8732979037c4dc892dec976983363645

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2018-Nov-14 15:26:01
Detected languages English - United States
Debug artifacts C:\Users\User\Desktop\polimorphProgramC++\Polimorph\Release\Polimorph.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 8732979037c4dc892dec976983363645
SHA1 a17863fac341acb538d340e0c5fb6596a8da2e0d
SHA256 ee5ad3728b777dd637dcb736a44dee1690bd835eb516976e0773c0bca038a6a8
SHA3 949b5c63bea16ab7c02d10e8697c0f9634adbfb702d978b0cd3187567150d644
SSDeep 1536:LK4gkcEpnX05cm2DZpdg4CbSGSHsUn1ZMBZYJ1IsWlcd6/F2sy7:Ldwcm21Lg4CGFMU1ZMoD6/F2sw
Imports Hash fec4b834fe0c21e89deeeb60fd57e23b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2018-Nov-14 15:26:01
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xb600
SizeOfInitializedData 0x8200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001543 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xd000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x18000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 ac8c4611aa40324536e288e7d3921667
SHA1 2ff1eee69aed8bf2127276b0e9a352f3f72741f6
SHA256 0d7e0eecf2affbc9a0611fc07d8cf660dcdc218b0489a3647b3a60161fb27332
SHA3 a1ad81db75d1f5657bb99784b0468daac7b7a33512b90fcdb2722054f71b79d7
VirtualSize 0xb4e7
VirtualAddress 0x1000
SizeOfRawData 0xb600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.61066

.rdata

MD5 30be1ab260b39417861049f2b43644e9
SHA1 968719bd6b792aa934293be708a9f2f0a8786920
SHA256 95047a044d48fe44475a8d100c8107d74ba287b7c6d7b8c8c4e27ef689040599
SHA3 81ad527ba10dc65315cdd34ee315509745346d3478969e933463414c1ab89563
VirtualSize 0x59fa
VirtualAddress 0xd000
SizeOfRawData 0x5a00
PointerToRawData 0xba00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.902

.data

MD5 48993e9d773721602a242ad2d84dd0d4
SHA1 1bdb649febd59d6f122d212f87783c4a2dfde1e1
SHA256 a47db560dd14fbf7cc306a3e499b2e805e7da795524b7947c3478e0428706e75
SHA3 be62a67c0bb433aa69d86d1a1f20f5096fe28f81b4402be378023386afc14375
VirtualSize 0x1214
VirtualAddress 0x13000
SizeOfRawData 0x800
PointerToRawData 0x11400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.3789

.gfids

MD5 0912f04d58067346e930256de9a12220
SHA1 26644d234d714cec034dd3efa25ceea6a8f87cef
SHA256 6bcc0faa72977556a41a5c57db9592b29d73187899b5bcbd7eb9324eef241f31
SHA3 4ed46cc0bf69931601ca6fd541a6a7081990bc737313b9420c2be49f0e7ca355
VirtualSize 0xdc
VirtualAddress 0x15000
SizeOfRawData 0x200
PointerToRawData 0x11c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.65558

.rsrc

MD5 c970c10a1e848ee974b87923ecbe6a2f
SHA1 6ec2704ce400703f30cf17cd7f5fb2ff7e4f9d67
SHA256 89f09174fd3a95dbea4b9e942ebd1106fa66ab65b71e2f1b47ad03120f498cd6
SHA3 3f834a2458f6aff655a398bb54821be6722cecca1ad1d0c3f33d8ef5408ca9d5
VirtualSize 0x1e0
VirtualAddress 0x16000
SizeOfRawData 0x200
PointerToRawData 0x11e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.70616

.reloc

MD5 45681f993bf40bc9c4f772a43f65129c
SHA1 318fca800d39b0640b3b4d952544fb6668f79e59
SHA256 b2668fe2bf149a59b3765806db5605ff3b31d12a925ef616582970910c7f0434
SHA3 3a018a66210879b3bf22d115f84f2f66e5c39ae44d438f38102acabd9bf8a187
VirtualSize 0xe88
VirtualAddress 0x17000
SizeOfRawData 0x1000
PointerToRawData 0x12000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.25532

Imports

KERNEL32.dll VirtualProtect
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CompareStringW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW
USER32.dll MessageBoxA

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2018-Nov-14 15:26:01
Version 0.0
SizeofData 98
AddressOfRawData 0x11c5c
PointerToRawData 0x1065c
Referenced File C:\Users\User\Desktop\polimorphProgramC++\Polimorph\Release\Polimorph.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2018-Nov-14 15:26:01
Version 0.0
SizeofData 20
AddressOfRawData 0x11cc0
PointerToRawData 0x106c0

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2018-Nov-14 15:26:01
Version 0.0
SizeofData 732
AddressOfRawData 0x11cd4
PointerToRawData 0x106d4

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2018-Nov-14 15:26:01
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0x5c
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x413004
SEHandlerTable 0x411c50
SEHandlerCount 3

RICH Header

XOR Key 0x69113834
Unmarked objects 0
241 (40116) 9
243 (40116) 120
242 (40116) 24
ASM objects (VS2015 UPD3 build 24123) 17
C++ objects (VS2015 UPD3 build 24123) 34
C objects (VS2015 UPD3 build 24123) 17
Imports (VS2008 SP1 build 30729) 5
Total imports 86
265 (VS2015 UPD3.1 build 24215) 1
Resource objects (VS2015 UPD3 build 24210) 1
Linker (VS2015 UPD3.1 build 24215) 1

Errors

<-- -->