aa234d9a2e77ad02754b44753a4d78cf

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CE_GUI
Compilation Date 2008-Mar-31 07:17:00
Detected languages Polish - Poland
Debug artifacts e:\Projects\Dev\test\release\test.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Microsoft Visual C++ 8
Microsoft Visual C++ 8.0
MSVC++ v.8 (procedure 1 recognized - h)
Suspicious The PE is possibly packed. Unusual section name found: foobar1
Unusual section name found: foobar2
Unusual section name found: foobar3
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Malicious The PE's digital signature is invalid. Signer: SysTApplSecur rulz OK!
Issuer: SystApplSecur rulz OK!
The file was modified after it was signed.
Suspicious VirusTotal score: 1/64 (Scanned on 2017-09-23 11:44:34) Cylance: Unsafe

Hashes

MD5 aa234d9a2e77ad02754b44753a4d78cf
SHA1 1acaaf6170510478c8760c1ce1d6eea9747aaec8
SHA256 7c5a2e3aedea819aafc9a8786f16222d5cdf9d6b993420245bf2a517076872ca
SHA3 705d6c5e0b9081f2b985d7b75adfb8ff48b2de108808e03f55258259dfe5bf63
SSDeep 768:4ufsMyUb+naQqvTuNW2tEkukRRWY4AHr96TEltYtb:LDbU/qvaztE+Rn476Wtb
Imports Hash 3f47193c616b2ef1efc4ef1d371ef75b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 7
TimeDateStamp 2008-Mar-31 07:17:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 8.0
SizeOfCode 0x7000
SizeOfInitializedData 0x8000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001229 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x8000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x10000
SizeOfHeaders 0x1000
Checksum 0x133f1
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CE_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1fab023a1894960c630844910c73c4cb
SHA1 a44ff5a3b43769bc9d30a1d0bc5b25487f31aa85
SHA256 f50d0a72fdd063f01b8e6c3ce49c6357c1d41b792e71385511ca688eb48a164f
SHA3 c72d603a21e06ac581708bdf2ba4059f26230db7078a5854be0f30a272b57294
VirtualSize 0x6326
VirtualAddress 0x1000
SizeOfRawData 0x7000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.20246

.rdata

MD5 2ce2f87af588ab0b62f450393c61886d
SHA1 3f0d23f8574b7ab3090ef2524f84c9dd676118af
SHA256 5dbfb4fa25b9d72e3188c5628b18f855b8cebd493ec106f11fcfc9012b21a666
SHA3 ed7a1af8dbfa1f55ac9027a40a48de8e220b0bea7e309cd424a157f8fc53c113
VirtualSize 0x1be8
VirtualAddress 0x8000
SizeOfRawData 0x2000
PointerToRawData 0x8000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.04134

.data

MD5 e53675c58916148b9484abb3584d24cf
SHA1 e6d6bccf4dd9eb98f5bcd83d6294110e15b9a9dd
SHA256 d359959dced3db3748b38da38dd78c6a00561694a7c20f5981e84914551c1565
SHA3 ff00e116b3a22a832e278599bbb987954ca47f0ce0e72a7b6861139fb4c8bdef
VirtualSize 0x197c
VirtualAddress 0xa000
SizeOfRawData 0x1000
PointerToRawData 0xa000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.11911

foobar1

MD5 86424d89726ac9124f7fad32a8bc3906
SHA1 6bc8cf64b7c5c6be9bc8603e0ee8149365c8aad2
SHA256 90c3dc7703ae5fe7f02e0b69e8a4b1b25cde9fea576610c0870ac484f4c22ffc
SHA3 0e201538f5464ed52ea65053e6a8ac7d5a09e31eaf31828262071631fa34a434
VirtualSize 0x4
VirtualAddress 0xc000
SizeOfRawData 0x1000
PointerToRawData 0xb000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0131269

foobar2

MD5 553db599d6d7226fca1ad89651918873
SHA1 d41be232ab8d8c44546b689e91f097419ce6a1af
SHA256 4f6c14d1474c8d06bdc52b9352d466c2e71defefe5bc655ab1ee3d3c44c99cdf
SHA3 b4343316e18d428545cd04285ddc929d8c13e8218e87e2d8e0a00eccbcc292b8
VirtualSize 0x4
VirtualAddress 0xd000
SizeOfRawData 0x1000
PointerToRawData 0xc000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0111738

foobar3

MD5 ffd3b1d9d42f56fb3e596d98a299be70
SHA1 aa34a0156cf0bd6aaab1878322378eda1dcedeff
SHA256 29043dd587924b5043ee02ef961d2a82aa471cdab41ffea1068a7de7d7891fdd
SHA3 1265871a459a1f59f9a6ed63e871c37884f629a4b4610079b240d03fb0f800ae
VirtualSize 0x4
VirtualAddress 0xe000
SizeOfRawData 0x1000
PointerToRawData 0xd000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0131269

.rsrc

MD5 1da90a69c3173bf9852f9bb76b41250c
SHA1 bbd639dbea168b5107892de1246e2494e21e2c85
SHA256 c0bca76533a3b6ce17b2469fb1f6ca66c104f7766a3e7a3c0f2c779b09bf094d
SHA3 66b06c560ffdd76866765722e6e450adff97b6d94ddfeb1d9035a7043c7e3c03
VirtualSize 0x508
VirtualAddress 0xf000
SizeOfRawData 0x1000
PointerToRawData 0xe000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.17094

Imports

USER32.dll MessageBoxW
KERNEL32.dll HeapCreate
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Delayed Imports

1

Type RT_ICON
Language Polish - Poland
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.84776
MD5 5df27da678b61b8e340a17874350abec
SHA1 9cc4b6ff1199a1396547c21132756b2e73b64445
SHA256 b0d17d2cae7f9caefc97b28a87a32248ec8f0cf090eb0a5db34d4d88fa73ebdf
SHA3 78e1c042dceecaf484809f0b81ae2eba3b7e20ce4820e953c53bf945e4d8029b

2

Type RT_ICON
Language Polish - Poland
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.55844
MD5 707486d4e59854af6fc5e2fb2b9aea2a
SHA1 f278ef6c989341f660be68b6915f092f2cba6df4
SHA256 ffd9b48eeb36e492268056fa57ec0106406baf928a35afecd3af7a7e9c5fa2b5
SHA3 fff3e108691be80baf0efcc6bbf49d1d5c7906c5b04e1576b25a6b10585998c0

102

Type RT_GROUP_ICON
Language Polish - Poland
Codepage UNKNOWN
Size 0x22
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.37086
Detected Filetype Icon file
MD5 d59e0d372ea5fd8c1f4de744376a6af4
SHA1 6883ce60e71a83424db0b41d0ab6bf61080e3de2
SHA256 b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b
SHA3 5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2008-Mar-31 07:17:00
Version 0.0
SizeofData 62
AddressOfRawData 0x9330
PointerToRawData 0x9330
Referenced File e:\Projects\Dev\test\release\test.pdb

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x40a004
SEHandlerTable 0x409370
SEHandlerCount 3

RICH Header

XOR Key 0xa2024b75
Unmarked objects 0
ASM objects (VS2012 build 50727 / VS2005 build 50727) 16
C++ objects (VS2012 build 50727 / VS2005 build 50727) 25
C objects (VS2012 build 50727 / VS2005 build 50727) 74
Imports (VS2003 (.NET) build 4035) 5
Total imports 78
114 (VS2012 build 50727 / VS2005 build 50727) 1
Resource objects (VS2012 build 50727 / VS2005 build 50727) 1
Linker (VS2012 build 50727 / VS2005 build 50727) 1

Errors

<-- -->