72556227c568b3f12d3a70cfb5e00792

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2007-Sep-12 15:08:17

Plugin Output

Info Matching compiler(s): Installer VISE Custom
Microsoft Visual C++
Microsoft Visual C++ v6.0
Microsoft Visual C++ v5.0/v6.0 (MFC)
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Suspicious VirusTotal score: 2/66 (Scanned on 2018-05-18 14:00:35) Cylance: Unsafe
Jiangmin: Trojan.Generic.drng

Hashes

MD5 72556227c568b3f12d3a70cfb5e00792
SHA1 5e51c5e5efd80fd3d936317d057c70a057aedbc8
SHA256 c1e86398aa361d039e28918af885c53517743d6ae4c847969b879ceceae7dd65
SHA3 c2a550e2c6726a6fcca04fa8b6b58da7daec82d65aaaa0c6fa39dff020311813
SSDeep 192:qiFjvtFizwKAoShweJANLWrQXi5B1hUmZBdZDRTuwhgozdirGM94a9pOyymfG7n:qKIw9hJUml3txtnyymerh6oZ
Imports Hash 88468a2aad02cc7597aabe5e483f5202

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2007-Sep-12 15:08:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x3000
SizeOfInitializedData 0x2000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000101D (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x4000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x6000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 7c6b95642c33f402b4f2608b1d4afd17
SHA1 4b8c396bcffe06a1aa0afbbfb5035ae440365e3f
SHA256 e91b96735704a151f4b13c6a219b46fd4de660451c0bec1e2dea24e62c72f9c5
SHA3 2f2d99446da0ec43382133ca74d7a3a84d2bfd9f3233f8beae1b96218ed75f5f
VirtualSize 0x289e
VirtualAddress 0x1000
SizeOfRawData 0x3000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.91786

.rdata

MD5 cfa4f2c2aad49d75a12a734177384bb8
SHA1 2118308132ed588caa526d93aa7d12f3c538f130
SHA256 a32a4bc6e687599849833af9f48108a9d4c6122b38a7c04fcd53b6fbddedae4f
SHA3 bcd18dd9fb534289d253b6ea00cf12bcdb7de0a19b9f746689f7160279346556
VirtualSize 0x774
VirtualAddress 0x4000
SizeOfRawData 0x1000
PointerToRawData 0x4000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.06355

.data

MD5 78f59be21639ecbed325f811aae8300a
SHA1 1c1e1c0c5bcbac90f409e64106a5919a31c4ab6e
SHA256 78a607ee0b7b3d07101187ffdd72711aa89794c9cfefd8d510477830457a53c2
SHA3 04e2a5662cc98d2908249e5f52e3ebd5a4d974f2b5890aad219144a739e9ab4a
VirtualSize 0x9dc
VirtualAddress 0x5000
SizeOfRawData 0x1000
PointerToRawData 0x5000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.985097

Imports

USER32.dll MessageBoxA
KERNEL32.dll HeapCreate
GetStringTypeW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xa158a888
Unmarked objects 0
C objects (VS98 build 8168) 22
14 (7299) 9
Total imports 38
19 (8034) 5
C++ objects (VS98 build 8168) 2

Errors

<-- -->