Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date |
2016-Dec-01 11:47:42
|
Suspicious |
The PE is possibly packed. |
Section .text is both writable and executable.
Section .rsrc is both writable and executable.
|
Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Possibly launches other programs:
Has Internet access capabilities:
- InternetAttemptConnect
- WinHttpReceiveResponse
Leverages the raw socket API to access the Internet:
|
Safe |
VirusTotal score: 0/65 (Scanned on 2017-07-30 23:42:05) |
All the AVs think this file is safe.
|
MD5 |
d5a96f84b239671f784b29ea998db236
|
SHA1 |
1e9b156fa4904df4c5cab5028efe2458213c4a71
|
SHA256 |
5cc569ce55e146a3719b95a76fbfe6595e9ac7e650037aa2546fffe00f555b96
|
SHA3 |
6af907d8a599ec8e029eb5684fda66631bd5f56a440911399807e38d9a6f0bd1
|
SSDeep |
98304:izT8Q2a3S6g9zNqxJCxiYxPPjfcZyymCFE:RQgNqc5jfyBE
|
Imports Hash |
9c7559de4df0d9cdd7ecd5d17769a024
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x148
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
3
|
TimeDateStamp |
2016-Dec-01 11:47:42
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic |
PE32
|
LinkerVersion |
12.0
|
SizeOfCode |
0xf6a000
|
SizeOfInitializedData |
0x64ea00
|
SizeOfUninitializedData |
0
|
AddressOfEntryPoint |
0x00001000 (Section: .text)
|
BaseOfCode |
0x1000
|
BaseOfData |
0xf6b000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
5.1
|
ImageVersion |
5.0
|
SubsystemVersion |
5.1
|
Win32VersionValue |
0
|
SizeOfImage |
0x15fc000
|
SizeOfHeaders |
0x400
|
Checksum |
0x3e39ca
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
aa345e33702982906be542f8ed9b7287
|
SHA1 |
cea7785f69d4f907736f205c1c130f604af08320
|
SHA256 |
945aee2ce2d7a656d32154ff23f54f0d96c857df26d743d3b9b6c72c24aae860
|
SHA3 |
f6506efa9a93263eea3ad636786057b8634fb4e51ad55c1ac7f29e857a81fd05
|
VirtualSize |
0x15cd000
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x35bc00
|
PointerToRawData |
0x400
|
PointerToRelocations |
0x32434550
|
PointerToLineNumbers |
0x4f80
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.99995
|
MD5 |
29b7dc7d65c3576643851ecc75b2b56c
|
SHA1 |
07b6ed4baad413ea6849c08a20995637ac801d9e
|
SHA256 |
4b56bfd97b9d8badccc29c5cde94c15564db27053e5716e342b85a8b2a8e63d1
|
SHA3 |
c734cf84aa87aac1a0b8d3f8cfd0b4ff4c1e5a4599db3da14fa2b1cb95a83f39
|
VirtualSize |
0x2d000
|
VirtualAddress |
0x15ce000
|
SizeOfRawData |
0x2c800
|
PointerToRawData |
0x35c000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
4.25806
|
MD5 |
222a4c43d10f99c71c4b32b1224068fe
|
SHA1 |
5aa2906584a93fcee48aeedaa15c762f0380a525
|
SHA256 |
68f1a982ddda985c573c35c66390c7e472ab5e0f745733fa74535e335e2e8693
|
SHA3 |
3790189a4e05da7f1d040dd0faeace3c6c6c8b7b788a0207a0fd3dffbef69534
|
VirtualSize |
0x200
|
VirtualAddress |
0x15fb000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x388800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.309997
|
kernel32.dll |
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
|
USER32.dll |
GetSubMenu
|
UxTheme.dll |
GetThemeSysColor
|
SHLWAPI.dll |
PathRemoveFileSpecW
|
WS2_32.dll |
#7
|
IPHLPAPI.DLL |
GetAdaptersInfo
|
COMCTL32.dll |
ImageList_BeginDrag
|
MPR.dll |
WNetGetUserW
|
MSIMG32.dll |
AlphaBlend
|
AVICAP32.dll |
capCreateCaptureWindowW
|
WINMM.dll |
waveInClose
|
MSACM32.dll |
acmDriverOpen
|
VERSION.dll |
GetFileVersionInfoA
|
WTSAPI32.dll |
WTSQuerySessionInformationW
|
NETAPI32.dll |
NetQueryDisplayInformation
|
ACTIVEDS.dll |
#9
|
WININET.dll |
InternetAttemptConnect
|
WINHTTP.dll |
WinHttpReceiveResponse
|
OLEACC.dll |
LresultFromObject
|
gdiplus.dll |
GdipBitmapLockBits
|
IMM32.dll |
ImmGetContext
|
oledlg.dll |
#8
|
GDI32.dll |
DeleteObject
|
WINSPOOL.DRV |
DocumentPropertiesA
|
SHELL32.dll |
DragAcceptFiles
|
ole32.dll |
OleSetMenuDescriptor
|
OLEAUT32.dll |
#2
|
COMDLG32.dll |
GetSaveFileNameW
|
ADVAPI32.dll |
CreateProcessAsUserW
|
[!] Error: Could not read the IMAGE_EXPORT_DIRECTORY.