9e25e3b758cdca8225ba94031c0c02f0

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1992-Jun-19 22:22:17
Detected languages English - United States
CompanyName
FileDescription
FileVersion 6.1
InternalName
LegalCopyright
LegalTrademarks
OriginalFileName
ProductName
ProductVersion
Comments

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: CODE
Unusual section name found: DATA
Unusual section name found: BSS
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryExA
  • GetProcAddress
  • LoadLibraryA
Can access the registry:
  • RegQueryValueExA
  • RegOpenKeyExA
  • RegCloseKey
Suspicious The PE header may have been manually modified. The resource timestamps differ from the PE header:
  • 2019-Apr-29 14:58:02
Malicious VirusTotal score: 9/69 (Scanned on 2019-05-13 14:11:53) K7GW: Riskware ( 0040eff71 )
K7AntiVirus: Riskware ( 0040eff71 )
F-Secure: PotentialRisk.PUA/AD.FusionCore
SentinelOne: DFI - Suspicious PE
Cyren: W32/Application.RTMT-0857
Avira: PUA/AD.FusionCore.uzo
Microsoft: PUA:Win32/FusionCore
Acronis: suspicious
Cylance: Unsafe

Hashes

MD5 9e25e3b758cdca8225ba94031c0c02f0
SHA1 b55bbb4a5a9bddeec55779705dd6bebce2511d61
SHA256 7551f7e17ac6f0b6cb62e7f25fd4a340d4905a4c463bd0be678fe74470ab10ab
SHA3 7db754226651eb27b815f86838d7e74f1bf061367fc68cc65f76a5e1fb9c43b2
SSDeep 24576:jbX9Z5G2MKNPlNwjexOBw+D89AYkqSeLiEP:PX9ZVMCl6jex+3AHLiEP
Imports Hash 45e75d4d81ca2bb0546a0cb258f04fec

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 7
TimeDateStamp 1992-Jun-19 22:22:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0xfd200
SizeOfInitializedData 0x3400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000FE0C4 (Section: CODE)
BaseOfCode 0x1000
BaseOfData 0xff000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x105000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_LIBRARY_PROCESS_INIT
SizeofStackReserve 0
SizeofStackCommit 0
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

CODE

MD5 6a9bd461c95a568fabacbfa85076a98c
SHA1 434e2b54cbf13b70074be50787ad08b4a82c0e09
SHA256 894da7131efcc12da7f61e86105db6990a201e3daed4caddb7465f23abd7dd59
SHA3 cc8def90cdf206c41854bfc0b9e36c0afd2597ded55860a4739eed73dd7fa2c0
VirtualSize 0xfd0dc
VirtualAddress 0x1000
SizeOfRawData 0xfd200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.94073

DATA

MD5 0c7cb6282371df792a5adf852cf480e6
SHA1 bbc6cdaf8c9d4637f3c9b2ede72be3d278269c89
SHA256 192969d2f8df993da9e0d7ab57cb44048cd48815aaa749b1089bf0ddece0075a
SHA3 b104830ffaf29009123e4682f77213ed6a9dd79827ab07eb7b78ffdc7f3e3acb
VirtualSize 0x56c
VirtualAddress 0xff000
SizeOfRawData 0x600
PointerToRawData 0xfd600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.69472

BSS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xba5
VirtualAddress 0x100000
SizeOfRawData 0
PointerToRawData 0xfdc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 6ab342586b08a0df25c3c2ebc38a6b47
SHA1 58dd47ae3fc5cfeeb15b007419c8cdbf11dc7227
SHA256 9d858adcc1397465417a6f085baa5db3dbd89c5feb7a763ee7621bdf7dfea2ce
SHA3 402d8a5512438ebee67171b9f8538e48f3b337d0abf31e461887ea26103648c3
VirtualSize 0x87e
VirtualAddress 0x101000
SizeOfRawData 0xa00
PointerToRawData 0xfdc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.35036

.edata

MD5 2b4e867acebcb545b870889e78a95744
SHA1 e8dca68e7de209bfffa29ab0f047144e8bb07970
SHA256 b699786df55ab88d61ece426fe155ebab3aa5c42862b6ed6092e2bbfde24739d
SHA3 83dbee4bdeb28c7db50541cd26fa4f64ccd29cbb122013e27418ac6f02e0e403
VirtualSize 0x287
VirtualAddress 0x102000
SizeOfRawData 0x400
PointerToRawData 0xfe600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 3.79396

