ff53945494b680db0d3d2ca4d48351a2314d4859de69d58
|
SHA3 |
09c095202cfd2567a942e54d6d98608019d99ae68edadb5d6748d13126d52553
|
SSDeep |
98304:KzG20FJQrQ9igT7iafqGmi16epGqECqYM7lJYpmigJD+GwhTSYHeJbHAfQuyosOs:4UQrQLHQXopAJCRhTSYHeJbPzosOEOg
|
Imports Hash |
f7974d784e1b1bb4fed98c728b582042
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x108
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections |
4
|
TimeDateStamp |
2018-Feb-06 10:32:46
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xf0
|
Characteristics |
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32+
|
LinkerVersion |
14.0
|
SizeOfCode |
0xa2e00
|
SizeOfInitializedData |
0x5ac00
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x000000000061C000 (Section: .AKS3)
|
BaseOfCode |
0x1000
|
ImageBase |
0x140000000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
6.0
|
ImageVersion |
0.0
|
SubsystemVersion |
6.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x63c000
|
SizeOfHeaders |
0x400
|
Checksum |
0x3f853a
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve |
0x4000000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
9bc47dd9de23cc3189f02c35e88f8629
|
SHA1 |
60aa5be4116bad2c99dda2a0757e3ae2a3e5a5c4
|
SHA256 |
9768d0d076a0252befb2cdec75b52a9cd71cc58c8c2a42ca7e906668c4e2d1d0
|
SHA3 |
c77a64d5e9baaf829f3589cc43e0f1252ff721135480469311c86bf117ee5fb5
|
VirtualSize |
0x103000
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x59800
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.99948
|
MD5 |
99b730741aef0de5f83fddf172b29b96
|
SHA1 |
1fb791f3e8fef3497d54f0b962a897294e6f0036
|
SHA256 |
05ffc56ec4bc030a9a0ff73be801baa955918350d2f070dd1cafdab511c5aa22
|
SHA3 |
18352368f22f839093ba8827a72d396bf97858ff71db739668332c3efb12b783
|
VirtualSize |
0x518000
|
VirtualAddress |
0x104000
|
SizeOfRawData |
0x376c00
|
PointerToRawData |
0x59c00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.99994
|
MD5 |
ec8288ca4e7e376391272c60d9824deb
|
SHA1 |
76fe87557bc1f30f87e33c975005145d3a405347
|
SHA256 |
7dc41fba948b476b61c6c991b4f9eb8707558a17cb41dbbd2d566f07dfa1410f
|
SHA3 |
90010832cfdd225c9cad5a2144ec8e72324c9448a0f073ce1300d21328aadc8a
|
VirtualSize |
0x6b0
|
VirtualAddress |
0x61c000
|
SizeOfRawData |
0x800
|
PointerToRawData |
0x3d0800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
5.77133
|
MD5 |
f7fe461c4ccb870b47db8218ad8ca43a
|
SHA1 |
f2c0c61d6d4ae81c4ecef0f824d30c86f944af5b
|
SHA256 |
0015052735c8fbac602afa8af997945d289b475a46b30ffd9232a66b7083ba71
|
SHA3 |
4f5e435c381c6f4beaed1a6930481ad13157a47e66301ebc6cffd03edb048d07
|
VirtualSize |
0x1efc8
|
VirtualAddress |
0x61d000
|
SizeOfRawData |
0x1f000
|
PointerToRawData |
0x3d1000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
4.25951
|
KERNEL32 |
GetModuleHandleA
GetProcAddress
|
user32.dll |
GetDC
|
advapi32.dll |
GetAce
|
OLEAUT32.dll |
#4
|
Ordinal |
1
|
Address |
0xd4038
|
Ordinal |
2
|
Address |
0xd4040
|
Ordinal |
3
|
Address |
0xd4030
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x128
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.24012
|
MD5 |
08311e20dfea5c275a5221780b82469e
|
SHA1 |
7e8604549bbfd4178e7bb59a70b000740c63724a
|
SHA256 |
bdcb1c36242f0c65016cccb26e5a212d9ce0e3136f6dade75ec186854583c23b
|
SHA3 |
103d683bdd6debaaf66802f5c1d7e0011d1bfa31a9bf13ec9ac10169ad532356
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x2e8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.3281
|
MD5 |
bbee03e1fcc89f8056a7b391a8f36c6d
|
SHA1 |
62c8cca44cbf455877d9fb6586fe3207eaee0509
|
SHA256 |
852145c00de9fe15be5006817ec124fae147ff4ad61c537becb895d7fd9b1c32
|
SHA3 |
5d4233a99354f4a7c71a64b7ba0f0de5b71f8aa9e2b9aac183f423977b82527e
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x668
