d11feb05d4d447ac4f532adfe9a8a15c

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00
TLS Callbacks 2 callback(s) detected.

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .xdata
Safe VirusTotal score: 0/71 (Scanned on 2020-10-17 20:30:53) All the AVs think this file is safe.

Hashes

MD5 d11feb05d4d447ac4f532adfe9a8a15c
SHA1 17633d15c7711e58763f3c5ab264f05d98ab5d9e
SHA256 e36f72766460745479fa42bb9c990118519c954b90384fa27f25ca87300e8df3
SHA3 3ceec166cbb5654d1d2b3b29778fac6513acfbdb168a570cca06dd190423a497
SSDeep 192:8FBqwiK5j4rJzwsZ94gQlnsGDPeygB23tHM3KUQ0Mgs5MlXlQG2/uI:8FB5TarSg2nhzYB235M31QJf5XGBI
Imports Hash 302991bcbcb269f39e93a09088d47d74

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 9
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0x1e00
SizeOfInitializedData 0x1e00
SizeOfUninitializedData 0xa00
AddressOfEntryPoint 0x0000000000001510 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0xb000
SizeOfHeaders 0x400
Checksum 0x13275
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 9c2037c7cfcfa3dc98c934e52a017255
SHA1 bc5472487507a13fd3c5f6f3e5932269d1e90871
SHA256 b72b8115c2972a3fb23992fbf4629aac7216d63a31a2c3a93790a6da5131762e
SHA3 f56306a70f4808c5f03bfb16c3ecd130ca1d814741b3246bb147663372643cfb
VirtualSize 0x1db0
VirtualAddress 0x1000
SizeOfRawData 0x1e00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.98089

.data

MD5 6f74eac3f0c364f85e59ecc21287afb8
SHA1 14b0d48913f12c4c60212cc2e86699caa63148a5
SHA256 19c8d8b524b262376cd8e8052c390a49704f3272097d8e7fceaee9ca9f1a3434
SHA3 71ec8ce2198b6755a8b6816c3ead38dfb22a8936dd60f2a3aa5180b44a45cd03
VirtualSize 0x90
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x2200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.619228

.rdata

MD5 31b9904086c8d056d01015db58321f86
SHA1 22a1fbf93d97219aa834f61bdd7536feabc5099d
SHA256 31e46ecf7bbda00c229b2dcfb349deef1fd96d8068a6a1a31110cf8f21765f93
SHA3 41b419b1b41a7d5d228dc348e5638d5d42dc2452185e6d5deabdced396b00543
VirtualSize 0x810
VirtualAddress 0x4000
SizeOfRawData 0xa00
PointerToRawData 0x2400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.90806

.pdata

MD5 bea4fb113da98f78be1267f5f4ad8d5b
SHA1 7d5308a36e1e21d61c414ae483ba53d759449af9
SHA256 ed5b72fa0ff2d25dcdfb1eff25674c8216123591ef60e1503e520effd2ab7d25
SHA3 cf2420f99b9d9c71564c18bd68c35f1538ab958349af99db0a61220f60bde82e
VirtualSize 0x234
VirtualAddress 0x5000
SizeOfRawData 0x400
PointerToRawData 0x2e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.43039

.xdata

MD5 0dc0f6d8f8acdb78559a2c35160f355d
SHA1 0a1d0969195df559119a60e467b95227fe1bb091
SHA256 b525be9ce209c9237496caf977a5ac3bf0025c95c075f0c25a980c618fdf971d
SHA3 4372830e13f0e401672ef23eae8485a0dd1f37e263c5545433484da873dc44bb
VirtualSize 0x1e0
VirtualAddress 0x6000
SizeOfRawData 0x200
PointerToRawData 0x3200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.71622

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x9b0
VirtualAddress 0x7000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 1a7ca7a862b78e0a181a752771c38935
SHA1 bc87389bb2f03af7e419361164771fe8bacd8ed1
SHA256 b9d907ab5d04bc6c36604fdd3f2b69296f0deb297926ddc3638dc5a1f83c065d
SHA3 9ebe478ce45c6d98fd89b95532e7cb0cccee848eb9aa319c87dac1b1bb041e25
VirtualSize 0x800
VirtualAddress 0x8000
SizeOfRawData 0x800
PointerToRawData 0x3400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.02284

.CRT

MD5 27ad3585bae4cb91213456da8c82210a
SHA1 88ad298612454c95e2d5fcc92c11fcf64e215e32
SHA256 2282ac3056f370ee0ca0a36926cc2d5b12e6e5d4ceb6cde019be38795dc6bcca
SHA3 beb656be381a45629c08de1406a2566ceef3df97dcb5c849ad0d355e10bca162
VirtualSize 0x68
VirtualAddress 0x9000
SizeOfRawData 0x200
PointerToRawData 0x3c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.254511

.tls

MD5 88a042993914d14d10ba151cc4df13f3
SHA1 a2e85a2d11124405e3260fae59253f747ffa536d
SHA256 f625b5be5292eb4f9cede88bf304d2481bf66906ec57caeac701831d41309913
SHA3 912f61fa1b4bdb7a7d101722b7a49791e8eb85bab1d105c9f6c484fd770bd918
VirtualSize 0x68
VirtualAddress 0xa000
SizeOfRawData 0x200
PointerToRawData 0x3e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.197438

Imports

KERNEL32.dll DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
msvcrt.dll __C_specific_handler
__dllonexit
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_initterm
_lock
_onexit
_unlock
abort
calloc
exit
fprintf
free
fwrite
getchar
malloc
memcpy
puts
scanf
signal
strlen
strncmp
vfprintf

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData 0x40a000
EndAddressOfRawData 0x40a060
AddressOfIndex 0x4075fc
AddressOfCallbacks 0x409040
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x0000000000401900
0x00000000004018D0

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
<-- -->