Manalyze report for b10f88d4f3f0126acee4c28765ee3ad8

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-Feb-21 14:26:31
TLS Callbacks	2 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /31` `Unusual section name found: /45` `Unusual section name found: /57` `Unusual section name found: /70` `Unusual section name found: /81` `Unusual section name found: /92`
Suspicious	The file contains overlay data.	`27338 bytes of data starting at offset 0x47000.`
Malicious	VirusTotal score: 48/71 (Scanned on 2023-09-21 00:40:11)	`ALYac: Trojan.GenericKD.47646638` `APEX: Malicious` `AhnLab-V3: Malware/Win32.Generic.C3531008` `Alibaba: TrojanDownloader:Win32/PsDownload.4103437e` `Antiy-AVL: Trojan[Downloader]/Win32.PsDownload` `Arcabit: Trojan.Generic.D2D707AE` `BitDefender: Trojan.GenericKD.47646638` `Bkav: W32.AIDetectMalware` `CrowdStrike: win/malicious_confidence_100% (W)` `Cylance: unsafe` `Cynet: Malicious (score: 100)` `Cyren: W32/Rozena.O.gen!Eldorado` `DeepInstinct: MALICIOUS` `ESET-NOD32: a variant of Generik.IEQGOCW` `Elastic: malicious (moderate confidence)` `Emsisoft: Trojan.GenericKD.47646638 (B)` `FireEye: Generic.mg.b10f88d4f3f0126a` `Fortinet: W32/Generic.AC.42EDDB` `GData: Trojan.GenericKD.47646638` `Google: Detected` `Gridinsoft: Ransom.Win32.Sabsik.oa!s1` `Ikarus: Trojan.SuspectCRC` `Jiangmin: TrojanDownloader.PsDownload.tw` `Kaspersky: Trojan-Downloader.Win32.PsDownload.fvj` `Lionic: Trojan.Win32.PsDownload.tskW` `MAX: malware (ai score=100)` `Malwarebytes: Trojan.Downloader` `MaxSecure: Trojan.Malware.73799730.susgen` `McAfee: RDN/Generic Downloader.x` `McAfee-GW-Edition: BehavesLike.Win32.Generic.fm` `MicroWorld-eScan: Trojan.GenericKD.47646638` `Microsoft: Trojan:Win32/Convagent!mclg` `NANO-Antivirus: Trojan.Win32.PsDownload.ivszja` `Panda: Trj/GdSda.A` `Rising: Downloader.PsDownload!8.E547 (CLOUD)` `Sangfor: Downloader.Win32.Psdownload.V3qt` `Sophos: Generic Reputation PUA (PUA)` `Symantec: ML.Attribute.HighConfidence` `Tencent: Win32.Trojan-Downloader.Psdownload.Rgil` `TrendMicro: TROJ_GEN.R002C0DH423` `TrendMicro-HouseCall: TROJ_GEN.R002C0DH423` `VBA32: BScope.TrojanDownloader.PsDownload` `VIPRE: Trojan.GenericKD.47646638` `Webroot: W32.Trojan.GenKD` `Xcitium: Malware@#2lrl7pwsduc5z` `Zillya: Downloader.PsDownload.Win32.613` `ZoneAlarm: Trojan-Downloader.Win32.PsDownload.fvj` `Zoner: Trojan.Win32.76800`

Hashes

MD5	`b10f88d4f3f0126acee4c28765ee3ad8`
SHA1	`413fa47b9c1bbf6f0e674d1457392c4bd32399a0`
SHA256	`3e2d915b4baff9c6423cbb28ee1b607fd1b8022f9d49f888f02fb8790a28a6e7`
SHA3	`960b90bf520ed55fe030f0b3f906644fdf7040fc3e82e4f07c8fb3d98e30be9f`
SSDeep	`6144:7xES9dIYy8ttwQu88V0nATSUGRJKD8LPmkbBvncOq4xuzE72lb5:WzgskNAmZd7ew3c`
Imports Hash	`13090d771037528351cba572a45f3946`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`15`
TimeDateStamp	2019-Feb-21 14:26:31
PointerToSymbolTable	`0x47000`
NumberOfSymbols	`1251`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x1a00`
SizeOfInitializedData	`0x2c00`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x000014A0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x52000`
SizeOfHeaders	`0x400`
Checksum	`0x56b93`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`972ed7c63f820b607de607b74a202ff0`
SHA1	`a9a45962901f9a7e5b5a48eaf14c9ad192bb0c73`
SHA256	`fd45e3c0000c1b6220d49283b6bd656f9472b6f9f7800d34ee6c624ad58b1c53`
SHA3	`7dac0c4eb46a6cf2ab4cf176fcfefe110af5bbea3bb9cfebb6a75d1ca69c8c96`
VirtualSize	`0x18a4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.85616`

