Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date |
2019-Apr-05 05:39:54
|
Detected languages |
English - United States
|
Suspicious |
The PE is possibly packed. |
Unusual section name found: .hpp0
Unusual section name found: .hpp1
|
Malicious |
The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Possibly launches other programs:
Leverages the raw socket API to access the Internet:
Functions related to the privilege level:
|
Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
MD5 |
611e95bc196994f719694d8d38336945
|
SHA1 |
c2d7d93a256435a5a79663b5dccf6d5f762dbcb9
|
SHA256 |
018f057100fb740ffd385bb8c4448cddd33d92e7405f91e95dfb3324fe45f03f
|
SHA3 |
622444424f54a1503a254da296818765583abea87179873e3a532835d0a07d24
|
SSDeep |
196608:8prkX06gYzKyjraysDsgkeyu5V7DOLFjUoUjV2t92:8prkFgm+ysDvP5Vvaj+Vo9
|
Imports Hash |
4b74c4635a6051bd91494e43b52b13cb
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x80
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
7
|
TimeDateStamp |
2019-Apr-05 05:39:54
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic |
PE32
|
LinkerVersion |
14.0
|
SizeOfCode |
0xae200
|
SizeOfInitializedData |
0x86600
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x0068BB56 (Section: .hpp1)
|
BaseOfCode |
0x1000
|
BaseOfData |
0xb0000
|
ImageBase |
0x10000000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
6.0
|
ImageVersion |
0.0
|
SubsystemVersion |
6.0
|
Win32VersionValue |
0
|
SizeOfImage |
0xd2c000
|
SizeOfHeaders |
0x400
|
Checksum |
0
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0xae0cc
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0
|
PointerToRawData |
0
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x29b68
|
VirtualAddress |
0xb0000
|
SizeOfRawData |
0
|
PointerToRawData |
0
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x52f8c
|
VirtualAddress |
0xda000
|
SizeOfRawData |
0
|
PointerToRawData |
0
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x4b6687
|
VirtualAddress |
0x12d000
|
SizeOfRawData |
0
|
PointerToRawData |
0
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
|
MD5 |
66972f720cdf3286f8393d2d6603ebee
|
SHA1 |
6c8b39d37288491b574533e5efa743b18aae54d4
|
SHA256 |
b6753c552e29defb64ddfb195d2bd9b3d6d679be575adbe2aaf073d443f7816e
|
SHA3 |
40ffd539cb326f1713365f97e32d9bdce5ddddef8650b86a024c334a07074fbb
|
VirtualSize |
0x745040
|
VirtualAddress |
0x5e4000
|
SizeOfRawData |
0x745200
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
|
Entropy |
7.9745
|
MD5 |
c99aadb83cd4c7dc3d4b4797467892a3
|
SHA1 |
cfa9967b2a0a102dd83d0e06192aa99bd634ede8
|
SHA256 |
c119c5354c6ae1630d1f08fbc4561d0c20f5cf16e785150fb2f5ba32144372ca
|
SHA3 |
c47917ad1347a588e59c674f251310f25160881e3d86c15f40bab9e96248d83b
|
VirtualSize |
0x5f0
|
VirtualAddress |
0xd2a000
|
SizeOfRawData |
0x600
|
PointerToRawData |
0x745600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
4.29617
|
MD5 |
a157642e8c6b246e72da27708913e051
|
SHA1 |
daf0525a326d6493dff249bb626653590ed4fc26
|
SHA256 |
88510771d4467457e54d12139d4f7aa222db813d4ff2bd95b63bf6462f94a4b1
|
SHA3 |
08e14b505195788e773677f2a1dc7e0682b65b48bbd8ebf3d04e322928a7f276
|
VirtualSize |
0x1d5
|
VirtualAddress |
0xd2b000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x745c00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
4.72473
|
KERNEL32.dll |
SetPriorityClass
|
USER32.dll |
EmptyClipboard
|
ADVAPI32.dll |
AdjustTokenPrivileges
|
SHELL32.dll |
ShellExecuteA
|
ole32.dll |
CoSetProxyBlanket
|
OLEAUT32.dll |
#6
|
OPENGL32.dll |
glDisable
|
WS2_32.dll |
#115
|
IMM32.dll |
ImmSetCompositionWindow
|
WTSAPI32.dll |
WTSSendMessageW
|
KERNEL32.dll (#2) |
SetPriorityClass
|
USER32.dll (#2) |
EmptyClipboard
|
KERNEL32.dll (#3) |
SetPriorityClass
|
USER32.dll (#3) |
EmptyClipboard
|
Type |
RT_MANIFEST
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x17d
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4.91161
|
MD5 |
1e4a89b11eae0fcf8bb5fdd5ec3b6f61
|
SHA1 |
4260284ce14278c397aaf6f389c1609b0ab0ce51
|
SHA256 |
4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
|
SHA3 |
4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353
|
[!] Error: Could not read the exported DLL name.
[!] Error: Could not reach the TLS callback table.
[*] Warning: Section .text has a size of 0!
[*] Warning: Section .rdata has a size of 0!
[*] Warning: Section .data has a size of 0!
[*] Warning: Section .hpp0 has a size of 0!