Manalyze report for abe1cae38e8fda16bdfad232657494ef

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Apr-25 02:53:08
FileDescription
FileVersion	`0.0.0.0`
InternalName	btcscript.exe
LegalCopyright
OriginalFilename	btcscript.exe
ProductVersion	`0.0.0.0`
Assembly Version	0.0.0.0

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Accesses the WMI: root\cimv2`
Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`abe1cae38e8fda16bdfad232657494ef`
SHA1	`587aa58035913c1baa59c3993edb161bab4e9ce2`
SHA256	`f99463699fbc251681e195969e1b6e06d89bc7c2da973c53ace6ae6d90bf9732`
SHA3	`dc5c06ec41be1d5391dd79df5c10b6315b399646913ba9041b1099d9d6a42a23`
SSDeep	`393216:anu/hmDdowagzFbTt2CqjoiuuDiZfnAKHBN4zMbSdvyHQRq:ang4DdowV1l9t6s2vGh`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`2`
TimeDateStamp	2021-Apr-25 02:53:08
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`11.0`
SizeOfCode	`0x1180200`
SizeOfInitializedData	`0x600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000000000 (Section: ?)`
BaseOfCode	`0x2000`
ImageBase	`0x140000000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x1186000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x400000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c1e3973ec77be6e91a0bc47037920d08`
SHA1	`62cdbd7d23ef391edab828afd1bd9e6110442954`
SHA256	`7d1b8ae6bfc00c6510b86c1ef7e65c0397b72854dde6cec4b591fc6f3374c549`
SHA3	`569f16e7f63e8e5d3d38c82465e26707f97df7b87e4faa7fdda04fc73bf709cc`
VirtualSize	`0x1180114`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1180200`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.99999`

.rsrc

MD5	`b3f31833d2e6c8b4fdf94c912912930d`
SHA1	`a15a137c5dea2e690cc967f9e253fd32e8241357`
SHA256	`532d5fbc75697d522a5ef77251fb1c6cf9629e792f21962ef33792c114423cc9`
SHA3	`f548bedf3b61c6e43670224bd3bcfb9c728bff1930a4a3ce414593a025619797`
VirtualSize	`0x4e0`
VirtualAddress	`0x1184000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1180400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.73636`

Imports

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x24c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17118`
MD5	`679260147eb00ddb76562bca5dde1cae`
SHA1	`b6bfddf6c6b5724ac7c4b2a780a870f283e37b05`
SHA256	`7f7729b8f9e4241a072fbd6f13fadad9b52b5a8cd5f5b613e01de55c1a669ecf`
SHA3	`7bec2fbcd7b9936ccb1db06647358b7f9be3f82b7058ffa69e1ba7f91ba9b9d4`

1 (#2)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x1ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.00112`
MD5	`a19a2658ba69030c6ac9d11fd7d7e3c1`
SHA1	`879dcf690e5bf1941b27cf13c8bcf72f8356c650`
SHA256	`c0085eb467d2fc9c9f395047e057183b3cd1503a4087d0db565161c13527a76f`
SHA3	`93cbaf236d2d3870c1052716416ddf1c34f21532e56dd70144e9a01efcd0ce34`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
FileDescription
FileVersion (#2)	0.0.0.0
InternalName	btcscript.exe
LegalCopyright
OriginalFilename	btcscript.exe
ProductVersion (#2)	0.0.0.0
Assembly Version	0.0.0.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

abe1cae38e8fda16bdfad232657494ef

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

Imports

Delayed Imports

1

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors