Manalyze report for cd427459db936fed3fccc16207cd8e3b

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2021-Jun-10 13:27:57
TLS Callbacks	2 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /31` `Unusual section name found: /45` `Unusual section name found: /57` `Unusual section name found: /70` `Unusual section name found: /81` `Unusual section name found: /92`
Suspicious	The file contains overlay data.	`28634 bytes of data starting at offset 0x47e00.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`cd427459db936fed3fccc16207cd8e3b`
SHA1	`bbcbbc408b3123f5bc873888cfc4f8d3333b752a`
SHA256	`35274a09e5b66073b543556ffb2204cf282daecca7311745ecfb5c6bfc848808`
SHA3	`13b1ef09b8a59bff2660a31fb80beef187e53de84a9960978a42f69491004c1e`
SSDeep	`6144:uIFKK324xOl/vSd05W1+5aq2uhykCCuVSum+Y1ZT03iifo0:zsVP5Sa0MoxuQs1l9TEiQv`
Imports Hash	`538e71c8e9020851ddfc9f266f85d91f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`16`
TimeDateStamp	2021-Jun-10 13:27:57
PointerToSymbolTable	`0x47e00`
NumberOfSymbols	`1324`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x1800`
SizeOfInitializedData	`0x3000`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x000014C0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x54000`
SizeOfHeaders	`0x400`
Checksum	`0x51a2f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2afeb62ca1330624d6d95f4bad3a99af`
SHA1	`e3686efc1ad8969ff1699cced862b6bd9d889f0a`
SHA256	`506e620237bc7e460301704668c6587f74d63c05ed6db2f6b18770a16e1e9afb`
SHA3	`d572ac26426edb686d50bd508ae873986129aa8189623f25176a0f963865cd9a`
VirtualSize	`0x1704`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.79403`

.data

MD5	`a4d96c8541d7e73ce139a00d0b0883f9`
SHA1	`19e300bc8f28da9a103b16fff3869c8378f7e0e4`
SHA256	`89e6e57456652a22f4664e2c32ddfa451ba9c0746e63162bb719536c0fa183cc`
SHA3	`157d3a8508aec18b10eb76bfcfa36ae2442fda785bef69355b71b41d42674d0a`
VirtualSize	`0x30`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.564288`

.rdata

MD5	`125245fe0046835ff99eaecd6e3748ae`
SHA1	`deb9e39732cd2738fd116f15cf92801b954d2aca`
SHA256	`59e26d2dbac5e1da37d4c75333b91dbdbce62c4a8165882c0fc379591eb38ad0`
SHA3	`553b4d75e4b24a9f253dad9294f4b7ff552e7da73c249cffe57279399d375c1b`
VirtualSize	`0x51c`
VirtualAddress	`0x4000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.68391`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x3e8`
VirtualAddress	`0x5000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`557bd4d280aba1ec45c0d5d97bd5c9e2`
SHA1	`39388ab59a6aa4cd34f6e0bf97399f684edf3453`
SHA256	`e3a08cffc50e81513ec64518191855c3131f43fa0cf6f7fb211609ae64c1fb6e`
SHA3	`f128ab995000b87912b963cd34af25cb06c12d25867116b3314865d19836d0f8`
VirtualSize	`0x558`
VirtualAddress	`0x6000`
SizeOfRawData	`0x600`
PointerToRawData	`0x2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.26316`

.CRT

MD5	`d66a6dd250b43046918f1bfc6b95a96a`
SHA1	`33c90d239f42eeea745bb8882cea0fdfdf3a8eef`
SHA256	`67e5dba407d0669f4b4c4e107afe60857b894ca1cf112e86ec9a324dd503ed74`
SHA3	`f525678bbf3bc8f3c3208092022b64cc5f219d4b87a4e66536b7c1116758fe0b`
VirtualSize	`0x34`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.274825`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x8`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`974052abdecc7094fb05b50cede8c559`
SHA1	`ab5d5b73e310bb0c2bfbb2e7d267e5b80b9a986b`
SHA256	`09dfc97057713a4b7c1cafff1cdb2a1524917cb09d31e1967e6b02abc39c335e`
SHA3	`f6ef2aeef10420bd696daa2a3069eebd4f4229b1eb8379aaa296864c95cf3aa1`
VirtualSize	`0x4e8`
VirtualAddress	`0x9000`
SizeOfRawData	`0x600`
PointerToRawData	`0x2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.77848`

/4

MD5	`dc0fc1fedc00eee13ed6b504f5254d9e`
SHA1	`b20f0f5bb00a299ebee1add466c283127e852f7c`
SHA256	`088371ee23f388c4f926b0bfa02c871128f9c8c5454f8aca0a0cc62a36d45319`
SHA3	`dd8a99dae175e32208bf442ce41eeaac6b859ab53c22a542be4c448ed8be8873`
VirtualSize	`0x310`
VirtualAddress	`0xa000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.89729`

/19

MD5	`1c38e4aeccaede2d2251528439f5b572`
SHA1	`f4fcfaadfc3322ae1bd02bfc47ea1dce8dd62187`
SHA256	`cd8e182a5739df7500ee38a62f09fc610b4dbf64619e8faaa48167fd4b224716`
SHA3	`d811db6b9507edfb7c6ad5405e39e43a0e454f2464a3533f49475d4fb7db5c0f`
VirtualSize	`0x3c4d2`
VirtualAddress	`0xb000`
SizeOfRawData	`0x3c600`
PointerToRawData	`0x3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.00038`

