| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2016-Feb-06 21:24:54
|
| Detected languages |
English - United States
|
| TLS Callbacks |
3 callback(s) detected.
|
| Suspicious |
PEiD Signature: |
UPolyX V0.1 -> Delikon
PolyEnE 0.01+ by Lennart Hedlund
|
| Suspicious |
Strings found in the binary may indicate undesirable behavior: |
May have dropper capabilities:
- %TEMP%
- CurrentVersion\Run
Contains references to mining pools:
- stratum+tcp://mine.moneropool.com:3333
- stratum+tcp://mine.moneropool.com:3336
- stratum+tcp://monero.crypto-pool.fr:3333
- stratum+tcp://pool.minexmr.com:5555
- stratum+tcp://xmr.prohash.net:7777
|
| Malicious |
This program contains valid cryptocurrency addresses. |
Contains a valid Monero address:
- 42n7TTpcpLe8yPPLxgh27xXSBWJnVu9bW8t7GuZXGWt74vryjew2D5EjSSvHBmxNhx8RezfYjv3J7W63bWS8fEgg6tct3yZ
|
| Info |
The PE contains common functions which appear in legitimate applications. |
Possibly launches other programs:
Has Internet access capabilities:
- InternetCloseHandle
- InternetConnectA
- InternetFindNextFileA
- InternetOpenA
- InternetOpenUrlA
- InternetReadFile
- InternetSetOptionA
|
| Malicious |
The PE header may have been manually modified. |
Resource RCDATA1 detected as a PE Executable.
The resource timestamps differ from the PE header:
Resources amount for 93.6665% of the executable.
|
| Malicious |
VirusTotal score: 66/69 (Scanned on 2020-01-31 20:49:56) |
Bkav:
W32.DotomchASAO.Trojan
MicroWorld-eScan:
Trojan.AgentWDCR.HWR
CMC:
Trojan.Win32.Agentb!O
CAT-QuickHeal:
Risktool.BitCoinMiner.DR9
McAfee:
Generic.zn
Cylance:
Unsafe
Zillya:
Trojan.Black.Win32.46302
Sangfor:
Malware
K7AntiVirus:
Trojan ( 004e1d801 )
Alibaba:
Worm:Win32/Agentb.a3d373eb
K7GW:
Trojan ( 004e1d801 )
CrowdStrike:
win/malicious_confidence_100% (W)
Arcabit:
Trojan.AgentWDCR.HWR
TrendMicro:
WORM_COINMINE.NC
Baidu:
Win32.HackTool.CoinMiner.a
Cyren:
W32/Coinminer.DWZG-8697
ESET-NOD32:
Win32/Crytes.AA
APEX:
Malicious
Paloalto:
generic.ml
ClamAV:
Win.Malware.Locky-9361
Kaspersky:
Trojan.Win32.Agentb.btdr
BitDefender:
Trojan.AgentWDCR.HWR
NANO-Antivirus:
Trojan.Win32.DownLoad3.eopqgg
ViRobot:
Trojan.Win32.S.CoinMiner.1578496
SUPERAntiSpyware:
Hack.Tool/Gen-BitCoinMiner
Avast:
Win32:CryptoMiner-Z [Trj]
Tencent:
Trojan.Win32.FakeFolder.ra
Endgame:
malicious (high confidence)
Sophos:
Troj/Miner-CZ
Comodo:
TrojWare.Win32.CoinMiner.B@6tqin0
F-Secure:
Trojan.TR/BitCoinMiner.fra
DrWeb:
Trojan.BtcMine.1214
VIPRE:
Trojan.Win32.Generic!BT
Invincea:
heuristic
McAfee-GW-Edition:
BehavesLike.Win32.Adware.tc
Trapmine:
malicious.moderate.ml.score
FireEye:
Generic.mg.aba2d86ed17f587e
Emsisoft:
Trojan.AgentWDCR.HWR (B)
SentinelOne:
DFI - Malicious PE
F-Prot:
W32/Coinminer.A
Jiangmin:
RiskTool.BitCoinMiner.ab
Webroot:
W32.Bitcoinminer
eGambit:
Unsafe.AI_Score_100%
Antiy-AVL:
Worm/Win32.PhotoMiner.a
Microsoft:
Trojan:Win32/CoinMiner.BB!bit
ZoneAlarm:
Trojan.Win32.Agentb.btdr
GData:
Win32.Trojan.Agent.ER3HBX
TACHYON:
Trojan/W32.BitCoinMiner.1578496
AhnLab-V3:
Trojan/Win32.BitCoinMiner.R230798
Acronis:
suspicious
VBA32:
Trojan.Miner
ALYac:
Misc.Riskware.BitCoinMiner
MAX:
malware (ai score=100)
Ad-Aware:
Trojan.AgentWDCR.HWR
Zoner:
Trojan.Win32.44850
TrendMicro-HouseCall:
WORM_COINMINE.NC
Rising:
Trojan.CoinMiner!1.ACBA (CLOUD)
Yandex:
Trojan.Miner!8na/85u4hbs
Ikarus:
Worm.Win32.Crytes
MaxSecure:
Worm.Remoh.ai
Fortinet:
W32/BitCoinMiner.BXPOTENTIALLYUNSAFE!tr
