c53540b20395234caf98c874fa03eba3

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Suspicious This PE is packed with RPCrypt Unusual section name found:
The PE only has 0 import(s).
Malicious VirusTotal score: 12/56 (Scanned on 2015-04-10 15:34:35) TheHacker: W32/Behav-Heuristic-CorruptFile-EP
Symantec: Trojan.ADH.2
Norman: Suspicious_Gen4.CHCSY
TrendMicro-HouseCall: TROJ_GEN.R047C0OC715
Avast: Win32:Evo-gen [Susp]
Tencent: Trojan.Win32.Qudamah.Gen.1
Comodo: UnclassifiedMalware
VIPRE: Trojan.Win32.Generic!BT
TrendMicro: TROJ_GEN.R047C0OC715
AVware: Trojan.Win32.Generic!BT
Ikarus: Trojan.Crypt
Qihoo-360: HEUR/Malware.QVM19.Gen

Hashes

MD5 c53540b20395234caf98c874fa03eba3
SHA1 68230facbdc3691f896d004b55c36f77cb76a063
SHA256 d56d2f536d7f0db78ad0f66ebc994c5506a4760035cc855329e8d8d1f8969ed6
SHA3 691f60fab4aa6a6945c136b4d243060f3764af865455d0f06beaf0ef63ff8623
SSDeep 12:iWn2wOGtXmu5Bo6XmqEZeSNlgJijkWw1w0UEad:iW5LWaBo6Wq6eMl58C0id
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0
e_cp 0
e_crlc 0
e_cparhdr 0
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 1
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 0.0
SizeOfCode 0
SizeOfInitializedData 0
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000010A0 (Section: ?)
BaseOfCode 0
BaseOfData 0
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 0.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x2000
SizeOfHeaders 0x1
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0
SizeofStackCommit 0
SizeofHeapReserve 0
SizeofHeapCommit 0
LoaderFlags 0
NumberOfRvaAndSizes 16

MD5 8c493a43d8c1ef798860bb02b62e8e79
SHA1 efe43def97eb295fe99c3753f2d740d7b36df689
SHA256 fde502858306c235a3121e42326b53228b7ef4690eeed92a2b2eafe73c03a3ef
SHA3 d0f595a067c40b7e675db165522077cf863bc36084bbd523e1216a2d52d5129b
VirtualSize 0
VirtualAddress 0x1000
SizeOfRawData 0x1
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_WRITE
Entropy 0

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not reach the requested directory (offset=0x0). [!] Error: Could not reach the requested directory (offset=0x0). [!] Error: Could not reach the requested directory (offset=0x0). [!] Error: Could not reach the requested directory (offset=0x0). [!] Error: Could not reach the requested directory (offset=0x0). [!] Error: Could not reach the requested directory (offset=0x0). [!] Error: Could not reach the requested directory (offset=0x0). [!] Error: Could not reach the requested directory (offset=0x0). [*] Warning: Could not read a WIN_CERTIFICATE's header.