ab91be24e88f15d95b18fce2da10544a210ec278814f9d54865f809405e321d5

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00
Detected languages English - United States
Debug artifacts Embedded COFF debugging symbols

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • LoadLibraryW
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Info The PE is digitally signed. Signer: atom.hutsell.com
Issuer: WR3
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 594d6e0f247f724806fc44ded624eeac
SHA1 93dba1fcb7189fc73d71e4797b272366c54f8cd7
SHA256 ab91be24e88f15d95b18fce2da10544a210ec278814f9d54865f809405e321d5
SHA3 e67ec0f7d531d717ee30dc73e1207cfa546337197056f740fc001687bd76e9bd
SSDeep 49152:jpGLK3mhWuTFFzNgZbdJnZCstjgLPp5D1/:jJ3Hu7zNgZfZ5tYB
Imports Hash 9cbefe68f395e67356e2a5d8d1b285c0

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0x4
e_cparhdr 0
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x1e5600
NumberOfSymbols 2370
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x83a00
SizeOfInitializedData 0x19000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000005AB40 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x29e000
SizeOfHeaders 0x600
Checksum 0x24b5a3
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 ae0fe879fbb5cf11933856fef69e56f5
SHA1 7dd57533967ff30af373cd8f5e4acd63708bc465
SHA256 4fd080ff88e9dade7f93fe1c409fe387f152bbd16e054737ad99e828f6fee4fb
SHA3 67833a3e9f90b9a5968abfc2455d518df807c240dbf6ccca7b403cca5e175ea6
VirtualSize 0x8385a
VirtualAddress 0x1000
SizeOfRawData 0x83a00
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.2065

.rdata

MD5 86200e2af6102ffefc5a497c0cf6d07e
SHA1 cde5fabd1d79a8d8e8f0a39a9738f9c6cceb36b4
SHA256 877777c15f87d6a804148dea33456ff320f6f5518382716132c840d58423df32
SHA3 ee69113ab053cfe775f08c13ef887f70f1ad1e486f517cf328a19acaf2586122
VirtualSize 0x145650
VirtualAddress 0x85000
SizeOfRawData 0x145800
PointerToRawData 0x84000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.15735

.data

MD5 ca205746242fbfcb3fd22bcb79d7e283
SHA1 2f838e6564e3ac968317a4be0ea63b93d7a85807
SHA256 891a6baefe67720119a8cd20f5124640b190047dbd62dc12836132efdbe5da86
SHA3 4cea620a5a7432c5fb209db90aa9b18ee277e10360218a51eb3be01e6f0e3020
VirtualSize 0x73168
VirtualAddress 0x1cb000
SizeOfRawData 0x19000
PointerToRawData 0x1c9800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.85713

.idata

MD5 a7a1d8ea157fe6ad7c22088facebc7a6
SHA1 88b4b7ec71b08aa386904c1694f0bebd034cedd5
SHA256 e686ff4114e6ba00ac0d1bb260753bad46c04d726cd628c627613b8c68e4e7cd
SHA3 9d8d76c783def3663c58f14a5be6eb1c4410252fe51d4c7e644621bf22385e68
VirtualSize 0x47c
VirtualAddress 0x23f000
SizeOfRawData 0x600
PointerToRawData 0x1e2800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.57091

.reloc

MD5 bcd464b22c75473a91bf275aa8b0da96
SHA1 a16178d3b0ac39a39beffa996f5352b26f4f1c1f
SHA256 98a542c4af5ec69f714cab06dfb70b9926dccbb2cc24a4292676ee2fdd00048c
SHA3 72f863c0d0555537b7f124253a2d27af3fc890c53075741fac2a65e65957496c
VirtualSize 0x26fa
VirtualAddress 0x240000
SizeOfRawData 0x2800
PointerToRawData 0x1e2e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.38514

.symtab

MD5 eefd1c13ea4befdfd54855604e9da3b6
SHA1 3dc56bc3f0429facae21abd3543768cfaeb8ce29
SHA256 9454a3247a81441eb76fc60d62ff673ffeb36da46f4a0a07fe53778cedf7b079
SHA3 0756a1c476bfa0a49a4bbe98d4ad7fa738fbeab9fe8fdcb2b11a6c3f0592b590
VirtualSize 0x176b0
VirtualAddress 0x243000
SizeOfRawData 0x17800
PointerToRawData 0x1e5600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.14298

.rsrc

MD5 4f7af9624a63d3aeb548e72f46fd9d1b
SHA1 70daddca8b57460b69867407dff06dc8e08fd65e
SHA256 c2e19cd8f324bfdf31a36f10a97c3c2cccdb5ce5b47c05055e24c93ddac8ee18
SHA3 e5955a499044bbb9fb063f63b582b301a2ac68cc05e55059fd8fc50362190259
VirtualSize 0x420dc
VirtualAddress 0x25b000
SizeOfRawData 0x42200
PointerToRawData 0x1fce00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.86195

Imports

kernel32.dll WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x42028
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.86297
MD5 25e4ba67ead1c7d1936ea85eb0b24f58
SHA1 1cf46a3ecc2cab7a7f0958b541df3f1fd19cca38
SHA256 fff6565ead1542f9934451ec4641223b161abd9d2de59d49494853d3b154159b
SHA3 af5d049302dcd199187d0107c5e70ddd79229b60128c37e8f1074b9d65ae7a7a

1 (#2)

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.67095
Detected Filetype Icon file
MD5 464cb94db3a2622922a9562865009ae8
SHA1 dbe17c767d942f219df59f9eae77b213c15eab70
SHA256 8affd1fa69a6c5a5b54e504d72d4e9a0eba9b7d702a445ea1399a5978794719a
SHA3 3e0e32110c6c0f3323eeeb5e4a6cbb7a8db52ab14e0f065384fb4eedac4fbcda

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.