Architecture |
IMAGE_FILE_MACHINE_AMD64
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date |
1970-Jan-01 00:00:00
|
Debug artifacts |
Embedded COFF debugging symbols
|
Suspicious |
The PE is possibly packed. |
Unusual section name found: /4
Unusual section name found: /19
Unusual section name found: /32
Unusual section name found: /46
Unusual section name found: /63
Unusual section name found: /80
Unusual section name found: /99
Unusual section name found: /112
Unusual section name found: /124
Unusual section name found: .symtab
|
Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- LoadLibraryW
- GetProcAddress
Functions which can be used for anti-debugging purposes:
Leverages the raw socket API to access the Internet:
|
Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
MD5 |
bb44bfac4a340c8dccef4bc27a18379b
|
SHA1 |
27f9fa826d11e3040ccf5ce36aa4a3cd05324a1e
|
SHA256 |
e80076bf561928c3ad0f2aac959e88c30172289003466ba8ccf0db154ccc0b4a
|
SHA3 |
bd33015a9473968f4bbb597ef7e451488d826925d6e8c87fef7a7733294f6a54
|
SSDeep |
24576:gixQ1c+QuQtm6Rpwz01aAR5gvNx1XnvL3vCaFYl97Tbkk:gix0PQuQtmCpwz01aWgvNx1XbPYlhl
|
Imports Hash |
1c2a6fbef41572f4c9ce8acb5a63cde7
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0x4
|
e_cparhdr |
0
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0x8b
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x80
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections |
14
|
TimeDateStamp |
1970-Jan-01 00:00:00
|
PointerToSymbolTable |
0x1ba400
|
NumberOfSymbols |
3335
|
SizeOfOptionalHeader |
0xf0
|
Characteristics |
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32+
|
LinkerVersion |
3.0
|
SizeOfCode |
0x8d200
|
SizeOfInitializedData |
0x13200
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x0000000000052480 (Section: .text)
|
BaseOfCode |
0x1000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
1.0
|
SubsystemVersion |
4.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x202000
|
SizeOfHeaders |
0x600
|
Checksum |
0
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve |
0x200000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
8388aa6b78701f85c1c4c59000d145db
|
SHA1 |
5a8a4570e16aeea8fcd690123ec555e592c3701a
|
SHA256 |
06675f6885cd532f3ff0db8b3dd5b1dfa034c0690e7665a94ca5f8ee7d7337f3
|
SHA3 |
2e30112a290640731287f678b2b0054e07854a73f07999d33da3bbb0783de5ef
|
VirtualSize |
0x8d173
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x8d200
|
PointerToRawData |
0x600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
5.86616
|
MD5 |
34bef63d87247ca522e08e997f2112f3
|
SHA1 |
df7153d884c8627bbeed281cdd4dd86266d51170
|
SHA256 |
cdc704408fea282496b77fa75de6d8e89a130b96c29ed405310c881c901b867c
|
SHA3 |
8f2e15dcd08f88efa06897401497af98fe860b685db0e9bc7166052bc31ffe12
|
VirtualSize |
0xb7b3a
|
VirtualAddress |
0x8f000
|
SizeOfRawData |
0xb7c00
|
PointerToRawData |
0x8d800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
5.09417
|
MD5 |
ba3b3df9678d299ffdab776ab1690ffe
|
SHA1 |
a35b582af6604da9a3d846909c68522227290a70
|
SHA256 |
70ff88f4a4c783f0198e6ac422e247c9cec5e1197e0d3244d975aba8d9de8e6a
|
SHA3 |
4216551e4db69205bf6437520e119e438c941c925bb9e6f19d0bf2a99c1b8942
|
VirtualSize |
0x30bb8
|
VirtualAddress |
0x147000
|
SizeOfRawData |
0x13200
|
PointerToRawData |
0x145400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
4.18464
|
MD5 |
22b64d2fda5f7ecbbdeaa349e1ceee01
|
SHA1 |
72c8604af6367d669f6eea1062dc0f551cc85517
|
SHA256 |
d7d432bd92e4f643749c1eab81bbf7ec6e3b76affcd489039385c75050ef346a
|
SHA3 |
7f3b8c26b8dcb0a8f677e385f7914766478778ce7ec4dc121158e6b2c36b3246
|
VirtualSize |
0x112
|
VirtualAddress |
0x178000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x158600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
4.75112
|
MD5 |
4ca015f199d1614c20e796fa4c42208b
|
SHA1 |
e811561ac140c01fd6cc0632829c5e24191f92b8
|
SHA256 |
b88144803b754737da4f19feb31d8c7946be15b70ad14169e68982dc5c957893
|
SHA3 |
e4c07c8ced279137c167893e167142c74b1ea40d9af484949c9bdf4ad03eef9b
|
VirtualSize |
0x13011
|
VirtualAddress |
0x179000
|
SizeOfRawData |
0x13200
|
PointerToRawData |
0x158800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
7.98778
|
MD5 |
e0119d8b29c3726868017dc088acc661
|
SHA1 |
65b8dd313f708029e4ae136df18749a32f86bf9e
|
SHA256 |
6c5b8f87cc0ec21ea6a92e00b8f3567f78d40bc2532c0796ee120b34f79868a6
