| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_NATIVE
|
| Compilation Date |
2021-Jul-28 08:01:25
|
| Suspicious |
The PE is an NSIS installer |
Unusual section name found: .ndata
The PE only has 0 import(s).
|
| Suspicious |
VirusTotal score: 2/68 (Scanned on 2021-07-28 17:39:51) |
CrowdStrike:
win/malicious_confidence_80% (W)
Paloalto:
generic.ml
|
| MD5 |
a11d1c066d6bd8e35bec3f985649e112
|
| SHA1 |
651622388600efdc8e6ee4a92df6981d3881e5e9
|
| SHA256 |
a701108be3d3802eba7c79c5c68afc0fee833595cdada8df5ac02ef9b97d2ad1
|
| SHA3 |
54fe7a75151b67357e9e73784d405cfb6586f97c92c89f9ad4afbd8fa17288fa
|
| SSDeep |
1536:nxdifoVqWb2t3SLXMUthlUbf6cLRcJyXBq77TS1Vyzaw30qA/cimkd8TfnDItLq:TMoVtb+37UP6jbK8q7PvJTLli1tq
|
| Imports Hash |
d41d8cd98f00b204e9800998ecf8427e
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0xc0
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
5
|
| TimeDateStamp |
2021-Jul-28 08:01:25
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
| Magic |
PE32+
|
| LinkerVersion |
0.0
|
| SizeOfCode |
0x1a00
|
| SizeOfInitializedData |
0x24600
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x0000000000001020 (Section: .text)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x180000000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
6.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
6.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x2a000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x2a484
|
| Subsystem |
IMAGE_SUBSYSTEM_NATIVE
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
5f2b5a2f350decc30962d6a7ffe7cd73
|
| SHA1 |
23f5fbfd6565e7c81caea80d575880781cded21d
|
| SHA256 |
ac752017ca10a6eb50af90d500c194d1b163b709f7658272df88b8a3f1ff7d53
|
| SHA3 |
163369ebdee55c6f431b92cc5fb0cd65da530efdee254c73e9fa78ecd12d10e6
|
| VirtualSize |
0x1921
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x1a00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
6.14862
|
| MD5 |
6e8d4de22e1b5b55e7040847507ad55b
|
| SHA1 |
bc4c33e664f7ce8f14ed28242aa5f7e308c888af
|
| SHA256 |
58f1cce4cbaf92a9e2cecad1a7678182d4a22af7f515fa5f236be182c19f1a75
|
| SHA3 |
8b9a27fd6823cdd87b9465558458201c258df20e64cf3b153c64477524ffe026
|
| VirtualSize |
0x1b9
|
| VirtualAddress |
0x3000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x1e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
3.68357
|
| MD5 |
81c161f505456402225bc61a44e77a5c
|
| SHA1 |
02e158f990d639b31e0187594699a79a4e6dbce2
|
| SHA256 |
1c5b025abf6a77c717f06f4a03f0a4e7c6dfde8dc98440180f8950647304a64d
|
| SHA3 |
8dd55ffcea3d5f7eac8a2a430a6adbff7e3cd81341a7cb05b9507e344f69dc36
|
| VirtualSize |
0x88
|
| VirtualAddress |
0x4000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x2000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.147365
|
| MD5 |
a429d64c21d142cf42ad40fd1832a546
|
| SHA1 |
0c4fef7ba9a1b428158b7ad07d8f107bfcf4f7a9
|
| SHA256 |
7b852478e31c29d29597addb5afac243ca6a3212bbf5aa9586a60becdb26478a
|
| SHA3 |
4a3458adfa149d3368578d96b91ae1914a16c1a9021757eed38f43de1df6fdba
|
| VirtualSize |
0x78
|
| VirtualAddress |
0x5000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x2200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
1.0615
|
| MD5 |
d5bce0b96992d61262fb67dc2445eee8
|
| SHA1 |
c128d6f4a8906462a80858048117f139a50e64ea
|
| SHA256 |
2c5893ccf07bd682c38024c9f58336c84aa89a51fb6dd032a360d1b6dbe0e50e
|
| SHA3 |
be867c86c7e9c7496402e606c9cc6e0335b019f1eb150842749ef5b2c3f098a3
|
| VirtualSize |
0x23fda
|
| VirtualAddress |
0x6000
|
| SizeOfRawData |
0x24000
|
| PointerToRawData |
0x2400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
4.90132
|
| Characteristics |
0
|
| TimeDateStamp |
2021-Jul-28 08:01:25
|
| Version |
0.0
|
| SizeofData |
176
|
| AddressOfRawData |
0x302c
|
| PointerToRawData |
0x1e2c
|
[!] Error: Could not read the exported DLL name.