c90249ffcedece982bf44eadc2b0e05b

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1992-Jun-19 22:22:17

Plugin Output

Suspicious PEiD Signature: D1S1G v1.1 beta --> D1N
Info The PE contains common functions which appear in legitimate applications. Can access the registry:
  • RegQueryValueExA
  • RegOpenKeyExA
  • RegCloseKey
Suspicious The PE header may have been manually modified. The resource timestamps differ from the PE header:
  • 2019-Oct-07 01:09:42
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 c90249ffcedece982bf44eadc2b0e05b
SHA1 ef40148d3b43f6d6d9395069b553be594acbcf28
SHA256 5b75646db45434e7a12f85e24cd79be59e900ae10f5c2d27d4ac4a7bbda3fff0
SHA3 8f6dce2583e604970ba9dc6f6b325034ce53101f71a1fe90e803953156754dd3
SSDeep 96:nPPVHLWlgdvtAH2kw/f26KFdgxJGF9Xf6s8c1KVUP2yjcW7L0lPSz:nZLxvtAHFE+JoJkN7oUOyjcW7Lbz
Imports Hash c7d5521c9df6e2e79e49c0fb2805ccda

DOS Header

e_magic MZ
e_cblp 0x50
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0x1a
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 8
TimeDateStamp 1992-Jun-19 22:22:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x1200
SizeOfInitializedData 0xe00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00002060 (Section: CODE)
BaseOfCode 0x1000
BaseOfData 0x3000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1e000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

CODE

MD5 bf59dafc009b45574f9ebe3c79e1aa49
SHA1 ef0d297986dc1d0c3ad8fba05f689b059515ec06
SHA256 e60eb6552a7c99ffae67de8973f68cfdc246d78ad802cc2bd468d044789e3080
SHA3 196eb5f3426ebf02c2913508697365121dc60ae82c114ce1861ce9aa34740ee9
VirtualSize 0x1178
VirtualAddress 0x1000
SizeOfRawData 0x1200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.27109

DATA

MD5 f634b856dce166077480586c168659a2
SHA1 d761721fbd6b1d7fa9e8c86463875bf80040acc6
SHA256 c7f2abb5474428eceeb98f8e5911f4bdbd1914784efed0a7287a7dec851e0c60
SHA3 d3f77f0dfb294d8c502c4644cc40199ca7350977de53ff8508d098c46e1f4e52
VirtualSize 0x90
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x1600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.63984

BSS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x141b1
VirtualAddress 0x4000
SizeOfRawData 0
PointerToRawData 0x1800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 34819f5d767d8d630d3e7c137a318d7b
SHA1 f8be26b4eee3cfc77ad8453d27f9b1f08d952cdc
SHA256 87810392cb9cb9c0de009ad6d303a103c70111e1926c5d61fe48c66af689e44b
SHA3 8e459e7acfafdd894db9f6a8f9584c91b664682b110b8f48c98c50a72bd966dd
VirtualSize 0x440
VirtualAddress 0x19000
SizeOfRawData 0x600
PointerToRawData 0x1800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.63737

.tls

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x8
VirtualAddress 0x1a000
SizeOfRawData 0
PointerToRawData 0x1e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata

MD5 592788f0130b45889c59fd2b7199319e
SHA1 3e7f971d4e97df6ac17179928b0f15bee0713f66
SHA256 b2a898ca6e6d1628d58c7287c73fc502b058a97825cf18b1edaf7b564ad9e253
SHA3 f3f40d83f21b03cbbd2c401fec4d0cfd0be6d60bc17526403f4b97acb5616855
VirtualSize 0x18
VirtualAddress 0x1b000
SizeOfRawData 0x200
PointerToRawData 0x1e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 0.210826

.reloc

MD5 9067da4ff3106b2f4d45ddac7a9c9a47
SHA1 77202d6917dd400862613d6ab6999f1636a195a1
SHA256 e2e5f5b2b607ace2c068d6c5441aaf43299d13c664c9be0d017e34904883fc26
SHA3 47bc00976416c8dcc7176eb1f67b75e27ab14ca7ff1eb681f751cdd527e18f2b
VirtualSize 0x1d8
VirtualAddress 0x1c000
SizeOfRawData 0x200
PointerToRawData 0x2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 6.03592

.rsrc

MD5 a3cbd8795b9c575940e71def7cb44b42
SHA1 deb5395c0cebcc88595b1441a4f22161fc2c2613
SHA256 288091f704ad743d9888d1c2a098ac8cef861cb87e0936a7c7abce3fb83b40dc
SHA3 76acc91f1d2aa30c371b3bd882e0897e24b6bf6040305ecabdf5866ea7bf09d7
VirtualSize 0x200
VirtualAddress 0x1d000
SizeOfRawData 0x200
PointerToRawData 0x2200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_SHARED
Entropy 1.76806

Imports

kernel32.dll DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
LocalFree
GetCurrentThreadId
GetStartupInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll GetKeyboardType
MessageBoxA
advapi32.dll RegQueryValueExA
RegOpenKeyExA
RegCloseKey
kernel32.dll (#2) DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
LocalFree
GetCurrentThreadId
GetStartupInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
GDI32.DLL Ellipse
USER32.DLL PostQuitMessage
InvalidateRect
FillRect
EndPaint
BeginPaint
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
ShowWindow
CreateWindowExA
RegisterClassA
LoadCursorA
KERNEL32.DLL GetModuleHandleA

Delayed Imports

DVCLAL

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x10
TimeDateStamp 2019-Oct-07 01:09:42
Entropy 4
MD5 d8090aba7197fbf9c7e2631c750965a8
SHA1 04f73efb0801b18f6984b14cd057fb56519cd31b
SHA256 88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610
SHA3 a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb

PACKAGEINFO

Type RT_RCDATA
Language UNKNOWN
Codepage UNKNOWN
Size 0x28
TimeDateStamp 2019-Oct-07 01:09:42
Entropy 3.19546
MD5 4f91564c17d46187b363deacc12d154f
SHA1 82a3c0329c9cb8b6be3009dc8cad278e44081e4e
SHA256 73745e6d974961ec925a83660470df199be771c84fed0403c1387ccd63e36691
SHA3 a6b519ab527eac1bfee1b46263a0b88309b2dae1131de3cfa1be8e11b92f5b41

Version Info

TLS Callbacks

StartAddressOfRawData 0x41a000
EndAddressOfRawData 0x41a008
AddressOfIndex 0x4046d0
AddressOfCallbacks 0x41b010
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks (EMPTY)

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0! [*] Warning: Section .tls has a size of 0!
<-- -->