6e47a095adffbb14c2902a26834f4d3e

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2022-Oct-23 18:07:31
Detected languages English - United States

Plugin Output

Suspicious This PE is packed with VMProtect Unusual section name found: .vmp0
Unusual section name found: .vmp1
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 6e47a095adffbb14c2902a26834f4d3e
SHA1 2801ce6b32d1ebf9abe8f1fa1136395594455501
SHA256 7d12b04a8fd51ba0a528cc00e36a4cd73a4120168603e75669c11463c7cc4fb5
SHA3 4e1bba705cc76b29b9e314f50bf47e7f9cc599fc055cbe63c46ff3d0e69678c6
SSDeep 98304:WmODYSXis0da2CYu+A3trwpl9bgk4E0vjouji+LqFPBNxh8tCeH:fOcSn0dtCP+KsfifLqBxh8tB
Imports Hash e8cc9d1a62a69a0e77645ec31debfd67

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 7
TimeDateStamp 2022-Oct-23 18:07:31
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 12.0
SizeOfCode 0x10e00
SizeOfInitializedData 0xa600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x004B0E10 (Section: .vmp1)
BaseOfCode 0x1000
BaseOfData 0x12000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x8d1000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x10d2b
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x5a3e
VirtualAddress 0x12000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x32c0
VirtualAddress 0x18000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x33f596
VirtualAddress 0x1c000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1

MD5 3549ea6be9389836ec5a4dfa1547304d
SHA1 8aa6ad5b24c9bc52548ee3b5287e0f5c86c12904
SHA256 f75f6b9f060f754fbc7ba51b79e24a0bccd401e3ff5735ac6df24d664c3d74fe
SHA3 95e8a0a8818541d81cac8c10a2a9f9dbdc451c34131b7af8b5ba7076c9d4cae7
VirtualSize 0x572ce0
VirtualAddress 0x35c000
SizeOfRawData 0x572e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.95992

.reloc

MD5 ed3b5a5ce457d3cdeefc53a141519fdf
SHA1 0659a9bcc246fe2a57cd87d1a5fcef023aef94a3
SHA256 b78a0e51eedf951b81d5e7304a422745456a3e04211b4f5d81f849b4d1f24c71
SHA3 03537ea9c6ebbe1a3cb7ed0a9fb0d73cb52208309176538a7ec8031b1d4489c3
VirtualSize 0x5c8
VirtualAddress 0x8cf000
SizeOfRawData 0x600
PointerToRawData 0x573200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.16157

.rsrc

MD5 cccc65fbaa07cf44b9ba9363a968df5b
SHA1 ae5fac30872681eb7f16674a476e996e87eccc00
SHA256 d301997ba947420991f334961def48df282fe6cb7d50a6a0d1182cf6e544b1ff
SHA3 0d668259505104499a45b3d286802b4786ee3f11e7002876f486c94c1cd46986
VirtualSize 0x27c
VirtualAddress 0x8d0000
SizeOfRawData 0x400
PointerToRawData 0x573800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.84276

Imports

KERNEL32.dll HeapReAlloc
SHLWAPI.dll PathRemoveFileSpecA
WTSAPI32.dll WTSSendMessageW
KERNEL32.dll (#2) HeapReAlloc
USER32.dll GetUserObjectInformationW
KERNEL32.dll (#3) HeapReAlloc
USER32.dll (#2) GetUserObjectInformationW

Delayed Imports

_CalculateMax@32

Ordinal 1
Address 0x2180

_GetAccount@8

Ordinal 2
Address 0x1f20

_GetAuth@4

Ordinal 3
Address 0x21f0

_GetExpirationTime@0

Ordinal 4
Address 0x21e0

_GetLastVersion@0

Ordinal 5
Address 0x2170

_GetStrategy@0

Ordinal 6
Address 0x2160

_HttpQueryInfoW@20

Ordinal 7
Address 0x1a70

_InternetAttemptConnect@4

Ordinal 8
Address 0x2b50

_InternetCloseHandle@4

Ordinal 9
Address 0x2b40

_InternetConnectW@32

Ordinal 10
Address 0x2b60

_InternetOpenUrlW@24

Ordinal 11
Address 0x1a80

_InternetOpenW@20

Ordinal 12
Address 0x2b70

_InternetReadFile@16

Ordinal 13
Address 0x1b80

_OrdersCheck00@48

Ordinal 14
Address 0x24d0

_OrdersCheck@52

Ordinal 15
Address 0x2600

_ProfitPoint@16

Ordinal 16
Address 0x2200

_QueryAccount@8

Ordinal 17
Address 0x1f40

_QueryDatabases@16

Ordinal 18
Address 0x2270

_QueryTime@4

Ordinal 19
Address 0x2080

_check_ex4@0

Ordinal 20
Address 0x1670

_getlots@24

Ordinal 21
Address 0x2670

_getprofit@32

Ordinal 22
Address 0x2680

_m1@20

Ordinal 23
Address 0x2610

_yanzheng@8

Ordinal 24
Address 0x2650

2

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x224
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.04378
MD5 245b863be176aab16ef1dbe168defe03
SHA1 c0a369f6f0e77b89c5d9d37fb94e1d5e2d431b5b
SHA256 59ba97d56a01766792386c3b379946bb613c8921e3daf8a878855a268ad5e4aa
SHA3 7efbe82f17422b353f747a146c1e8f1b9df37e90648150f2020442ff9477341e

Version Info

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x10018000
SEHandlerTable 0x108cebe0
SEHandlerCount 64

RICH Header

Errors

[*] Warning: Section .text has a size of 0! [*] Warning: Section .rdata has a size of 0! [*] Warning: Section .data has a size of 0! [*] Warning: Section .vmp0 has a size of 0! [*] Warning: 1 invalid export(s) not shown.