| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date |
2020-Jan-27 20:40:50
|
| Detected languages |
English - United States
|
| TLS Callbacks |
1 callback(s) detected.
|
| CompanyName |
|
| FileVersion |
|
| FileDescription |
Paranoid Fish is paranoid
|
| InternalName |
|
| LegalCopyright |
|
| LegalTrademarks |
|
| OriginalFilename |
|
| ProductName |
Paranoid Fish
|
| ProductVersion |
|
| Suspicious |
PEiD Signature: |
UPX -> www.upx.sourceforge.net
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
|
| Suspicious |
The PE is packed with UPX |
Unusual section name found: UPF0
Section UPF0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
|
| Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Functions which can be used for anti-debugging purposes:
Can access the registry:
Leverages the raw socket API to access the Internet:
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
b4d3cd8baed18a6d566f98c37d5a9467
|
| SHA1 |
1b9cfc4b538d73440047834079812e3f46bb28c3
|
| SHA256 |
10364d12dca8ec1552965c3cbbd7b94cdb7c109b3141d2b237017abb1c831d9a
|
| SHA3 |
03660afda0073c318af058ab6db3207e0731941d77379d8d5263068331436f5f
|
| SSDeep |
1536:iIwWrEy6fuGNjppJyrOM1GhFNkYU2BxNgrSW:6aEy6WGvyrOMGTkoNgr7
|
| Imports Hash |
29a9da0d564710c0a8394b77775a1b10
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
3
|
| TimeDateStamp |
2020-Jan-27 20:40:50
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x4000
|
| SizeOfInitializedData |
0xa000
|
| SizeOfUninitializedData |
0x16000
|
| AddressOfEntryPoint |
0x0001A580 (Section: UPX1)
|
| BaseOfCode |
0x17000
|
| BaseOfData |
0x1b000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
1.0
|
| SubsystemVersion |
4.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x25000
|
| SizeOfHeaders |
0x1000
|
| Checksum |
0
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x16000
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0x200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
d86c784d6bc57ba867cf454da6a739bf
|
| SHA1 |
9b725b1ce90c7786256de9d377d93d8eff6d2179
|
| SHA256 |
b9c18f92ded58e0093c0284d86502a48806cf72fb9be3ec90472110f62eb5204
|
| SHA3 |
d30f50f4f8bfb284aeebbf51cd717f83cc6ca077e981a65029153ddae420a405
|
| VirtualSize |
0x4000
|
| VirtualAddress |
0x17000
|
| SizeOfRawData |
0x3800
|
| PointerToRawData |
0x200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.82303
|
| MD5 |
578e8bdacc35ade872f525cea22566e8
|
| SHA1 |
a9ea622394195ee504653de4f5461e154a6cbed3
|
| SHA256 |
9434e2b0d4a5cf62b75ddd57ce05733b5c1a84e5fd3c26fa867662d0cf3cc433
|
| SHA3 |
c71ec03ac8c41fa949ee6b2e519cc7b6496f2d638f5fedcb2b229f78262c8808
|
| VirtualSize |
0xa000
|
| VirtualAddress |
0x1b000
|
| SizeOfRawData |
0x9800
|
| PointerToRawData |
0x3a00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.81596
|
| ADVAPI32.dll |
RegCloseKey
|
| IPHLPAPI.DLL |
GetAdaptersAddresses
|
| KERNEL32.DLL |
LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
|
| MPR.DLL |
WNetGetProviderNameA
|
| msvcrt.dll |
_iob
|
| ole32.dll |
CoInitializeEx
|
| OLEAUT32.dll |
SysFreeString
|
| SHELL32.dll |
ShellExecuteExW
|
| USER32.dll |
FindWindowA
|
| WS2_32.dll |
getaddrinfo
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x5a6c
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.91525
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
50a9b70330d4c9770ddbfc114a470393
|
| SHA1 |
9d10e2e892fd4cecebd3d4e3cc0e02593f986a93
|
| SHA256 |
a4241efc26682836a65f0f006b78c251ff407d41fc40617b1dffad2173cf054f
|
| SHA3 |
5fc938fa7d332e47ef7cfb386f941121a3d1a2ee10793f531ed702c4dd60e17e
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x1e12
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.92568
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
92b50b5af9a20566c078c87fa2c8abb1
|
| SHA1 |
e15925db93934112ec527e81762e51153c3b4cd3
