Manalyze report for b4792c64971ddb84427fd37fc56c45fc

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Jul-05 04:12:15
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Looks for VMWare presence: VMware` `Looks for Sandboxie presence: SbieDll.dll` `Contains another PE executable: This program cannot be run in DOS mode.`
Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /35` `Unusual section name found: /47` `Unusual section name found: /61` `Unusual section name found: /73` `Unusual section name found: /86` `Unusual section name found: /97` `Unusual section name found: /108`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Code injection capabilities (process hollowing): ResumeThread SetThreadContext WriteProcessMemory` `Possibly launches other programs: CreateProcessA system` `Memory manipulation functions often used by packers: VirtualAllocEx VirtualProtect VirtualProtectEx` `Manipulates other processes: Process32First Process32Next WriteProcessMemory`
Suspicious	The file contains overlay data.	`85101 bytes of data starting at offset 0x23a00.`
Malicious	VirusTotal score: 47/71 (Scanned on 2022-08-05 13:57:40)	`Cynet: Malicious (score: 100)` `McAfee: GenericRXSD-OZ!B4792C64971D` `Cylance: Unsafe` `VIPRE: Trojan.Agent.FUEE` `Sangfor: Suspicious.Win32.Save.a` `K7AntiVirus: Trojan ( 00592b4f1 )` `K7GW: Trojan ( 00592b4f1 )` `Cybereason: malicious.6f4e6c` `Cyren: W32/Injector.AVF.gen!Eldorado` `Symantec: ML.Attribute.HighConfidence` `Elastic: malicious (high confidence)` `APEX: Malicious` `Kaspersky: Trojan.Win32.Inject.ehnq` `BitDefender: Trojan.Agent.FUEE` `NANO-Antivirus: Trojan.Win32.Inject.itzogu` `ViRobot: Trojan.Win32.A.Inject.247822` `MicroWorld-eScan: Trojan.Agent.FUEE` `Avast: Win32:Malware-gen` `Tencent: Trojan.Win32.Inject.wb` `Ad-Aware: Trojan.Agent.FUEE` `Emsisoft: Trojan.Agent.FUEE (B)` `F-Secure: Trojan.TR/Dropper.Gen` `DrWeb: Trojan.Siggen3.31853` `Zillya: Trojan.Inject.Win32.42574` `McAfee-GW-Edition: GenericRXSD-OZ!B4792C64971D` `FireEye: Generic.mg.b4792c64971ddb84` `Sophos: Mal/Inject-K` `Ikarus: Trojan.Win32.Inject` `GData: Trojan.Agent.FUEE` `Jiangmin: Trojan/Inject.aeoj` `Avira: TR/Dropper.Gen` `Antiy-AVL: Trojan/Generic.ASMalwS.77` `Gridinsoft: Ransom.Win32.Sabsik.oa!s1` `Arcabit: Trojan.Agent.FUEE` `ZoneAlarm: Trojan.Win32.Inject.ehnq` `Microsoft: Trojan:Win32/CryptInject.CT!MTB` `AhnLab-V3: Trojan/Win.Swisyn.R504709` `ALYac: Trojan.Agent.FUEE` `MAX: malware (ai score=81)` `VBA32: Trojan.Inject` `Malwarebytes: Malware.AI.4168315584` `Rising: Trojan.Agent!1.B82B (RDMK:cmRtazrn2gAc4QfNQgmmlPvV1sEZ)` `Yandex: Trojan.Inject!63eor2C6TP8` `SentinelOne: Static AI - Malicious PE` `MaxSecure: Trojan.Malware.300983.susgen` `BitDefenderTheta: Gen:NN.ZexaCO.34582.o4Z@ayRva2b` `AVG: Win32:Malware-gen`

Hashes

MD5	`b4792c64971ddb84427fd37fc56c45fc`
SHA1	`e9913ce6f4e6cd716875152b4579b6144fd4c68b`
SHA256	`9d5a5d31d598befb581d1932b0c8d19972e0ba3129d0fcd292abbfcbafa90a31`
SHA3	`266a618f40dc7aeea334863e7d4593a18cb6116cb4394b82ee644d8cc4ba78cf`
SSDeep	`6144:pbeLGDvdanUJMeVTnYHyDevYZ3h2DIlbpi8dBNmOdT2GusIKpvVAOv/5T3Eoj7F:3DVa3kTnYHyDevYZ3U`
Imports Hash	`8402bf0f3f48bb83e5667937bf41683c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`14`
TimeDateStamp	2012-Jul-05 04:12:15
PointerToSymbolTable	`0x23a00`
NumberOfSymbols	`2580`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xb200`
SizeOfInitializedData	`0xcc00`
SizeOfUninitializedData	`0x4c00`
AddressOfEntryPoint	`0x00001110 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xd000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x31000`
SizeOfHeaders	`0x400`
Checksum	`0x3ff9d`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`966fee2d6df2417e874dd984ba4b380b`
SHA1	`71c668b764eb4c9bd8b0f1d1f5cd07d935b16054`
SHA256	`5fc2dcdf80734809972e3a8228738d2e722fa76213c4b3405639205dfccf223d`
SHA3	`c6ecf748ccf814bdb2c95296704441e510d470214c7169fd672dca4b2b691114`
VirtualSize	`0xb020`
VirtualAddress	`0x1000`
SizeOfRawData	`0xb200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.13164`

