b283d89d2e7cb8cf00945c8d868051d2

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2018-Dec-02 13:54:12
Detected languages English - United States

Plugin Output

Suspicious The PE contains functions most legitimate programs don't use. Leverages the raw socket API to access the Internet:
  • #116
  • #16
  • #4
  • #23
  • #19
  • #115
  • getaddrinfo
  • #3
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 b283d89d2e7cb8cf00945c8d868051d2
SHA1 0cb30829cef2cd5cfc3d88e81d40818b7d7c0f8a
SHA256 26058938c7e91f08bd5172535a95edbab57841283d39fff2211da4cc08cf8f9b
SHA3 834d75d6ff2ce633c6d90ef4606b8e6e693e6bfcd4106b4d3eb652cd5090879b
SSDeep 192:OwLCmxNG9Ji1nvmkQgzEPzNHsJ7av51R7RC7E5pz6//6SMbgy/boq1Ggv:OwW3cnvsPdsJCRI7Dyg6brGgv
Imports Hash 7ec5d8142294eedc368915597534cbaa

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2018-Dec-02 13:54:12
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x1600
SizeOfInitializedData 0x1a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001A49 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x3000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x7000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 62d1fdccb0f5523effc7afd9cdfa386d
SHA1 a4c557b4eeb4c99b1205e2e888a43734c0fbc5f8
SHA256 954982c312f8fd212da06af5420b879a0a6fc0dbb1688c01e9a74f35618597c1
SHA3 7452a0e023173bfd799b03ac180bbf4844a92b4cb3ade1a664af54912c7e7fdd
VirtualSize 0x141d
VirtualAddress 0x1000
SizeOfRawData 0x1600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.87966

.rdata

MD5 2d74dc7e185acf68e694c287609f08b4
SHA1 b85dfe13f2cf591acc3c6bc642ff57ca2bfc5e31
SHA256 72543eb201011495ee75d0ab35585c2177c514880a135511d02bea85c60b410d
SHA3 c7bb66a39ec698df05acb1d4091a96f1b01d53dbf1e26e27f61fe1c01242fca1
VirtualSize 0xc5a
VirtualAddress 0x3000
SizeOfRawData 0xe00
PointerToRawData 0x1a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.27436

.data

MD5 6787ad8e47551cc592ad78fd721d1943
SHA1 f5e2b96d268b893fc6e74f6c48f876d8d08bf998
SHA256 af3e093d8e285b0607c57246644397b123a54c38e0f1ece44ea96738426d28a4
SHA3 4c514a55d6a5bb0955547d51e407774ee43a68ea5b6d610d27dba578f50ddd25
VirtualSize 0x660
VirtualAddress 0x4000
SizeOfRawData 0x400
PointerToRawData 0x2800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.37557

.rsrc

MD5 4dde323af9808a00b376d6895922dc1f
SHA1 bcafff5b6284bc83d01296b1ba160d28faee6ef9
SHA256 79e650fc0d108f0b5cb909904d5cb598b02b04f7c06be6c8622dd073aac8f762
SHA3 d353d855c24ba1ddc170eaeed3be531d0764013724d92ea267b1d5be7264f0d2
VirtualSize 0x1e0
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x2c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.69612

.reloc

MD5 ce33782a67df005e097bd4f9e95599dc
SHA1 8812d6500cc4fe171da645dd2c6bbab03c3f6bb5
SHA256 4b1a03bdf6a3c558f56a64284af29096261f1d9c88084dfc95e64b825245983e
SHA3 ae8bb3b55a09a37e93f38b2e9b0f1faf9b598496fda3b37cb1d8024e29de2b50
VirtualSize 0x1d8
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x2e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.0836

Imports

KERNEL32.dll FindFirstFileA
FindNextFileA
FindClose
GetLastError
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
USER32.dll MessageBoxA
SHELL32.dll SHGetSpecialFolderPathA
WS2_32.dll #116
#16
#4
#23
#19
#115
getaddrinfo
#3
VCRUNTIME140.dll memset
strrchr
_except_handler4_common
api-ms-win-crt-stdio-l1-1-0.dll fopen
__p__commode
_set_fmode
fread
__acrt_iob_func
fclose
ftell
fseek
__stdio_common_vfprintf
__stdio_common_vsprintf_s
api-ms-win-crt-string-l1-1-0.dll strcat_s
strlen
strcpy_s
strcmp
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
malloc
api-ms-win-crt-runtime-l1-1-0.dll exit
_exit
_initterm_e
_initterm
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_configure_narrow_argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_initialize_narrow_environment
_get_initial_narrow_environment
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2018-Dec-02 13:54:12
Version 0.0
SizeofData 596
AddressOfRawData 0x3264
PointerToRawData 0x1c64

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2018-Dec-02 13:54:12
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0xa0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x404004
SEHandlerTable 0x403260
SEHandlerCount 1

RICH Header

XOR Key 0x81f4f9c5
Unmarked objects 0
Imports (VS 2015/2017 runtime 26706) 2
C++ objects (VS 2015/2017 runtime 26706) 18
C objects (VS 2015/2017 runtime 26706) 12
ASM objects (VS 2015/2017 runtime 26706) 2
Imports (VS2008 SP1 build 30729) 21
Total imports 71
264 (VS2017 v15.9.2-3 compiler 27024) 2
Resource objects (VS2017 v15.9.2-3 compiler 27024) 1
Linker (VS2017 v15.9.2-3 compiler 27024) 1

Errors

<-- -->