b6ba67b2f679d3a61557e9a16caa7ad7

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2019-Aug-07 08:00:37
Detected languages English - United States
Debug artifacts D:\Documents\VSProjects\Havoc\Havoc\Release\Havoc.pdb

Plugin Output

Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentVersion\Run
Suspicious The PE contains functions most legitimate programs don't use. Functions which can be used for anti-debugging purposes:
  • FindWindowA
Can access the registry:
  • RegCloseKey
  • RegSetKeyValueA
  • RegCreateKeyA
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 b6ba67b2f679d3a61557e9a16caa7ad7
SHA1 54a7619fe5565f7a5bbadebd1a90ed34d5d6d261
SHA256 71dda6754ac3ac265e4e33abb8edb0384500593e8393eff82e350d39af45c644
SHA3 d9aac5a795ec092fec38483ffec6eae09b9f739f9b012d762787b7e0d12ecb7f
SSDeep 192:N0CnQXDZvW6UgJk6gjONXenLPImXe8hy4l7E5pz6gTVP1:NNKvWJgJ1gjaXenTImXe8hy4l7k7
Imports Hash 8c6269f7489c9a483cacb68881113046

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2019-Aug-07 08:00:37
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xe00
SizeOfInitializedData 0x1600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001344 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x6000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 2cbc5c9a78890a89efa63405d3c7e5bd
SHA1 cbb16f00817c66f358ea32916b0702d380241d5e
SHA256 e0abde2f56262917d863a6e2cff5ddb1fb53a76e4f8fe6be5df49b7436228a8f
SHA3 2b9c213714e673bf9fcf7ae5f2c7f3bb531a0a0992d416b401bb0d6004ee0dba
VirtualSize 0xd49
VirtualAddress 0x1000
SizeOfRawData 0xe00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.05909

.rdata

MD5 0ac50b773c640bcd38691676f9a0908f
SHA1 8420c85cbeb875cbfbdad95d04dc3e3d24fcc209
SHA256 da58aa17cc4756b960c17b44c968445efc239616facf61e2e7fbf413aee855d6
SHA3 5cbb7fdf06694da28f1d51dbde08f2c100ea0ea514d2cec9e57a637d3cd3bc1e
VirtualSize 0xc32
VirtualAddress 0x2000
SizeOfRawData 0xe00
PointerToRawData 0x1200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.32019

.data

MD5 e88eed2db2ac0b9e9fa2e5cd2538ccc6
SHA1 3ab425faa0294029cba8d62f085ee817ba302147
SHA256 9dd146e9c4c3a887fbe33c2ac77b402bd6555ae40476afa89dfef0f7dca81568
SHA3 71590beef7e2502bad91107054e8692dc11f73e2ff7ae9b1b1540c3917700ce2
VirtualSize 0x394
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.280401

.rsrc

MD5 8d096de51d16180d98ba04bad2632f19
SHA1 ad9bd665ebf9360b8f94274ae4444943cfb7f8d5
SHA256 be30993728cf7b6046d5c0511706c3272da7548620bf079e9dc854ef47dfc4e2
SHA3 9f696717be3cf0b0e6cc6aa6dd11c3beb00b278baedd4b617bc99bd1670c45f7
VirtualSize 0x1e0
VirtualAddress 0x4000
SizeOfRawData 0x200
PointerToRawData 0x2200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.7015

.reloc

MD5 ff2675c0fd1c2e0c54987f8e3c8574e2
SHA1 3f0689a32e7866cb5aa8be4085a3a290ea971181
SHA256 58f1f52ff8728b72c89c8e50f37c0c152faf2d0a2d4b2d6a837053ded93babf9
SHA3 d86f28f95cd5650e567bff4e08d538200797744ac7d69a28ee70d48031d8f1b1
VirtualSize 0x168
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x2400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.99502

Imports

KERNEL32.dll GetCurrentProcess
CloseHandle
IsProcessorFeaturePresent
CreateFileA
WriteFile
GetModuleHandleW
AllocConsole
GetModuleFileNameA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
USER32.dll ShowWindow
FindWindowA
ADVAPI32.dll RegCloseKey
RegSetKeyValueA
RegCreateKeyA
SHELL32.dll SHGetSpecialFolderPathA
VCRUNTIME140.dll _except_handler4_common
memset
api-ms-win-crt-heap-l1-1-0.dll _set_new_mode
malloc
api-ms-win-crt-runtime-l1-1-0.dll _initialize_onexit_table
_c_exit
_crt_atexit
_controlfp_s
terminate
_cexit
_set_app_type
_register_thread_local_exe_atexit_callback
__p___argc
_exit
_seh_filter_exe
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
__p___argv
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll _set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2019-Aug-07 08:00:37
Version 0.0
SizeofData 78
AddressOfRawData 0x22b4
PointerToRawData 0x14b4
Referenced File D:\Documents\VSProjects\Havoc\Havoc\Release\Havoc.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2019-Aug-07 08:00:37
Version 0.0
SizeofData 20
AddressOfRawData 0x2304
PointerToRawData 0x1504

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2019-Aug-07 08:00:37
Version 0.0
SizeofData 596
AddressOfRawData 0x2318
PointerToRawData 0x1518

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2019-Aug-07 08:00:37
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0xa4
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x403018
SEHandlerTable 0x4022b0
SEHandlerCount 1

RICH Header

XOR Key 0x67db9216
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 10
Imports (26504) 2
C++ objects (26504) 19
C objects (26504) 12
ASM objects (26504) 1
Imports (26715) 9
Total imports 55
265 (VS2019 Update 2 (16.2) compiler 27905) 1
Resource objects (VS2019 Update 2 (16.2) compiler 27905) 1
Linker (VS2019 Update 2 (16.2) compiler 27905) 1

Errors

<-- -->