c7b90f6d98558f5b03a98c8b01f42715

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2020-Feb-13 13:53:14
Detected languages English - United States
Debug artifacts C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x64\StubExe.pdb
CompanyName Code Systems Corporation
FileDescription Turbo Virtual Machine Executable
FileVersion 20.2.1499.0
InternalName StubExe.exe
LegalCopyright Copyright © 2017 Code Systems Corporation
OriginalFilename StubExe.exe
ProductName Turbo Virtual Machine
ProductVersion 20.2.1499.0

Plugin Output

Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryW
 Manipulates other processes:
  • OpenProcess
Info The PE is digitally signed. Signer: Code Systems Corporation
Issuer: COMODO RSA Code Signing CA
Suspicious VirusTotal score: 1/73 (Scanned on 2020-07-19 20:13:54) Antiy-AVL: GrayWare/Win32.Wacapew

Hashes

MD5 c7b90f6d98558f5b03a98c8b01f42715
SHA1 47eb82d7500f98ebb0111be83f76fc613afa4b8e
SHA256 4f3a439999d3d86dd69992d3eedd3b88a818a20713982023b6bcb2b3e2e3747a
SHA3 cc3bc50921966a562f171e450b105f48a5fef75f3327947972f60618ee4c1aee
SSDeep 768:4IO8BnvINbbb36IB9Z2FYkPk7nK4S9i0xDi4r:4IOzZb3tBGFYkPk7jSM0xDi4
Imports Hash 92f694988deed85a7cb067c901f32a93

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2020-Feb-13 13:53:14
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 11.0
SizeOfCode 0x5200
SizeOfInitializedData 0xe00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000002CD4 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.2
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x1000000
SizeOfHeaders 0x400
Checksum 0x11b6b
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 cf35bdb44e0e94a756bf0c1e9a8a3dde
SHA1 4a73eb9d9a2ac4e2e3edd0cb17bb33e9a5bdd51d
SHA256 ad104bca39c2bb74df1f5f05f652fa9578ba142fa0acabcb80419a6706489c79
SHA3 0bbb33d8e7a3da5f113333f7184e89fd96f376f18bb09f124e58cf081dbaf358
VirtualSize 0x5186
VirtualAddress 0x1000
SizeOfRawData 0x5200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.19527

.data

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x4a8
VirtualAddress 0x7000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata

MD5 a24989601eeb126a267ac0fa4b28e90e
SHA1 a48b666e3361bc281e956591fc671e74b7e9fbfe
SHA256 99954daff783b8de6296f4ec8822f31a3d9f898b490ef9d1be32c61b1c47b983
SHA3 ad5794d9e870f72db402e5eb37a0b69f831af66d688c8ae48c312520d02afc79
VirtualSize 0x168
VirtualAddress 0x8000
SizeOfRawData 0x200
PointerToRawData 0x5600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.94237

.rsrc

MD5 5288ee99a67d08914a809075358dd905
SHA1 a9f3c1ee6cd1baf0603e3be11247646a994fe01b
SHA256 7a74fe8f41c2f98ff7030b9f9033d5be8d4a4b86a3d50c46f5896a758a0eca86
SHA3 765b251ea931219cf669f7ac5a2b11abf800550d63974e15f5758293c405ad2f
VirtualSize 0x3b0
VirtualAddress 0x9000
SizeOfRawData 0x400
PointerToRawData 0x5800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.1299

.reloc

MD5 e9b5a365d6580af2807cc9f60e49f7ac
SHA1 8f4799dfd8229305d40f7dd47335a1ef7fe0a76e
SHA256 3f38e2186416571df117985087976e56ae153bc4d058572259d2974bbae1656f
SHA3 cb74f4633f2deb2a24360b1518f7e1bd1b20cf4a377b7a210b801ddba37a5893
VirtualSize 0xff6000
VirtualAddress 0xa000
SizeOfRawData 0x200
PointerToRawData 0x5c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.373034

Imports

KERNEL32.dll HeapAlloc
GetProcessHeap
HeapFree
GetProcAddress
GetModuleHandleW
GetTickCount
GetModuleFileNameW
SetEnvironmentVariableW
OpenProcess
GetLastError
DuplicateHandle
GetCommandLineW
OpenFileMappingW
MapViewOfFile
SetEvent
UnmapViewOfFile
CloseHandle
GetVersionExW
GetSystemInfo
VirtualQuery
GetCommandLineA
CreateFileW
CreateFileMappingW
GetFileSizeEx
VirtualAlloc
VirtualFree
LoadLibraryW
ExitProcess
GetModuleHandleA

Delayed Imports

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x34c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.47711
MD5 c6726daaf3735c538f1b5f70e313e9cd
SHA1 c2643df0adc4503aad9575e8245af7650edac8a4
SHA256 f5b3c3c5ed8ea7c483a0dafe8970af4372e12677ab43c903f3381125580dfa0a
SHA3 08714f7736ca690b5af53d39ea44eb8b71571bbf4b428bf9f75e7c6c7523149e

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 20.2.1499.0
ProductVersion 20.2.1499.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Code Systems Corporation
FileDescription Turbo Virtual Machine Executable
FileVersion (#2) 20.2.1499.0
InternalName StubExe.exe
LegalCopyright Copyright © 2017 Code Systems Corporation
OriginalFilename StubExe.exe
ProductName Turbo Virtual Machine
ProductVersion (#2) 20.2.1499.0
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2020-Feb-13 13:53:14
Version 0.0
SizeofData 106
AddressOfRawData 0x2418
PointerToRawData 0x1818
Referenced File C:\bamboo-home\xml-data\build-dir\SPOONVM-VM-JOB1\vm\Build\Output\x64\StubExe.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2020-Feb-13 13:53:14
Version 0.0
SizeofData 16
AddressOfRawData 0x2484
PointerToRawData 0x1884

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .data has a size of 0!
<-- -->