Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2020-Aug-08 12:28:18 |
Info | Cryptographic algorithms detected in the binary: | Uses constants related to CRC32 |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Suspicious | The file contains overlay data. |
12270733 bytes of data starting at offset 0xbd800.
The overlay data has an entropy of 7.96214 and is possibly compressed or encrypted. Overlay data amounts for 94.0508% of the executable. |
Suspicious | No VirusTotal score. | This file has never been scanned on VirusTotal. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 7 |
TimeDateStamp | 2020-Aug-08 12:28:18 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x21000 |
SizeOfInitializedData | 0x9c400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000008654 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.2 |
ImageVersion | 0.0 |
SubsystemVersion | 5.2 |
Win32VersionValue | 0 |
SizeOfImage | 0xcc000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
KERNEL32.dll |
GetModuleFileNameW
GetProcAddress GetCommandLineW GetEnvironmentVariableW SetEnvironmentVariableW ExpandEnvironmentStringsW GetTempPathW WaitForSingleObject SetDllDirectoryW GetExitCodeProcess CreateProcessW GetStartupInfoW LoadLibraryExW CreateDirectoryW FormatMessageW LoadLibraryA MultiByteToWideChar WideCharToMultiByte Sleep GetLastError SetEndOfFile HeapReAlloc RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind UnhandledExceptionFilter SetUnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent QueryPerformanceCounter GetCurrentProcessId GetCurrentThreadId GetSystemTimeAsFileTime InitializeSListHead IsDebuggerPresent GetModuleHandleW RtlUnwindEx SetLastError EnterCriticalSection LeaveCriticalSection DeleteCriticalSection InitializeCriticalSectionAndSpinCount TlsAlloc TlsGetValue TlsSetValue TlsFree FreeLibrary GetCommandLineA ReadFile CreateFileW GetDriveTypeW GetFileType CloseHandle PeekNamedPipe SystemTimeToTzSpecificLocalTime FileTimeToSystemTime GetFullPathNameW GetFullPathNameA RemoveDirectoryW FindClose FindFirstFileExW FindNextFileW SetStdHandle SetConsoleCtrlHandler DeleteFileW GetStdHandle WriteFile ExitProcess GetModuleHandleExW GetACP HeapFree HeapAlloc GetConsoleMode ReadConsoleW SetFilePointerEx GetConsoleCP CompareStringW LCMapStringW GetCurrentDirectoryW FlushFileBuffers SetEnvironmentVariableA GetFileAttributesExW IsValidCodePage GetOEMCP GetCPInfo GetEnvironmentStringsW FreeEnvironmentStringsW GetStringTypeW GetProcessHeap WriteConsoleW GetTimeZoneInformation HeapSize RaiseException |
---|---|
ADVAPI32.dll |
ConvertStringSecurityDescriptorToSecurityDescriptorW
|
WS2_32.dll |
ntohl
|
Characteristics |
0
|
---|---|
TimeDateStamp | 2020-Aug-08 12:28:18 |
Version | 0.0 |
SizeofData | 720 |
AddressOfRawData | 0x2ecd8 |
PointerToRawData | 0x2e0d8 |
Size | 0x94 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x140032010 |
XOR Key | 0x281a5b95 |
---|---|
Unmarked objects | 0 |
241 (40116) | 7 |
243 (40116) | 169 |
242 (40116) | 13 |
ASM objects (VS2015 UPD3 build 24123) | 7 |
C++ objects (VS2015 UPD3 build 24123) | 28 |
C objects (VS2015 UPD3 build 24123) | 19 |
Imports (65501) | 7 |
Total imports | 114 |
C objects (VS2015 UPD3 build 24210) | 16 |
Resource objects (VS2015 UPD3 build 24210) | 1 |
Linker (VS2015 UPD3 build 24210) | 1 |