.data

MD5	`23cdbe1475295fb568410901fa1cffcb`
SHA1	`77fbbe404f9da55a0ed754e6ffe1e763bfc404f3`
SHA256	`eb577a057228d499d2365da962e9b89820f544c0ad03e87c6d090af18e623dbd`
SHA3	`61ff811970b60a881606c741ebf49cf09c162f358a6353cdf29c19848e0fc710`
VirtualSize	`0x30`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.564288`

.rdata

MD5	`1a65ce36b899844d51897b18a6a0e1b7`
SHA1	`74bb4077ea696429c9af4754219ad053004f78e9`
SHA256	`ebad6acd11eae3137deea8450888f84ab0ab9823bbefaf782949a8bb40269f91`
SHA3	`c8b3466a8c321dff1a1ef0e998e4c4cef5cd6435f16f0414ecc240adb3bb919c`
VirtualSize	`0x5d4`
VirtualAddress	`0x4000`
SizeOfRawData	`0x600`
PointerToRawData	`0x2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.16422`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x3e8`
VirtualAddress	`0x5000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`959f5b51dcd79a0ed898c1b085ea56bb`
SHA1	`0796a1dbfdbd993c16e2bc1fb600bb2a3a35ea9e`
SHA256	`89c46169d401595b9eb8cf23ba6cfd66f4e08caca3e20214256a02e1cf0151b0`
SHA3	`b90381eaf357d5997532e6b6341c8013a905bb0bcd7f6c459e1d3032c36477a9`
VirtualSize	`0x580`
VirtualAddress	`0x6000`
SizeOfRawData	`0x600`
PointerToRawData	`0x2600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.36644`

.CRT

MD5	`f8fadd1981d4f21fbf9eda7c5ba95c2d`
SHA1	`4b9dc6a308400b25da9388dac706fdf3c6b1fb63`
SHA256	`531aeae7cc11138916c57b240480268a02c8d2eef430d213a809dea40a54ffb5`
SHA3	`fe7dd7dee4e94f16891cfe2a3fc6d9ebd7f99759f74960cd1966d7bfcf7fc142`
VirtualSize	`0x34`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.261827`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x8`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

/4

MD5	`591a9bef82d27e5cc1284a7ab150718f`
SHA1	`f335121f1be0c3deb5de9c4483ce2f06481d8f05`
SHA256	`62ed110a1333daa2544b789cbf6181fab4caf5f368d35844a786eb39e31042b5`
SHA3	`72462f64c67f3b0894c33b9bc31e95c1d3eeb87c1e251e9e76ca4a8ef4f3b74c`
VirtualSize	`0x2a8`
VirtualAddress	`0x9000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.7198`

/19

MD5	`d8fa79beadf75096681c25c81557932f`
SHA1	`99346e2986a569ba7eb0904beca107f701c8c498`
SHA256	`2f16f4748b6493ce7693a05d522dfbc579ba257968ea90c0b97c8cc33d479c5d`
SHA3	`b8e8e351d69757894fb32302fb0c1bdfae21b2f440aa9c337d7e9b9166b9133f`
VirtualSize	`0x3d69c`
VirtualAddress	`0xa000`
SizeOfRawData	`0x3d800`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.95942`

/31

MD5	`bc7b326e76a58e012aa4ffc77c17c693`
SHA1	`91c0b39be37dba38399c01ea5e759de176d07058`
SHA256	`3db87c01c9cd35740fe0fcf363ecad546f5974b8f96fb0d1c8ee9a264a197dbe`
SHA3	`964b0f2581d622a56c8ef9947188fb37138b47425d379b811719071955099d44`
VirtualSize	`0x212e`
VirtualAddress	`0x48000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x40c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.57391`

