Architecture |
IMAGE_FILE_MACHINE_AMD64
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date |
2020-Nov-21 07:34:32
|
Debug artifacts |
Embedded COFF debugging symbols
|
Suspicious |
The PE is possibly packed. |
The PE only has 0 import(s).
|
Suspicious |
The file contains overlay data. |
1850 bytes of data starting at offset 0x600.
|
Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
MD5 |
8f415bed80f58344282fd9539fb5f5f2
|
SHA1 |
0098b987a9474321e3689966210a310c4ed736a7
|
SHA256 |
21e736c3883829c4e9a6edfc9f6f8680291f4f14eebd4421c674ef190fa83d80
|
SHA3 |
18cc6ac3bfd729edabad765ad714bf323a79c2b2f72f0c05d2535bec5d8d7111
|
SSDeep |
24:etGS3aYf0/KvudrVq46yJ+0vPYsC6A0qNqyq/45KgNq5u88tWQXIqUQdBIiKTOHX:6KR/w4e6ph/Z8qyWiIqUXO9J9K0AW0Xe
|
Imports Hash |
d41d8cd98f00b204e9800998ecf8427e
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x80
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections |
2
|
TimeDateStamp |
2020-Nov-21 07:34:32
|
PointerToSymbolTable |
0x600
|
NumberOfSymbols |
53
|
SizeOfOptionalHeader |
0xf0
|
Characteristics |
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32+
|
LinkerVersion |
2.0
|
SizeOfCode |
0x200
|
SizeOfInitializedData |
0x200
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x0000000000001000 (Section: .text)
|
BaseOfCode |
0x1000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
0.0
|
SubsystemVersion |
5.2
|
Win32VersionValue |
0
|
SizeOfImage |
0x3000
|
SizeOfHeaders |
0x200
|
Checksum |
0x3d5b
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve |
0x200000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
b4e6b701823ca0891f7c9cbff028f0ce
|
SHA1 |
d6db18897331ce9cbc2828426aa3eab130b8de06
|
SHA256 |
f98ecd1a0f4ecd8f96e06635c84d5d602011dc06de4c2c776aed5c8f2fe2e0b2
|
SHA3 |
4e642e82506fb9dbe0fb33426849414a47b59f9ac12ea7c9b80337cdf959fccf
|
VirtualSize |
0x30
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
0.460215
|
MD5 |
bf619eac0cdf3f68d496ea9344137e8b
|
SHA1 |
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
SHA256 |
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
SHA3 |
622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
|
VirtualSize |
0x14
|
VirtualAddress |
0x2000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0
|
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!