b0a174ba5e122a46e9cc25bbbaa622b9

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ v6.0 DLL
Microsoft Visual C++ 8.0
Suspicious The PE is possibly packed. The PE only has 1 import(s).
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 b0a174ba5e122a46e9cc25bbbaa622b9
SHA1 c66b4d92f3b2ef0d3ca5b67bce50a7b9dab5e1d3
SHA256 d7d0276dbf37730ebe4c359e933bbec3ce9716389bf84e7145e13c0eef71e166
SHA3 46aaba276409a4294e59ef0e9c6e4a9ab8100931f9382ec9ed36e8c6365b2810
SSDeep 1536:RN3pq+dJm/BxyDskXy7Xxzr+4MRsw0hR0enIeTCNHXeSOY:73uBUskIskIiC
Imports Hash e54bd6d7e1f8cc11634350917c4eef06

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 3.0
SizeOfCode 0x1b1e2
SizeOfInitializedData 0x4440
SizeOfUninitializedData 0x449cf5
AddressOfEntryPoint 0x0001BEEE (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1d000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x46d000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x1000000
SizeofStackCommit 0x100000
SizeofHeapReserve 0x1000000
SizeofHeapCommit 0x100000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 4f6eb78330a519876a53805d2ea4b605
SHA1 eed24bd8839a9a8f96d31696aa50a56096c2aa22
SHA256 c5b8ed7af84e0f08213552d5098d290745e0f90da6ebe640acd33f0b08fd57d1
SHA3 b412989ae855df4cb2f98f265adf0e0f1c3c618885b8bf213af6f4a170ea4bb4
VirtualSize 0x1b1e2
VirtualAddress 0x1000
SizeOfRawData 0x1b200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.33412

.data

MD5 8b12be45890bf2c24bbb84517caf882c
SHA1 282d5ead17f92faa9f91037dd5686ddd43a17856
SHA256 08e2428f1d9edae20f8fac0ebd197d9a8964b8d536901015ae95eddcbf68dd19
SHA3 35749f9ca06256b68aadc6834693ec53fefaf35766bcbfc607465b4b96af2894
VirtualSize 0x4440
VirtualAddress 0x1d000
SizeOfRawData 0x4600
PointerToRawData 0x1b600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.64772

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x449cf5
VirtualAddress 0x22000
SizeOfRawData 0
PointerToRawData 0x1fc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 f3485faf869038b39d9a152e824837ac
SHA1 b901237626234d6a4a52ddbc8d9ef06868b7d81f
SHA256 3dd93914097167294934acb7d794022bec4dc44158cc19cb7f45cee75cd137fc
SHA3 502efeaaa7c59268a5ea6213d978a4135be7a4a08956dd8ed65d3a016096956b
VirtualSize 0x2c2
VirtualAddress 0x46c000
SizeOfRawData 0x400
PointerToRawData 0x1fc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.94479

Imports

KERNEL32.DLL GetCommandLineA

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Could not read an import's name. [*] Warning: Section .bss has a size of 0!
<-- -->