/45

MD5	`06dc702672ff71072edb54ffca50bcb7`
SHA1	`e09eda9d11d2a6f8b7f1f3a6a86dc2ce6e8cd895`
SHA256	`115c42bb06c77dc1204fbb4eaf593741d0ac25ba8fbf12a40e75a12523fd29cd`
SHA3	`efe45bd03b9c4c3d500de3055baa5c5f6af95a4ce11a70e317d102b130d0a2e5`
VirtualSize	`0x21de`
VirtualAddress	`0x4b000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x42e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.22249`

/57

MD5	`ecc05e6d06dd2f80f72238eed54953e5`
SHA1	`3e8542dbc253f87737a240f0921c7934b22540e4`
SHA256	`4576096761ff0625cf1070bdd170e3b2b951889e76033c8bcbf5228c9a4f9b11`
SHA3	`9019a59d7fbf75a16abf3433f1c61603836348baed644b619e43a6f3abc90688`
VirtualSize	`0x748`
VirtualAddress	`0x4e000`
SizeOfRawData	`0x800`
PointerToRawData	`0x45000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.41116`

/70

MD5	`589585382e223d2751ae100a8cc65422`
SHA1	`b2ea9fcd72187400a973ac01a86670e530c8b060`
SHA256	`8d777778519267992a413db700dd4c7ec18c2921508d1f5ce138d45a841b098d`
SHA3	`255227f5fd27fb86ff0ea0c1e920fee170a83b0cae828e01adb8fb8c2f15f2fc`
VirtualSize	`0x6d3`
VirtualAddress	`0x4f000`
SizeOfRawData	`0x800`
PointerToRawData	`0x45800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.53968`

/81

MD5	`e6aa1809deb9d2a3ad06f9a4b48d1a82`
SHA1	`d2a0be4bf306f910de9e99d08b9d22993ee9233e`
SHA256	`348f930650a2a8fa09b781c7cf700d9e2ad5fe26fa5146cdcfb050c254c3448b`
SHA3	`00771cecb72bf131bdaf90e6f2a8d68d2f16f2b19c9546c36c942d47054f8d5f`
VirtualSize	`0xd83`
VirtualAddress	`0x50000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x46000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.51723`

/92

MD5	`ff3b9a701449b283f8f0ce4346768de0`
SHA1	`26475daabb5c81198e01f757a8d0b41a6a624851`
SHA256	`b712599695ef410dd4a6a77c5cf5ac3084556f44dae640da9026eca94d9efd85`
SHA3	`b3dbcf5573deb7e8ec09ebfba64886e07a5705cc9a5cb9d17c03f648ae840880`
VirtualSize	`0x1c0`
VirtualAddress	`0x51000`
SizeOfRawData	`0x200`
PointerToRawData	`0x46e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.64535`

Imports

KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetLastError` `GetStartupInfoA` `GetSystemTimeAsFileTime` `GetTickCount` `InitializeCriticalSection` `LeaveCriticalSection` `QueryPerformanceCounter` `SetUnhandledExceptionFilter` `Sleep` `TerminateProcess` `TlsGetValue` `UnhandledExceptionFilter` `VirtualProtect` `VirtualQuery`
msvcrt.dll	`__getmainargs` `__initenv` `__lconv_init` `__p__acmdln` `__p__fmode` `__set_app_type` `__setusermatherr` `_amsg_exit` `_cexit` `_initterm` `_iob` `_onexit` `abort` `calloc` `exit` `fprintf` `free` `fwrite` `getenv` `malloc` `memcpy` `printf` `putchar` `puts` `signal` `strlen` `strncmp` `strncpy` `vfprintf`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x408000`
EndAddressOfRawData	`0x408004`
AddressOfIndex	`0x405390`
AddressOfCallbacks	`0x407020`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x004019F0` `0x004019A0`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /31!
[*] Warning: Tried to read outside the COFF string table to get the name of section /45!
[*] Warning: Tried to read outside the COFF string table to get the name of section /57!
[*] Warning: Tried to read outside the COFF string table to get the name of section /70!
[*] Warning: Tried to read outside the COFF string table to get the name of section /81!
[*] Warning: Tried to read outside the COFF string table to get the name of section /92!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!