BitDefenderTheta:
AI:Packer.95BED5141F
AVG:
Win32:CryptoMiner-Z [Trj]
Cybereason:
malicious.ed17f5
Panda:
Trj/WLT.C
Qihoo-360:
Win32/Trojan.cb4
|
| MD5 |
aba2d86ed17f587eb6d57e6c75f64f05
|
| SHA1 |
aeccba64f4dd19033ac2226b4445faac05c88b76
|
| SHA256 |
807126cbae47c03c99590d081b82d5761e0b9c57a92736fc8516cf41bc564a7d
|
| SHA3 |
960e87b5b18daeddceb5da5c5ad9e71e34ad0bbc232f4f0167e317a233607912
|
| SSDeep |
24576:pWKqa4hnzP3w7L3rmZmpk7FSQFW2iJ+N07/TwYV1CdZdQ+4lT+iFgiGTtswAtdz:pSrwf3aZmpOFU2iQNIUc1LxGTtswgd
|
| Imports Hash |
60da00e1cd73bcdc78866dfc77676d4b
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
9
|
| TimeDateStamp |
2016-Feb-06 21:24:54
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x13800
|
| SizeOfInitializedData |
0x181200
|
| SizeOfUninitializedData |
0x4c00
|
| AddressOfEntryPoint |
0x000012A0 (Section: .text)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0x15000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
1.0
|
| SubsystemVersion |
4.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x18c000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x18a65e
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
39157f6164a3e966d93a9e54bfd55e5d
|
| SHA1 |
e4f3b05c2cb72a3a9bb4e5bacd63788c2b5490c5
|
| SHA256 |
c9e1fd77e2e7720cf06e96a999d6dac15968a224270deff5b1f4865209f9d0c1
|
| SHA3 |
f37cbf686aac7e017b8fa6d3d5cb70b076c78bbcfbda2aa5058bd42bd35db18b
|
| VirtualSize |
0x137d0
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x13800
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
6.10382
|
| MD5 |
4fc8adf7c869a3dc80426fcded1e27c6
|
| SHA1 |
256e5fd77471c28593995ca3c04c6bd381484a7e
|
| SHA256 |
73ce5d3a44495b392987790dacd55271faf9908b4e1fc1048792f2ab0149001d
|
| SHA3 |
63f94a058d88dc21fa9acdd4f9b3811738dec9bf22e032db6a726ec70ec7d8cc
|
| VirtualSize |
0x464
|
| VirtualAddress |
0x15000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0x13c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
2.15393
|
| MD5 |
01869b2ba05653efc7e6e179ffc28524
|
| SHA1 |
404f81af522150235967c7ea3605dc7ec5deff1d
|
| SHA256 |
dce8dfb0f1da35d68ba8fe57ef9080da81bf94ebb4b5232092ad7a095e2c8e24
|
| SHA3 |
d471af57e8262c57411c99a092c5f47345147941bcbc12190f7e9544656b3703
|
| VirtualSize |
0x2814
|
| VirtualAddress |
0x16000
|
| SizeOfRawData |
0x2a00
|
| PointerToRawData |
0x14200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
5.20732
|
| MD5 |
a5fe82dca0728310905bb6a8e4d0bc89
|
| SHA1 |
38077d7eac73791ed56a875f762607f420a30eea
|
| SHA256 |
f6e908e0cc1cf9cd791fff1e3cd23095b00fd6f973bf5aac470fa3d0d00c7415
|
| SHA3 |
87c3f95012e3f1a2bd009e78a5e6dd19aee915efd9bd754addfb255a03879beb
|
| VirtualSize |
0x3f8
|
| VirtualAddress |
0x19000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x16c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.59707
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x4b4c
|
| VirtualAddress |
0x1a000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
e5e1e8c03c9fe706cebf7ad22484fd9c
|
| SHA1 |
851ac9544791955aa0578aca1df9a4d4611cedff
|
| SHA256 |
1f614431275a752a873941865ec9a32c43ea563f703fda9732ca13bf1c1f1caa
|
| SHA3 |
ae47e8c778cb42a5bdf37f9a9667b4bb140ebe9d2bb4e78d2573022ef6d7de4f
|
| VirtualSize |
0xd98
|
| VirtualAddress |
0x1f000
|
| SizeOfRawData |
0xe00
|
| PointerToRawData |
0x17000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
5.20616
|
| MD5 |
9d082062f4e4e509453fecdae3c43c45
