Manalyze report for 73bfb912910e635ecc01615a98f0b4af

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-Aug-12 11:43:16
Detected languages	English - United States
TLS Callbacks	2 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols
CompanyName	COMPANYNAME
FileDescription	FILEDESCRIPTION
FileVersion	`FILEVERSION`
InternalName	INTERNALNAME
LegalCopyright	LEGALCOPYRIGHT
LegalTrademarks1	LEGALTRADEMARKS1
LegalTrademarks2	LEGALTRADEMARKS2
OriginalFilename	ORIGINALFILENAME
ProductName	PRODUCTNAME
ProductVersion	`PRODUCTVERSION`

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: /14` `Unusual section name found: /29` `Unusual section name found: /41` `Unusual section name found: /55` `Unusual section name found: /67` `Unusual section name found: /78` `Unusual section name found: /89`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Suspicious	The file contains overlay data.	`28436 bytes of data starting at offset 0x6ae00.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`73bfb912910e635ecc01615a98f0b4af`
SHA1	`4d81d93df3e14aca1bfced45c519b6d03ab1ac3d`
SHA256	`3953d51e5d4f8016b57a1a4c47ab924072995ff207503dc034241774d0514a7a`
SHA3	`0b8f96889f935d9124101dfc2f0ed586e28ee962187dabbc96564af606761c78`
SSDeep	`6144:MXJoGWx5SGfN8eHZmua4VqaR2oai6XCNnQ6YHO5zWXNi/:0JgiG8huEtolnlRQe`
Imports Hash	`8b2925fb45815220ca034a3d3ff2bc8a`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`16`
TimeDateStamp	2019-Aug-12 11:43:16
PointerToSymbolTable	`0x6ae00`
NumberOfSymbols	`1298`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x1600`
SizeOfInitializedData	`0x2de00`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x00001480 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x77000`
SizeOfHeaders	`0x400`
Checksum	`0x7cd92`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c398dbf50ef2c55b0e6040b59b92b4fb`
SHA1	`13c0c6466188536cfe70caec034113fff875edb2`
SHA256	`f0f3e83198b6b04a0d3389da1534978e3f26f2d8c0d03f9b03b3e1787a1e69c5`
SHA3	`80c9cb34f4f0c87196ef5c9003e3cae93fa5d97832890b3cc5ce8a4341df100c`
VirtualSize	`0x15c4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.02906`

.data

MD5	`2a234157745a62bbf90c935c889556f7`
SHA1	`37643105b19bb926145ba6c8a1022587e17f1671`
SHA256	`8729f51957f91064a001f3873cc77289f88414511752777afa7af8f3b2f43342`
SHA3	`771d64d950312d0a35ac543b0e52c8660e4c1025e43c00641b27010e9451d44c`
VirtualSize	`0x38`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.617127`

.rdata

MD5	`8ac762486fe58956baf0424b1de52f1d`
SHA1	`8cbef1fd1f2cb7db11b2d7637aa31afd8e9f897c`
SHA256	`115ce916266842082b6b2d5c27dcd482d3dfba3932d265fea1faca0dae3f9ebc`
SHA3	`dc4902a453b98a6ba4fed7b6fb09028fec9aabf6b0c56b2245e5ca896e5e5d62`
VirtualSize	`0x768`
VirtualAddress	`0x4000`
SizeOfRawData	`0x800`
PointerToRawData	`0x1c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.0958`

/4

MD5	`28187513918c5d9b541fcfddd4272076`
SHA1	`3ff84562e5afd4a55c25ab6221039a46b439560d`
SHA256	`9febd897e16b419584583dcb28c025b99ce67e6088f6456ba8412d2db9092aae`
SHA3	`91e5254081f5f15aebd76d52c81f3770a8205a474bc184c3656011bddcac0124`
VirtualSize	`0x880`
VirtualAddress	`0x5000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.06847`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x3ec`
VirtualAddress	`0x6000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`2afd6467cd6bd7bb1876347a095a430a`
SHA1	`0d5bb1caf8c001839e44840f0183181286e6fb5e`
SHA256	`5156658927fa5297da7f9e2d28b67b2e15abfbafd50a8d6099caabbb00596964`
SHA3	`250e91acfe34d73aa633c8b88dc04b3188cfef5da30b9c07e001e955a545ce43`
VirtualSize	`0x59c`
VirtualAddress	`0x7000`
SizeOfRawData	`0x600`
PointerToRawData	`0x2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.39385`

