| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2020-Jun-09 00:17:15
|
| TLS Callbacks |
2 callback(s) detected.
|
| Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- GetProcAddress
- LoadLibraryA
- LoadLibraryW
Memory manipulation functions often used by packers:
- VirtualAlloc
- VirtualProtect
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
b621c40b795919274037065a998ef219
|
| SHA1 |
17f6f20be178b86ef650506a3822df1bcd8efc80
|
| SHA256 |
cb83643b79d6be4d7533a1ee33a81bc0ac1e6c0ab317f311eb0831245626269f
|
| SHA3 |
c949732b523b0edbb4a8343082a5a50768629d3f3737ffe33a69bcd2c3f32321
|
| SSDeep |
192:AwrH+DgGK83SxHn2OQ/dmBI4KBfTgir+xzCPbqUqV/Qjo7AGa:Ai+kGKqbOCdWIVBff+xzWfCXAn
|
| Imports Hash |
dc25ee78e2ef4d36faa0badf1e7461c9
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
7
|
| TimeDateStamp |
2020-Jun-09 00:17:15
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
| Magic |
PE32
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x1e00
|
| SizeOfInitializedData |
0x3400
|
| SizeOfUninitializedData |
0x600
|
| AddressOfEntryPoint |
0x000014B0 (Section: .text)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0x3000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
1.0
|
| SubsystemVersion |
4.0
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x9000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x3fd9
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
7cb51d8c80820cb459af5e2ae8fd85b6
|
| SHA1 |
690572919bc684ac1c5f5afdcac124f0fa5838ac
|
| SHA256 |
a8ace554479c49b0fc50a78225ea365ea54aecd28a9b91a5287ae3d5cb3a271b
|
| SHA3 |
673824a33def6e2fdc95ddd2b17b523bb62a50992c7075c8441b3a1ce7753d40
|
| VirtualSize |
0x1d44
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x1e00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
5.87034
|
| MD5 |
a0fbd320ce2ff4b2427f89ad7b11e5d8
|
| SHA1 |
c2d38d865ce9538b09e0ce8b9d2079b18e6cfd0c
|
| SHA256 |
0ed35f29f15c1f9568e1d67b3df096b274063c772b07c6314da364220e292a29
|
| SHA3 |
82575a5b0147fedb4c0e274693a169b1106439385394d02ed366f8ead40f2348
|
| VirtualSize |
0x424
|
| VirtualAddress |
0x3000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0x2200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
5.32366
|
| MD5 |
a40946782f5af553dfb4e92f5f8b97c5
|
| SHA1 |
2ea026e66e4a6ab4fc0c515bf42afff0ead4060f
|
| SHA256 |
11f0fa1b1592b33eefb3dc9a4c18af8cadfe208350a4ddd3f926afa836880c8a
|
| SHA3 |
b6d244978d0ac6b92e7436d97268fbc76563f798fe50c555b406d768cf9a2a38
|
| VirtualSize |
0x2f4
|
| VirtualAddress |
0x4000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x2800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.36564
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0x45c
|
| VirtualAddress |
0x5000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
1fa811f6451d1b5dbef8208d24ba67ab
|
| SHA1 |
bf9d050e68fa3d4b8f7b1d444310f975eb630238
|
| SHA256 |
911cbeab02d4c238e8c2d06b229c033d33c0149e636d70892150ca4333f5cbe2
|
| SHA3 |
4e1a72d945ea8495df9db9f60a3f6e42e96616856ce0a0626eda4859a9cb74ae
|
| VirtualSize |
0x6ec
|
| VirtualAddress |
0x6000
|
| SizeOfRawData |
0x800
|
| PointerToRawData |
0x2c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
4.20101
|
| MD5 |
9de5f1d116d44b01311bad1a72865561
|
| SHA1 |
18fb530a8c5271b2ab373c040ab9e26a72a421fd
|
| SHA256 |
df27adf6f6239f3f5534ae721ac3009ca336c7a6a6f601f7ba2869c9e11e98fd
|
| SHA3 |
851220c37bdc0e45bce6f8ce7f874acecc4366d05fba654f3310fc0589605ce1
|
| VirtualSize |
0x34
|
| VirtualAddress |
0x7000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x3400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.24913
|
| MD5 |
fbb2f655a2d41a7ed1460a18df87b605
|
| SHA1 |
eca8715921bec170e6675ce7db7f6820337cbd9c
|
| SHA256 |
c2270e74719a01888f6ac5e947df324d31adbf1479a8d6a0a36e6bc814417203
|
| SHA3 |
7e4b414a48226fc7d3ef950e22c809b5c5664d9b251c7f3447f00ea1e64037f4
|
| VirtualSize |
0x20
|
| VirtualAddress |
0x8000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x3600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.22482
|
| KERNEL32.dll |
CloseHandle
ConnectNamedPipe
CreateFileA
CreateNamedPipeA
CreateThread
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
QueryPerformanceCounter
ReadFile
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery
WriteFile
|
| msvcrt.dll |
__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_iob
_lock
_onexit
_unlock
_winmajor
abort
calloc
exit
fprintf
free
fwrite
malloc
memcpy
signal
sprintf
strlen
strncmp
vfprintf
|
| StartAddressOfRawData |
0x408019
|
| EndAddressOfRawData |
0x40801c
|
| AddressOfIndex |
0x405034
|
| AddressOfCallbacks |
0x407020
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x00401950
0x00401900
|
[*] Warning: Section .bss has a size of 0!
uztermin
3 hours ago
Cobalt Strike Backdoor
nigger
3 hours ago
big yahu published that