5b2e541fc765aa68b10783d79ff18d25

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2018-Feb-06 10:32:46
Detected languages English - United States

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .AKS1
Section .AKS1 is both writable and executable.
Unusual section name found: .AKS2
Section .AKS2 is both writable and executable.
Unusual section name found: .AKS3
Section .AKS3 is both writable and executable.
The PE only has 5 import(s).
Suspicious The file contains overlay data. 984324 bytes of data starting at offset 0x3f0000.
The overlay data has an entropy of 7.99984 and is possibly compressed or encrypted.
Suspicious VirusTotal score: 1/67 (Scanned on 2019-04-11 03:56:37) Trapmine: suspicious.low.ml.score

Hashes

MD5 5b2e541fc765aa68b10783d79ff18d25
SHA1 d844905ae890392c455b89de8ca84aa14dbc900f
SHA256 3d0f5642bb1015824ff53945494b680db0d3d2ca4d48351a2314d4859de69d58
SHA3 09c095202cfd2567a942e54d6d98608019d99ae68edadb5d6748d13126d52553
SSDeep 98304:KzG20FJQrQ9igT7iafqGmi16epGqECqYM7lJYpmigJD+GwhTSYHeJbHAfQuyosOs:4UQrQLHQXopAJCRhTSYHeJbPzosOEOg
Imports Hash f7974d784e1b1bb4fed98c728b582042

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 4
TimeDateStamp 2018-Feb-06 10:32:46
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xa2e00
SizeOfInitializedData 0x5ac00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000061C000 (Section: .AKS3)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x63c000
SizeOfHeaders 0x400
Checksum 0x3f853a
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x4000000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.AKS1

MD5 9bc47dd9de23cc3189f02c35e88f8629
SHA1 60aa5be4116bad2c99dda2a0757e3ae2a3e5a5c4
SHA256 9768d0d076a0252befb2cdec75b52a9cd71cc58c8c2a42ca7e906668c4e2d1d0
SHA3 c77a64d5e9baaf829f3589cc43e0f1252ff721135480469311c86bf117ee5fb5
VirtualSize 0x103000
VirtualAddress 0x1000
SizeOfRawData 0x59800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99948

.AKS2

MD5 99b730741aef0de5f83fddf172b29b96
SHA1 1fb791f3e8fef3497d54f0b962a897294e6f0036
SHA256 05ffc56ec4bc030a9a0ff73be801baa955918350d2f070dd1cafdab511c5aa22
SHA3 18352368f22f839093ba8827a72d396bf97858ff71db739668332c3efb12b783
VirtualSize 0x518000
VirtualAddress 0x104000
SizeOfRawData 0x376c00
PointerToRawData 0x59c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99994

.AKS3

MD5 ec8288ca4e7e376391272c60d9824deb
SHA1 76fe87557bc1f30f87e33c975005145d3a405347
SHA256 7dc41fba948b476b61c6c991b4f9eb8707558a17cb41dbbd2d566f07dfa1410f
SHA3 90010832cfdd225c9cad5a2144ec8e72324c9448a0f073ce1300d21328aadc8a
VirtualSize 0x6b0
VirtualAddress 0x61c000
SizeOfRawData 0x800
PointerToRawData 0x3d0800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.77133

.rsrc

MD5 f7fe461c4ccb870b47db8218ad8ca43a
SHA1 f2c0c61d6d4ae81c4ecef0f824d30c86f944af5b
SHA256 0015052735c8fbac602afa8af997945d289b475a46b30ffd9232a66b7083ba71
SHA3 4f5e435c381c6f4beaed1a6930481ad13157a47e66301ebc6cffd03edb048d07
VirtualSize 0x1efc8
VirtualAddress 0x61d000
SizeOfRawData 0x1f000
PointerToRawData 0x3d1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.25951

Imports

KERNEL32 GetModuleHandleA
GetProcAddress
user32.dll GetDC
advapi32.dll GetAce
OLEAUT32.dll #4

Delayed Imports

ctfxlauncher_build_date

Ordinal 1
Address 0xd4038

ctfxlauncher_relative_path

Ordinal 2
Address 0xd4040

ctfxlauncher_version

Ordinal 3
Address 0xd4030

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.24012
MD5 08311e20dfea5c275a5221780b82469e
SHA1 7e8604549bbfd4178e7bb59a70b000740c63724a
SHA256 bdcb1c36242f0c65016cccb26e5a212d9ce0e3136f6dade75ec186854583c23b
SHA3 103d683bdd6debaaf66802f5c1d7e0011d1bfa31a9bf13ec9ac10169ad532356

