ceb11e406c99511a0a19ab9e95d16ff1

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2019-Jul-21 14:09:12

Plugin Output

Suspicious The PE is possibly packed. The PE only has 3 import(s).
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 ceb11e406c99511a0a19ab9e95d16ff1
SHA1 5095ff60ea336e4fa2156e701f72ec95245ab4af
SHA256 a377e5a815b59a75898a051c6153c85cf6dd7825a158a1124a06a0d4933eb06a
SHA3 f2859568994b90b1f26856a34fb03ae87e9b1e21f93ccd44309bfabf6019d1bb
SSDeep 12:etGSG+FcMuX2Wad2uCxNgBWEh5whWEhaPxbMcHIEHBLD2ZUX:etGSU2WadnEEh5whxhaPxbxBLD2GX
Imports Hash cbb5fc0c10b51883a8e3c2e455914b8a

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2019-Jul-21 14:09:12
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x200
SizeOfInitializedData 0x400
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001119 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x4000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 53941b9ac4cdd346a729f2fa7926732c
SHA1 5df479a2ab3cfec5e81041620c1bc2b6cde47479
SHA256 8c82cfde614fdd9294a83d05651de46c4cfd63cb458daccd104d555891b75f21
SHA3 a5482bb8b9c4967585775d4cfa5e05a67c500886ccbb181ec14dbeabe4923527
VirtualSize 0x139
VirtualAddress 0x1000
SizeOfRawData 0x200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 3.17601

.idata

MD5 2695f30fa371804127f481287a5e9722
SHA1 faefc1e64b9d08f681d4dad747b3b67afb2fed3a
SHA256 d65ea8a3ed33018acb7ed0e0ddfdad2fea8de4b4b64ec5607fbf96acea85a768
SHA3 9236bac6de485b04180fe434c5e067778a20c89b5f95f81d4f632f95e52c5722
VirtualSize 0xac
VirtualAddress 0x2000
SizeOfRawData 0x200
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.48576

.reloc

MD5 bb6e1fc2edfeeea2a5c0f1f41b05ee4b
SHA1 a8100a307213f227ddb2191e08d3747652a5849c
SHA256 bc141b7c2bc3bb319c3218f7eeefefca55bb57817c984ede2da105ad102f6e65
SHA3 05c6e3da9f04ae856e0003edd40217000be8113d7ad2f7ce21f07570c06a6076
VirtualSize 0x10
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.190489

Imports

USER32.dll wvsprintfA
KERNEL32.dll GetStdHandle
WriteConsoleA

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2019-Jul-21 14:09:12
Version 0.0
SizeofData 164
AddressOfRawData 0x102c
PointerToRawData 0x42c

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xac93b199
Unmarked objects 0
Imports (26213) 5
Total imports 3
C++ objects (VS2019 Update 1 (16.1) compiler 27702) 1
Linker (VS2019 Update 1 (16.1) compiler 27702) 1

Errors

<-- -->