af09bf587303feb4a9e9088b17631254

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2016-May-21 04:25:40
Detected languages English - United States
TLS Callbacks 1 callback(s) detected.
Debug artifacts E:\Developpement\CSandbox\x64\Release\CSandbox.pdb

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 8.0
Info Libraries used to perform cryptographic operations: Microsoft's Cryptography API
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryExA
  • GetProcAddress
 Uses Microsoft's cryptographic API:
  • CryptAcquireContextW

Hashes

MD5 af09bf587303feb4a9e9088b17631254
SHA1 605970dd08620c99972dcf4a268e833ae5499be8
SHA256 f34d727fd304e219a1337c2fa47da7e240ab0071d9c4fcdf90bd334b5cee24b3
SHA3 66701e0c4bdeb6abc56922aee0fdeddcccd9a7a7a4d48cfa529c115ee7b13285
SSDeep 192:Nmq5wYm55AZxlgxmDIHHdQFqLxyHqYWyFBqAc3Q5tfyyH+I:4ewYVxlMmDsjLxyHjc3Lo
Imports Hash 1e3dfa54ef487af8ee950d495e17839d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 2016-May-21 04:25:40
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x1800
SizeOfInitializedData 0x2600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001AE4 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0xb000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 7a5ddca6f858307407f67cb70355ec2d
SHA1 763c3704d1e22a95d141b8d03e4a1e5ddd1fee3a
SHA256 776ce073a33139695710621349020fb517f17762a4246e523fdf3b0502e28a36
SHA3 0cad3f4b420102903451e54da3436feb9733870a329b6cb50875eead81cd5d8a
VirtualSize 0x1608
VirtualAddress 0x1000
SizeOfRawData 0x1800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.87407

.rdata

MD5 b94b9de09f5b5ab4fe783c35c6854040
SHA1 b724ed8bb74e7d48ddb50e9a967f48bc35b6aadf
SHA256 56786b388b1a74f9664f92c5060030bf5bbe0fdf99f600073c29847490f9d8d2
SHA3 700f13b5500fe647e14a6132ee6f1a3d970d10fca0ead81b8c8714b7afa85170
VirtualSize 0x124e
VirtualAddress 0x3000
SizeOfRawData 0x1400
PointerToRawData 0x1c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.07696

.data

MD5 68b406c04bc9e4ec5ff79e9f763b3a95
SHA1 e043fc99ab8cfdd5ec599fc1ddbbeb0dc587e648
SHA256 2a381f818ff8b987e871b0d6cd8c9903f41bb5c8e5704d8910eb3f72f3ab97a1
SHA3 789b03214be1617f2641f2333dcf936ad9b7b6ae4b8d0ba9f4b488e3ec20e8ab
VirtualSize 0x698
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x3000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.519063

.pdata

MD5 dd6d98548e09bd2e526c8da520b0716b
SHA1 58770ce415ab5cca3d9562684fbe5a4c1d64a2bd
SHA256 f645ccd660cd43e0a170f99591a0aa18be6b7357029d390fff2f7ad0a83fa587
SHA3 5650a722eb8317fe4126ba194f8987f8a071f6adf4777905d40b9f827fadc93f
VirtualSize 0x1e0
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x3200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.63112

.tls

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x2
VirtualAddress 0x7000
SizeOfRawData 0x200
PointerToRawData 0x3400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.gfids

MD5 b125a3fa4321e0aebe343c8778f88205
SHA1 04ddd8990cb2aeb55398d4e443da5dc17635c07f
SHA256 f0d8224cb8d3e3080a89a1493ad6be0490d33e60b21b0b56256cfd75fea28d5b
SHA3 e67eccdaafeeab8bb1acfd47c8dc8dca66e27f464ace686d72fda1393ba042e8
VirtualSize 0x1c
VirtualAddress 0x8000
SizeOfRawData 0x200
PointerToRawData 0x3600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.142636

.rsrc

MD5 fb20ae2a7910d36ef7e1ed0b22953dbf
SHA1 53b0a43a879cf778730d8bd7309f76d73d40a678
SHA256 3ecd84e2d8e73672dba01382283fde59898dcd230ee8af5d9870cef983142e6a
SHA3 6d192e7d311d72fa64237646e50ec96550f5043fa0e8a3ed75069671657a6958
VirtualSize 0x1e0
VirtualAddress 0x9000
SizeOfRawData 0x200
PointerToRawData 0x3800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.7015

.reloc

MD5 8b16d21787000ee3b52a5815174641a9
SHA1 e727a8ce4b84af97bd06edfd86e71c0114b9d8a1
SHA256 6f9d02cd83bd42154e271b9315d6c3812a0b79273c1ce4951da091325698d54b
SHA3 5ce132108540d4d8abbe92c1a0fecf74ceb9171d71e197abe14a995604533a33
VirtualSize 0x34
VirtualAddress 0xa000
SizeOfRawData 0x200
PointerToRawData 0x3a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.648813

Imports

VCRUNTIME140.dll __C_specific_handler
__telemetry_main_return_trigger
memset
__telemetry_main_invoke_trigger
api-ms-win-crt-stdio-l1-1-0.dll __stdio_common_vfwprintf
__acrt_iob_func
__p__commode
_set_fmode
api-ms-win-crt-runtime-l1-1-0.dll _seh_filter_exe
terminate
_register_onexit_function
_initialize_onexit_table
_set_app_type
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_crt_atexit
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
KERNEL32.dll GetLastError
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryExA
GetProcAddress
GetModuleHandleW
RaiseException
ADVAPI32.dll (delay-loaded) CryptAcquireContextW

Delayed Imports

Attributes 0x1
Name ADVAPI32.dll
ModuleHandle 0x5050
DelayImportAddressTable 0x5038
DelayImportNameTable 0x3ab0
BoundDelayImportTable 0x3ad8
UnloadDelayImportTable 0
TimeStamp 1970-Jan-01 00:00:00

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2016-May-21 04:25:40
Version 0.0
SizeofData 75
AddressOfRawData 0x3538
PointerToRawData 0x2138
Referenced File E:\Developpement\CSandbox\x64\Release\CSandbox.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2016-May-21 04:25:40
Version 0.0
SizeofData 20
AddressOfRawData 0x3584
PointerToRawData 0x2184

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2016-May-21 04:25:40
Version 0.0
SizeofData 876
AddressOfRawData 0x3598
PointerToRawData 0x2198

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2016-May-21 04:25:40
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

StartAddressOfRawData 0x140007000
EndAddressOfRawData 0x140007001
AddressOfIndex 0x140005098
AddressOfCallbacks 0x140003228
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_1BYTES
Callbacks 0x0000000140001070

Load Configuration

Size 0x94
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140005000

RICH Header

XOR Key 0xddc43d8a
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 10
Imports (23907) 3
ASM objects (23907) 2
C objects (23907) 12
C++ objects (23907) 21
Imports (65501) 2
Total imports 58
265 (VS2015 UPD2 build 23918) 1
Resource objects (VS2015 UPD2 build 23918) 1
Linker (VS2015 UPD2 build 23918) 1

Errors

<-- -->