9061aa1d8e6d486cffd881cea25d1fdc

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Apr-11 08:35:20
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryW
Malicious VirusTotal score: 3/65 (Scanned on 2018-06-05 00:18:07) Bkav: W32.eHeur.Malware14
Cylance: Unsafe
Baidu: Win32.Trojan.WisdomEyes.16070401.9500.9994

Hashes

MD5 9061aa1d8e6d486cffd881cea25d1fdc
SHA1 88213c9eed2d71a996fcff29b36d6974905c495d
SHA256 9157b110a176f789a438484c4f3bd8e58411f452e38872644cacdf29dcbfff96
SHA3 efc3ddf19906b5f9d6d544cbed3bec793e3e8c55fb2e93958a08d8a1430bc521
SSDeep 768:/DNg1zW1BSqkhrYQbYjv4OqYcA2MLgPkbEDAAnPmohp:/Di16S//bWv4ucQkPBN
Imports Hash 0a300cde7227d0468c4571e17536a4a7

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2017-Apr-11 08:35:20
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 10.0
SizeOfCode 0x6e00
SizeOfInitializedData 0x4200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001242 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x8000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x10000
SizeOfHeaders 0x400
Checksum 0xf385
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 bd14db5d4dbaa67fd92ab18467903649
SHA1 fe7927c21f2f122687bd5c8ba950c5d026a50564
SHA256 82092f37703cc127ce025c4a232f87d020329494895fb7a1f767f1efeb275b19
SHA3 df7939633705f49cb7df98be96c48ca43456b785da85c177b1b7b9cacf998a25
VirtualSize 0x6d8a
VirtualAddress 0x1000
SizeOfRawData 0x6e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.49545

.rdata

MD5 8f8bcb5f36f5003588b520f3f49b93d9
SHA1 37573f1831ce567802474b23d93929e50c3aac81
SHA256 7c5ac69e5f66f74c38cf570a39be7a4d625eda69a2e3e0e4c266646244281365
SHA3 65d0fd4bbac84f85248dc14bed14e414f2934f29da025bbbbed12603b008f9ca
VirtualSize 0x2304
VirtualAddress 0x8000
SizeOfRawData 0x2400
PointerToRawData 0x7200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.77382

.data

MD5 8c42fd972ddd10b138e8e3160a63918e
SHA1 1068bb97995cda11ee89f75882d9049c75592e45
SHA256 fcbe21fe86c849d477d4c438843f96191baae3920ac77911808d852a7cbb8be9
SHA3 54c52f90a0671a015b40fc56b60af7badb02f6abff0c8a18fd1e909fe848b124
VirtualSize 0x2bc0
VirtualAddress 0xb000
SizeOfRawData 0xe00
PointerToRawData 0x9600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.24534

.rsrc

MD5 72d261afb2941d713659f1d81e32b32c
SHA1 b8cc59ee8dcbaceb6b5a26e2319880470eeb3de9
SHA256 fb135e8c94a8b18bb93fa6b90f95a2e25549c58d6c477043b8a7db98b6d83d5a
SHA3 5e73c4d4a71b0ee0845e207533925a0616f4e021719fce414f6e50949ed083e0
VirtualSize 0x2b8
VirtualAddress 0xe000
SizeOfRawData 0x400
PointerToRawData 0xa400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.16755

.reloc

MD5 e0ee8e7d6de07d9fb738e8b9d2dfbb2a
SHA1 6a2cbf149c0afb4e7e34b6591115527bf656b04f
SHA256 c1887820cee763f288c6ce84bfa403886983e65655e4cd072825fc59dc22c3f5
SHA3 894cf37af08fc7a36f99b143345978e1426a7350cbdc038ce154cc2665cd2b2a
VirtualSize 0xba8
VirtualAddress 0xf000
SizeOfRawData 0xc00
PointerToRawData 0xa800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.63919

Imports

KERNEL32.dll WaitForSingleObject
VirtualAlloc
CreateThread
GetCommandLineA
HeapSetInformation
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
HeapFree
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
HeapSize
HeapAlloc
HeapReAlloc
LCMapStringW
MultiByteToWideChar
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
IsProcessorFeaturePresent
CloseHandle
WriteConsoleW
SetStdHandle
CreateFileW

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x25f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.94904
MD5 e54df675446f104f3e6153a586774b18
SHA1 2f5a10f15684b67189b923111f804cace29d5ae2
SHA256 45cb3493020782cfcd906fb9afbf72d7f973b6e425fc5d3bd88a429e8ea395b1
SHA3 0c19618a4c7e6c8a7d54b8702d0132f746eb83cfff35aa7a8d49792cfda314df

Version Info

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x40b060
SEHandlerTable 0x409a10
SEHandlerCount 3

RICH Header

XOR Key 0x892aaed6
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 3
Total imports 77
C++ objects (VS2010 build 30319) 23
ASM objects (VS2010 build 30319) 15
C objects (VS2010 build 30319) 84
174 (VS2010 build 30319) 1
Linker (VS2010 build 30319) 1

Errors

<-- -->