Manalyze report for 8e7958fdc260c6180455c514bb22bbb4

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-Apr-23 14:52:08
TLS Callbacks	2 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: MinGW.org`
Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: /14` `Unusual section name found: /29` `Unusual section name found: /41` `Unusual section name found: /55` `Unusual section name found: /67` `Unusual section name found: /80` `Unusual section name found: /91` `Unusual section name found: /102`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Possibly launches other programs: WinExec`
Suspicious	The file contains overlay data.	`12896 bytes of data starting at offset 0x8600.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`8e7958fdc260c6180455c514bb22bbb4`
SHA1	`569cdbc0c1a2e049a4af6686c933a11c7436dc95`
SHA256	`012005b3aeb28fa8c1c8b9819b9868daf3d3f658f39f572eb735f833168cf3e5`
SHA3	`750207b927e30972ef72c710158dc6a01bcb69a8e596faa04dee6f5581c7e7bc`
SSDeep	`384:hCOolwnPn6jOdo7Q7IAU9x/M5wNLTLZb+GF5k6++bF3qx0wj11vd/h/TQvw9bnPL:iS63txTVbPF5kexqp115h0YPdxEvjm`
Imports Hash	`fcc34b59bf607671ec81d61d8f6facb9`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`16`
TimeDateStamp	2019-Apr-23 14:52:08
PointerToSymbolTable	`0x8600`
NumberOfSymbols	`508`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x2e00`
SizeOfInitializedData	`0x4c00`
SizeOfUninitializedData	`0x200`
AddressOfEntryPoint	`0x000012D0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x15000`
SizeOfHeaders	`0x400`
Checksum	`0x111e0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`251421f5e3e26f4d1f527113bba728a8`
SHA1	`4110c14b19e5b3b995b14a3a3774bda1813855eb`
SHA256	`76769eb753b94fd2884bfebea660ee32ceb1c5f83a6b74d8859165d71ba71bed`
SHA3	`14a46a143fdf9414938d79242999f7e54e2eb069dd9c44069f00d0f98d6fbe77`
VirtualSize	`0x2d48`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.17345`

.data

MD5	`2df3a67cee646918c0a0184432c7755d`
SHA1	`894063160704db40abb758af42cc8bf4ec9677ba`
SHA256	`43f8b30a03b5e6967f89d7263bc2ff4ef3e1bab98a1835b491456954cdd91f78`
SHA3	`3efbc033456c6d8fccf05a596eacbb22d09344646518df5cfb6732dfea386b11`
VirtualSize	`0x18`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.222389`

.rdata

MD5	`86ec48de8e009f73bb617c90b1a13b33`
SHA1	`53307d4b0ccb6948b0315cefa434efa36c3ed143`
SHA256	`b7c9013a66d13838f56443853209fbd53e740b3e590b9d83893dc033a1532b5d`
SHA3	`19bfabaecbf102a17ead518b30863cd79b0c1bd0a2f6bc1fc65bc75ce8861c6e`
VirtualSize	`0x490`
VirtualAddress	`0x5000`
SizeOfRawData	`0x600`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.02892`

/4

MD5	`c0dd7173ab55aedfa00b3d0ec1ecdee5`
SHA1	`bc980df8aa806fd7ed0b72f709117eb1f588f287`
SHA256	`1162aec1b0d168ad0c021ff41869e24b0d4e25e7214709c829f4d3a40d240e30`
SHA3	`98ca09c8b719cf6acb1fccaec5d2b9460ca2937febaa5dc9550042ba237825eb`
VirtualSize	`0xa3c`
VirtualAddress	`0x6000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x3a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.40164`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x70`
VirtualAddress	`0x7000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`acbda96169cf998179f73aadb5514aa1`
SHA1	`481c179099473ba9e77a8f168130fdb5536b174a`
SHA256	`1b1a6b01f12f15f3d9274d76a7e27f6e7df523cc4c57d392ac4551f3f7ac8f30`
SHA3	`5e6b2b2d5510726578c73f2c907d64495870c9477c5ee5ac91197d3c585bf65c`
VirtualSize	`0x5fc`
VirtualAddress	`0x8000`
SizeOfRawData	`0x600`
PointerToRawData	`0x4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.69128`

.CRT

MD5	`5fbdad57980f26b042d6a867270143fb`
SHA1	`b4e51c3746deff6895eda9efe4be90034570aaef`
SHA256	`de3f08d281d5c3a25516fb7ec94f90ddcc26fbcc147bd35073f03e6577b8ee63`
SHA3	`abc7bf3c9346fbf62480e6b7cbde97dd940d670ea6c0913a82a817edfd512b8e`
VirtualSize	`0x18`
VirtualAddress	`0x9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.109083`

.tls

MD5	`f7a419142b47f1a6560b6d595ae80d75`
SHA1	`6e811c964e19734fa81eeecf11002c5e1e7d466f`
SHA256	`60626fa4ba4abd1a4e17a76c5229ff706bb10e1c180f0210b0d25fda0883e360`
SHA3	`1ed0a6f6db06b7f538950138bd99969a5db5133ff26c1db26efa59825dd3a44d`
VirtualSize	`0x20`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.22482`

