a8993ef735a8cbbb7199298a3951526e

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2015-Mar-12 11:34:49
Comments
CompanyName
FileDescription ConsoleApplication3
FileVersion 1.0.0.0
InternalName ConsoleApplication3.exe
LegalCopyright Copyright © 2018
LegalTrademarks
OriginalFilename ConsoleApplication3.exe
ProductName ConsoleApplication3
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 7.1
Microsoft Visual C++ 6.0 - 8.0
MASM/TASM - sig1(h)
Microsoft Visual C++
Microsoft Visual C++ v6.0
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Uses constants related to AES
Uses constants related to Blowfish
Suspicious The PE is possibly packed. Unusual section name found: .marx
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
  • LoadLibraryExA
Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 a8993ef735a8cbbb7199298a3951526e
SHA1 70f8402dd67f4e9633cc4e6f39abec2e73fe1d43
SHA256 121aa3d8ada8337ee1a233bf0d9db0709fc47621e7d16070d8d46d76572e93a4
SHA3 29f978082c69c405268a06b03a1275c4214f1e556833ee87c4ab0ae535efb048
SSDeep 1536:92aL3o2BgFeNBqMD8A4XKMsp16rhMjpnQkgSxHKWQ9S4AHPgk0lBLau1o:F3o2qFeNBq88Qfm8QkLdPgk0lQK
Imports Hash 690776059d6a864f416a5e75ffad15d5

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x110

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 2015-Mar-12 11:34:49
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 7.0
SizeOfCode 0xf000
SizeOfInitializedData 0x11000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000F7FC (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x10000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x21000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 e0b56fbbe09b4e18020fafab329f3b99
SHA1 4c523c49d12266095c9ac41cbcd1ccb5e0340072
SHA256 84df23fe00f269eae3fb348f9beb9aef5afe80943960744eb69e0a3636c6c8a0
SHA3 35bcbe29360dcb90112726de4d4e2bda62e857060a2c65b59146e7c38a06cc6f
VirtualSize 0xe865
VirtualAddress 0x1000
SizeOfRawData 0xf000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.59203

.rdata

MD5 d76b9b03c09e41b072472dd863b400b3
SHA1 02904f5ec57cbf886594c05387b060e44eaf120a
SHA256 0962887987cdf72ffce1e216cfe4051f6c1070a25fb33dfb738ae5d112b5b553
SHA3 b2ed84007920694031042edac448174dfb96f8e13c13b4e528e5ff9f8025b194
VirtualSize 0x5f46
VirtualAddress 0x10000
SizeOfRawData 0x6000
PointerToRawData 0x10000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.77269

.data

MD5 b4519799ae910257ac873a82684be2b9
SHA1 e5439191d33820ed6c95ae8daf705acf701e1dc0
SHA256 1437d8faf60c2bc4f7bcc2c65dbb5ef48eb2767a235459e19464c1b2f3290fcd
SHA3 1e1128484243f8952e1b14024d7bc97c4846882e7f6032839ca685269661e282
VirtualSize 0x4c34
VirtualAddress 0x16000
SizeOfRawData 0x4000
PointerToRawData 0x16000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.45446

.marx

MD5 09aef2c23a44359d7ef730917f1a5ba2
SHA1 fabb7c7a7e2bb2b89df6201983b35e5487d8b6c1
SHA256 9c96259b3ef9ae5a58bda32ea36d699c504f0ed2109931bef1b5d75a874f1879
SHA3 a6c605c3f2f50fb2475f97f47887af4437e6aed91d357faaaf52afa4d877e026
VirtualSize 0x2b61
VirtualAddress 0x1b000
SizeOfRawData 0x3000
PointerToRawData 0x1a000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.65923

.rsrc

MD5 5b350fee766290ebb9adebebaab1d29f
SHA1 c16b74b2e47388bf39584bc71b1b59da0ed4aa6b
SHA256 10b231b7d135a796d90af9b89983e0055ae258725d3f0c7fa48f600c0ce6eb04
SHA3 9c1d6b2ec9865e743d9e4e3dc6bdb58f55730d886a74503d634dc1ec5122b139
VirtualSize 0x5fc
VirtualAddress 0x1e000
SizeOfRawData 0x1000
PointerToRawData 0x1d000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.96749

.reloc

MD5 b70b2a8799f71f950eb67ba4f4e8d755
SHA1 cebf0d67f7e4495f825e06cda38e40ae55834698
SHA256 bf971f3bbbf1df65195c8a519632fb67ddfb58c9125f2075c12333bb277a5217
SHA3 246a4cd4de45ded33841a2ab58fd76bc2d10cf99c9f1f42327192b275a396db9
VirtualSize 0x1306
VirtualAddress 0x1f000
SizeOfRawData 0x2000
PointerToRawData 0x1e000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.08904

Imports

WINMM.dll timeKillEvent
timeGetDevCaps
timeSetEvent
KERNEL32.dll GetModuleFileNameA
LoadLibraryA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
VirtualFree
VirtualAlloc
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
TerminateProcess
FreeLibrary
LoadLibraryExA
SearchPathA
GetSystemInfo
OutputDebugStringA
GetCommandLineA
GetVersionExA
RtlUnwind
HeapAlloc
HeapFree
ExitProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsAlloc
SetLastError
GetCurrentThreadId
VirtualProtect
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
InterlockedExchange
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
LCMapStringA
MultiByteToWideChar
LCMapStringW
HeapSize
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
USER32.dll MessageBoxA
mscoree.dll _CorExeMain
ole32.dll CoInitialize

Delayed Imports

1

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x36c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.27767
MD5 4e94a45da3b51f9ace2a0d41bb5fdb4c
SHA1 2f7a7ae5a149b58c52dbe0dccea189eabd9ec5ef
SHA256 425eeadc3ff24c871e9dbd51679c0fe2f985a21618e0240edd37fa9a1c58629a
SHA3 42db34f10851ba19929d2dc936bdb1316a9a711a7e6daa926bea1aef4009be45

1 (#2)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x1ea
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.00112
MD5 b7db84991f23a680df8e95af8946f9c9
SHA1 cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256 539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3 4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 1.0.0.0
ProductVersion 1.0.0.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments
CompanyName
FileDescription ConsoleApplication3
FileVersion (#2) 1.0.0.0
InternalName ConsoleApplication3.exe
LegalCopyright Copyright © 2018
LegalTrademarks
OriginalFilename ConsoleApplication3.exe
ProductName ConsoleApplication3
ProductVersion (#2) 1.0.0.0
Assembly Version 1.0.0.0
Resource LangID UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x4fb6b3e
Unmarked objects 0
Imports (2148) 2
105 (2067) 1
ASM objects (VS2003 (.NET) build 3077) 23
C objects (VS2003 (.NET) build 3077) 86
C objects (VS98 SP6 build 8804) 13
C++ objects (VS98 SP6 build 8804) 1
Imports (2067) 2
Imports (2179) 7
Total imports 93
C++ objects (VS2003 (.NET) build 3077) 11
94 (VS2003 (.NET) build 3052) 1
Linker (VS2003 (.NET) build 3077) 1

Errors

<-- -->