96a27f0584079a81271f427f04e7c49295663114563f2aed7484a11825ac050e

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2016-Mar-18 14:36:21
TLS Callbacks 2 callback(s) detected.

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .xdata
Safe VirusTotal score: 0/72 (Scanned on 2026-03-21 08:47:10) All the AVs think this file is safe.

Hashes

MD5 10b16ac390a1f670c3915c85b6f2d4a9
SHA1 646079bd6e33dca97805d36c83ec792b2e6796c1
SHA256 96a27f0584079a81271f427f04e7c49295663114563f2aed7484a11825ac050e
SHA3 81cfa70e672491d83c6fd3c4d05aee5eea6a78094b0113977d827fdd6c8d87cc
SSDeep 192:/FriXeYYioPq8L2NCKaF+BtWs+ZPbRADyga6st3RbzUZQzxmabRgB/m:FDic8W+BtWZDavrst3NS0vgA
Imports Hash 589fe16bd188d614f59b8abc871734ed

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 11
TimeDateStamp 2016-Mar-18 14:36:21
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0x1c00
SizeOfInitializedData 0x1a00
SizeOfUninitializedData 0xa00
AddressOfEntryPoint 0x0000000000001400 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x60000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0xd000
SizeOfHeaders 0x400
Checksum 0x10fa4
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 8881b4ac08d1edd24a309e83ba35a4db
SHA1 5963d2a9d5c1245c94f230b7d74198f50f984e91
SHA256 d10eb11a146bfb75fb599aba66fb27fa02a16cb1ceb3e562d51ef92e7ed2f983
SHA3 534d447834e0d89e94aeb64242af00e6db452016ba83af92c1793d60f4c09ebf
VirtualSize 0x1a30
VirtualAddress 0x1000
SizeOfRawData 0x1c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.74015

.data

MD5 84ed037567b28b0f39cd6a90876f7b2e
SHA1 b37b2dddb1538d867a67a07e92faaf4cd14854cd
SHA256 c31d7fbef362a5e7a5a76285b51fe876c700631b6c473efcff495b586b7aef8f
SHA3 8505f00a3b956fa71b28892552ce836edb60d019273bd4fc6913b13b36a3ea20
VirtualSize 0x70
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.622849

.rdata

MD5 558f738be89484a83ff1bb62be13c449
SHA1 93e54e80e545aa47a95aa2f8d5668acfbe487c3d
SHA256 b3c9f51d26a9238d0f669be24d347a55bca1016a1f20f0e8f32ad1c56e7073e2
SHA3 697fc5791f3321854b89935d682f138c907d9cdabc67bb31af0480061098efea
VirtualSize 0x1a0
VirtualAddress 0x4000
SizeOfRawData 0x200
PointerToRawData 0x2200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.35299

.pdata

MD5 85c80713252d3915cadbfe7dede81475
SHA1 f71a4f94366db452750b453f731276fe1b297c59
SHA256 9e77eb6ef334a0e4d42d61a4c5d6ed9d0157ee8b8f1631e56f3534066eff29ff
SHA3 e31e2f938735e592d3c116b25a043e457fc19287a9f4253c6e4cc2e8f269ac57
VirtualSize 0x210
VirtualAddress 0x5000
SizeOfRawData 0x400
PointerToRawData 0x2400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.25382

.xdata

MD5 62f554ddc1c247c632e41750ea84f04d
SHA1 149e6cb5f859585c52e6e94365d40911f9a5827c
SHA256 7b3696ad2cbff80648a5460e638f128d89b3c765bbd55ed3d74e214921ff5055
SHA3 4c42f72ab21173f6dfb5f005cfd4480169e77528abc3496ab145d82344246f60
VirtualSize 0x198
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x2800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.26911

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x950
VirtualAddress 0x7000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata

MD5 35800d384002c1321bb1efef1cb05624
SHA1 31fbdaaa9df66226d5c6b500b8f7f6c32b7d2129
SHA256 cb708741a94e2c33a06f0f1ca5946149ee48ce06fb7b272dc238a69b7b13c72b
SHA3 e6b832ff19fa06c44fe0a9b835408e910b7f2583bfead332a3e85e1e915e7c8a
VirtualSize 0x130
VirtualAddress 0x8000
SizeOfRawData 0x200
PointerToRawData 0x2a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.36421

.idata

MD5 6ca55b1483d1acc5291209bb5e5aee42
SHA1 088b0301ad362d594912f9a1e9f5532c95af6cf4
SHA256 f35145ff4cdf3c45b4e22fe86bf11462b940831c0dbc828045ba5e969fee5045
SHA3 997a79c305a64a70a16ffac910807ca0df5c3c0aa6596b1963895659ec95e969
VirtualSize 0x65c
VirtualAddress 0x9000
SizeOfRawData 0x800
PointerToRawData 0x2c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.3983

.CRT

MD5 6e09a95ed0a5ed1f6a5f533a0224e554
SHA1 5cbc15d04d243961c6b1a7b55ecf2eab0dd1df10
SHA256 e9f2e0c07b2275d4004d370f2717d0456f5b205d32b5b308437bc1a6bd846655
SHA3 0e4d7f5b934624e7ae735a28d0cc9b4baee3a3e1642a5e789c68cfe87d9d5cc3
VirtualSize 0x58
VirtualAddress 0xa000
SizeOfRawData 0x200
PointerToRawData 0x3400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.149797

.tls

MD5 53bccc51e47e7113724795f7ee1ce40b
SHA1 d48208ced67ad5545c787bc9702b95b96f53da77
SHA256 a0e3eb64d5a3168563b0eb4147d0cd3b3ac7b33284de3cd59c7955faaa7b02ed
SHA3 e3f37d3cfe146ed87822081ed01e86a2f527be3921dc7996f3dc0cc2ed6d260b
VirtualSize 0x50
VirtualAddress 0xb000
SizeOfRawData 0x200
PointerToRawData 0x3600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.22482

.reloc

MD5 40030ac176c7bd92744e681690a45ec2
SHA1 3152fd1abafe783c5c059cebf011d5aace16dcf9
SHA256 9867e5a252010811a208863944d07ccd890d37e5aac079f621a3538ebab41eea
SHA3 1c9ec182959a19572a6f3cb92cb8b5133aa97a6bf353f6df93ea00b7a45ce1d5
VirtualSize 0x30
VirtualAddress 0xc000
SizeOfRawData 0x200
PointerToRawData 0x3800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.42485

Imports

KERNEL32.dll DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
msvcrt.dll __dllonexit
__iob_func
_amsg_exit
_initterm
_lock
_onexit
_unlock
abort
calloc
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf

Delayed Imports

Breakpad_SteamMiniDumpInit

Ordinal 1
Address 0x1460

Breakpad_SteamSetAppID

Ordinal 2
Address 0x1470

Breakpad_SteamSetSteamID

Ordinal 3
Address 0x1480

Breakpad_SteamWriteMiniDumpSetComment

Ordinal 4
Address 0x1490

Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId

Ordinal 5
Address 0x14a0

CreateInterface

Ordinal 6
Address 0x14b0

Version Info

TLS Callbacks

StartAddressOfRawData 0x6000b040
EndAddressOfRawData 0x6000b048
AddressOfIndex 0x6000702c
AddressOfCallbacks 0x6000a030
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x00000000600015F0
0x00000000600015C0

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
Leave a comment

No comments yet.