Architecture |
IMAGE_FILE_MACHINE_AMD64
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date |
1970-Jan-01 00:00:00
|
Debug artifacts |
Embedded COFF debugging symbols
|
Suspicious |
The PE is possibly packed. |
Unusual section name found: /4
Unusual section name found: /18
Unusual section name found: /30
Unusual section name found: /43
Unusual section name found: /59
Unusual section name found: /75
Unusual section name found: /90
Unusual section name found: .symtab
|
Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- LoadLibraryW
- GetProcAddress
Functions which can be used for anti-debugging purposes:
Leverages the raw socket API to access the Internet:
|
Suspicious |
VirusTotal score: 1/68 (Scanned on 2018-02-08 04:44:29) |
Cylance:
Unsafe
|
MD5 |
671f16cb1776f856477bfaa7821eb0d9
|
SHA1 |
c988ab98d8ffb8a163cf0689036cee5cde6996c9
|
SHA256 |
651d609a08b81d94fcbca653057e04fcdcf6038b71e712dc5cbb71056cf1df88
|
SHA3 |
333c234dd804032619ae8e5769e20ca4bfe6f035d4e6dd0dc52c744b6eea034b
|
SSDeep |
24576:aQw8e8rjvzRvAKX8IC8FTgAH9PGzQM6endnv4:vnvzRl0STgIGzQPY4
|
Imports Hash |
80538c307e4d824fb80c39d72afa3ca9
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0x4
|
e_cparhdr |
0
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0x8b
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x80
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections |
11
|
TimeDateStamp |
1970-Jan-01 00:00:00
|
PointerToSymbolTable |
0x24a400
|
NumberOfSymbols |
3281
|
SizeOfOptionalHeader |
0xf0
|
Characteristics |
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32+
|
LinkerVersion |
3.0
|
SizeOfCode |
0x12f600
|
SizeOfInitializedData |
0x92200
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x000000000004F500 (Section: .text)
|
BaseOfCode |
0x1000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
1.0
|
SubsystemVersion |
4.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x293000
|
SizeOfHeaders |
0x600
|
Checksum |
0
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve |
0x20000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
974ae4207b0ca83e5f411b432342bd9e
|
SHA1 |
ad9a14b695bdc876f9807bd6dbd0e4a985da94ca
|
SHA256 |
15025f791daa01b939aa27beca83869455ed49b141b30669798ca45b22def1b3
|
SHA3 |
b22225e88c5ced4f749ec0ae8f56fac2d95ea56c47a0f24496d0c21432b1dfaa
|
VirtualSize |
0x12f45e
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x12f600
|
PointerToRawData |
0x600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
5.8151
|
MD5 |
4d7aed0b4e33b9aff2d7a6381b7a5e85
|
SHA1 |
8cbad4569eee6dba944dd1a9fa563b04142b2ee4
|
SHA256 |
957040acb622588a7fbfb4e5320a039e5180989b21dbcd2076556f8c9e385f8e
|
SHA3 |
e393e9a84a4e4bd6bb8513443bfd65bebf3f0b86562794bcaa3e4763f13e89a1
|
VirtualSize |
0xb1c00
|
VirtualAddress |
0x131000
|
SizeOfRawData |
0x92200
|
PointerToRawData |
0x12fc00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
1.57454
|
MD5 |
121d8cafa17faffb71d001e3f660db47
|
SHA1 |
4c8185996e7868add6bed9bf2959f85fcd25f040
|
SHA256 |
3badb469da0c9954b01baf3e4078adb0a85db2f9aaef12f15f59c42a42e8edb4
|
SHA3 |
d72b9b0578ca2c0e2a85474d539634f8c50ce1038787b8ac27afccb1138c1145
|
VirtualSize |
0xff
|
VirtualAddress |
0x1e3000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x1c1e00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
2.66185
|
MD5 |
bc2f6325a976198355f94f34b7a8caed
|
SHA1 |
ff5a80c295bc55411c1d1d6f0be4a4c3aad0bedd
|
SHA256 |
6f822b99650fe9f0f404f39fb1e16e1638eefa51736fd674cb0d5f964624df16
|
SHA3 |
17895cb325eaaf79ac12a2193c62e8301c76a771a2c2cafd2ff036985376ce5f
|
VirtualSize |
0x130e4
|
VirtualAddress |
0x1e4000
|
SizeOfRawData |
0x13200
|
PointerToRawData |
0x1c2000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
6.47129
|
MD5 |
40abbc0a6859375d966e2552ae685218
