7f5fdc84bc22b91709933def570cf5b7

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2018-Nov-20 01:28:30
Detected languages English - United States
Debug artifacts C:\Users\degrigis\documents\visual studio 2010\Projects\DolphinDropperAES\Release\DolphinDropperAES.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info Cryptographic algorithms detected in the binary: Uses constants related to AES
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryW
 Possibly launches other programs:
  • ShellExecuteW
Suspicious The file contains overlay data. 1233257 bytes of data starting at offset 0xa600.
Overlay data amounts for 96.6689% of the executable.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 7f5fdc84bc22b91709933def570cf5b7
SHA1 8a18bc91acfcc2ae36f8f156a72b4829d1f21622
SHA256 f777459b8a4b388ff157be3c7636de07c4c44638925778de05cb9d4e6a2fff26
SHA3 f39f98225f9b4af3327a7a62070395e583148e1a74c4b7208602f0b689ddf103
SSDeep 1536:gQKoJqVDN9kX77n7XCXdz2Fq3df2eRXVwwYlQ88J+A51jnAZrpjs55yPLzOJ1Pd8:FKnt83n7Sf1bHYF8JNDA3U0zOHPAkzk
Imports Hash 8dc82291f5d615a2c7361fa234b95dd0

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2018-Nov-20 01:28:30
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 10.0
SizeOfCode 0x5400
SizeOfInitializedData 0x4e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001D75 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x7000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0xf000
SizeOfHeaders 0x400
Checksum 0x17f52
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 0efb35879cb16ffbd06bb41a640dcc1c
SHA1 9b54076ed65fc0174e7711fc5f00d0f512a10c77
SHA256 3ec6aa745a0b767d92624e6f3262352072b900447413f10598a8b07865347851
SHA3 01799a02881e33f01867d7bb4614253598a2ca4f6eda7b13c42c07276ea17eb9
VirtualSize 0x530c
VirtualAddress 0x1000
SizeOfRawData 0x5400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.562

.rdata

MD5 e943910c72ac9d4746787639926dd025
SHA1 a9147bbd4b866a38f71732639d9919d9cd402141
SHA256 8ca1949049d724f887536832b834657ac193d21a8ea1d04604317ddfabf64c61
SHA3 7871a2322025cbf93804203b7db6aed438d4bc2bbe07d76aeb6527035d7f0f90
VirtualSize 0x2c34
VirtualAddress 0x7000
SizeOfRawData 0x2e00
PointerToRawData 0x5800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.05711

.data

MD5 d84583a65c802ab244a2e1ca5ed58144
SHA1 14285a3272beb84c2876dee7e1d558318b4471d5
SHA256 181131409e6760d4ab7bd1f4f80832324fb3eaae928f0c4b8c6c1816d2a88254
SHA3 8014326cc675d15970bc81fc69cb1e6a6b672cdd09a2a2b821928c296240d262
VirtualSize 0x1ba0
VirtualAddress 0xa000
SizeOfRawData 0xc00
PointerToRawData 0x8600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.64001

.rsrc

MD5 c52ee9fcdbbff3ba2f8da39a1bd23689
SHA1 a4afba000282afcb2d98cd2fb328e62fdaea0ae5
SHA256 d335af26f440ae5238c992fee1238a258986746d0eeb37bb456ebd17bb759f51
SHA3 e77e4ff3d264be3dd83a0d9a310e74c1646346dbec880bfed007555a694ca339
VirtualSize 0x1b4
VirtualAddress 0xc000
SizeOfRawData 0x200
PointerToRawData 0x9200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.09798

.reloc

MD5 ba80ec5ae196692167272fc00a5e818b
SHA1 08e1e862c32d23f79f3189ff7070fb6325944b0b
SHA256 bf74551922577a69e9ca51720ba7268ddcb0eb5c22023d9d7d6d47f17ea6171e
SHA3 cee614e1b5aa813459dada6629cfa4ab00d8c1917288f4f4c57b7ac37ae1f8e6
VirtualSize 0x107a
VirtualAddress 0xd000
SizeOfRawData 0x1200
PointerToRawData 0x9400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.68487

Imports

KERNEL32.dll GetModuleFileNameA
OpenFile
GetFileSize
CreateFileMappingW
MapViewOfFile
VirtualAlloc
CreateFileW
WriteFile
CloseHandle
GetCommandLineW
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
HeapAlloc
RaiseException
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
Sleep
HeapSize
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapReAlloc
WideCharToMultiByte
IsProcessorFeaturePresent
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SHELL32.dll ShellExecuteW

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x15a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.79597
MD5 24d3b502e1846356b0263f945ddd5529
SHA1 bac45b86a9c48fc3756a46809c101570d349737d
SHA256 49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e
SHA3 1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2018-Nov-20 01:28:30
Version 0.0
SizeofData 128
AddressOfRawData 0x92b8
PointerToRawData 0x7ab8
Referenced File C:\Users\degrigis\documents\visual studio 2010\Projects\DolphinDropperAES\Release\DolphinDropperAES.pdb

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x40a03c
SEHandlerTable 0x409420
SEHandlerCount 3

RICH Header

XOR Key 0x6ba9c413
Unmarked objects 0
C++ objects (VS2010 SP1 build 40219) 24
ASM objects (VS2010 SP1 build 40219) 14
C objects (VS2010 SP1 build 40219) 66
Imports (VS2008 SP1 build 30729) 5
Total imports 75
175 (VS2010 SP1 build 40219) 2
Linker (VS2010 SP1 build 40219) 1

Errors

<-- -->