99c0f250aba2c0d4710a55ad26d1cc54

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2018-Mar-02 12:17:54
Detected languages English - United States

Plugin Output

Info Matching compiler(s): MASM/TASM - sig2(h)
Suspicious PEiD Signature: FASM 1.5x
FASM v1.5x
Suspicious The PE contains functions most legitimate programs don't use. Functions which can be used for anti-debugging purposes:
  • FindWindowA
 Can take screenshots:
  • FindWindowA
  • GetDC
Suspicious The PE is possibly a dropper. Resource 101 is possibly compressed or encrypted.
Resources amount for 95.8121% of the executable.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 99c0f250aba2c0d4710a55ad26d1cc54
SHA1 3ce431e23ad67a56ddeb9b862d1f17ce0ec6d3ab
SHA256 4307fb454dea44a1e34fc31c9be21388b36ff670bf6acad1587f6a359e73e8df
SHA3 25011fa1b47c23762a921108a50c4ff814fdbf9df2f268a5e36dddeb98da5bdf
SSDeep 24576:aSBc5yjs+NUwbMW09FChEcbgfPzsYwB2QvrgB1wWXZ:RBcUjPNUwbIbChEcbgfPoYwB2QcB1wy
Imports Hash 551f9217145aad2a84887b849789a7f4

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 7
TimeDateStamp 2018-Mar-02 12:17:54
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x7000
SizeOfInitializedData 0x10b000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000742D (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x8000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x116000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d2fbcdfdfc19b575e66fec8fdac016c2
SHA1 ad0bcc2efd3c302608364e4901b9455f7b706e66
SHA256 5eece2ae53591b022dd48919143a237f935f081f2d185ea686dcade03ee5fb39
SHA3 c10ac4409e6e8b5b1842497f7862bfa584dfdad53a00cb646e2936d31f9a7db2
VirtualSize 0x6fe5
VirtualAddress 0x1000
SizeOfRawData 0x7000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.58472

.rdata

MD5 572b142fcf44f3d572db57610b610899
SHA1 f2fd05e66ac3de9188da8ead2df1dd25c94c8285
SHA256 a9cf48cb8009f66afaee82f0ae60322449e78e197a50de18d95383cec1bd9c6f
SHA3 d4300e596c4fc1ebc1b5d2a0b860d1ba255d32ffd43e2c3426f2dbf9821a27ae
VirtualSize 0x21ba
VirtualAddress 0x8000
SizeOfRawData 0x2200
PointerToRawData 0x7400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.89425

.data

MD5 01a5080d37965f45d2b6612b77603ce3
SHA1 ad716d61b2696fd46895243f1943964be70e71d1
SHA256 b4386d5397e3ac21fcb59bf467474e869f6fe95d605be168463e31a3a24e926a
SHA3 0f92cf8260e48e49ee57e5ba1d18635072938edf06eeaa9a78e6d594671c0fb5
VirtualSize 0x7e14
VirtualAddress 0xb000
SizeOfRawData 0xa00
PointerToRawData 0x9600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.89011

.tls

MD5 1f354d76203061bfdd5a53dae48d5435
SHA1 aa0d33a0c854e073439067876e932688b65cb6a9
SHA256 4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a
SHA3 991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b
VirtualSize 0x9
VirtualAddress 0x13000
SizeOfRawData 0x200
PointerToRawData 0xa000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0203931

.gfids

MD5 7f7d49267c777c865a9e5fe71bbf8c42
SHA1 8ec050435059b0fbf0c5f392d04646d5e4947a99
SHA256 74a18721cf9214d0c94a9bc101255114add6b10e8c96d04543db62a9e485cb22
SHA3 9018a119f2e1fcd686b910820f421aad49acde0e9a5c2c33bb9db8c46992853b
VirtualSize 0x58
VirtualAddress 0x14000
SizeOfRawData 0x200
PointerToRawData 0xa200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.428784

.rsrc

MD5 d43714d489ba738c8d392d8e5b6e4af8
SHA1 7d0631ee82608781de7a2cde468b5db7c4a99e2c
SHA256 b4b27c792ea7c701c73023939078901499d7c43aaaf4708383d64d9c913971ed
SHA3 41283f80452df2b3b9a86320d203fa5398802b8ca829f29e792e92d344377bc7
VirtualSize 0xffcc8
VirtualAddress 0x15000
SizeOfRawData 0xffe00
PointerToRawData 0xa400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.02229

.reloc

MD5 d2a70550489de356a2cd6bfc40711204
SHA1 02ec1f60b2e76741dd9848ac432057ff9d58d750
SHA256 e80232b4d18d0bb7e794be263ba937626f383f9917d4b8a737ba893a8f752293
SHA3 a2012e2d38b8ac152ac1bcc76bafda877e10eb11d69e0f68f5a697004bfc99e1
VirtualSize 0xa78
VirtualAddress 0x115000
SizeOfRawData 0xc00
PointerToRawData 0x10a200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0