2

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.3281
MD5 bbee03e1fcc89f8056a7b391a8f36c6d
SHA1 62c8cca44cbf455877d9fb6586fe3207eaee0509
SHA256 852145c00de9fe15be5006817ec124fae147ff4ad61c537becb895d7fd9b1c32
SHA3 5d4233a99354f4a7c71a64b7ba0f0de5b71f8aa9e2b9aac183f423977b82527e

3

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x668
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.31355
MD5 8943f7c656e3e30c5479a3494e627404
SHA1 3d163ee840510c9f67ca683fb608f30aba698d1d
SHA256 d6bf5a97ebb18f81e0b179ca90088061a7e8dba6b9588936fe20f51af8066390
SHA3 dc54890a238bba510f2e140e289f193cea76df230ae297b799cfec1e70ad5d2d

4

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0xa068
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.11766
MD5 4406379a9e18840cb8ebaff6246f3581
SHA1 a6f4584df116559e05f3e7a709dd85937446410c
SHA256 bc9b8d4cd65db83c886e2ce828bd3a61a015e7781ddede9c5f62942a7fbdd2a0
SHA3 2bfb009ccd56af95e549e11a6be392ec82cf1eef9ad0d1122d1ad9001345f33f

5

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.66407
MD5 33115c0b33bd97462ae05c30955aaa15
SHA1 8dde1a317782d12aeb47cffae577703a38a14aef
SHA256 5070d2bfb3f86ac78118b2e7fa768fd920a44677a99a1af451398b078ba9d43d
SHA3 4727775047276e5d547555fba7f1587323c557a0966d9f27ae898b8c62bd3280

6

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.63327
MD5 08f7c6c5b21df2ce3cc643a1a698aaa3
SHA1 000a87c94563b1ea1e1a951856a97479428452fb
SHA256 4ee0c8a0cf595a2be6e59e8b3ae7e88a2d83c47dc05b07fba2229bbe210d6760
SHA3 51bf9cc6f6792e659842458adbcb8cd33bfe3b7405868e3259da77b48d0efa42

7

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.76092
MD5 f00d0fa5c4d6899290a7a38a4e2d92bf
SHA1 f9ba8fd44db65f50a6c9f75d223dde5578b74428
SHA256 4581c4a3ab0360e5ab004a138c1ce2616691d5f0701a152981af027f2606217c
SHA3 db41e3e1adde4cf480dd4d755516314e4de6e24544fdb61159280bfa18179e79

8

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x12428
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.66584
MD5 4a3ab0173ab62ec2b263b5b07643ef1e
SHA1 8abc444e985405a7637238ab9f1d3b21df6a4286
SHA256 452e61b2f5e760e05abca853502b7d931d67d3ccb6c36ca8e2ba9002f934ec1b
SHA3 e0d39290e226c97867b382fc08df79fd9e5f425f4d27a1deedb5dcbd5ac968ff

1 (#2)

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x76
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.8478
Detected Filetype Icon file
MD5 80f61ee14ad21e8fe72216e9b8289d2c
SHA1 3d27828ff01421726a673abb8fb248466a3d23ae
SHA256 df6d5c1b9652744d3825df5e96d606f5f7536db3517af8cc0e7e8418f19e8319
SHA3 e9af3b7b8dc3a5b6355c24fbf270224c337c7899248227c9e4fac0f670b2d5ea

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x15a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.79597
MD5 24d3b502e1846356b0263f945ddd5529
SHA1 bac45b86a9c48fc3756a46809c101570d349737d
SHA256 49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e
SHA3 1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e

Version Info

TLS Callbacks

StartAddressOfRawData 0x14061c688
EndAddressOfRawData 0x14061c690
AddressOfIndex 0x14061c690
AddressOfCallbacks 0x14061c698
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

RICH Header

XOR Key 0xfd9f3958
Unmarked objects 0
241 (40116) 9
243 (40116) 152
242 (40116) 25
ASM objects (VS2015 UPD3 build 24123) 8
C objects (VS2015 UPD3 build 24123) 37
C++ objects (VS2015 UPD3 build 24123) 60
Imports (65501) 9
Total imports 118
C++ objects (VS2015 UPD3.1 build 24215) 2
Exports (VS2015 UPD3.1 build 24215) 1
Resource objects (VS2015 UPD3 build 24210) 1
Linker (VS2015 UPD3.1 build 24215) 1

Errors

[*] Warning: Could not read the name of the DLL to be delay-loaded!