.reloc

MD5 d9642cf3ae0014d7b35a796f3e2b9b46
SHA1 2cabbd423f28003c32c36a9a6c0629d898eb6275
SHA256 a73545646624da8305e6e0f1f82422a1865bc5e89911c776097d4cd0c2546f6f
SHA3 4f6f6fa720555ca0c2b189696b23d7fed991b6a728f8085aa7095be91aff8559
VirtualSize 0xeec
VirtualAddress 0x103000
SizeOfRawData 0x1000
PointerToRawData 0xfea00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 6.40866

.rsrc

MD5 47b1136d49942d098fcbdc442b37d715
SHA1 fafd10b93930ab8c3f46d94a20f618756c8b4eda
SHA256 f0b8a367b5eef8b8f007d7c96f524da09788b0a6b701a7056184a09491824d02
SHA3 0fd6b6ab6166ce0e0ae1c76e4e022b311c264148bfa3276b6bb971adecdabe7f
VirtualSize 0x1000
VirtualAddress 0x104000
SizeOfRawData 0x1000
PointerToRawData 0xffa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 3.36548

Imports

kernel32.dll DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
advapi32.dll RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll SysFreeString
SysAllocStringLen
kernel32.dll (#2) DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
kernel32.dll (#3) DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll (#2) GetKeyboardType
LoadStringA
MessageBoxA
CharNextA

Delayed Imports

Refugulaceg

Ordinal 1
Address 0xf3d48

Fipekat

Ordinal 2
Address 0xf3cd4

Cibanehel

Ordinal 3
Address 0xf3c74

Kedahefotadap

Ordinal 4
Address 0xf3bc4

Fiteboberam

Ordinal 5
Address 0xf3ad8

Tibenedas

Ordinal 6
Address 0xf3a5c

Tebato

Ordinal 7
Address 0xf39cc

Desalu

Ordinal 8
Address 0xf390c

Porag

Ordinal 9
Address 0xf3894

Setoredanam

Ordinal 10
Address 0xf3800

Fehog

Ordinal 11
Address 0xf3740

Tegihat

Ordinal 12
Address 0xf36e4

Fekedu

Ordinal 13
Address 0xf3630

Bolog

Ordinal 14
Address 0xf35a8

Kurel

Ordinal 15
Address 0xf3520

Colodim

Ordinal 16
Address 0xf3454

Bogaga

Ordinal 17
Address 0xf33b4

Hemagecopoh

Ordinal 18
Address 0xf3118

Cokudinor

Ordinal 19
Address 0xf3078

Gobokabosonu

Ordinal 20
Address 0xf3b6c

Gadikoken

Ordinal 21
Address 0xf32ec

Lotanesomu

Ordinal 22
Address 0xf3244

Corilocec

Ordinal 23
Address 0xf3180

Maludasad

Ordinal 24
Address 0xf3dd4

Metabafi

Ordinal 25
Address 0xf6324

Lecoracaras

Ordinal 26
Address 0xf8888

Sokuhona

Ordinal 27
Address 0xfa098

Dohosepus

Ordinal 28
Address 0xfa2d8

Canolahibo

Ordinal 29
Address 0xfb90c

Dolog

Ordinal 30
Address 0xfce14

Punopupo

Ordinal 31
Address 0xfd5d4

4092

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0xf0
TimeDateStamp 2019-Apr-29 14:58:02
Entropy 2.8942
MD5 4e0bdd0b5506bdeb5747dfff8b0c0b24
SHA1 ec81d8347a0e7e1fe0d21780ab729868614d093d
SHA256 20a88211d2706ccaafc049ace2750e0072e3755cc9c56f7517291a9a83eb1c7d
SHA3 db292f85e54473f3c8ae1151ace59334c0b01ef0f4ca1afb2b01caf09eef8884

4093

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0xd8
TimeDateStamp 2019-Apr-29 14:58:02
Entropy 2.9852
MD5 bff595d6a12e6245241288c4da2986cb
SHA1 43502b3ae6c8bfe0829b854e234138bfb245bbd8
SHA256 1eddbe329d5339582536f7dd2b5d8553b46f7c39611c11076e94e5b954377c4a
SHA3 a4c0d1de52c3a479db88530e47c938d644eb14c58230740c3225af7e142cd7f7

