cdfb5a7081f413acdc9951be47563712070a9ae9012456c0bb4c8c38f1302a32

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2019-Jul-09 14:20:49

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
  • LoadLibraryA
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
 Leverages the raw socket API to access the Internet:
  • ntohl
 Enumerates local disk drives:
  • GetDriveTypeW
Suspicious The file contains overlay data. 1301961 bytes of data starting at offset 0x73800.
The overlay data has an entropy of 7.99936 and is possibly compressed or encrypted.
Suspicious VirusTotal score: 1/61 (Scanned on 2026-04-12 09:41:12) Cylance: Unsafe

Hashes

MD5 ae82a752a582e764bb18cf0c2e447a2b
SHA1 0075a7e471607b5f398341847c41e2961895f221
SHA256 cdfb5a7081f413acdc9951be47563712070a9ae9012456c0bb4c8c38f1302a32
SHA3 0bc6dc3d843fca6e54e06d9201252d1f8e9cdb9843ca4bb3b5a0002cf4ce0cc8
SSDeep 24576:bb/4rP5b/CTaeZm/5jGwSERfM7Q6DpR/NxH2d7z0xEXCEwHIVsWVzBH+8:v25eTasm/zRUs6DPNxwpmHIxdH+8
Imports Hash 94984869e1c4b93c0069850d9e3b564b

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2019-Jul-09 14:20:49
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x20c00
SizeOfInitializedData 0x52800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000008D98 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.2
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0x86000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 f7ef97b62cc21cfcfe0acb2323c78ff0
SHA1 e3ac5fa4b1c711d1c0f33da7b2c7167a60239426
SHA256 e03729fa111a82ca292bda194f06aeb60a97011ccb354529906948c2a161b66b
SHA3 ed76df763f489d9f83232a6df9881935c3685bb8796453a55b6c945fc080a708
VirtualSize 0x20be0
VirtualAddress 0x1000
SizeOfRawData 0x20c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.46378

.rdata

MD5 3a70ef4c41feb45c57f17487b071ef61
SHA1 deb25b47476479382866421349aad7d387e0e3b1
SHA256 6b79053ed4741b946312f24ffec1d9e4f97a77ede4dc864b10fa44b0a40eb3cd
SHA3 c048795bf672085a3ef4f1618a3370a856252e089c8a4c1073a125d4e03b98ee
VirtualSize 0xf4c0
VirtualAddress 0x22000
SizeOfRawData 0xf600
PointerToRawData 0x21000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.82934

.data

MD5 4c751bd0824879808309a05b27d4a492
SHA1 110d8c9590a7523ff85e3cb7ea3730c5deb93026
SHA256 c5d90e3a0a7d45bce2bcaf017cb74a2f701a507a4cd1904b519831db3a4d6976
SHA3 a5cb39ebc19c0258e45c865a45aa7c848cf076a7c0c40e1d9c2cc3f0626bdb25
VirtualSize 0xf108
VirtualAddress 0x32000
SizeOfRawData 0xc00
PointerToRawData 0x30600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.84448

.pdata

MD5 0ecac398aad540c1b527bcf3688beff8
SHA1 c95a64d95d5d95b4572518700d51e6f6907548d9
SHA256 3a695f9d6d3fe5ef27b7b794a52da325c81819500068d7e622c75b1d10d3f051
SHA3 5058ea6292d99ad7ddbd5a51ae68c83485f1197c69b490bffdaaf9d9c374f317
VirtualSize 0x1cb0
VirtualAddress 0x42000
SizeOfRawData 0x1e00
PointerToRawData 0x31200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.17072

.gfids

MD5 a53a51d3e95490b928cd8cc596ee76d9
SHA1 553c2ad09bc863155a46abd8265f30f8d7019a9e
SHA256 55ae2645f27c507e05df61f9f8699195d6a487b98fe090d866f3d664ace8e1c8
SHA3 c1562f69013f451a1c0b8872c35aecadaf01a39361fdbeca529bc2885892a7a9
VirtualSize 0xac
VirtualAddress 0x44000
SizeOfRawData 0x200
PointerToRawData 0x33000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.74975

.rsrc

MD5 e65288653cbdaa91606743207d22da9a
SHA1 0e38c93ec2ca53996193c8ed62d9cc48bac130df
SHA256 288ed40c8285c54b6e07018153b0d150b9579a35e7c41b2efd3f8255ba51e443
SHA3 677c6edbabc85ba01024bd519d38f7b6bdbc82b1ce2f7f57dc3a391349b50556
VirtualSize 0x3fd68
VirtualAddress 0x45000
SizeOfRawData 0x3fe00
PointerToRawData 0x33200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.11178

.reloc

MD5 dba232b263d15c005890f728ca658d4b
SHA1 7198ed03590d386a428b1cdb8aa7ac0d835ac010
SHA256 5b85d2e1842a227af7ca318b90ae5e45cf09722247d1ba647e3481352cd38bf8
SHA3 99263fd98cec12a1ee1e77946db21cf068aa46eb4cfc42ef636c0f90cc6df354
VirtualSize 0x698
VirtualAddress 0x85000
SizeOfRawData 0x800
PointerToRawData 0x73000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.9952

