9fa8cd3c18c6e1927c93f8b9dbc633b57a5dd6a64e2776a3df5371592f6c62cc

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Suspicious The PE is possibly packed. The PE only has 0 import(s).
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 75882ae7df333cec8de44a7dec31c398
SHA1 0900372c15bf20879edc47136f18a1d125f25cd9
SHA256 9fa8cd3c18c6e1927c93f8b9dbc633b57a5dd6a64e2776a3df5371592f6c62cc
SHA3 4e861269f5057a4320ec7e195de3b2c4fdae558aaca3140f3562d15868ee948c
SSDeep 3:WlWUqt/vllnl+YZcFTS9gXeF+X32ZpAl8//Vk/vt/lllNl//vl5vxHlvll1lt1l:idqGVg3F+X32Qq/O3f/EoBla5Z
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 2
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x200
SizeOfInitializedData 0x200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001000 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x3000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 b2ce7cba71e381f886a9a78a4808f5fd
SHA1 576178e5948c8e779c8dc436cdc5d6d2e4f6b9e9
SHA256 dcb66fab77dbc848730dbe9a1a6869e0eefe13f91092086cbdbdb70604cc0ad7
SHA3 d7c5b94c394b014465ffd98035058e7de428374b7ced457ccd86c30046d87b7a
VirtualSize 0x8
VirtualAddress 0x1000
SizeOfRawData 0x200
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 0.122276

.idata

MD5 0078588df6fcc87639f6748247ec1190
SHA1 dacad85690be773694632c8f90558bd8ef8bf1eb
SHA256 7271d3bb1fe4d5272675e6e735b8a470c2c95c1121b78ae2b1c6748cd6122077
SHA3 ea30cf7a8814e340e4f1062bd5e77758d5a8f2e036a23b11e4c81abc4dcb2793
VirtualSize 0x200
VirtualAddress 0x2000
SizeOfRawData 0x200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.600729

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: The PE's resource section is invalid or has been manually modified. Resources will not be parsed.
Leave a comment

No comments yet.