ca493006d55ebda9f97c7848cee144a7

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2003-Jun-26 14:08:08

Plugin Output

Info Matching compiler(s): Microsoft Visual C++
Microsoft Visual C++ v6.0
Info The PE contains common functions which appear in legitimate applications. Can access the registry:
  • RegCloseKey
  • RegQueryValueExA
  • RegOpenKeyExA
Suspicious VirusTotal score: 1/74 (Scanned on 2024-06-27 21:19:08) Trapmine: malicious.high.ml.score

Hashes

MD5 ca493006d55ebda9f97c7848cee144a7
SHA1 82671680c2fd7037e3982da62227bfa9611f91ee
SHA256 66252b80e1f62e284d60ddfc340fa7d6b651929d85360cee0f78cc04a8c5e343
SHA3 287b64c6a3ca92f1817c723a24dcfbda520e8a7f4e53e318ff8ae05db4630c99
SSDeep 96:XsK1jHA1J4NV/HMjiNOi7XV8jr1enQYzjaADfNP4oyn:dj/Hco8jrgQoja2fNP4oyn
Imports Hash f3899020c1ea8bbf0c84a80689caa590

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 1
TimeDateStamp 2003-Jun-26 14:08:08
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001B48 (Section: .data)
BaseOfCode 0x1000
BaseOfData 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x2000
SizeOfHeaders 0x200
Checksum 0x110f6
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.data

MD5 1af9fdb2dfc492a4f99a161008adbd57
SHA1 daa3567c39dd9511f45f1fa4f7238451cb706ee2
SHA256 67dbc212c53857098fce3ef0c7244a6f0d529e6e96b9326d383956d2008d11b0
SHA3 a392ec2c05477ec7141ec810992b73447e74aec91fd7e72f7103bad92a10b5aa
VirtualSize 0xf8a
VirtualAddress 0x1000
SizeOfRawData 0x1000
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.06536

Imports

KERNEL32.dll GetCommandLineA
GetVersion
lstrcatA
lstrcpyA
USER32.dll ReleaseDC
wsprintfA
ChangeDisplaySettingsA
GetDC
EnumDisplaySettingsA
GDI32.dll GetDeviceCaps
ADVAPI32.dll RegCloseKey
RegQueryValueExA
RegOpenKeyExA
MSVCRT.dll printf
__getmainargs
_initterm
_controlfp
_except_handler3
memset
_exit
_XcptFilter
exit
__p___initenv
__set_app_type
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x50b970c7
Unmarked objects 0
14 (7299) 1
Linker (VS98 build 8168) 2
Total imports 30
19 (8034) 9
C objects (VS98 build 8168) 12

Errors

<-- -->