| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2014-Dec-08 12:49:56
|
| Suspicious |
The PE is possibly packed. |
The PE only has 0 import(s).
|
| Suspicious |
The file contains overlay data. |
80896 bytes of data starting at offset 0x22400.
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
ce263eae9d560f239c8ab04d8c6f1869
|
| SHA1 |
1bbc12c8241fd0e71a18f8f65228a1081bb51630
|
| SHA256 |
e96aecf6fbec3bbf603575f1d7af7c5802c22bf468824103d91ca03a8da26775
|
| SHA3 |
1d99ef5ee0d6c0acecc798522b4dcf94b1d799a02a08e6d197e4ccaddbc55ff0
|
| SSDeep |
3072:uM87frgs3fJ4A/W+zID4D1PquRaBwQycbBVN:qsSfuwlR4SrY
|
| Imports Hash |
d41d8cd98f00b204e9800998ecf8427e
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0xd8
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
5
|
| TimeDateStamp |
2014-Dec-08 12:49:56
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
| Magic |
PE32
|
| LinkerVersion |
11.0
|
| SizeOfCode |
0x1cc00
|
| SizeOfInitializedData |
0x15600
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x00003F12 (Section: .text)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0x1e000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
5.1
|
| ImageVersion |
0.0
|
| SubsystemVersion |
5.1
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x36000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
a4f555c9c8eaffb3a1f528b1968fe0c2
|
| SHA1 |
ada3ebd9892c5432bf5cfa38e17c75b154cfd7e5
|
| SHA256 |
237c210beb9d661990575809dbe016ed079ab7c433806b67efcfac1e7da87c18
|
| SHA3 |
e4910c18902dc84075637590839877ca8428a5a7c02607312656ebfc112bf033
|
| VirtualSize |
0x1ca3e
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x1cc00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
6.34966
|
| MD5 |
95e69810f048fff4a73a9a615d1fda49
|
| SHA1 |
b2c76dca389c7966ef6dfbc0169bd918c3407926
|
| SHA256 |
32694ca6a6508e2ef996a64402a17117c94ef05e5e08322e6a99fed62c09a3a0
|
| SHA3 |
0bfdfe749b4aaf4537e5ae728b70f695947fc380c3b8314cae4c9b945a3b333b
|
| VirtualSize |
0x1e8c
|
| VirtualAddress |
0x1e000
|
| SizeOfRawData |
0x2000
|
| PointerToRawData |
0x1d000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
5.86276
|
| MD5 |
8b23ff72621b0bac349809fafd4672d2
|
| SHA1 |
582380138fc6a82df456e149d386e9ebcd2e5e16
|
| SHA256 |
c343b6fc678441208fa51942622d3b0df985d600dfd3758d6157e2cefff06ae1
|
| SHA3 |
36720ae6b914edc02ac9b4a299564516c773546a5e56964aa502dafb708ae06e
|
| VirtualSize |
0x12124
|
| VirtualAddress |
0x20000
|
| SizeOfRawData |
0x2000
|
| PointerToRawData |
0x1f000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
5.33237
|
| MD5 |
ccecffe32e46777bc4446eb960934cb8
|
| SHA1 |
f6a8082b6e74d3350ab9677ab7a27cbec44c296a
|
| SHA256 |
7d21eecb2b53d2c5aa76d0090444dd565131cca9608b220fd167fddfb9fdc5eb
|
| SHA3 |
e636230115ff422210af08b647d5a5fa04ff317b8cd15ffc854eee0bcd056f23
|
| VirtualSize |
0x1e0
|
| VirtualAddress |
0x33000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x21000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.60162
|
| MD5 |
d1f45ba206824d0116044a840a06e684
|
| SHA1 |
0f54640c102d239d9cdc3c7091f6f49b9a5ccaef
|
| SHA256 |
555404d067d45171e698e170ac78551e2a418296a37cbf32a112cbf2a70096d6
|
| SHA3 |
0bca1756dc9421d17dd49ab0f9660181c8960c0a6b7e04fa57a455c2a5ceff0a
|
| VirtualSize |
0x1198
|
| VirtualAddress |
0x34000
|
| SizeOfRawData |
0x1200
|
| PointerToRawData |
0x21200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
2.97403
|
| XOR Key |
0x25702dd4
|
| Unmarked objects |
0
|
| Imports (VS2003 (.NET) build 4035) |
2
|
| Imports (VS2008 SP1 build 30729) |
5
|
| Total imports |
13
|
| C++ objects (VS2012 UPD3 build 60610) |
115
|
| Resource objects (VS2012 UPD3 build 60610) |
1
|
| Linker (VS2012 UPD3 build 60610) |
1
|
[!] Error: Could not read an import's name.
[!] Error: The PE's resource section is invalid or has been manually modified. Resources will not be parsed.