Architecture |
IMAGE_FILE_MACHINE_AMD64
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date |
2023-Mar-09 01:31:07
|
Detected languages |
English - United States
|
TLS Callbacks |
1 callback(s) detected.
|
Suspicious |
The PE is packed with UPX |
Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
|
Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
|
Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
MD5 |
a140a4104af9a85b8467919e2fb73f9c
|
SHA1 |
21c7722997f8d250c934982f635111c007301032
|
SHA256 |
527f4e98abc951cd4290da98bff27b105190166bdedeb535a6014352ec3af0c6
|
SHA3 |
a00606c546b43f5fee31a575ddc7ba90cf58b678adfe6f0de4acb53eca2da402
|
SSDeep |
192:bdcfMska00lF+0aOGDOUtjEavv8gC3zzQmGHLNRov7ajcNdkXsu:GM3XbKaXCHQmGHcv7ajbcu
|
Imports Hash |
e9e9b8abf25e4c3b34c17de65a1874e6
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x100
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections |
3
|
TimeDateStamp |
2023-Mar-09 01:31:07
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xf0
|
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic |
PE32+
|
LinkerVersion |
14.0
|
SizeOfCode |
0x3000
|
SizeOfInitializedData |
0x1000
|
SizeOfUninitializedData |
0x8000
|
AddressOfEntryPoint |
0x000000000000B290 (Section: UPX1)
|
BaseOfCode |
0x9000
|
ImageBase |
0x140000000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
6.0
|
ImageVersion |
0.0
|
SubsystemVersion |
6.0
|
Win32VersionValue |
0
|
SizeOfImage |
0xd000
|
SizeOfHeaders |
0x400
|
Checksum |
0
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x8000
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
45bd4d7171d686b9c2524b1dfbd5fad6
|
SHA1 |
9523b01034e2d3ac0407d0dc3fdc281cc87641a9
|
SHA256 |
1ed3e066ac94e170e7e03f092fcc41cfc683afb5a7ecdc0620e39a7314d99a80
|
SHA3 |
ab5649f565e7eeab134d91e378ae42e7c9d2d73147f85e1068660a967b357f3c
|
VirtualSize |
0x3000
|
VirtualAddress |
0x9000
|
SizeOfRawData |
0x2800
|
PointerToRawData |
0x400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.64147
|
MD5 |
3d9c78dfd408c383c8817c95ea61b977
|
SHA1 |
dce7a4ab8e098a39070dd2e42711cac3e4a8847a
|
SHA256 |
0140d19e3a4fd0d08d999db2a9d087cf706bf7bccf7a01be4d1af5127df07f10
|
SHA3 |
2630cbb0db2b627b11f5a42943791def437ffeaeab484138e5ae3de4f036a43a
|
VirtualSize |
0x1000
|
VirtualAddress |
0xc000
|
SizeOfRawData |
0x600
|
PointerToRawData |
0x2c00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
3.81928
|
api-ms-win-crt-heap-l1-1-0.dll |
malloc
|
api-ms-win-crt-locale-l1-1-0.dll |
_configthreadlocale
|
api-ms-win-crt-math-l1-1-0.dll |
__setusermatherr
|
api-ms-win-crt-runtime-l1-1-0.dll |
exit
|
api-ms-win-crt-stdio-l1-1-0.dll |
_set_fmode
|
KERNEL32.DLL |
LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
|
VCRUNTIME140.dll |
memset
|
Type |
RT_MANIFEST
|
Language |
English - United States
|
Codepage |
UNKNOWN
|
Size |
0x17d
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4.91161
|
MD5 |
1e4a89b11eae0fcf8bb5fdd5ec3b6f61
|
SHA1 |
4260284ce14278c397aaf6f389c1609b0ab0ce51
|
SHA256 |
4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
|
SHA3 |
4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353
|
StartAddressOfRawData |
0x14000b540
|
EndAddressOfRawData |
0x14000b541
|
AddressOfIndex |
0x140006660
|
AddressOfCallbacks |
0x14000b548
|
SizeOfZeroFill |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1BYTES
|
Callbacks |
0x000000014000B4F0
|
Size |
0x140
|
TimeDateStamp |
1970-Jan-01 00:00:00
|
Version |
0.0
|
GlobalFlagsClear |
(EMPTY)
|
GlobalFlagsSet |
(EMPTY)
|
CriticalSectionDefaultTimeout |
0
|
DeCommitFreeBlockThreshold |
0
|
DeCommitTotalFreeThreshold |
0
|
LockPrefixTable |
0
|
MaximumAllocationSize |
0
|
VirtualMemoryThreshold |
0
|
ProcessAffinityMask |
0
|
ProcessHeapFlags |
(EMPTY)
|
CSDVersion |
0
|
Reserved1 |
0
|
EditList |
0
|
SecurityCookie |
0x140005008
|
XOR Key |
0xce54cb14
|
Unmarked objects |
0
|
Imports (VS2008 SP1 build 30729) |
10
|
Imports (31935) |
2
|
C++ objects (31935) |
20
|
C objects (31935) |
10
|
ASM objects (31935) |
3
|
Imports (29395) |
3
|
Total imports |
58
|
C objects (LTCG) (32215) |
1
|
Resource objects (32215) |
1
|
Linker (32215) |
1
|
[*] Warning: Section UPX0 has a size of 0!