7d0111bbe682213c6174600c45966146f61d84a7326201e9667ba4f6bdc585bd

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2024-Oct-17 20:40:02

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Unusual section name found: UPX2
The PE only has 6 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 30ebfbf0cd231bf5d352b2764526dcae
SHA1 e8388c3c592da601a1f6a4abcd0adeaba8a97b12
SHA256 7d0111bbe682213c6174600c45966146f61d84a7326201e9667ba4f6bdc585bd
SHA3 528c300ef27f7d97f4baf80f5ecd4ba6d5476c954655ae4a861a0f6c0c585baa
SSDeep 3072:K0SyBdyJuKrz8g2goo0lhQ1x269FIrx6Hedde1o:NSyBs5rzo5lhqxzLIrcH43
Imports Hash 96edca583e63355d54955366f276e7f6

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2024-Oct-17 20:40:02
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x1b000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x22000
AddressOfEntryPoint 0x0003CE70 (Section: UPX1)
BaseOfCode 0x23000
BaseOfData 0x3e000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x3f000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x22000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 fa650042a64aa10530a772247d287483
SHA1 72d0e85aa93278aff9879ea79f99582972eaaebd
SHA256 ae5b4e3741ab66c0b1cde5c5592894e813ac4957d91bd6266d2d517402a0fd21
SHA3 de7f7b75eb6a7813a4559a39dee33032fa19c3178ed3ad9e01b210a6c55656e7
VirtualSize 0x1b000
VirtualAddress 0x23000
SizeOfRawData 0x1a200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.88487

UPX2

MD5 7d9996ee2592eb181038e9fe7be16132
SHA1 90733dc15f5a7bf655f7d78a58f527fa2ae5e90a
SHA256 f584f43f88d670b7fb14a62d4c9c1db7a9b00a744c6a653ab60d6e779c990fa6
SHA3 d0b0c81a614d42a514900cc592995cf44e95a38d0a9d9667b9c07e8018bd2c9a
VirtualSize 0x1000
VirtualAddress 0x3e000
SizeOfRawData 0x200
PointerToRawData 0x1a600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.65604

Imports

KERNEL32.DLL LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
USER32.dll MessageBoxA
zip.dll zip_open

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

Size 0xc0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x436080
SEHandlerTable 0x433910
SEHandlerCount 65

RICH Header

XOR Key 0xde243914
Unmarked objects 0
ASM objects (30795) 12
C++ objects (30795) 168
C objects (30795) 21
ASM objects (33808) 21
C objects (33808) 18
C++ objects (33808) 78
Imports (30795) 4
Imports (34120) 3
Total imports 119
C++ objects (34120) 1
Linker (34120) 1

Errors

[*] Warning: Section UPX0 has a size of 0!
Leave a comment

No comments yet.