.CRT

MD5	`2b1838853cc41e85be21e651f66275a3`
SHA1	`80d5ab5f7bc35d7940088be317df0df87012f167`
SHA256	`9e277a0924b4851a8c645f96515fb14f8902b9364d7c7cf83a98677475bb6f85`
SHA3	`66419a0eb6bba6ea78da59cb0fcad29a4e1227b2b5130105f1beb63442ba4228`
VirtualSize	`0x34`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.253036`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x8`
VirtualAddress	`0x9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`8e43fdf65e0b800e3fd27f5e0af0ccc5`
SHA1	`18e7bb90f2ba0d866ae0729510f79251df0a331d`
SHA256	`0767d5c3e8055309989a16ff5101ed6586dc8155752895e99bc7f89ee3646cf4`
SHA3	`6a56b1448fb7b68835db1c974e8eb88fe60ef27b56f7f82373c9766097f42eb0`
VirtualSize	`0x2a848`
VirtualAddress	`0xa000`
SizeOfRawData	`0x2a848`
PointerToRawData	`0x3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.67522`

/14

MD5	`110154eedea70be4bd081719f9e7122a`
SHA1	`64bad5ce19022b13c9fe37bba2e17f548fae2da7`
SHA256	`d0e606725d5a91dba6d67a7bdf3b2f71e68767c539abca7a7da9dadae15173e9`
SHA3	`4a5de2458c20d692f0acad23fe0fca4527f5f062523121c62a12adb3d4406d32`
VirtualSize	`0x2b8`
VirtualAddress	`0x35000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2e200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.70177`

/29

MD5	`8712d17e0699f5e485de865d9ec44fe2`
SHA1	`9509288eb5f65e8409cbd9f8293a15f4b69649fd`
SHA256	`f55f770b4fd90b35032259f00eb5160c26b6c25d5379dbc718114c6ea0962cf2`
SHA3	`0df9cad0bb3b684eed62aee568aa1d03700331dfa6a6b1e38b08475aa2bfa090`
VirtualSize	`0x356c4`
VirtualAddress	`0x36000`
SizeOfRawData	`0x35800`
PointerToRawData	`0x2e600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.97737`

/41

MD5	`21d0dd976519f7afcfb09bb43e9f3f8b`
SHA1	`96d39b02d31f8fb391aafb550051368ff72bebc3`
SHA256	`32e748271696022bf4cc67637f92b6237b4a940427940c4d9919be5119efe5f8`
SHA3	`f989b6390819503d9e28065b2ac6a4caaff922f7faa7b8555d114f15fc4a0a22`
VirtualSize	`0x21b6`
VirtualAddress	`0x6c000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x63e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.65985`

/55

MD5	`1f6ec4ac3505d73518f742287de24abc`
SHA1	`8d5a22d28b577c4a88e96f8ea472f1b4715ea8c8`
SHA256	`aa7d89385c3ea37155e7dda6dc7d09677c1c310e9631cce5247de1bb7fdef1d1`
SHA3	`29f9164edf5fcc29bd51392af2eedde8fcad33de84e72388e9051f840322d5e5`
VirtualSize	`0x305d`
VirtualAddress	`0x6f000`
SizeOfRawData	`0x3200`
PointerToRawData	`0x66000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.43484`

/67

MD5	`50511d1f52c492c307e165e29e88ac02`
SHA1	`c4a426c36c7ba77dfdd9e97621c2e582c032840c`
SHA256	`0aef289683950f565adedcee483310df14686da46d49e787bd9040d30addf64b`
SHA3	`ab4df986211515eaaf627a79ab6db8728b4e711c47a084c06b15e3bfadde2ed4`
VirtualSize	`0x4e3`
VirtualAddress	`0x73000`
SizeOfRawData	`0x600`
PointerToRawData	`0x69200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.34863`