Imports

KERNEL32.DLL GetTickCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SetThreadPriority
CreateThread
Sleep
GetConsoleTitleA
QueryPerformanceFrequency
GetModuleHandleA
SetConsoleTitleA
LoadResource
LockResource
FindResourceA
SetUnhandledExceptionFilter
SizeofResource
CloseHandle
api-ms-win-crt-heap-l1-1-0.dll _callnewh
malloc
free
_set_new_mode
calloc
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-math-l1-1-0.dll sin
fabs
_libm_sse2_atan_precise
_libm_sse2_exp_precise
__setusermatherr
_ftol
pow
_except1
api-ms-win-crt-runtime-l1-1-0.dll _initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_controlfp_s
terminate
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_exit
_initterm_e
exit
api-ms-win-crt-stdio-l1-1-0.dll __acrt_iob_func
__p__commode
__stdio_common_vfprintf
_set_fmode
api-ms-win-crt-time-l1-1-0.dll clock
api-ms-win-crt-utility-l1-1-0.dll rand
srand
abs
GDI32.dll CreateFontA
SelectObject
ChoosePixelFormat
SwapBuffers
SetPixelFormat
GLU32.dll gluBuild2DMipmaps
gluPerspective
MSVCP140.dll ?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
OPENGL32.dll glPolygonMode
glBindTexture
glGenTextures
glEnable
glVertex3f
glCullFace
glEnd
glTexCoord2f
glGenLists
glMatrixMode
glCallLists
glBlendFunc
wglCreateContext
glLoadIdentity
glVertex3fv
glTexParameteri
glColor3fv
glHint
wglUseFontOutlinesA
glPopAttrib
glClearColor
wglDeleteContext
glTranslatef
glRotatef
glListBase
glClearDepth
glColor4f
glMultMatrixf
glDisable
glLightfv
glPushMatrix
wglMakeCurrent
glDeleteLists
glGetFloatv
glShadeModel
glDepthFunc
glPushAttrib
glPointSize
glTexGeni
glClear
glViewport
glBegin
glPopMatrix
glDeleteTextures
USER32.dll ReleaseDC
ShowCursor
SetForegroundWindow
FindWindowA
PostQuitMessage
UnregisterClassA
PeekMessageA
LoadIconA
TranslateMessage
SetFocus
CreateWindowExA
DefWindowProcA
AdjustWindowRectEx
DispatchMessageA
LoadCursorA
DestroyWindow
GetDC
GetSystemMetrics
ShowWindow
ChangeDisplaySettingsA
MessageBoxA
MoveWindow
RegisterClassA
VCRUNTIME140.dll memcpy
_except_handler4_common
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memset
__vcrt_InitializeCriticalSectionEx
memmove
__CxxFrameHandler3
WINMM.dll waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutOpen
waveOutClose
waveOutGetPosition

Delayed Imports

105

Type MODFILE
Language English - United States
Codepage UNKNOWN
Size 0xdee0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.59841
MD5 7c9fd2842c568b77c5f69a9b649dccff
SHA1 f76d672b3cc537dfce0f40d03fe7dca100233841
SHA256 068d7a661ba0bd9caab77a7785391c2f05643ac71ef33e07f473f40ce4b6895a
SHA3 c892b3d701e16518e783f94b881d479f828b9972703bd78a383e5f2803b0cb98

101

Type RAW
Language English - United States
Codepage UNKNOWN
Size 0xc000
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.88899
MD5 e296415b7f59df674d8b1f727fa55933
SHA1 50675ab7f135d1d3ecf1c768be825e12d7af112f
SHA256 36e545e4b0838d6bcb3adb07f16496118f83198c390c329b3d9cca5c8c28bc13
SHA3 22e9a8f52c1044fae824f529111d5f46d9b5046979bbc5403f4e087d8637e817

102

Type RAW
Language English - United States
Codepage UNKNOWN
Size 0x46b9c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.99619
MD5 a1b8b364ff1c78157f15edf35c996e5c
SHA1 2eea49c674f99f268ab460bb7ecd0efaeee4da47
SHA256 6ffe027eecca540bc49a1b5edf173df2a16044e0e4a597a2445eeb0be42fd04f
SHA3 1d0afd7bee1cfebf1687fab585a7529076b51570178c7e54cda6f981102f0d71

103

Type RAW
Language English - United States
Codepage UNKNOWN
Size 0x5be00
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.88892
MD5 28188c55a914821466145918a28fd115
SHA1 5cbc2f2622d71c690c6793ea4854b0ecb1a4425a
SHA256 ecacb4560e6bd825b6106032360d39c33c0e920f7f861d7dea09227e4079de80
SHA3 9630e96be1b6659f3eef5b24331a462e81caa03bb4ba6c1615b24cac697f6fa4

104

Type RAW
Language English - United States
Codepage UNKNOWN
Size 0x43134
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.92531
MD5 819e4479f9a0e3477ca46a9e921c4c09
SHA1 0ab43eb9b654e1849cd972b4cc648ca5dbe38236
SHA256 4c2bd73cf0b53251d1b20eeaf11306c5f63c7ad2fb830dd744382921e2707baa
SHA3 055fc8c14c7aed9ffd9f8096c4c23ae2f8265e906feead0c7d9e20de10cfba0d

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

TLS Callbacks

StartAddressOfRawData 0x413000
EndAddressOfRawData 0x413008
AddressOfIndex 0x40bc4c
AddressOfCallbacks 0x40830c
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_4BYTES
Callbacks (EMPTY)

Load Configuration

Size 0x5c
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x40b00c
SEHandlerTable 0
SEHandlerCount 0

RICH Header

XOR Key 0xba6d9759
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 14
Imports (VS2015 UPD3 build 24123) 4
C objects (VC++ 6.0 SP5 build 8804) 6
ASM objects (VS2015 UPD3 build 24123) 4
C++ objects (VS2015 UPD3 build 24123) 27
C objects (VS2015 UPD3 build 24123) 13
Imports (65501) 13
Total imports 174
265 (VS2015 UPD3.1 build 24215) 3
Resource objects (VS2015 UPD3 build 24210) 1
151 1
Linker (VS2015 UPD3.1 build 24215) 1

Errors

<-- -->