a140a4104af9a85b8467919e2fb73f9c

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2023-Mar-09 01:31:07
Detected languages English - United States
TLS Callbacks 1 callback(s) detected.

Plugin Output

Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 a140a4104af9a85b8467919e2fb73f9c
SHA1 21c7722997f8d250c934982f635111c007301032
SHA256 527f4e98abc951cd4290da98bff27b105190166bdedeb535a6014352ec3af0c6
SHA3 a00606c546b43f5fee31a575ddc7ba90cf58b678adfe6f0de4acb53eca2da402
SSDeep 192:bdcfMska00lF+0aOGDOUtjEavv8gC3zzQmGHLNRov7ajcNdkXsu:GM3XbKaXCHQmGHcv7ajbcu
Imports Hash e9e9b8abf25e4c3b34c17de65a1874e6

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 3
TimeDateStamp 2023-Mar-09 01:31:07
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x3000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x8000
AddressOfEntryPoint 0x000000000000B290 (Section: UPX1)
BaseOfCode 0x9000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xd000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x8000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 45bd4d7171d686b9c2524b1dfbd5fad6
SHA1 9523b01034e2d3ac0407d0dc3fdc281cc87641a9
SHA256 1ed3e066ac94e170e7e03f092fcc41cfc683afb5a7ecdc0620e39a7314d99a80
SHA3 ab5649f565e7eeab134d91e378ae42e7c9d2d73147f85e1068660a967b357f3c
VirtualSize 0x3000
VirtualAddress 0x9000
SizeOfRawData 0x2800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.64147

.rsrc

MD5 3d9c78dfd408c383c8817c95ea61b977
SHA1 dce7a4ab8e098a39070dd2e42711cac3e4a8847a
SHA256 0140d19e3a4fd0d08d999db2a9d087cf706bf7bccf7a01be4d1af5127df07f10
SHA3 2630cbb0db2b627b11f5a42943791def437ffeaeab484138e5ae3de4f036a43a
VirtualSize 0x1000
VirtualAddress 0xc000
SizeOfRawData 0x600
PointerToRawData 0x2c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.81928

Imports

api-ms-win-crt-heap-l1-1-0.dll malloc
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-runtime-l1-1-0.dll exit
api-ms-win-crt-stdio-l1-1-0.dll _set_fmode
KERNEL32.DLL LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
VCRUNTIME140.dll memset

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

TLS Callbacks

StartAddressOfRawData 0x14000b540
EndAddressOfRawData 0x14000b541
AddressOfIndex 0x140006660
AddressOfCallbacks 0x14000b548
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_1BYTES
Callbacks 0x000000014000B4F0

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140005008

RICH Header

XOR Key 0xce54cb14
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 10
Imports (31935) 2
C++ objects (31935) 20
C objects (31935) 10
ASM objects (31935) 3
Imports (29395) 3
Total imports 58
C objects (LTCG) (32215) 1
Resource objects (32215) 1
Linker (32215) 1

Errors

[*] Warning: Section UPX0 has a size of 0!
<-- -->