Imports

USER32.dll MessageBoxW
MessageBoxA
KERNEL32.dll GetFileType
SetEndOfFile
HeapReAlloc
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
GetShortPathNameW
FormatMessageW
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
HeapSize
GetTimeZoneInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetCommandLineA
ReadFile
CreateFileW
GetDriveTypeW
RaiseException
CloseHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
GetFullPathNameA
CreateDirectoryW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableA
GetFileAttributesExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
WriteConsoleW
WS2_32.dll ntohl

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x31d08
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.52328
MD5 8a175ef55171224d3f1e22ef63880b3f
SHA1 1165346cda941b88ab8f077b8a842bd053cf30b3
SHA256 4cc26437f933789d90582d32295269a3fa69eff655d7452a41ab9879314117d1
SHA3 d61ff4914222bf5b865daed8cec09a70df55da85013eebefcb2bc7460f60a7c3

2

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.44895
MD5 1c06420cfb94514d35c088699a04774d
SHA1 2c23d7df4bc8ce3fb15f33e78c042b12814aea3b
SHA256 d73c1848a067a0fd094423213dc1e855b5b29b0b441f0bcb315feb90d662972e
SHA3 a630c0bd054ccf853d3673897d2a553e10797d288b3f09898503304ecec7d7f3

3

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.77742
MD5 db1208cf5d76055be1c3a34567af9f5a
SHA1 c5adcd7407c8b18459e4b4ce96fb70ecf5701a97
SHA256 5a008270f7254f5ca861e9936f4b5b7a23c04d63165895234fd1782bc03ec0e5
SHA3 549076010917e74ff3fe656848779d90468b96740184b07016dbf2833e9abf99

4

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x952c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.95095
Detected Filetype PNG graphic file
MD5 f6fbada22d6a6c07ef8fdaa504f117d5
SHA1 591a723501eff1a4920462f8efcaf3715e829450
SHA256 3919b11194f130d310dfe08bdce2891c5b64f2703107f53a5a1cbc016fdb609f
SHA3 ceca597fff3f436773eb9e48be245ce9d24439b9527a0d3aedaa1469e49d3f5c

5

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.0521
MD5 86ce219c337119fe35646823cb56d091
SHA1 74d3090f01f3128bda93a3a7525f139c495bffbd
SHA256 7ef5a24efde1748c0eb12c5817b14cfe1397ae968489a7824a269d02c8223cee
SHA3 8daaa7aab035df895cb478d3b92385d12aebd96c8bbde3a05a615ff56d41aebf

6

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.15081
MD5 58b7700e8f20d0a3c77021eb7e7019dc
SHA1 87f7668b96ab48bd6ba5c8b9968dbb024a028407
SHA256 c5536b396be6dcfc96f4e4f77cc7007b2a56730ee57598a6979cc1c1c71c920a
SHA3 13bb36cea0c569109ddca6560016003d3ce662f8e0bc189e9750019ccdc7bc72

7

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.39466
MD5 9de69c1c4b3a06597da9c275b38bffb6
SHA1 a4ed3bd1bb4edc0eaa187b68929f596906e9ee87
SHA256 ac2e25dc4a4f7bd96a0bcf3ea63cd1bcf26a6f6a05835e32f96ef99cb4323f30
SHA3 6ff197b54509b5c0fa643d6bdbc756cccec2b5bc8495c770883c021e833f7509

0

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.01924
Detected Filetype Icon file
MD5 dfa1d8e7fb3bf10ebcb62abe399624b6
SHA1 fab7fdc3a8762591aca748a49e4d0c0669358d7a
SHA256 7d7e945495bd1c9d2f4063e8f0a8a1a5e218d9f7c230e1190cf153ee08ccb308
SHA3 f463f2a422942a930de5953d21505709c33503d85ab31e22130ae36c9c52558c

101

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x68
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.71858
Detected Filetype Icon file
MD5 cd3a631eace19041876b4c4c6ec8461a
SHA1 d4b3f99c4d648e3446dc05e7fb6e444e42dfed01
SHA256 f5b94a42f1c77c9eef858a0dfd656419fea900b00318c2c0bf49c2fce345d838
SHA3 b6dcbb1b4c262eb5aee12773a52c29ff20fef809a4e61822700d005457944b9f

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2019-Jul-09 14:20:49
Version 0.0
SizeofData 720
AddressOfRawData 0x2eaf8
PointerToRawData 0x2daf8

TLS Callbacks

Load Configuration

Size 0x94
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140032010

RICH Header

XOR Key 0xd93e34b3
Unmarked objects 0
241 (40116) 7
243 (40116) 172
242 (40116) 13
ASM objects (VS2015 UPD3 build 24123) 7
C++ objects (VS2015 UPD3 build 24123) 28
C objects (VS2015 UPD3 build 24123) 19
Imports (65501) 7
Total imports 116
C objects (VS2015 UPD3 build 24210) 17
Resource objects (VS2015 UPD3 build 24210) 1
Linker (VS2015 UPD3 build 24210) 1

Errors

Leave a comment

No comments yet.