aa52ba98f1361c121056e8a635d42036

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2001-Nov-06 13:11:02

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: Tries to detect virtualized environments:
  • Hardware\Description\System
 May have dropper capabilities:
  • CurrentControlSet\Services
  • CurrentVersion\Run
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 aa52ba98f1361c121056e8a635d42036
SHA1 85286c498d37ee3784e7f0089c2ea75391740e9f
SHA256 ddd6530aa144ffc98851de3f3a2376e3fb7c882d4ad79f99e3446d2b5ef2bc22
SHA3 8499fda07221152d721a52a42e529f6e8ea3803d54a4dbe3c6754134bc70d872
SSDeep 768:686YlUV32aIuUZJHT64LA0PR11BnZ+PfMB:mYaILZJH7AJ+
Imports Hash c10a4a31d01a00e359c118d6090a0697

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2001-Nov-06 13:11:02
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x4d40
SizeOfInitializedData 0x1680
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000394D (Section: .text)
BaseOfCode 0x240
BaseOfData 0x4f80
ImageBase 0x400000
SectionAlignment 0x40
FileAlignment 0x40
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x6600
SizeOfHeaders 0x240
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1dd2143cf3beed882a2f94904afc55ac
SHA1 c6bccc3e0d12ec81d618fa55ea11005c3ee0036e
SHA256 60ea86eea9f7ed946e468d944ee721407273f60b6c17b76adcd3c9398ada32a1
SHA3 2287cfaad7f929e4a790cb1f091c1bcde67fe99c3e68367a7bdff37005129117
VirtualSize 0x4d01
VirtualAddress 0x240
SizeOfRawData 0x4d40
PointerToRawData 0x240
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.1821

.rdata

MD5 02d313c76c03f7e19ddf08381e25b755
SHA1 6fdebb8efd154913b07f31f15aedc2eaa127af93
SHA256 9204808633e9e8a1338423969f9cd674ace4d2631ab3dec86067391e70cc12ce
SHA3 294011a3eafeb07b5c45cb49f67e78415777e9b61d4c84031031021aacb0d18f
VirtualSize 0x182
VirtualAddress 0x4f80
SizeOfRawData 0x1c0
PointerToRawData 0x4f80
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.96433

.data

MD5 4f396890056dfa4ff61de99e1e739e44
SHA1 a53441f4a13dfd7cd7c19a72c6e3668b834e4fbd
SHA256 209705dfeb94aa042faa7b287fb81414ae9585619dd42cfc2903d01977098870
SHA3 3e83b000655a0c2ba9cc4a1b7438eb8253c497e95ad4f46624b28ae9295f9e21
VirtualSize 0x1498
VirtualAddress 0x5140
SizeOfRawData 0x14c0
PointerToRawData 0x5140
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.14667

Imports

KERNEL32.dll GlobalAlloc
GetModuleFileNameA
lstrcmpA
GetProcAddress
LoadLibraryA
VirtualProtect
GlobalFree
ExitProcess
FreeLibrary
GetModuleHandleA
USER32.dll MessageBoxA
wsprintfA

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xdb132103
Unmarked objects 0
Total imports 13
19 (8034) 5
C objects (VC++ 6.0 SP5 build 8804) 20

Errors

<-- -->