| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2002-Apr-22 13:36:33
|
| Suspicious |
PEiD Signature: |
ASPack v2.12
|
| Suspicious |
The PE is packed with Aspack or Armadillo |
Unusual section name found: .aspack
Unusual section name found: .adata
The PE only has 8 import(s).
|
| Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- GetProcAddress
- LoadLibraryA
Can access the registry:
|
| Malicious |
VirusTotal score: 3/69 (Scanned on 2019-05-18 00:04:01) |
APEX:
Malicious
Invincea:
heuristic
Trapmine:
suspicious.low.ml.score
|
| MD5 |
8b8965b49dfc5fb59f8149c041019193
|
| SHA1 |
cc696ee229db62ac54f6e34efc51c4be56c2e61b
|
| SHA256 |
40278fc3462f8bf0c03c79f9d3b5e0e063bd3597fd1f0785f5beeebf066451b3
|
| SHA3 |
4c260c31b18345c638c6597a346381deba76db43601ff1386e243fbc568cf0b7
|
| SSDeep |
6144:6kiO0j89T/kOj40sC2d59nmAGLVxkKh3IPmeoEXOq1clxhb6RZ8:+9au1jLzGLVxkfPpoz0cxt6R
|
| Imports Hash |
07ad9e1ccd61560c3d743e173294ef67
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0xf8
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
7
|
| TimeDateStamp |
2002-Apr-22 13:36:33
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
6.0
|
| SizeOfCode |
0xd9000
|
| SizeOfInitializedData |
0x51000
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x0012B001 (Section: .aspack)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0xda000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
4.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x12e000
|
| SizeOfHeaders |
0x600
|
| Checksum |
0
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
5b30d3ed811adfdd729434d01ac9486e
|
| SHA1 |
73adae5e1c7ee6504ceab89f75c15f4f07c4dc89
|
| SHA256 |
2007593b7f365cb0e2a8eba60c68cf1b577675b6a5cb685cb107ad61692f7e51
|
| SHA3 |
941a8112be44e825d699d5a0b6c6d150c9a2c8a4912f8a0ff86e7b47645c8eb0
|
| VirtualSize |
0xd9000
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x43a00
|
| PointerToRawData |
0x600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.99901
|
| MD5 |
44b2d6f5e7bad772127a52b919d77269
|
| SHA1 |
dff03b028b9aad96e27ce9a6f6ebe44779957acf
|
| SHA256 |
f7b83aabd2c23335bae326e14f2175be6b864720cb13091e1b4d5597ff16f091
|
| SHA3 |
d281fe6244ca0f4bb3ab625736babad5a758639fa1e12b91f825427df457f380
|
| VirtualSize |
0xe000
|
| VirtualAddress |
0xda000
|
| SizeOfRawData |
0x3000
|
| PointerToRawData |
0x44000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.93709
|
| MD5 |
2e69447c65abb3553eadb7776775113b
|
| SHA1 |
1316349008e9c2b6563df180dc1bae99ee364972
|
| SHA256 |
3ea62db28426bdcd95c7c0ec460377920729dc3b00732b6d610a79d8977f0108
|
| SHA3 |
51505f08f803a7e35181b1fc3bd3c85b16a13941cc1dd922fb092fa056852d81
|
| VirtualSize |
0x36000
|
| VirtualAddress |
0xe8000
|
| SizeOfRawData |
0x4000
|
| PointerToRawData |
0x47000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.9316
|
| MD5 |
f7194ea22ebc0fec4e897b37861244b5
|
| SHA1 |
f785c0e223fd25ba2d7e25cee6b3266c8a733bbc
|
| SHA256 |
d7546734f43a76b125dac6aeb88e597420e4fec102d71118a218c1108d88df39
|
| SHA3 |
8e2f76c3f9511400c4ca212a71ee7fe80d34aadb45d1fcd96cb56f622acdad19
|
| VirtualSize |
0x2000
|
| VirtualAddress |
0x11e000
|
| SizeOfRawData |
0x800
|
| PointerToRawData |
0x4b000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.30673
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xb000
|
| VirtualAddress |
0x120000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0x4b800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
37c39c54562c55158741c5a3acab4632
|
| SHA1 |
90b668acf62f136cb4750173be5288c0e7d195a8
|
| SHA256 |
46b3563413bc80832a90ff31ba5c37c15c487e1651c88a426d70a5010d27ad0d
|
| SHA3 |
696c807c14bb54f3bb7d403a4dbec89872ee82a8d4cdab28add69844ed2234b6
|
| VirtualSize |
0x2000
|
| VirtualAddress |
0x12b000
|
| SizeOfRawData |
0x1200
|
| PointerToRawData |
0x4b800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
5.79626
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x1000
|
| VirtualAddress |
0x12d000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0x4ca00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| kernel32.dll |
GetProcAddress
GetModuleHandleA
LoadLibraryA
|
| user32.dll |
PeekMessageA
|
| advapi32.dll |
RegOpenKeyExA
|
| winmm.dll |
timeKillEvent
|
| dsound.dll |
#1
|
| gdi32.dll |
DeleteObject
|
| Characteristics |
717472804
|
| TimeDateStamp |
2038-May-28 03:14:33
|
| Version |
17971.40640
|
| SizeofData |
3229421321
|
| AddressOfRawData |
0x42de4380
|
| PointerToRawData |
0x4f08901e
|
| XOR Key |
0x4f643850
|
| Unmarked objects |
0
|
| 12 (7291) |
2
|
| 14 (7299) |
37
|
| C objects (8047) |
139
|
| C++ objects (8047) |
19
|
| C++ objects (VS98 build 8168) |
20
|
| 48 (9044) |
62
|
| Unmarked objects (#2) |
4
|
| 19 (8034) |
13
|
| Total imports |
138
|
| 49 (9044) |
140
|
[*] Warning: Section .reloc has a size of 0!
[*] Warning: Section .adata has a size of 0!