/78

MD5	`c49211b696f477baa75ae344b7653203`
SHA1	`7f60c0c8623ad7435cc2c52247dcdf88028391a9`
SHA256	`fed49f08c8fb6b444434c39e67bc08dc3eb75195714eb266184fd102eda8e579`
SHA3	`86af0c78f20fa7cbc50bca5b44ba7b52f41ab1620b8a862838412ddb48759d5f`
VirtualSize	`0x11e2`
VirtualAddress	`0x74000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x69800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.03727`

/89

MD5	`a2041499c20103514acacc36e3c21af2`
SHA1	`8ebda52f40bd1c9e4395e380ae0883978e7eb9e5`
SHA256	`b6082229c03b23740c1e39595f0467e66de1d90adff3269e0e10161092c57db7`
SHA3	`7093fce54ab01208a58d754ecf62df1f3f4cc57701dcdc4928d9b935f6c0bf0d`
VirtualSize	`0x250`
VirtualAddress	`0x76000`
SizeOfRawData	`0x400`
PointerToRawData	`0x6aa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.69409`

Imports

KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `FreeLibrary` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetLastError` `GetModuleHandleA` `GetProcAddress` `GetStartupInfoA` `GetSystemTimeAsFileTime` `GetTickCount` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryA` `QueryPerformanceCounter` `SetUnhandledExceptionFilter` `Sleep` `TerminateProcess` `TlsGetValue` `UnhandledExceptionFilter` `VirtualProtect` `VirtualQuery`
msvcrt.dll	`__getmainargs` `__initenv` `__lconv_init` `__p__acmdln` `__p__fmode` `__set_app_type` `__setusermatherr` `_amsg_exit` `_cexit` `_initterm` `_iob` `_onexit` `abort` `calloc` `exit` `fprintf` `free` `fwrite` `malloc` `memcpy` `puts` `signal` `strlen` `strncmp` `vfprintf`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1f86`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.91439`
Detected Filetype	PNG graphic file
MD5	`579b62c83271a9ef2397022a2275d936`
SHA1	`58a1e99ec27fd486f45568d26b6a60b3a592f921`
SHA256	`9c0ae0b86ccf82da824afcb88cf1048f3737019e5d4004c5dad1ffd1ea4bf369`
SHA3	`0095efa0371b54dea7082d290368b3695cb6122aaa342db310aa1abd42f508e4`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.66107`
MD5	`d6f83c512400f5bce0d5d83a4690cc75`
SHA1	`10a0ea029e7389df6b58b81c19d57ab50448740c`
SHA256	`f503a6462619de5a0943208d1234be336b7976ebbd4a726c1080638832a5ea05`
SHA3	`5498a674ef7ee0db706e79a1a6a6d416191a0ab09df05a74140c11125c7ac3f6`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.27849`
MD5	`12c3aa2ed3d3bc03a6f5444f184ad5d4`
SHA1	`54b2629c2867014ae63d24dc611454b013729ea6`
SHA256	`c17db51872330933e60d89fcbfe98e8d835c1ed391785fa5d6580a65363bf53b`
SHA3	`b59674073549cc1d3d07e7feb6cb0da1a8365987162494d152f57fc020a143c7`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19327`
MD5	`468574efc55930f64ae223cf942aa386`
SHA1	`6f33c278ba1fef1f40351e66791c914f3f919066`
SHA256	`f260ec119ac91249a3f726010ec23f03ace7dbeadff3b54c2742ab2b53575981`
SHA3	`9dea76231a99ec85dc055caa1fbdfe92c8ec7eda405b0a36bb7cef1d7f181cff`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.85676`
MD5	`916bd30fb5101c8b71a6e7a839ef3bab`
SHA1	`16dcbe07f3c44b854476a466bd111db9844a9703`
SHA256	`3ccea2d755c51d77f175b11ff05dc6db878a2f15655388ba532f9237590104d5`
SHA3	`8dbfbe38330f99d679f7bd40fb691b0e84c9f6863e3edaac35333e52acd5e876`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50988`
MD5	`ae9c0d7cb2e3d8867c52ec1a7fb8b023`
SHA1	`a24dd4bad19e629bf39ef1f70ac59332f63baef0`
SHA256	`eb0b8a9de7acbf6cd96d8c3c9bce92c69d18605985c969f50a892c17aff390d2`
