90e6ea15ed18005b431e135186d57abf

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2020-Jun-30 21:51:16

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info Cryptographic algorithms detected in the binary: Uses constants related to AES
Suspicious The PE is possibly packed. Unusual section name found: .5t9e
Info No VirusTotal score. A scan of the file is currently queued.

Hashes

MD5 90e6ea15ed18005b431e135186d57abf
SHA1 d8e126cd0f5f3f214989c3533fd22c7291c44174
SHA256 bbcaee51155609d365f6bb297d124efea685df0243ec1d4efb5043d9afe5963d
SHA3 2e32ecdc086af46a60f2b74ecd56de426c3ed8684952fe20acfc0fd142605c42
SSDeep 1536:t0gWyFMR3oUQ5gB2En5KsuxxUtp2mSjmICS4AXcxOpcwfjTDcxNefI328vijJ:qoQoEczxxUPGNFcxOpjfjvcHJ
Imports Hash f74c661d4eef699f0afa9fde2c76bcfc

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2020-Jun-30 21:51:16
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xb200
SizeOfInitializedData 0x11e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00003ED1 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xd000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x20000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 c1f46698267af6a5dab1c07fb9e2371d
SHA1 98ba945cd761ba24ef0d4934fdfbc19f78500fe2
SHA256 0437202cd10d19027fab2546ed501ab6af0a924a9bcce2f6d05d4c4fb203f508
SHA3 6838cf6665c221b06d5f2f3cdabdae9235627d403ba780fc6c5344d263adeae1
VirtualSize 0xb0a4
VirtualAddress 0x1000
SizeOfRawData 0xb200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.54151

.rdata

MD5 adc26612dfc7ed7721437285f85ef6e5
SHA1 5daba5ed6d365643ffc9772cc8d064fe609a6b0e
SHA256 9d42ac548fdd3ee4da420399daae7de12d8ba52987953c04a3da6679d46122f1
SHA3 61f83b475d5aa273d2fdc00d3030ad269a911789df487abf8ec2d2b59b90672a
VirtualSize 0x2d20
VirtualAddress 0xd000
SizeOfRawData 0x2e00
PointerToRawData 0xb600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.81151

.data

MD5 b2dee584b374ba68e42dfdb22c0bf1c9
SHA1 24eb81a1f89ca8504b81f2a0248b8911acbf4e88
SHA256 38c5ffe1ef89b2c7b294ec6ed3dae44889b6f4b52c8abd89adf43ecd97b378de
SHA3 ca5c0aebf79b9eb63c539295060595f9bed0119a306e5274ebf2df1cbdddda07
VirtualSize 0x1f78
VirtualAddress 0x10000
SizeOfRawData 0x1c00
PointerToRawData 0xe400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.66698

.5t9e

MD5 cfcdee9f35de55dc283d26780c3075cb
SHA1 ec60769626cc23e894012ce9aa9881b2669d7b25
SHA256 6a9cf7f912893612e6450e702b591f3f7cfffed1150d1d73b2e211655e1c78fa
SHA3 591b6f1f5b88fc1f00d65f34de05959f29ffb0815d1460dbfec76fce710f844f
VirtualSize 0xc800
VirtualAddress 0x12000
SizeOfRawData 0xc800
PointerToRawData 0x10000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.58449

.reloc

MD5 000b19e7290c22bf7c42ac274c34f30e
SHA1 8682fa43eaedb2090e3f82a24a1826e58369ce08
SHA256 959d1795a355a82b9cb369f11bdf233d9a8686b12409b18339b079fe3e04d21f
SHA3 8dc78e4fb16b79610d7839350f4b57a09319d58a99609e3c2ea719ac65e3c98b
VirtualSize 0x65c
VirtualAddress 0x1f000
SizeOfRawData 0x800
PointerToRawData 0x1c800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.8505

Imports

KERNEL32.dll CreateFileW
GetCurrentThreadId
lstrlenW
AddAtomW
SetErrorMode
VerSetConditionMask
CloseHandle
GetExitCodeProcess
VerifyVersionInfoW
USER32.dll MessageBoxW

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xf4688a1
Unmarked objects 0
C++ objects (VS2015 UPD3 build 24123) 1
ASM objects (VS2015 UPD3 build 24123) 3
C objects (VS2015 UPD3 build 24123) 1
C objects (65501) 1
Imports (65501) 5
Total imports 29
208 (65501) 1
C objects (VS2015 UPD3.1 build 24215) 26
Linker (VS2015 UPD3.1 build 24215) 1

Errors

<-- -->