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.31355
|
MD5 |
8943f7c656e3e30c5479a3494e627404
|
SHA1 |
3d163ee840510c9f67ca683fb608f30aba698d1d
|
SHA256 |
d6bf5a97ebb18f81e0b179ca90088061a7e8dba6b9588936fe20f51af8066390
|
SHA3 |
dc54890a238bba510f2e140e289f193cea76df230ae297b799cfec1e70ad5d2d
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0xa068
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.11766
|
MD5 |
4406379a9e18840cb8ebaff6246f3581
|
SHA1 |
a6f4584df116559e05f3e7a709dd85937446410c
|
SHA256 |
bc9b8d4cd65db83c886e2ce828bd3a61a015e7781ddede9c5f62942a7fbdd2a0
|
SHA3 |
2bfb009ccd56af95e549e11a6be392ec82cf1eef9ad0d1122d1ad9001345f33f
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x568
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.66407
|
MD5 |
33115c0b33bd97462ae05c30955aaa15
|
SHA1 |
8dde1a317782d12aeb47cffae577703a38a14aef
|
SHA256 |
5070d2bfb3f86ac78118b2e7fa768fd920a44677a99a1af451398b078ba9d43d
|
SHA3 |
4727775047276e5d547555fba7f1587323c557a0966d9f27ae898b8c62bd3280
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x8a8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.63327
|
MD5 |
08f7c6c5b21df2ce3cc643a1a698aaa3
|
SHA1 |
000a87c94563b1ea1e1a951856a97479428452fb
|
SHA256 |
4ee0c8a0cf595a2be6e59e8b3ae7e88a2d83c47dc05b07fba2229bbe210d6760
|
SHA3 |
51bf9cc6f6792e659842458adbcb8cd33bfe3b7405868e3259da77b48d0efa42
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0xea8
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4.76092
|
MD5 |
f00d0fa5c4d6899290a7a38a4e2d92bf
|
SHA1 |
f9ba8fd44db65f50a6c9f75d223dde5578b74428
|
SHA256 |
4581c4a3ab0360e5ab004a138c1ce2616691d5f0701a152981af027f2606217c
|
SHA3 |
db41e3e1adde4cf480dd4d755516314e4de6e24544fdb61159280bfa18179e79
|
Type |
RT_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x12428
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.66584
|
MD5 |
4a3ab0173ab62ec2b263b5b07643ef1e
|
SHA1 |
8abc444e985405a7637238ab9f1d3b21df6a4286
|
SHA256 |
452e61b2f5e760e05abca853502b7d931d67d3ccb6c36ca8e2ba9002f934ec1b
|
SHA3 |
e0d39290e226c97867b382fc08df79fd9e5f425f4d27a1deedb5dcbd5ac968ff
|
Type |
RT_GROUP_ICON
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x76
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
2.8478
|
Detected Filetype |
Icon file
|
MD5 |
80f61ee14ad21e8fe72216e9b8289d2c
|
SHA1 |
3d27828ff01421726a673abb8fb248466a3d23ae
|
SHA256 |
df6d5c1b9652744d3825df5e96d606f5f7536db3517af8cc0e7e8418f19e8319
|
SHA3 |
e9af3b7b8dc3a5b6355c24fbf270224c337c7899248227c9e4fac0f670b2d5ea
|
Type |
RT_MANIFEST
|
Language |
English - United States
|
Codepage |
Latin 1 / Western European
|
Size |
0x15a
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4.79597
|
MD5 |
24d3b502e1846356b0263f945ddd5529
|
SHA1 |
bac45b86a9c48fc3756a46809c101570d349737d
|
SHA256 |
49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e
|
SHA3 |
1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e
|
StartAddressOfRawData |
0x14061c688
|
EndAddressOfRawData |
0x14061c690
|
AddressOfIndex |
0x14061c690
|
AddressOfCallbacks |
0x14061c698
|
SizeOfZeroFill |
0
|
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
(EMPTY)
|
XOR Key |
0xfd9f3958
|
Unmarked objects |
0
|
241 (40116) |
9
|
243 (40116) |
152
|
242 (40116) |
25
|
ASM objects (VS2015 UPD3 build 24123) |
8
|
C objects (VS2015 UPD3 build 24123) |
37
|
C++ objects (VS2015 UPD3 build 24123) |
60
|
Imports (65501) |
9
|
Total imports |
118
|
C++ objects (VS2015 UPD3.1 build 24215) |
2
|
Exports (VS2015 UPD3.1 build 24215) |
1
|
Resource objects (VS2015 UPD3 build 24210) |
1
|
Linker (VS2015 UPD3.1 build 24215) |
1
|
[*] Warning: Could not read the name of the DLL to be delay-loaded!