7eb7c9a616deb5c6fa0d784fe6276f43

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2013-Apr-04 19:23:22
TLS Callbacks 1 callback(s) detected.

Plugin Output

Suspicious PEiD Signature: UPX -> www.upx.sourceforge.net
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Unusual section name found: UPX2
The PE only has 7 import(s).
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Memory manipulation functions often used by packers:
  • VirtualProtect
  • VirtualAlloc
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 7eb7c9a616deb5c6fa0d784fe6276f43
SHA1 50664a2b3e13841724d4213fa59453329048183f
SHA256 cd366c8bed16bc126740b9de70cd5c09cbef7d2cc45b907ada78db9be912d07e
SHA3 d627d0f595b4ecd09bb810913d79e651656684777a2fdc670a5e1099c8c9b560
SSDeep 96:FRZ1PO4k4Fk/CGB7UtZ5AV1rkAXHkJUG9b3AOG3zpg:bZ1POmFk6GB7UtqrHUJUG9Puzp
Imports Hash 4bfd1be901a4c0d571291552b2d7a34c

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2013-Apr-04 19:23:22
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x1000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x9000
AddressOfEntryPoint 0x0000AC60 (Section: UPX1)
BaseOfCode 0xa000
BaseOfData 0xb000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xc000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x9000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 7f0550a0ed540cbe5ebea0ca4e7a7a45
SHA1 26335d11e5f2eecc23217fa7a0bfa160338ce99e
SHA256 804ddbfe9306460c50796073490598b10dda09607edab34ef73eea473e6e1471
SHA3 8b9160ce1feba8b2bacc5416253dcf7f33914331b6425c04960bf4ef3bd3edb6
VirtualSize 0x1000
VirtualAddress 0xa000
SizeOfRawData 0x1000
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.21171

UPX2

MD5 c22dc500c8be569f18b30d52d89b207c
SHA1 f00d01a60f778494a014edaf508756b4c7103a12
SHA256 c3e471b37cf670ce7475a312705c90a10fd8db7f2c3f47244575a0dfb0db5b30
SHA3 466b28d0146f88dde75e150a01530dfa2439194c40d7b57f4406b3cd5f5b0ab5
VirtualSize 0x1000
VirtualAddress 0xb000
SizeOfRawData 0x200
PointerToRawData 0x1200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.95047

Imports

KERNEL32.DLL LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
msvcrt.dll _iob

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData 0x40ae40
EndAddressOfRawData 0x40ae43
AddressOfIndex 0x40502c
AddressOfCallbacks 0x40ae44
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x0040AE08

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!
<-- -->