996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2016-Jun-24 18:26:28

Plugin Output

Suspicious VirusTotal score: 1/72 (Scanned on 2026-04-22 12:38:17) Cynet: Malicious (score: 100)

Hashes

MD5 17309e33b596ba3a5693b4d3e85cf8d7
SHA1 7d361836cf53df42021c7f2b148aec9458818c01
SHA256 996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
SHA3 d1a7f6212acbc5cbb8eab5177e628e4fe02f514c23a4f79606c0eb9b6283579d
SSDeep 192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Imports Hash 90179d905cdca282880541c826651c15

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2016-Jun-24 18:26:28
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x1400
SizeOfInitializedData 0xe00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00002170 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x3000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x7000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 911da21af772f2affaa92aa37bad3a4f
SHA1 719372fc0f57c5527eb0cac85845d0708630ce99
SHA256 06bebcec219f7f7a4c34e6fab042ae264aebb4546e60ef50419a89285b4af524
SHA3 d667a42774a9fa2ac846d23fe0069e40ec3817076c81c41e38cce2286fbe4431
VirtualSize 0x12cc
VirtualAddress 0x1000
SizeOfRawData 0x1400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.71619

.rdata

MD5 44af015f9d79903237bf1b57e1f20a9f
SHA1 6ddac453f507ec74bb6043aaa4db374917ae8abc
SHA256 5a5869561930b977881d9b1f0b66decddd97956a9d341daa1c9cff5b41b987c1
SHA3 1bf50d6c3564384b5cdd8341665639832d3e9edae34f612097b97d76cb607064
VirtualSize 0x5ff
VirtualAddress 0x3000
SizeOfRawData 0x600
PointerToRawData 0x1800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.86131

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x80
VirtualAddress 0x4000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc

MD5 da7c441c1af87911e242e57f26a867e5
SHA1 7d79e472f8bdd132d6a59025eda379e1a4822e87
SHA256 454c75d4d38ffcc2771541d81797859af3762c9deb9d99aaf54caf3af5bd7556
SHA3 3d062d9f3b329e15d474858ef32d11b21500f1661b8093cd468ccd8335eaed91
VirtualSize 0x198
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x1e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.17034

.reloc

MD5 7f78ec8762a8b91e21a0886ea44613c6
SHA1 8929e706a2b87d6ce5f53fd7e3ac35f909b9eb1c
SHA256 f397f7b4d40b82277985f4e666ef9f5902fe61d06e4f0607e2437b1cc32c3740
SHA3 a2897a5c7704f2146846831b84057c632ad8df9ba5e7f67507a8dcbff9a66320
VirtualSize 0x364
VirtualAddress 0x6000
SizeOfRawData 0x400
PointerToRawData 0x2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.1228

Imports

KERNEL32.dll lstrcpynW
lstrcpyW
CloseHandle
CreateThread
Sleep
GetModuleHandleW
lstrcmpiW
GlobalAlloc
GlobalFree
lstrlenW
USER32.dll ShowWindow
SetWindowPos
SetWindowLongW
CreateWindowExW
DefWindowProcW
FindWindowExW
GetSystemMetrics
DestroyIcon
LoadImageW
CallWindowProcW
UpdateWindow
SendMessageW
SendDlgItemMessageW
GetActiveWindow
WaitMessage
DispatchMessageW
PeekMessageW
IsWindow
CreateDialogParamW
GetWindowPlacement
InvalidateRect
DestroyWindow
BeginPaint
GetClientRect
wsprintfW
FillRect
DrawEdge
EndPaint
GetDlgItem
GDI32.dll SetTextColor
SetBkColor
DeleteObject
CreateBrushIndirect
GetTextExtentPoint32W
SelectObject
CreateFontW
ExtTextOutW

Delayed Imports

Destroy

Ordinal 1
Address 0x2160

Show

Ordinal 2
Address 0x20c0

ShowPBOnly

Ordinal 3
Address 0x2110

104

Type RT_DIALOG
Language UNKNOWN
Codepage UNKNOWN
Size 0x134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.92348
MD5 ec9b5c529d9c1e5175d070345d3019ce
SHA1 23b4e5dbb745269b5231e94efa60d67b418227dd
SHA256 a296072086cb9a4353206fb0b83aa3d6e3b6b80f42bd9b005c8d99098a91ba33
SHA3 34181de1fd0e52b7ad9b69d8609c53a1b5b9aa4f85791d3ddae2a1b06bd1a22d

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xd7ea2fa5
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 7
Total imports 49
48 (9044) 1
C objects (VS2008 SP1 build 30729) 2
Exports (VS2008 SP1 build 30729) 1
Linker (VS2008 SP1 build 30729) 1
Resource objects (VS2008 SP1 build 30729) 1

Errors

[*] Warning: Section .data has a size of 0!
Leave a comment

No comments yet.