752b9076037bc13b81cfd5792a7019e7

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Dec-02 18:07:34
Detected languages English - United States
Debug artifacts C:\Cpp\VS17\pchild10\Release\pchild1010101011.pdb

Plugin Output

Suspicious PEiD Signature: PECompact v2.xx
Suspicious The PE is possibly packed. Section .text is both writable and executable.
Section .rsrc is both writable and executable.
Unusual section name found: .rsrc
The PE only has 4 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 752b9076037bc13b81cfd5792a7019e7
SHA1 b3a4f32ec78d4b4338b71f2db952b863cd2c667e
SHA256 cd86fbdd886731f9d1a97d160b2e92851caca404d12996723f04f71af944120d
SHA3 7a0b346fcf49c47e28d3ba4ee392b251588de8b2712b1182e7f0c73830d5788b
SSDeep 6144:qFcfF5gHBnX5v2ZtK6OYT5mbHFpY4PiC8p7Ku5v:q6I1p+q6OY+lKeW
Imports Hash 09d0478591d4f788cb3e5ea416c25237

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2017-Dec-02 18:07:34
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x1c800
SizeOfInitializedData 0x9e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000A7A1 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1e000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x5d000
SizeOfHeaders 0x400
Checksum 0x1c341
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 2ff12cf5a65461d02d351ce6120e98ad
SHA1 45a456fe6798272bd3f51720d93b95d433856a0c
SHA256 dbc3c99ca0395fb8924832c1548b977ba239af6191fee7036f17935dbbc04528
SHA3 587825ea5d187623471ff55d8005a6a898934bca160210022a1c039865c3a568
VirtualSize 0x2a000
VirtualAddress 0x1000
SizeOfRawData 0xfc00
PointerToRawData 0x400
PointerToRelocations 0x32434550
PointerToLineNumbers 0x4f5e
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99248

.rsrc

MD5 e45184dca1ad893b0662960fcb189fe3
SHA1 59246f01944052a9ca58aa163ba18e3c7cfa5fd7
SHA256 b76b0f3522008714bd22eeb17c4e72075d8bec397167c2ab5c575bce5a15a8a4
SHA3 e03909c196f6c48c4ec2be3ef319ff3a087d4c82fab57039f1f2eca3e5382949
VirtualSize 0x2000
VirtualAddress 0x2b000
SizeOfRawData 0x1800
PointerToRawData 0x10000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.48465

.reloc

MD5 2b7239f2088c8f58f23bea4239ed7e80
SHA1 9ce5e02386cd2a4f55a47a6a01d1956a1a8970b4
SHA256 642c0d4535d4a8d9689cf6377af3f375370fc2bc174c93ed77d93e5486e5e3bc
SHA3 fd8770c319a29dc745d21db22b1ac94a2cdb341477768b24691bc7bc339231f5
VirtualSize 0x200
VirtualAddress 0x2d000
SizeOfRawData 0x200
PointerToRawData 0x11800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.216207

.rsrc

MD5 83948291ee2f2c66699b7df3dd124010
SHA1 881dfcaa2d2d78024c07904cdf600776fa8ad368
SHA256 783fe2db417e933eb597dcbfd63c0edb40046c9968b3b46e0871cc117be2db3d
SHA3 4cfe9eabb25f34d9a0982aef03a76011f53ad4c900d496e9ce4a42b13f4cc5bb
VirtualSize 0x2f000
VirtualAddress 0x2e000
SizeOfRawData 0x2ee00
PointerToRawData 0x11a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_NOT_CACHED
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_TYPE_COPY
IMAGE_SCN_TYPE_NO_PAD
Entropy 6.36751

Imports

kernel32.dll LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Delayed Imports

105

Type AFX_DIALOG_LAYOUT
Language English - United States
Codepage UNKNOWN
Size 0x2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 c4103f122d27677c9db144cae1394a66
SHA1 1489f923c4dca729178b3e3233458550d8dddf29
SHA256 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
SHA3 762ba6a3d9312bf3e6dc71e74f34208e889fc44e6ff400724deecfeda7d5b3ce
Preview

1

Type RT_CURSOR
Language English - United States
Codepage UNKNOWN
Size 0x134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.5988
MD5 43269283f6959921b83fb3c68cb632d3
SHA1 510f4123b9e66c3445798d2b18d1e8989b99fc80
SHA256 f35bbf0a7e7743e2d52eb27ac78c7de9be7159b522c0ea21628a907ea372fcfb
SHA3 9fe3c4ad871a6e81faa8d056f0e07875e6052fa91981675de69a523c2d4a8c34

105 (#2)

Type RT_DIALOG
Language English - United States
Codepage UNKNOWN
Size 0x142
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.13278
MD5 ab8787435a5703de5136b0af45f3cc97
SHA1 5a50b8c862ab7bea309b5cdd85dcdc9140c2c870
SHA256 bfce073bcb2ba9ceca2d2e8a75c6822766c54b437c60d92449e2f73eab9098e0
SHA3 7305eaa33780789a463ecc63dcd4540dfbd07223c12be48c3b51f587aa5c2084

105 (#3)

Type RT_GROUP_CURSOR
Language English - United States
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.83876
Detected Filetype Cursor file
MD5 a2baa01ccdea3190e4998a54dbc202a4
SHA1 e8217df98038141ab4e449cb979b1c3bbea12da3
SHA256 c53efa8085835ba129c1909beaff8a67b45f50837707f22dfff0f24d8cd26710
SHA3 8874564c406835306368adf5e869422e1bb97109b97c1499caa8af219990e8dc

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2017-Dec-02 18:07:34
Version 0.0
SizeofData 74
AddressOfRawData 0x2c2d8
PointerToRawData 0x112d8
Referenced File C:\Cpp\VS17\pchild10\Release\pchild1010101011.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2017-Dec-02 18:07:34
Version 0.0
SizeofData 20
AddressOfRawData 0x2c322
PointerToRawData 0x11322

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2017-Dec-02 18:07:34
Version 0.0
SizeofData 784
AddressOfRawData 0x2c336
PointerToRawData 0x11336

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x64d651af
Unmarked objects 0
241 (40116) 12
243 (40116) 135
242 (40116) 24
ASM objects (23907) 17
C++ objects (23907) 30
C objects (23907) 18
Imports (VS2008 SP1 build 30729) 11
Total imports 103
C++ objects (VS2015 UPD2 build 23918) 2
Resource objects (VS2015 UPD2 build 23918) 1
Linker (VS2015 UPD2 build 23918) 1

Errors

<-- -->