.data

MD5	`36c385797d7045074f1ce2ddaab0bf2f`
SHA1	`5e319680993888d7f7de5a026e9978d12a9a5760`
SHA256	`dbe6f5777afbf0f6ca933987e811dc0b6fa0c22cd2cf8364b1688dc46642aee3`
SHA3	`0716c8f24576a5b9ecec524480e0080fa45358c9c82544024728526a9a96f86e`
VirtualSize	`0x64`
VirtualAddress	`0xd000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.550157`

.rdata

MD5	`9d1a5a303afe83be084d82b047ddeadd`
SHA1	`25f93aa0ada31c8350e22e185c5e9256c1ef8f88`
SHA256	`a3012d8a5830de3325138fe4d86abb9188aa42beda5a6286f38ce5d21eb6b588`
SHA3	`cc032a46910de18e63ee942894fbc07520a5550d564610e3974eb87e0f0180ab`
VirtualSize	`0xf60`
VirtualAddress	`0xe000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xb800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.97908`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4aec`
VirtualAddress	`0xf000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`9a474bc62d773d44381b7957c81a40a5`
SHA1	`50272cb80a51adc67ae4cd9b496b63be38fe6588`
SHA256	`b7670bacdb67efca6ce06da026cf213ea60e64da30bb5940b7db2a00be84c572`
SHA3	`fc254f64c5a6d60157144797af24efb7ce06fb92c22c0b76ea498f26352e11d9`
VirtualSize	`0x7d4`
VirtualAddress	`0x14000`
SizeOfRawData	`0x800`
PointerToRawData	`0xc800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.87555`

/4

MD5	`2c281a7cf66f6a83c943506997493e7f`
SHA1	`874dac9cfbf5e79e172b8ddfa15675a369240494`
SHA256	`3782d4cb30fbe67571e4aeae18a89ac11cc527dc340c66622265482188abbd6e`
SHA3	`220b572ac81b676f6a04527dab2fd9a48231091043452c4b66116841262e0b82`
VirtualSize	`0x138`
VirtualAddress	`0x15000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_MEM_DISCARDABLE`
Entropy	`1.71604`

/19

MD5	`ccb0b1dd8245f3b458b99b97889d52ec`
SHA1	`e2fefc45e9d29ffdd6961a27d05bc9d85ed90080`
SHA256	`14538bb2baec6640b8d5b64071c62184afe8103464180fb86cc247a36360f3e9`
SHA3	`e4b836af829f698448cce841c2ed5c89d0e290217a1f9f3e78f7e7de4f6ed440`
VirtualSize	`0x6d5`
VirtualAddress	`0x16000`
SizeOfRawData	`0x800`
PointerToRawData	`0xd200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_MEM_DISCARDABLE`
Entropy	`4.78442`

/35

MD5	`fab937e7389d62b08936c0078006d56e`
SHA1	`05c738b12ab2475efeb408e9af247ad49e61cb5e`
SHA256	`30f6d0096d83fe6ae9eb22a3421feb2bd3edd05ce4938a9703127e7a0e9855b8`
SHA3	`260b5017cb043c7e13c2801a5f062ddf1d33538c892f6b52d9cd793cb8bd8e72`
VirtualSize	`0x10112`
VirtualAddress	`0x17000`
SizeOfRawData	`0x10200`
PointerToRawData	`0xda00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_MEM_DISCARDABLE`
Entropy	`5.86565`

/47

MD5	`6e87ee4398d110c40c8d91060a5c2c1c`
SHA1	`ca9f70c5cc33c73ac9c3330031443fbfa1e739d9`
SHA256	`8646ab9070a5848a065ce20dbdb831629da93e383f837749f9a8c6021ba751e7`
SHA3	`bd084e16fd80797928a8b383bf2314f1da4fe93be1d36a704dad95fde21c80d7`
VirtualSize	`0x19a1`
VirtualAddress	`0x28000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x1dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_MEM_DISCARDABLE`
Entropy	`4.59033`

