b9a891a3606b36326d3e94b276329d53

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2024-May-24 16:25:25
Detected languages English - United States

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The PE only has 8 import(s).
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
 Manipulates other processes:
  • EnumProcessModules
Suspicious The file contains overlay data. 10 bytes of data starting at offset 0x1a00.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 b9a891a3606b36326d3e94b276329d53
SHA1 066a5e9631bd7596b4c292bbb9e75d217bc56732
SHA256 ea2d7ac6e0135ec17d8edd6bc2ef432927635c7f9c94fa7dae05a6a4c6cd18bc
SHA3 7f5a83c77d05b42609ccc06cba21406114f4a89acd627dcb6d5773dcf2e89a65
SSDeep 96:Dkuc6SLvlNV+YUuyZ7FCe9xkb+Ob9h5ZHqazIAlo08/NXH6T3AUPH8P:Y9lX+vd9WyObX5ZrIAloPNXHi35UP
Imports Hash a4776d9ecfcbc4c862b2493dc5a9d6a9

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2024-May-24 16:25:25
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x2000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x7000
AddressOfEntryPoint 0x00008F80 (Section: UPX1)
BaseOfCode 0x8000
BaseOfData 0xa000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xb000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x100000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x7000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 cf2342d7b81866651080b88d4e7af285
SHA1 d4e1524ba0bc19942818fb63b65add37d7d8adec
SHA256 e7ca689a27e3d7501286cbfffb7b2dab1f8984a46f621f0b36f9b5f5b57d9245
SHA3 ecc6da5f86588076d936e8237f5468c53018391f2633008d2e7788e71b9c34be
VirtualSize 0x2000
VirtualAddress 0x8000
SizeOfRawData 0x1200
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.5904

.rsrc

MD5 97622844c75b96455676571705b8f4a0
SHA1 c350687a7dcf3079a38f94ded05c51682c49644e
SHA256 513c5c891ada9af90e2af7973f0b83b94e9afb91cda1940f64e27c6e455f3a27
SHA3 d97cbc00f321c3c4c40bcbc6ea4050ff9dae1f3e1465f04e42585651d565c8fb
VirtualSize 0x1000
VirtualAddress 0xa000
SizeOfRawData 0x600
PointerToRawData 0x1400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.87

Imports

GDI32.dll BitBlt
KERNEL32.DLL LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
PSAPI.DLL EnumProcessModules
SHELL32.dll DragFinish
USER32.dll EndPaint

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.71837
MD5 413957dcc1577a61061b55f73ecb9205
SHA1 48c2b19d99fecdd728c1ca8312013f6a419cafe6
SHA256 1fddb99d58ebe6f42d5eb150e16add195d3ecb4d103bc75116c53fbb98ee72db
SHA3 56dd6100a6c1af3bfb9e9843730bed263ccf2bfe36498a6144c9060c5181d17c

70

Type RT_GROUP_ICON
Language English - United States
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.16096
Detected Filetype Icon file
MD5 42cf62b780813706e75fb9f2b2e8c258
SHA1 a022d5c1cfdd8aace0089f3e72f2eedd41bda464
SHA256 a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf
SHA3 0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!
<-- -->