|
SHA3 |
a265f2c17e8da336c515d5571b257f745035df89b61a8f70f798518f349162a2
|
VirtualSize |
0x5da5
|
VirtualAddress |
0x18d000
|
SizeOfRawData |
0x5e00
|
PointerToRawData |
0x16ba00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
7.92501
|
MD5 |
1454d7e9b06416606561dd0dd36af48d
|
SHA1 |
79efe31098634388342288ef9483b548ed1a2fc2
|
SHA256 |
39e17419dd6cb2706e568a692840628383e8119cf35dcc73956fb319a33b731b
|
SHA3 |
aebbe0fedec4fe32c3e755393731abaf746ad051383ec8bd3d2afc575cdb47fa
|
VirtualSize |
0x2dfa
|
VirtualAddress |
0x193000
|
SizeOfRawData |
0x2e00
|
PointerToRawData |
0x171800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
7.94558
|
MD5 |
1a3c6ffbfb31279a01994159bf8d4e57
|
SHA1 |
bc142b1253459b8abe1412bff8b269f27e68d198
|
SHA256 |
eaf245bdc42e966cc4a489079f9d8ddee08d86ff6f5df4b284bc80528b3dc8ba
|
SHA3 |
ce3a4474aab5f5a76d5282d8a2a2cfc3bed2078edc8b5fc33024a383bf38c9c8
|
VirtualSize |
0x2ff8
|
VirtualAddress |
0x196000
|
SizeOfRawData |
0x3000
|
PointerToRawData |
0x174600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
7.97473
|
MD5 |
f541f01abd62e0d388f85f46cf0618cb
|
SHA1 |
df2c38eff0fbe289eab7bdd9e95c6c7103c38c87
|
SHA256 |
85d62c6215c2e346dd4473dadbcfec300ebcfd49ee76d43b0970c4ed80fafe35
|
SHA3 |
520597a6335584c01ed1c9b5574660853c7e50e10244d331c6ac09b9967e68ba
|
VirtualSize |
0x22
|
VirtualAddress |
0x199000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x177600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
0.621652
|
MD5 |
fa20744177e6f2e4e62b83609c18ee3a
|
SHA1 |
5b9cdaff82acdf56ce9ab37186b4d8296cc734aa
|
SHA256 |
1c0ae6d741615c5023704757022ec90635d8ac773b0d176547b2b73b22363570
|
SHA3 |
bcd82a2011c5fb5bc63b6b1478d8e58e1fbb336d10f93b544e549ff986a8b133
|
VirtualSize |
0x2a464
|
VirtualAddress |
0x19a000
|
SizeOfRawData |
0x2a600
|
PointerToRawData |
0x177800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
7.99557
|
MD5 |
fe78f5890da6233e1ed20b25f6d476ae
|
SHA1 |
d67c132e43417b1417c74602a5f87a2a00b00bba
|
SHA256 |
b833c03d9baf9a7941257715e0af6afa7e2a9ad65b81e3c71fc95381f27e1b37
|
SHA3 |
e1a27df73e6365df95f0e2e59c327ab38df9aff807761cfeaa14257eb5adc74b
|
VirtualSize |
0x11814
|
VirtualAddress |
0x1c5000
|
SizeOfRawData |
0x11a00
|
PointerToRawData |
0x1a1e00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
7.97732
|
MD5 |
f69cc9aa2f6d32559bb4cc69165adead
|
SHA1 |
080a957543dd3b0b46a378a1892147e843d8208a
|
SHA256 |
a1d6a2e893c269a05884647cd2b3ea7118fa0107f42edb6f94fc964e4a8e3867
|
SHA3 |
7c34055abecd8dc854a1024dc4b355f2ef2299fc2df60bd2a2470b88a63bb5ab
|
VirtualSize |
0x64d3
|
VirtualAddress |
0x1d7000
|
SizeOfRawData |
0x6600
|
PointerToRawData |
0x1b3800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
7.76142
|
MD5 |
1a1d0d3b1785521cd3dc34bf6800f84f
|
SHA1 |
562796471bd2d92fe4890ede8ebd9cf425296d89
|
SHA256 |
22efe1d91bc8da010dcf18e7cbd8b3caad7126502931e134b2c8dfef42259fb6
|
SHA3 |
17564c8ecd8e7088b248ed19880e51af025ff4cf3deaf112b6f355a27c4b2caa
|
VirtualSize |
0x416
|
VirtualAddress |
0x1de000
|
SizeOfRawData |
0x600
|
PointerToRawData |
0x1b9e00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
3.28933
|
MD5 |
5f87af84b726444b6b252feaf0e6339d
|
SHA1 |
35717d223e8a2aa2994944f09366dd9244d2d373
|
SHA256 |
197d51adfe342f5659b0b6dc071d08516a3ed60c374187ea0e86262b094599a8
|
SHA3 |
adca8bf531a33cdebf1fdcfc25850c6e7bf0e78dc1908b748c18572a87da889d
|
VirtualSize |
0x22d33
|
VirtualAddress |
0x1df000
|
SizeOfRawData |
0x22e00
|
PointerToRawData |
0x1ba400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
5.18104
|
winmm.dll |
timeEndPeriod
timeBeginPeriod
|
ws2_32.dll |
WSAGetOverlappedResult
|
kernel32.dll |
WriteFile
WriteConsoleW
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler
|
[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /32!
[*] Warning: Tried to read outside the COFF string table to get the name of section /46!
[*] Warning: Tried to read outside the COFF string table to get the name of section /63!
[*] Warning: Tried to read outside the COFF string table to get the name of section /80!
[*] Warning: Tried to read outside the COFF string table to get the name of section /99!
[*] Warning: Tried to read outside the COFF string table to get the name of section /112!
[*] Warning: Tried to read outside the COFF string table to get the name of section /124!