SHA3	`55a1e17f1e55437fe106be8758bebc34cf5c14bf22bbedcbaf1eb4a13f0af684`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50108`
MD5	`636fe4cc3cf912d5ceef1712bd902ba0`
SHA1	`80c2a14e5a8fedf6da56b8e4f0dd3b878b430eca`
SHA256	`b105a410a9f40686a31876c516c6050e1a6fe09ab25e4d7125dd17deefc9990c`
SHA3	`9168efbddb1cf1475577eea0a62b8dddf011861f9699eccb3a9f7d59f1d2a6b3`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.24601`
MD5	`d2f0f858a26126c8c89f227fb5582607`
SHA1	`cd8a6b58cfeb7e6a3b3e42b1f1740b85196229ae`
SHA256	`f9483e926299a98383fcd3c1142d1d1299903b0efd6dc0699d5606e47e4cf2e4`
SHA3	`d573165335fc18929b3967b47db7706c2b1199a5b17d7177c3e72a1fa1fd87e1`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.08825`
MD5	`39e8f861fbb0960e0649f92a42d6b938`
SHA1	`63446f6aa5d39126e694a614697e93bb59a5c6e3`
SHA256	`0e59559e9ca15cc153da04e27086a6f2e5e25c17f8c2ae3cb726bc71e87e9bed`
SHA3	`7baa865192a366e4ae8a2733879047cfcbfd501f08906e330a530344064bf840`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03466`
Detected Filetype	Icon file
MD5	`bea1e9f0823f97b4e72da859459623b6`
SHA1	`619b551643ae19814fa889fe7ef4bd64c4f73452`
SHA256	`1c5b43085210070084c2c949e6195aa2d8370af80e09422dfefcd2a951798e73`
SHA3	`42b851bc2a47aa1d9408d4a941ecb84427eaf13a707501de3a5d83e138469f17`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x660`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.51079`
MD5	`f226325b6c029b711dc8dfd490357d21`
SHA1	`744c7dd8d2ec5ff968d1aec199888742fa079941`
SHA256	`c7d9d046be33a128346f7c1fde3d0a7f52e01e1eddf8746ec8805c4318750acb`
SHA3	`559cfe2cfdb8e8c5983e36fa1b3d995fabd065b7b800e6766d64908d94095492`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x27c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.80361`
MD5	`bf6b390ee2f5fab472250a9b5e7ac8d0`
SHA1	`2c96a0905a308fced55e5527f4f76e8a2c091a36`
SHA256	`8910098890a9608e7506112d3d2593ec5df60e8b14bb63a894d4407c196a8034`
SHA3	`993fd9af9090d24fbe5ad5de00c099319777415ae4940797a790eeb1d9b8acb8`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.1.5
ProductVersion	0.0.1.0
FileFlags	`VS_FF_PRERELEASE` `VS_FF_PRIVATEBUILD`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	COMPANYNAME
FileDescription	FILEDESCRIPTION
FileVersion (#2)	FILEVERSION
InternalName	INTERNALNAME
LegalCopyright	LEGALCOPYRIGHT
LegalTrademarks1	LEGALTRADEMARKS1
LegalTrademarks2	LEGALTRADEMARKS2
OriginalFilename	ORIGINALFILENAME
ProductName	PRODUCTNAME
ProductVersion (#2)	PRODUCTVERSION

Resource LangID	English - United States

TLS Callbacks

StartAddressOfRawData	`0x409000`
EndAddressOfRawData	`0x409004`
AddressOfIndex	`0x406390`
AddressOfCallbacks	`0x408020`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00401800` `0x004017C0`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /14!
[*] Warning: Tried to read outside the COFF string table to get the name of section /29!
[*] Warning: Tried to read outside the COFF string table to get the name of section /41!
[*] Warning: Tried to read outside the COFF string table to get the name of section /55!
[*] Warning: Tried to read outside the COFF string table to get the name of section /67!
[*] Warning: Tried to read outside the COFF string table to get the name of section /78!
[*] Warning: Tried to read outside the COFF string table to get the name of section /89!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!