/14

MD5	`7b0916503a3a042a18a488aaa8075c26`
SHA1	`fa0e0a883f03c5409d89c0063f4110fcad23fbb1`
SHA256	`26b608cc4c46192cf6cc2d23c2d4756f8a821566f7d585dca7ab8bb2e1a240cf`
SHA3	`cfcea46f08cdcf3adc6c82038cad47937c74c463bd465d573eb90bd8ef634382`
VirtualSize	`0x60`
VirtualAddress	`0xb000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.456124`

/29

MD5	`108ee13544cf7f3554ca74732db9c7cb`
SHA1	`15285b3c8ff615bc394782c3816f1613f1c11c7f`
SHA256	`d929b0aa0f464b858918cfcb9229b5d34ee9639babd25156eab872d59d0b629a`
SHA3	`50d4496b56f147c77766b148dae957cf5fbe5f073972d57b1f6f536d9f6114c1`
VirtualSize	`0x2304`
VirtualAddress	`0xc000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x5200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.8199`

/41

MD5	`1e6aeec48b4591e782d8ea59fed62be9`
SHA1	`ea6ae9ecb420c1e62f5a6ffb2ab8a1e0c29b4b1b`
SHA256	`f1149cac7b1345932545c147e76f1efe6dd2cdb5b1f2819480e6e47bc5ee86a6`
SHA3	`0c9319cc7146ffc4ae54f6be08dbaadf78f99fbcee4040cb1925b1b5646c3eac`
VirtualSize	`0x2db`
VirtualAddress	`0xf000`
SizeOfRawData	`0x400`
PointerToRawData	`0x7600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.73988`

/55

MD5	`ec6fe04842a93437f6c9adc038f61249`
SHA1	`6838c36b1ba96c231bb6df833247169104b2243c`
SHA256	`37845e2fcb795e8ec9bbd9210a894b57ce01eb9a8477bc5e8e35a3557b70f766`
SHA3	`125acb4f776e4585f633c86c9082c9f86fa6bbc997a3e1578c970f57a85f87fb`
VirtualSize	`0x337`
VirtualAddress	`0x10000`
SizeOfRawData	`0x400`
PointerToRawData	`0x7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.55539`

/67

MD5	`e2dbc269849e230bd89d3172738c6250`
SHA1	`60833fcad65bfd33dc4e9da80065f9519bbdece2`
SHA256	`7e430a61799cd2b48a0c2496345dce878f2d6a61fd24c5d8b139123d8e28d5ee`
SHA3	`f6f471eae1141a8811f4da0cd193863f57588f0111360c1cff6a081ca71cee66`
VirtualSize	`0x38`
VirtualAddress	`0x11000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.678483`

/80

MD5	`4c02b8123944889b1922d41ba32cdee2`
SHA1	`723809c1300bda57c789e5614a664be863a060f4`
SHA256	`72c5727f1e2d2cb109a7c78ba3e20a8d7615fd1608a5a3d0677f64d9891ac00f`
SHA3	`80d238b1af7412ce85943314b4553d50d0384b9f9f069eb0c2549077b78e2a83`
VirtualSize	`0x97`
VirtualAddress	`0x12000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.21023`

/91

MD5	`6c9ec618eb7b295244db5fd18cd0ee88`
SHA1	`bd514cce15c01c4936fe8cc43aa29979a4c66adf`
SHA256	`ab0425ce1f1628da10fe5650877b6aecd0cffa08e44c84b2e8e6c20b40102704`
SHA3	`85ad84982edd4834b6a341b6b58c25b436633f2301f60dfcdddb3c33eb093373`
VirtualSize	`0x1cc`
VirtualAddress	`0x13000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.98531`

/102

MD5	`eea2b4f8fbd18da5ead26ae3d14b1f50`
SHA1	`13ba12c9821f2b36914076e82414c4e97d394f1c`
SHA256	`6df0bbae0cea34dc102d149356ee05782f9e9ecf9fcbb2e23f7894c5a6f41cca`
SHA3	`c8378836081b4a457d594affd8abc93cbe1d60cb45032d361b08ebf02458b4b2`
VirtualSize	`0x50`
VirtualAddress	`0x14000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.632565`

Imports

KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `ExitProcess` `FindClose` `FindFirstFileA` `FindNextFileA` `FreeLibrary` `GetCommandLineA` `GetLastError` `GetModuleHandleA` `GetProcAddress` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryA` `SetUnhandledExceptionFilter` `TlsGetValue` `VirtualProtect` `VirtualQuery` `WinExec`
msvcrt.dll	`_strdup` `_stricoll`
msvcrt.dll (#2)	`_strdup` `_stricoll`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x40a001`
EndAddressOfRawData	`0x40a01c`
AddressOfIndex	`0x407038`
AddressOfCallbacks	`0x409004`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00401990` `0x00401940`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /14!
[*] Warning: Tried to read outside the COFF string table to get the name of section /29!
[*] Warning: Tried to read outside the COFF string table to get the name of section /41!
[*] Warning: Tried to read outside the COFF string table to get the name of section /55!
[*] Warning: Tried to read outside the COFF string table to get the name of section /67!
[*] Warning: Tried to read outside the COFF string table to get the name of section /80!
[*] Warning: Tried to read outside the COFF string table to get the name of section /91!
[*] Warning: Tried to read outside the COFF string table to get the name of section /102!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!