|
| SHA1 |
017fb7e9f533038de83933b0d5cb232b45bedb9b
|
| SHA256 |
ed16f4769b9a7d4c4036d8f31b267afba5453e3dd8348567d1a67e8c09d01371
|
| SHA3 |
87c67b531cd23bd32ee86fdecc0bd7c6366dcaee7f4e363a167010f1d19125d8
|
| VirtualSize |
0x1c
|
| VirtualAddress |
0x20000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x17e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.170146
|
| MD5 |
f8afb1bfec2ae1670831e201203150b4
|
| SHA1 |
997b5806a26eb53fe57011ba617d9de51785c1ee
|
| SHA256 |
327103325f3c39f8b74e3c5732a1ae3de171013265204687e5449ec7979aa181
|
| SHA3 |
628014e40b538fb102081d5c1a98a34c1bb227e1f4cb638f96a49d7196121788
|
| VirtualSize |
0x20
|
| VirtualAddress |
0x21000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x18000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.210826
|
| MD5 |
2a2c87b0b8e62eec304b57f76d5904de
|
| SHA1 |
7cdf9e1c2ee86aa3d95a06b23898cac34b5e4005
|
| SHA256 |
0f91da91c1341080d247e77e1dd9213d1cc12a17a6c9813746908aded4c8ba4b
|
| SHA3 |
46165c1c5619e783ab11c477f0ff62aac8c400223e3a6bc610df461dd61ca0b7
|
| VirtualSize |
0x169230
|
| VirtualAddress |
0x22000
|
| SizeOfRawData |
0x169400
|
| PointerToRawData |
0x18200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.91453
|
| WININET.DLL |
FtpFindFirstFileA
FtpGetFileA
FtpOpenFileA
FtpPutFileA
InternetCloseHandle
InternetConnectA
InternetFindNextFileA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetSetOptionA
|
| KERNEL32.dll |
AddAtomA
CloseHandle
CreateEventA
CreateFileA
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindAtomA
FindResourceA
GetAtomNameA
GetCommandLineA
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
InterlockedDecrement
InterlockedExchangeAdd
InterlockedIncrement
LeaveCriticalSection
LoadResource
LockResource
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WriteFile
|
| msvcrt.dll |
_write
|
| msvcrt.dll (#2) |
_write
|
| SHELL32.DLL |
ShellExecuteA
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x668
|
| TimeDateStamp |
2016-Jan-22 17:07:35
|
| Entropy |
2.74783
|
| MD5 |
a58a5f4e299ea44443844ec56ff431a0
|
| SHA1 |
852b83d5557013154757d29827a573002e59f67d
|
| SHA256 |
207fd544b13bc13b41e30330f34cbed99be2d8bc96e0fbf1642bf87e539c5b04
|
| SHA3 |
87f4adac167f718086c84287a7c57c425f086bed31197f141cc482c2f6318aff
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x2e8
|
| TimeDateStamp |
2016-Jan-22 17:07:35
|
| Entropy |
2.9036
|
| MD5 |
e0f156b0f823ca4e0e11172a0ecf24c9
|
| SHA1 |
7ff0c03ee06cfb5597c0f813e24eb9a38c900b2c
|
| SHA256 |
7fe772dbc0d6f69e097bfe0f0e5960e282fd7217c7bc5584ba83b406efa9383d
|
| SHA3 |
be45731d43c46ba5f3f58f1ec0e57c501ca0cbf1ef6e633961c3e3e93f699663
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x128
|
| TimeDateStamp |
2016-Jan-22 17:07:35
|
| Entropy |
3.25525
|
| MD5 |
a4fc028f5163ed8bf14a8c0b0206dd93
|
| SHA1 |
0bab66220262c08d859aa5e28fc62c131aff7cb6
|
| SHA256 |
b7b57d5c06be8ef2a85dc3f9faadb2572c61354aefb43c6c05f313c2061e9d38
|
| SHA3 |
9824248a7ae5402df553612600e1f9725bda3ef0cb50d6b4d371019149cb829b
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0xea8
|
| TimeDateStamp |
2016-Jan-22 17:07:35
|
| Entropy |
4.06801
|
| MD5 |
ca4e261bdba41965f948d3827ef59103
|
| SHA1 |
3767a90b477302367bfd27d23ac38e1d31280563
|
| SHA256 |
6e9b7d5b674577fe5bd14b0d91bed50fa0ed0d9f56d90a2545793217d0f34a5f
|
| SHA3 |
d732f09a41efb3009b404b0d4a9eb80fe939580428335720ffc19735ee0b7af4