|
SHA1 |
3ad822430f23d0f15720872dd67ac908ecdaae72
|
SHA256 |
c532d06ea25b21f220ef7c1662a281488c6406bf65d8ce8b2f6c07bdd8d7891a
|
SHA3 |
4b943d8f980c05e191947e5034ed677fc953688c627feddb97eb8ad110168cfd
|
VirtualSize |
0x130b4
|
VirtualAddress |
0x1f8000
|
SizeOfRawData |
0x13200
|
PointerToRawData |
0x1d5200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
3.44145
|
MD5 |
1e7ad745a124b40094514d75d9617c4d
|
SHA1 |
e04054772178d939fb4fc3c4e182342a547b496e
|
SHA256 |
2eae89b0624d02a22968b72b98d469375b1698c1dbb26e7851bb3f3ff0e9e177
|
SHA3 |
394d4519b70c281962d04fc9bff2c23efdf2fe5e39c95f80c37951056d117b43
|
VirtualSize |
0x94d8
|
VirtualAddress |
0x20c000
|
SizeOfRawData |
0x9600
|
PointerToRawData |
0x1e8400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
5.38043
|
MD5 |
a5bd15859135a88d81ba131a9f1ca0b7
|
SHA1 |
b9694fbbc2a3436df66147e22dd60ad5b829d3d0
|
SHA256 |
9c1ac22acc934e7608ff4c08424339008a74c932c51f34f015a5e20305fef2f3
|
SHA3 |
52d67aa5c750daea4f4c31828180e1b72c1682168d88476d38ec7b56d808a727
|
VirtualSize |
0x896b
|
VirtualAddress |
0x216000
|
SizeOfRawData |
0x8a00
|
PointerToRawData |
0x1f1a00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
5.43191
|
MD5 |
2c755c8aa5f52dc78513aaeae5b8ec1e
|
SHA1 |
a3ee7da5ae2741cd22225cbe6b99d502b6dd6398
|
SHA256 |
b30a6696890fb9e80de47ba3f0f15652be9c42231d09b215e5d88d3973182625
|
SHA3 |
2beaf0931a73e7f2a2e8d19f6ab78e7039289ca5fe51818077187ceb9ae51a00
|
VirtualSize |
0x30
|
VirtualAddress |
0x21f000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x1fa400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
0.16299
|
MD5 |
fe8868505f3c4530d62d5832757d985f
|
SHA1 |
cfe2138d8f33d32069d8308c96c57151f856cc84
|
SHA256 |
ea6d632c3c3c59d5cc8fb53b8b3d3d9d8b8a1da610bdf22e2714102726347a62
|
SHA3 |
3df64ff061a6cdc0d68075d82557c1666ad04dc3f61aa57c1a45a97ca9a85219
|
VirtualSize |
0x4f644
|
VirtualAddress |
0x220000
|
SizeOfRawData |
0x4f800
|
PointerToRawData |
0x1fa600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
5.30935
|
MD5 |
59b4810b41dbe4187a1019da26349159
|
SHA1 |
561fde1616904dbe6e1e3289295cd9eca81acf59
|
SHA256 |
9dcdb2e18e99ff06ba082237888772d886530d0e962f6577fa2086457e2ce641
|
SHA3 |
d33b555b4958ac01a714c757bbb94e0f93389bbb79d8851c7c651466e384b612
|
VirtualSize |
0x44c
|
VirtualAddress |
0x270000
|
SizeOfRawData |
0x600
|
PointerToRawData |
0x249e00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
3.3785
|
MD5 |
1f67fc50b067e63f7d98c2a4e5a4b501
|
SHA1 |
b9f4075f8c554cb46dde200df40479639e54192a
|
SHA256 |
f0bdf65d1d85e9a56d4003c3e44d56f60624095a4747b18b159a5de86bcfebbe
|
SHA3 |
205dd7e048d9353b9aa5a50cae84c4c9c63d40f902b96667bee89494fe1614eb
|
VirtualSize |
0x21925
|
VirtualAddress |
0x271000
|
SizeOfRawData |
0x21a00
|
PointerToRawData |
0x24a400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
5.21601
|
winmm.dll |
timeBeginPeriod
|
ws2_32.dll |
WSAGetOverlappedResult
|
kernel32.dll |
WriteFile
WriteConsoleW
WaitForSingleObject
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetThreadPriority
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
LoadLibraryA
LoadLibraryW
GetThreadContext
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerA
CreateThread
CreateEventA
CloseHandle
AddVectoredExceptionHandler
|
[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /18!
[*] Warning: Tried to read outside the COFF string table to get the name of section /30!
[*] Warning: Tried to read outside the COFF string table to get the name of section /43!
[*] Warning: Tried to read outside the COFF string table to get the name of section /59!
[*] Warning: Tried to read outside the COFF string table to get the name of section /75!
[*] Warning: Tried to read outside the COFF string table to get the name of section /90!