/31

MD5	`95e07e73735421e15d37791dfe05ee31`
SHA1	`5307dd6cef598690cce1dab9141d6b93854b44cb`
SHA256	`377ad848651e0eaf8f7e06233c95398b1a15e3952425968fc9a174bd14991bf3`
SHA3	`b408394430d11ef87fd9838edb767009875ab0707cc7b11ab032879dd68777a6`
VirtualSize	`0x2466`
VirtualAddress	`0x48000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x3fe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.56558`

/45

MD5	`56368cd614d3c112adddab2ea2ba3503`
SHA1	`a4734a26c778ac63be6aeb76dd3ef143bc315f64`
SHA256	`c9c02cbf2f7d4bda9497f6933a398e75b63c33a296deb6971648af1436529228`
SHA3	`9f3328849d7734c203e0686689ccf0e15faaaf0f8f780d665067c676b0ae7b9a`
VirtualSize	`0x3451`
VirtualAddress	`0x4b000`
SizeOfRawData	`0x3600`
PointerToRawData	`0x42400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.48201`

/57

MD5	`4af831ee7d815c95472d61e1f43c8a41`
SHA1	`15bbcaf92007e1ca67a9050f18226ea909934509`
SHA256	`73e8073a1a5dd9fffb82218c6d68fe4c04136592af8e928f80ad678790312031`
SHA3	`ca7dd320ee850cac7e4fff134163bc07da34457f39005437628bb7dfc45ab3ef`
VirtualSize	`0x79c`
VirtualAddress	`0x4f000`
SizeOfRawData	`0x800`
PointerToRawData	`0x45a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.59158`

/70

MD5	`ef50a74f2b0c111a08577b3aa0462149`
SHA1	`2e9171410f0ea0d6b2b10487f61faa7f5132f60f`
SHA256	`5768f6dd9f0c559425cb325f0437e555086bbc2a92d96b117b78f9cf675794b3`
SHA3	`55dfa9a075175944f7e3971bae5d4618f660eba0286cb08c30a067c0844a78be`
VirtualSize	`0x581`
VirtualAddress	`0x50000`
SizeOfRawData	`0x600`
PointerToRawData	`0x46200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.80394`

/81

MD5	`30db50ecb48470fc65828a718f648d48`
SHA1	`a4bed8ce07bf847c67164647f4549da1ebc38881`
SHA256	`60867d6b5639d5305017b9a08e288aac9132b4ee067728317264387b8de7e1ef`
SHA3	`dedf84ea821dfca681a76df2310250d0f33e232eb538155e557112c50bdb84c0`
VirtualSize	`0x11e2`
VirtualAddress	`0x51000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x46800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.03026`

/92

MD5	`37649c1047b37324e38472d62a2a012c`
SHA1	`b4008dad63e4c62036d3561dfaea8553d9ad3743`
SHA256	`fefbbd6ebc9f5ffb768618c712c3258ea09bd53e2f6567d5b8f955d0c0f63ed6`
SHA3	`bfddfa59001db21f42eb7a75bd2ad7646f91c4258eb4cfe2ac65df3a880c4167`
VirtualSize	`0x260`
VirtualAddress	`0x53000`
SizeOfRawData	`0x400`
PointerToRawData	`0x47a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.73139`

Imports

KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetLastError` `GetStartupInfoA` `GetSystemTimeAsFileTime` `GetTickCount` `InitializeCriticalSection` `LeaveCriticalSection` `QueryPerformanceCounter` `SetUnhandledExceptionFilter` `Sleep` `TerminateProcess` `TlsGetValue` `UnhandledExceptionFilter` `VirtualProtect` `VirtualQuery`
msvcrt.dll	`__getmainargs` `__initenv` `__lconv_init` `__p__acmdln` `__p__fmode` `__set_app_type` `__setusermatherr` `_amsg_exit` `_cexit` `_initterm` `_iob` `_onexit` `abort` `calloc` `exit` `fprintf` `free` `fwrite` `malloc` `memcpy` `signal` `strlen` `strncmp` `vfprintf`
USER32.dll	`MessageBoxA`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x48f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13793`
MD5	`5aa04ce935e78505e230765e85c34355`
SHA1	`6c93b8c5fde8be4b2231dca6b8ec513cdc82c991`
SHA256	`a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d`
SHA3	`149467cafc03ba34b33cd8076fc2771413760822357952de205dbae2b5cb8059`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x408000`
EndAddressOfRawData	`0x408004`
AddressOfIndex	`0x405390`
AddressOfCallbacks	`0x407020`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x004017F0` `0x004017A0`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /31!
[*] Warning: Tried to read outside the COFF string table to get the name of section /45!
[*] Warning: Tried to read outside the COFF string table to get the name of section /57!
[*] Warning: Tried to read outside the COFF string table to get the name of section /70!
[*] Warning: Tried to read outside the COFF string table to get the name of section /81!
[*] Warning: Tried to read outside the COFF string table to get the name of section /92!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!