d1b5394ce8147acb0c6826df3a0651f1

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2015-Dec-12 10:09:23
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 d1b5394ce8147acb0c6826df3a0651f1
SHA1 cefbd9b89b64bad767d3ee4290d77f8d30f64729
SHA256 fe4a17a2a1f586a2a89b13d02ca3bd280ce0614ed9c80ce192795f27d765e581
SHA3 d10c5cca367666a4ab8a03ce433102645339bfced540edcf1b271d7854d465cb
SSDeep 1536:qMplKUJEZebzZNOi1W0DgvORrqB2QSGvNDTCA94YSLLiK4RUK/tT5pCp:gS/OiMhORrq0Q9bSLLiK6U45p6
Imports Hash 0f93a59a32bdcfdbb329252a876afbb5

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2015-Dec-12 10:09:23
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 9.0
SizeOfCode 0x16a00
SizeOfInitializedData 0x6e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000798D (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x18000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.0
ImageVersion 0.0
SubsystemVersion 5.0
Win32VersionValue 0
SizeOfImage 0x2d000
SizeOfHeaders 0x400
Checksum 0x24274
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 bbbe5fab7f00385dde42d1d42283a5f8
SHA1 a66b21e74328d37b5b2d1205731b869e0bcdfc51
SHA256 6633e638344cecb0c2bd4d2cadd930dd09043d93e8cf1d6ff2c802a0d407ed32
SHA3 f4ce3f424744829297047778df9a9cdc613574d8d9de2af5709f54e0790f376f
VirtualSize 0x1684c
VirtualAddress 0x1000
SizeOfRawData 0x16a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.6133

.rdata

MD5 f3df36ade5dee6baa93846fea76eef76
SHA1 ec34a17e653a8a302e0d7dcb4163ed2eb3b6a3a6
SHA256 695d312a035cfe542efe15657b153f385445056e7b051efd0e4311e0ced2b2ca
SHA3 174de52fad613b0fe76eaff68374365aa815a09459c2edcf1fe65220141bb9dd
VirtualSize 0x51bc
VirtualAddress 0x18000
SizeOfRawData 0x5200
PointerToRawData 0x16e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.23471

.data

MD5 d74bb32dd2848de25369595e0c692bc2
SHA1 e54f52da453ae14512aa50b751e8429e92d662a9
SHA256 5945bdd752f41569266dd0d1365f29250092f655d4f04fa72a65eb6e933ef447
SHA3 c5672ea45dd193a31e9697a00b3282e83a57542127367c5c6144339b7ec3f769
VirtualSize 0xd34c
VirtualAddress 0x1e000
SizeOfRawData 0x1a00
PointerToRawData 0x1c000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.18865

.rsrc

MD5 43dcaa941fe04f34da9d60b7aa33f869
SHA1 23e29e343a941d149bd576a7cb49a7a5c30abb7e
SHA256 9eee23e9325e3a79f744539a40596e972cbd90c148b27c672e08e5f8d2251859
SHA3 c1b2bf1eeeb57361facf9e02ab43bdf76665c0c3d4b2cc138577a0d61159589a
VirtualSize 0x1b4
VirtualAddress 0x2c000
SizeOfRawData 0x200
PointerToRawData 0x1da00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.11262

Imports

SETUPAPI.dll SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
KERNEL32.dll VirtualFree
GetProcessHeap
SetEndOfFile
CreateFileA
DeviceIoControl
CloseHandle
CreateMutexA
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetLastError
HeapFree
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetCommandLineA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
GetConsoleCP
FlushFileBuffers
ReadFile
SetFilePointer
HeapSize
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LoadLibraryA
GetLocaleInfoW
CreateFileW

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage Latin 1 / Western European
Size 0x15a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.79597
MD5 24d3b502e1846356b0263f945ddd5529
SHA1 bac45b86a9c48fc3756a46809c101570d349737d
SHA256 49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e
SHA3 1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e

Version Info

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x41e8e0
SEHandlerTable 0x41b8b0
SEHandlerCount 38

RICH Header

XOR Key 0x3b3757da
Unmarked objects 0
ASM objects (VS2008 build 21022) 17
C objects (VS2008 build 21022) 124
Imports (VS2012 build 50727 / VS2005 build 50727) 5
Total imports 99
C++ objects (VS2008 build 21022) 56
Resource objects (VS2008 build 21022) 1

Errors

<-- -->