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x8a8
|
| TimeDateStamp |
2016-Jan-22 17:07:35
|
| Entropy |
4.19807
|
| MD5 |
58b16941eafbee4512ad166d471665ac
|
| SHA1 |
934c6803805a23b7b12fa0c9a5aaa94d4b4523d4
|
| SHA256 |
da431d25b19fe5a3a67aac04530d7bea72a0fa2bdf24bfa7f315b41a724536fe
|
| SHA3 |
7af9fa89cb8969a5846e1fc0116e2df1e5cc2809f5633c09b7be2b2aff046df5
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x568
|
| TimeDateStamp |
2016-Jan-22 17:07:35
|
| Entropy |
3.00266
|
| MD5 |
5f839904d1f830ca14f3535a66bdc503
|
| SHA1 |
557cfe9cd7067d515d62b08b2e1ba48b270a3a3e
|
| SHA256 |
d49dbac01bbe40db013314532e76eaf2040145269db9e42f38d67a685fe3b7f4
|
| SHA3 |
7d2eb591635b38fd72856aa620409940d974030da69a141be18d7beb53b063f1
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x4d00
|
| TimeDateStamp |
2016-Jan-22 17:07:35
|
| Entropy |
7.95778
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
f9de2d94f87ce697327e8f6bc5664895
|
| SHA1 |
c1a0f0f2f683857a9ee6931b7dbae2b9db67c7f3
|
| SHA256 |
c29b2796c9604393dfb0d33b26f5ad719c6e468efeb6e2b2eafe651a1e3f2e29
|
| SHA3 |
130f5255c8c089ff8fc6780d86f2a9138f1e892a478fa42b923b430db99d3448
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x25a8
|
| TimeDateStamp |
2016-Jan-22 17:07:35
|
| Entropy |
3.87831
|
| MD5 |
33fbf612b11e891563f7e9a3cce85632
|
| SHA1 |
d135645db90279e96a460452623b11fda4209873
|
| SHA256 |
639b5182dcf8c0bb7b5666256ae0635b9db4c5cb86e4401198b31765cbf65adf
|
| SHA3 |
04c8b1f1547b216777b4b1d98881267daf13d538ac6bb3c808a44e7d03bedfc9
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x10a8
|
| TimeDateStamp |
2016-Jan-22 17:07:35
|
| Entropy |
4.41844
|
| MD5 |
4dd6a47783da4f97a1356d24da5f38f4
|
| SHA1 |
e44c8fc8a536c08e1535dcc80a9a84123fc54517
|
| SHA256 |
1d62ec45a12db8f620e8a7f42ee9a5851557dc47a1898a0c351c2c8b971f108b
|
| SHA3 |
8665dc80a969956d14678a9c6c7be4b34ac2a54a9637d8652a7fe1a54918990d
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x468
|
| TimeDateStamp |
2016-Jan-22 17:07:35
|
| Entropy |
5.09697
|
| MD5 |
4a5a9568dd29f98a988bad6018a8cc27
|
| SHA1 |
69d88ea0ef59928d840b0a29240256f60e6965a4
|
| SHA256 |
6baa65aaa1fd1da200ae4b536e76d733a232e1a92d1fd47b346a1dab98882ab5
|
| SHA3 |
0d1f440a918a6c3a0cac08d7196ba59096a63feb24c76ec2a10ab71fc9122a7e
|
| Type |
RT_RCDATA
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x15e000
|
| TimeDateStamp |
2016-Jan-22 17:07:35
|
| Entropy |
7.93024
|
| Detected Filetype |
PE Executable
|
| MD5 |
3afeb8e9af02a33ff71bf2f6751cae3a
|
| SHA1 |
fd358cfe41c7aa3aa9e4cf62f832d8ae6baa8107
|
| SHA256 |
a0eba3fda0d7b22a5d694105ec700df7c7012ddc4ae611c3071ef858e2c69f08
|
| SHA3 |
de113ef970e5bd9bf671c0519c5192318d73a7fabc5e8f6d7b2d50499dda9637
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x92
|
| TimeDateStamp |
2016-Jan-22 17:07:35
|
| Entropy |
2.85059
|
| Detected Filetype |
Icon file
|
| MD5 |
3e8667ee9310f4e5ee5b45ffaac60a4c
|
| SHA1 |
39d7460007158fa2fa45727b0e97bb2852db48ea
|
| SHA256 |
0151fc81c92419fc254e47334416d9b7ca0a6bb63a76680e947705f60caec41f
|
| SHA3 |
6213228ce429a31bd4cc0dee10e7a3980798091c10b381b90f55bad69a8cb38a
|
| StartAddressOfRawData |
0x421019
|
| EndAddressOfRawData |
0x42101c
|
| AddressOfIndex |
0x41ea78
|
| AddressOfCallbacks |
0x420004
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x0040C2B0
0x0040C260
0x0040FAE0
|
[*] Warning: Section .bss has a size of 0!
aba2d86ed17f587eb6d57e6c75f64f05