685208575e20f58bf61bfdb036f6bd43

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Info Matching compiler(s): MASM/TASM - sig2(h)
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 685208575e20f58bf61bfdb036f6bd43
SHA1 64f1e87bb73f924bde937df1fc40e51a196348af
SHA256 df191e6c236bdb34d8e093584cc8d30cedc5830eebec6a6b6da08bbaf08df55a
SHA3 c8c3ecc896dd4a3f08c642e7c3e0292bfcae2147d888d368ccab55e17eb77c8d
SSDeep 384:QW76590YtdCFGuPIUZN7POsKqPAPOCqWi+C:69VtJ+IKN7ZWi
Imports Hash 322507b983aeddb89a27811817664b1d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x4317
SizeOfInitializedData 0x36e
SizeOfUninitializedData 0x13df1
AddressOfEntryPoint 0x0001BFC2 (Section: .text)
BaseOfCode 0x18000
BaseOfData 0x3000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1d000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x1000000
SizeofStackCommit 0x10000
SizeofHeapReserve 0x1000000
SizeofHeapCommit 0x10000
LoaderFlags 0
NumberOfRvaAndSizes 16

.idata

MD5 3aab66c7c46f53507469503d26912d43
SHA1 57f735f75f0a0892a813f802dba725c4abad8e43
SHA256 43aa71a3b2f7ce22c745f0fdaf46dd1603bf8b3f79f5efa648fc343297a229a8
SHA3 4945218a63e4db29a2ba6c04d5afcbb32d6727a71263beedb15319c21144666c
VirtualSize 0x1b14
VirtualAddress 0x1000
SizeOfRawData 0x1c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.763887

.data

MD5 01932fcc1e41507ccb30b839addda7ea
SHA1 42dc93bb7af6e502a77d99416ecd52f1ec177c20
SHA256 2c377f74ad107e454c0f9490602a47b094b5519ba2f1ae0e749dfca5b10bc828
SHA3 bf63cf3ca53d2fa50ed49977c63aa592f6ee7737a6427f95079a33a4464af288
VirtualSize 0x36e
VirtualAddress 0x3000
SizeOfRawData 0x400
PointerToRawData 0x2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.58326

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x13df1
VirtualAddress 0x4000
SizeOfRawData 0
PointerToRawData 0x2400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text

MD5 a84543b5fbf26e301d2ff3085e2af61b
SHA1 1574fd81665b3baf8c126720b121d45d3391deed
SHA256 73282447df9225d37030f0521d01d0efa1024ca02287c4aedf8300f6a083e554
SHA3 7d25b0a69ae4fd93ea7c4f235edd10e4b97a5d25f53381c556919e8ec5603963
VirtualSize 0x4317
VirtualAddress 0x18000
SizeOfRawData 0x4400
PointerToRawData 0x2400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.83833

Imports

KERNEL32.DLL GetCommandLineA
GetProcessHeap
HeapAlloc
HeapFree
GetStdHandle
SetConsoleMode
CreateFileA
SetFilePointer
GetFileSize
WriteFile
ReadFile
CloseHandle
GetLastError
LoadLibraryA
GetProcAddress
GetTickCount
ExitProcess
GetModuleHandleA
USER32.DLL MessageBoxA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
BeginPaint
EndPaint
FillRect
InvalidateRect
GDI32.DLL Ellipse
USER32.DLL (#2) MessageBoxA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
BeginPaint
EndPaint
FillRect
InvalidateRect

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
<-- -->