/61

MD5	`f0cf2f0fae09eded99b3654c93658835`
SHA1	`92f7a6127865c13842bf81c335c7860f7692ca61`
SHA256	`db184696a704fa5a28d0398e40da33d2edf40958f9b5a08d3890edec23bee0a0`
SHA3	`13daf69817f75113adc1a3f91b4a9a5b1ffbacf83e0d5c144fc9757d9c6b009a`
VirtualSize	`0x18d4`
VirtualAddress	`0x2a000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x1f600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_MEM_DISCARDABLE`
Entropy	`5.77112`

/73

MD5	`42efd5bd372443a1e1cb3c34eb5599ae`
SHA1	`57a998fdeeca0efaf6dffbca3fae173ca700592b`
SHA256	`c678dc0dd53686f49757dc17a47868858df2aa60670ea60ae7049e10971d8a63`
SHA3	`ccdc1841c03daf5df91f0c2ae6bb7e5621c86f77d3c33e876a53ad76f95f1201`
VirtualSize	`0x838`
VirtualAddress	`0x2c000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x21000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_MEM_DISCARDABLE`
Entropy	`3.71052`

/86

MD5	`b6939812d9f26f69f77e2318de72f34c`
SHA1	`1c1d78e5606389ce8232280f67f115ecdad61379`
SHA256	`d572b0a66dbadf91466f3f5e7fd1c59012b7d5d08acd46876eff63cbd65468f0`
SHA3	`621da9cd27b8cd0d27efbac8c60d96f1fc84a50997e6f2fb248bf609ed9ed0db`
VirtualSize	`0x449`
VirtualAddress	`0x2d000`
SizeOfRawData	`0x600`
PointerToRawData	`0x21a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_MEM_DISCARDABLE`
Entropy	`3.91026`

/97

MD5	`306b289ad159dc011769aeafa8bc1f8b`
SHA1	`ce6993a4218513f1ba58498d2995a078ea176f6a`
SHA256	`fcf8f6ddc4c84353650b20e9dbd21fa3644040b942799945b978cfb6ecc44aba`
SHA3	`fe230cfeaaaa73d6e91d546cb6d586fb2d8f9cf137a691fefa231286de9ff36b`
VirtualSize	`0x1575`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x22000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_MEM_DISCARDABLE`
Entropy	`3.38106`

/108

MD5	`7cf58b3de9a25e18b23f479a5e7587a4`
SHA1	`31915662ff78e591d36421050c6c1c2e76c325bf`
SHA256	`a3e6fc9ba00d12c71e4dee604fc319158d2258aee7baf1f24b79ece1dbd29517`
SHA3	`5e67d19581d2d771335f409e9814aea8d567b271bd6811c5389b54f51bd178ec`
VirtualSize	`0x380`
VirtualAddress	`0x30000`
SizeOfRawData	`0x400`
PointerToRawData	`0x23600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_MEM_DISCARDABLE`
Entropy	`2.77241`

Imports

KERNEL32.dll	`AddAtomA` `AllocConsole` `CloseHandle` `CreateProcessA` `CreateSemaphoreA` `CreateToolhelp32Snapshot` `ExitProcess` `FindAtomA` `GetAtomNameA` `GetCurrentThreadId` `GetLastError` `GetModuleFileNameA` `GetModuleHandleA` `GetProcAddress` `GetThreadContext` `GetTickCount` `InterlockedDecrement` `InterlockedIncrement` `LoadLibraryA` `Process32First` `Process32Next` `ReleaseSemaphore` `ResumeThread` `SetLastError` `SetThreadContext` `SetUnhandledExceptionFilter` `Sleep` `TlsAlloc` `TlsFree` `TlsGetValue` `TlsSetValue` `VirtualAllocEx` `VirtualProtect` `VirtualProtectEx` `VirtualQuery` `WaitForSingleObject` `WriteProcessMemory`
msvcrt.dll	`_write`
msvcrt.dll (#2)	`_write`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /35!
[*] Warning: Tried to read outside the COFF string table to get the name of section /47!
[*] Warning: Tried to read outside the COFF string table to get the name of section /61!
[*] Warning: Tried to read outside the COFF string table to get the name of section /73!
[*] Warning: Tried to read outside the COFF string table to get the name of section /86!
[*] Warning: Tried to read outside the COFF string table to get the name of section /97!
[*] Warning: Tried to read outside the COFF string table to get the name of section /108!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: Section .bss has a size of 0!