5d5bbbc991be97c071aa49aab8eab20b

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2021-Jan-13 11:19:25
Debug artifacts C:\Projects\dotnet\PragmaScript\publish\current\samples\editor\bin\edit.pdb

Plugin Output

Info The PE contains common functions which appear in legitimate applications. Reads the contents of the clipboard:
  • GetClipboardData
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 5d5bbbc991be97c071aa49aab8eab20b
SHA1 7002f1f8c7154bf93912aaf4af4df34be48c22c3
SHA256 f290251f27a94af0ec47a3cb4823672f5225d99d5815d08f3183ec8478856438
SHA3 bb777ff68b4abb3299ada7672fa5381aeb7cfe1ba2c58c88d25d7af1b2366181
SSDeep 1536:PHSj/UPnuY6MId3LfX6GlHp+H3yE+hVMIGxzoJLJ0Fq9jM3KLuod:6j/UPnu+IBXp+H3IgoLyFqjD
Imports Hash 9e5110c9e250f4b6c9ea269d9b9236ab

DOS Header

e_magic MZ
e_cblp 0x78
e_cp 0x1
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x78

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 4
TimeDateStamp 2021-Jan-13 11:19:25
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x12200
SizeOfInitializedData 0x4e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001050 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1b000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 e01c1a0ca691cb7b6aafb509124bc2da
SHA1 e0aa425d6da74156e57753bb5cd3102fc5129e7d
SHA256 599ac6991067962c99bb3df1dae29e780a0fc9c0e600b8fa5ac096527cdd8351
SHA3 e513c4cf0504d56596d4c93948a94006e03b9b1986610aeadce9c208d4be6334
VirtualSize 0x121a6
VirtualAddress 0x1000
SizeOfRawData 0x12200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.32043

.rdata

MD5 07319bb1f34d8606dae882fb998a2bfa
SHA1 07c8daaa23eb5c01093a7387832602262d9eda59
SHA256 cf003533d43f44bfe7f92b0f511c651de107518ad67eb70134313bfa4a670328
SHA3 8ecf65a145ee864c32264f1929efd9eece1fe97f24a2b430e3da9c252acdf193
VirtualSize 0x4a38
VirtualAddress 0x14000
SizeOfRawData 0x4c00
PointerToRawData 0x12600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.19254

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x324
VirtualAddress 0x19000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata

MD5 7c139bc673bd092739d981eeec387d84
SHA1 f54711544fbfce6613d702c325a2678ea3470794
SHA256 b6e2f40863ee65b5816238b8f92134015e03b99949ea3f1f3cfafeca32081a1f
SHA3 4b2dd40398207b8c99fe583178cb340f958695f701fd7730718d8813754dc6e8
VirtualSize 0x144
VirtualAddress 0x1a000
SizeOfRawData 0x200
PointerToRawData 0x17200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.01789

Imports

KERNEL32.dll CloseHandle
CreateFileA
ExitProcess
FindFirstFileA
FindNextFileA
GetCommandLineA
GetFileSizeEx
GetModuleHandleA
GetStdHandle
GlobalAlloc
GlobalLock
GlobalUnlock
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
RtlCopyMemory
VirtualAlloc
VirtualFree
WriteFile
OPENGL32.dll glClear
glClearColor
glEnable
glGetIntegerv
glGetString
glScissor
glTexImage2D
glTexParameteri
glViewport
wglCreateContext
wglDeleteContext
wglGetProcAddress
wglMakeCurrent
GDI32.dll ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
SwapBuffers
USER32.dll AdjustWindowRectEx
BeginPaint
CloseClipboard
CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
EmptyClipboard
EndPaint
GetClipboardData
GetDC
GetKeyboardState
LoadCursorA
OpenClipboard
PeekMessageA
RegisterClassExA
ReleaseDC
SetClipboardData
SetProcessDPIAware
ToAscii
TranslateMessage

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2021-Jan-13 11:19:25
Version 0.0
SizeofData 100
AddressOfRawData 0x17f1c
PointerToRawData 0x1651c
Referenced File C:\Projects\dotnet\PragmaScript\publish\current\samples\editor\bin\edit.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .data has a size of 0!