ad583e6cd502aeb3c77bfba6cb0a2e98

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2020-May-19 20:26:56

Plugin Output

Malicious VirusTotal score: 4/74 (Scanned on 2020-06-19 13:14:11) APEX: Malicious
Trapmine: suspicious.low.ml.score
Endgame: malicious (high confidence)
eGambit: Unsafe.AI_Score_100%

Hashes

MD5 ad583e6cd502aeb3c77bfba6cb0a2e98
SHA1 07435a68d49263f772cfaf673c6f81179aadd166
SHA256 f91b014406702d2ba23fe9f9fcacc16614c88bc975332a08591f81926a3406e2
SHA3 1f62189d5b679144612ef708a12f5db04838b76baa33c066f4600cedec9541a8
SSDeep 1536:Tah/4iiBEUTbik7Fz7onjiPpTa+agvtlO6NgYAyp9w9dqgn6KW773rkivAgW:GdmPik7J7GjqpTzLpN3Xw9dqI0cwAg
Imports Hash 9cce297162cabc183ab4962960a24204

DOS Header

e_magic MZ
e_cblp 0x80
e_cp 0x1
e_crlc 0
e_cparhdr 0x4
e_minalloc 0x10
e_maxalloc 0xffff
e_ss 0
e_sp 0x140
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2020-May-19 20:26:56
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 1.0
SizeOfCode 0x1a200
SizeOfInitializedData 0x2400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001000 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1c000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 1.0
ImageVersion 0.0
SubsystemVersion 3.A
Win32VersionValue 0
SizeOfImage 0x27000
SizeOfHeaders 0x400
Checksum 0x26e8e
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
SizeofStackReserve 0x10000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x10000
SizeofHeapCommit 0
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 fb119f593a7a3802f98b96f405496d95
SHA1 fd0d3821abe35fb73b1e1ebb0972ed1a425858f1
SHA256 2441d4a77361fa25e29dee911f993de7afe609ab2e12fe491150088c3476b22b
SHA3 5e9b9e9a7a9c32925282e1470bd1361b66f2e7b96a75ff14efb213464128b3d8
VirtualSize 0x1a104
VirtualAddress 0x1000
SizeOfRawData 0x1a200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.8317

.data

MD5 2dedf2f723fa1521aa84805b626ea829
SHA1 d8e6a9927d6e18ed76af17cb27e63e34fb8f38e3
SHA256 3d6dabb201888aecd8ea16127b53a5693fef7d3ce6db868cfd647319dd9f86da
SHA3 e9815a24035954c44c872b5269f68612fe094c759695a0c0e36f0de9916896cd
VirtualSize 0x76e3
VirtualAddress 0x1c000
SizeOfRawData 0x200
PointerToRawData 0x1a600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.50079

.idata

MD5 c6eca2937a8d27d24db5fa9225dc270e
SHA1 16d356d055b2866dd8d4d11748cec19dc86e7598
SHA256 8dec7bab9a1755a696b2e611c5852794d578ce4e78e4d088c0f9c96ad635199a
SHA3 bcad717b44727359cdcc99a3a3413c8ce84404be5cf73875dd7ea80c468d083b
VirtualSize 0x14f
VirtualAddress 0x24000
SizeOfRawData 0x200
PointerToRawData 0x1a800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.33507

.reloc

MD5 a1ac9b4fe7cdb2eb2dac19286ad39717
SHA1 c8ad193881b182b5c0fa1c37fc44738d99396cc5
SHA256 f90b57502124fb845a1ea2cb8a389a1a169764cd16c8c092a074b374ec8e4e4f
SHA3 74befba1ec497163386583edc718bc12fa9022c899cce87c47975b3549188bff
VirtualSize 0x1f68
VirtualAddress 0x25000
SizeOfRawData 0x2000
PointerToRawData 0x1aa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.78764

Imports

KERNEL32.DLL ExitProcess
CreateFileA
ReadFile
WriteFile
CloseHandle
SetFilePointer
GetCommandLineA
GetEnvironmentVariableA
GetStdHandle
VirtualAlloc
VirtualFree
GetTickCount
GetSystemTime
GlobalMemoryStatus

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->