4094

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x260
TimeDateStamp 2019-Apr-29 14:58:02
Entropy 3.20513
MD5 e5d0e53baa82a8a66c0e583d5987a2cb
SHA1 4af240d05829b1e0ec94b08bc90ce51eda31a380
SHA256 ebe6922fa9d6bfeb9e06d5fe3bac2b35fa7c8e8da9e6d4e65084e0ebf09cbd9a
SHA3 c409389478324fc3334a4514902cd04efec2e02ed7daf59e2a331152ee768484

4095

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x37c
TimeDateStamp 2019-Apr-29 14:58:02
Entropy 3.25436
MD5 5dce667336b254f0b76f73709f3f475f
SHA1 fc98a5c8d377a0048d5620d6424516063eeb0b42
SHA256 d92bf729f114fd24a3447a86cabc8938b758da42560d1c6db16f6a85385459ef
SHA3 a6799fdb1df13fde6fb20d308013da513ef5bb517f7e2fc87e6e8ef3bfaf239a

4096

Type RT_STRING
Language UNKNOWN
Codepage UNKNOWN
Size 0x2a0
TimeDateStamp 2019-Apr-29 14:58:02
Entropy 3.18442
MD5 a19b1759bcc86855f5be32ce48767672
SHA1 4e75052a5967d31e7bfc1c5d6570fe70fdd1b44e
SHA256 49273389801a1f2231e5dd94be7ba0b019b4939ff4689134e11dd0e0d9f98a04
SHA3 017b27c7b2821a17d9615322d36ea0e8083958ed828dd3f060d48e56e1186c67

DVCLAL

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x10
TimeDateStamp 2019-Apr-29 14:58:02
Entropy 4
MD5 d8090aba7197fbf9c7e2631c750965a8
SHA1 04f73efb0801b18f6984b14cd057fb56519cd31b
SHA256 88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610
SHA3 a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb

PACKAGEINFO

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x64
TimeDateStamp 2019-Apr-29 14:58:02
Entropy 4.639
MD5 5b3203e46d573caa7308e1b34bf45793
SHA1 9b2a5f560bc59fdd2a80d7e59b8be215ad906cec
SHA256 7c26a7102a6d988c0ac66c6b44c92126323b94106a5801d39fa3fa1470574394
SHA3 a466762fbfcfc99c32c08b3816089abf06e2bc444046934ca021794dc9608e86

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x260
TimeDateStamp 2019-Apr-29 14:58:02
Entropy 3.02091
MD5 146f1a9bbbdb763d2674fa64bc8720fd
SHA1 b93ce6a30a6ce409263ea2c192f0badad38c5331
SHA256 f2e5b56afea1a48fb007447b8b556180aed56415681fce8559fdee3fbd66aa44
SHA3 ce3e25f5d0277c872e1a988a64bd614ca251b1bb85b5bdc16cf4b77b5a2a5bc6

String Table contents

November
December
Sun
Mon
Tue
Wed
Thu
Fri
Sat
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Jul
Aug
Sep
Oct
Nov
Dec
January
February
March
April
May
June
July
August
September
October
Invalid variant type conversion
Invalid variant operation
Invalid argument
External exception %x
Assertion failed
Interface not supported
Exception in safecall method
%s (%s, line %d)
Abstract Error
Access violation at address %p in module '%s'. %s of address %p
Jan
Feb
Mar
Apr
May
Jun
Invalid pointer operation
Invalid class typecast
Access violation at address %p. %s of address %p
Access violation
Stack overflow
Control-C hit
Privileged instruction
Exception %s in module %s at %p.
%s%s
Application Error
Format '%s' invalid or incompatible with argument
No argument for format '%s'
Variant method calls not supported
Read
Write
Error creating variant or safe array
Variant or safe array index out of bounds
Out of memory
I/O error %d
File not found
Invalid filename
Too many open files
File access denied
Read beyond end of file
Disk full
Invalid numeric input
Division by zero
Range check error
Integer overflow
Invalid floating point operation
Floating point division by zero
Floating point overflow
Floating point underflow

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 0.0.6.1
ProductVersion 0.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName
FileDescription
FileVersion (#2) 6.1
InternalName
LegalCopyright
LegalTrademarks
OriginalFileName
ProductName
ProductVersion (#2)
Comments
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0!