|
| SHA256 |
2eaf3b7d550282b5f1c039dad0a5e291b3fa1caa43f74433dde9264212388280
|
| SHA3 |
20a18e9f93f2f8ac655d25520aee23f94bf1826379190fe1f52539006237afd8
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x79e
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.84982
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
f8572abdedcd787fa5d734187059eafa
|
| SHA1 |
48c1086207cb50c83db9ac72a1dcd6f53b39fd71
|
| SHA256 |
234e6d565baaf4c43d7a36ba99b1f296de2d0bba1a48b97a96dda24b73a1701c
|
| SHA3 |
8ad9afc9a9df90bae8b55381416180068e0dc0462d9711ac57ca1c1358043efe
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x4ac
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.78717
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
6413fac6c5a51dbd6a5f532074fd2389
|
| SHA1 |
adb70b9e80073999494028287b99ee53a8548ac5
|
| SHA256 |
686ea3b73c6520c38a8c399aec063391b5ed15dfc1c95442931a07b492b0a7aa
|
| SHA3 |
0e75ac2bdb864dee729bf99512f5465c534633092b43a37e324e977d54b22ab8
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x354
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.68879
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
ff6846f06399f549e6443052c3db7dcd
|
| SHA1 |
3fd9fe91c888150509eb8155eecc5d583a63beb0
|
| SHA256 |
9596025745330d9d9b63be666ed7ed2db55c71ab6be0da76d6f0bf57249bfbdb
|
| SHA3 |
6a53b15907a5511405d38acc267e1116abac43532d852a03348f8bdd6aa61b21
|
| Type |
RT_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x1f1
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
7.41808
|
| Detected Filetype |
PNG graphic file
|
| MD5 |
87c735a12a02cfea200e24fdbb0cc9f9
|
| SHA1 |
adebe77ca865630338bb9919e00b6d61597456a5
|
| SHA256 |
520ca0f0f2bc979bde1cf0944da37aa5ef4fb2cd493a94d98506aa56c1f98553
|
| SHA3 |
7830efdd7bf3b2f6408dae8daf3c932e9e7a18ae980d2245a8cc7c7e7056e360
|
| Type |
RT_GROUP_ICON
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x5a
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
2.99178
|
| Detected Filetype |
Icon file
|
| MD5 |
60ae129a955f853471899e9f7ac97fbf
|
| SHA1 |
f918b7a57887c4dbc9e1f5a6628c222c4627fec2
|
| SHA256 |
d124b8c6d80c0d4bf86bc6ee14cb849d21efe510534e659239f7e6b8e3bb9f63
|
| SHA3 |
93476e8f2cc02abedcd98ad8eb3f1af18d1236fcdc8d916ac306280e25c7e722
|
| Type |
RT_VERSION
|
| Language |
English - United States
|
| Codepage |
UNKNOWN
|
| Size |
0x288
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
3.13852
|
| MD5 |
6b306dd7205d605fd85323c77bb8d508
|
| SHA1 |
c15f6b5a93fbcfa0cbbac7f483ca57d649c31e42
|
| SHA256 |
a31244099abcf866e9178d19745c1da61158028570bc84b3ec87dd5a52a84543
|
| SHA3 |
4ba6ecdb95c9a84a1a458b415bb78290131e4e7b3d37ad7ee6a0ec86f7b0f628
|
| Type |
RT_MANIFEST
|
| Language |
UNKNOWN
|
| Codepage |
UNKNOWN
|
| Size |
0x48f
|
| TimeDateStamp |
1980-Jan-01 00:00:00
|
| Entropy |
5.13793
|
| MD5 |
5aa04ce935e78505e230765e85c34355
|
| SHA1 |
6c93b8c5fde8be4b2231dca6b8ec513cdc82c991
|
| SHA256 |
a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d
|
| SHA3 |
149467cafc03ba34b33cd8076fc2771413760822357952de205dbae2b5cb8059
|
| Signature |
0xfeef04bd
|
| StructVersion |
0x10000
|
| FileVersion |
0.5.8.1
|
| ProductVersion |
0.5.8.1
|
| FileFlags |
(EMPTY)
|
| FileOs |
(EMPTY)
|
| FileType |
VFT_APP
|
| Language |
English - United States
|
| CompanyName |
|
| FileVersion (#2) |
|
| FileDescription |
Paranoid Fish is paranoid
|
| InternalName |
|
| LegalCopyright |
|
| LegalTrademarks |
|
| OriginalFilename |
|
| ProductName |
Paranoid Fish
|
| ProductVersion (#2) |
|
| Resource LangID |
English - United States
|
| StartAddressOfRawData |
0x41a760
|
| EndAddressOfRawData |
0x41a764
|
| AddressOfIndex |
0x40b390
|
| AddressOfCallbacks |
0x41a764
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x0041A728
|
[*] Warning: Section UPF0 has a size of 0!
b4d3cd8baed18a6d566f98c37d5a9467