6f726d2062f9089c5d1b472388d2af37

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1999-Apr-27 13:03:38
Debug artifacts BETA.exe

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Possibly launches other programs:
  • CreateProcessA
Can create temporary files:
  • CreateFileA
  • GetTempPathA
Suspicious The file contains overlay data. 94336 bytes of data starting at offset 0x4e800.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 6f726d2062f9089c5d1b472388d2af37
SHA1 24481ada8de22b16e6f2f2a634746dce7ae1bc5f
SHA256 d1cb124177fca54eafcc4d8581a2b34ee075e2d40365e3ad1b588b9cde93492a
SHA3 61c8130c827a05673fab71ea6ec6589c346ea0f54488e48bc6bb0a4d3a2d1f3a
SSDeep 6144:6gC7ynADxHSDMoqIV3jnMKHqwvGELfXmyCIKY1RFe5NcCP/KiWWknd8hBzsB+l:ZC7yAVEMoVBMKHqwRLPmyCaXfFd+
Imports Hash 4f6ec7ab1c915394190190cd689a1c7d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 1999-Apr-27 13:03:38
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 5.0
SizeOfCode 0x3fc00
SizeOfInitializedData 0x7b7200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00033F10 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x41000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x7fa000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 783aa46cbd99c3fcee41bed05cc874eb
SHA1 a96cb63bda40ddc13fe22eea0efa38c96217edb3
SHA256 1d7f0b6098b5c1893027c140343a1b1715c8a84fd90d59b59ebec562675741b5
SHA3 88847995528bce0ffaaff8fb3bd5d6d12988272fa17565581b49805153c6d368
VirtualSize 0x3fb10
VirtualAddress 0x1000
SizeOfRawData 0x3fc00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.55058

.rdata

MD5 fea4f17b36c86192e160b78544471049
SHA1 90d5204bb28042ea201c8e47ca12c9fff4cbd444
SHA256 95572f5b3e77356870b36c618b51676aea63ce3c67a89c3c5fcd2d29dd8265a6
SHA3 581377bda99897c4b7dc3e8700900b113b38286f158409cce77ba295f548c625
VirtualSize 0x2480
VirtualAddress 0x41000
SizeOfRawData 0x2600
PointerToRawData 0x40000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.9529

.data

MD5 dbec9efe854d6878653e3fc70f54d5a3
SHA1 b7d318da69a82606da4a86f6e2e2911e49c6c5b7
SHA256 4b9979549b2d76f75cbc65723de7ac4fcabe3a4257a2c384c096154a8094045e
SHA3 e835e5d82baf09944e705e44c2c43d486e11c2c16f9e0bc29f817798d9625c49
VirtualSize 0x7b42b0
VirtualAddress 0x44000
SizeOfRawData 0xba00
PointerToRawData 0x42600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.62262

.idata

MD5 30fea8779773c8d087993219ee0bbabe
SHA1 bba7e570af322250c21ff7d753dda5e0e934da86
SHA256 35ebf2bd538212cf173c31115f1fe2dcddb70bdaa11e98954756db11e66dca75
SHA3 309be37cc9f603e0cdf4fa075e864a8fda2d89b01d9b05039020b9b6c40d5f23
VirtualSize 0x6e0
VirtualAddress 0x7f9000
SizeOfRawData 0x800
PointerToRawData 0x4e000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.86955

Imports

KERNEL32.dll HeapReAlloc
SetErrorMode
SetConsoleCtrlHandler
SetLastError
RaiseException
InterlockedExchange
GetLocalTime
GetFileType
SystemTimeToFileTime
FileTimeToLocalFileTime
GetLastError
GetStdHandle
CloseHandle
FormatMessageA
DeleteFileA
CreateFileA
WaitForSingleObject
SetThreadPriority
CreateProcessA
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
GetTempFileNameA
GetTempPathA
GetFullPathNameA
GetFileInformationByHandle
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
GetACP
HeapFree
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
GetProcAddress
GetModuleHandleA
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
FlushFileBuffers
VirtualAlloc
LoadLibraryA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_MISC

Characteristics 0
TimeDateStamp 1999-Apr-27 13:03:38
Version 0.0
SizeofData 272
AddressOfRawData 0
PointerToRawData 0x4e800
Referenced File BETA.exe

IMAGE_DEBUG_TYPE_FPO

Characteristics 0
TimeDateStamp 1999-Apr-27 13:03:38
Version 0.0
SizeofData 7744
AddressOfRawData 0
PointerToRawData 0x4e910

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read PDB file information of invalid magic number.