71d1d90f963823257e1135e836128112

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2022-Sep-22 15:55:26

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 8.0
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryW
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 71d1d90f963823257e1135e836128112
SHA1 a726a0a92ceb4777747719b3d34e041e89a84110
SHA256 29fccd3ea332180dd095010b8c9aed38a7ceb9b25141756f958163a2add6e4de
SHA3 622729a3d3191d278f2b8d2a897f81896ad725f8bf9dbe5d1452f68d28374c63
SSDeep 192:Gf8Qrt+m/5mgD/RlrzgZNfuuxPcBCDs+d:GfX/QuzgZFv+Cg
Imports Hash bd02547fe2fe2068285f37341873a117

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2022-Sep-22 15:55:26
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x1400
SizeOfInitializedData 0x5800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000017AC (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xc000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x100000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 94223251ccb162e028d97abc4a1ba61a
SHA1 f65c0eed3cbbed29d1d4f94787ee931bf95d939b
SHA256 1334725029cf875c6e9942a6b531ab6adb8d5a2dd56a25ec0ae5b4549b6f14b6
SHA3 e05e24d8c0cf5010c2487fdb7e8b67e653b975fc9e4cd581b851bced0cc548cb
VirtualSize 0x1278
VirtualAddress 0x1000
SizeOfRawData 0x1400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.19397

.rdata

MD5 2123eea077af83b44c210b949a72468b
SHA1 c7cc3586310cc11a169f31ffcfeed9a10ec71ac4
SHA256 8c11353428823f1350876f995eda27bd78d48a2b788a7f73ebde57fc20d439e6
SHA3 dc1a2993cf7b1e859f89a2b683cd361d82b9c9f94022a882c6d47a34e17da5e4
VirtualSize 0x1128
VirtualAddress 0x3000
SizeOfRawData 0x1200
PointerToRawData 0x1800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.71427

.data

MD5 214554aa45f3f41daab5c7290d7e3c76
SHA1 7bcf804d96c17dd26c0e424a421fac533245df93
SHA256 9870efeb098967c9bd17006c735f23b7194a2cdacd4887ecf3c202a89d91d63d
SHA3 29f57ba505c76434eddffd2006c6573cd15b7edaf433b098ec88477c5798bf30
VirtualSize 0x40b0
VirtualAddress 0x5000
SizeOfRawData 0x600
PointerToRawData 0x2a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.857809

.pdata

MD5 5bf653f8d491198b5a18764119be98d2
SHA1 f15bf71551c08a17cbaa6df3cc070367af299815
SHA256 14f0189f5e75922feb4457520c8f257a380f4f7952adecdfa6c5172621d9b909
SHA3 f066de29b1ce39903b5630b02c5fb5e70d63f21c979226febcf7b7066dc8fff9
VirtualSize 0x24
VirtualAddress 0xa000
SizeOfRawData 0x200
PointerToRawData 0x3000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.334207

.reloc

MD5 3ab3f05cd3b59e6a28d111fd50ddccf1
SHA1 727640a93e955dc0fa05961b91c9ad2a792ec0f1
SHA256 81f25ee770ff4d038490dc5af64255e487d7088fc0b3a14824ff0a2274626bd3
SHA3 7400c64c1315ad2faf15ad39a03010b9a7aaf083df72e9c30cb8507e23be628b
VirtualSize 0x2c
VirtualAddress 0xb000
SizeOfRawData 0x200
PointerToRawData 0x3200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.669846

Imports

KERNEL32.dll AcquireSRWLockExclusive
WakeConditionVariable
ExitProcess
GetModuleHandleW
GetProcAddress
LoadLibraryW
ReleaseSRWLockExclusive
USER32.dll GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
RegisterClassExW
CreateWindowExW
DestroyWindow
LoadImageW

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2022-Sep-22 15:55:26
Version 0.0
SizeofData 252
AddressOfRawData 0x3ddc
PointerToRawData 0x25dc

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xac8b658a
Unmarked objects 0
Imports (29395) 5
Total imports 16
C objects (30146) 1
Linker (30146) 1

Errors

<-- -->