| Architecture |
IMAGE_FILE_MACHINE_I386
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| Compilation Date |
2016-Dec-01 11:47:42
|
| Suspicious |
The PE is possibly packed. |
Section .text is both writable and executable.
Section .rsrc is both writable and executable.
|
| Suspicious |
The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
Possibly launches other programs:
Has Internet access capabilities:
- InternetAttemptConnect
- WinHttpReceiveResponse
Leverages the raw socket API to access the Internet:
|
| Safe |
VirusTotal score: 0/65 (Scanned on 2017-07-30 23:42:05) |
All the AVs think this file is safe.
|
| MD5 |
d5a96f84b239671f784b29ea998db236
|
| SHA1 |
1e9b156fa4904df4c5cab5028efe2458213c4a71
|
| SHA256 |
5cc569ce55e146a3719b95a76fbfe6595e9ac7e650037aa2546fffe00f555b96
|
| SHA3 |
6af907d8a599ec8e029eb5684fda66631bd5f56a440911399807e38d9a6f0bd1
|
| SSDeep |
98304:izT8Q2a3S6g9zNqxJCxiYxPPjfcZyymCFE:RQgNqc5jfyBE
|
| Imports Hash |
9c7559de4df0d9cdd7ecd5d17769a024
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x148
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_I386
|
| NumberofSections |
3
|
| TimeDateStamp |
2016-Dec-01 11:47:42
|
| PointerToSymbolTable |
0
|
| NumberOfSymbols |
0
|
| SizeOfOptionalHeader |
0xe0
|
| Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
| Magic |
PE32
|
| LinkerVersion |
12.0
|
| SizeOfCode |
0xf6a000
|
| SizeOfInitializedData |
0x64ea00
|
| SizeOfUninitializedData |
0
|
| AddressOfEntryPoint |
0x00001000 (Section: .text)
|
| BaseOfCode |
0x1000
|
| BaseOfData |
0xf6b000
|
| ImageBase |
0x400000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
5.1
|
| ImageVersion |
5.0
|
| SubsystemVersion |
5.1
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x15fc000
|
| SizeOfHeaders |
0x400
|
| Checksum |
0x3e39ca
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
| SizeofStackReserve |
0x100000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
aa345e33702982906be542f8ed9b7287
|
| SHA1 |
cea7785f69d4f907736f205c1c130f604af08320
|
| SHA256 |
945aee2ce2d7a656d32154ff23f54f0d96c857df26d743d3b9b6c72c24aae860
|
| SHA3 |
f6506efa9a93263eea3ad636786057b8634fb4e51ad55c1ac7f29e857a81fd05
|
| VirtualSize |
0x15cd000
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x35bc00
|
| PointerToRawData |
0x400
|
| PointerToRelocations |
0x32434550
|
| PointerToLineNumbers |
0x4f80
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
7.99995
|
| MD5 |
29b7dc7d65c3576643851ecc75b2b56c
|
| SHA1 |
07b6ed4baad413ea6849c08a20995637ac801d9e
|
| SHA256 |
4b56bfd97b9d8badccc29c5cde94c15564db27053e5716e342b85a8b2a8e63d1
|
| SHA3 |
c734cf84aa87aac1a0b8d3f8cfd0b4ff4c1e5a4599db3da14fa2b1cb95a83f39
|
| VirtualSize |
0x2d000
|
| VirtualAddress |
0x15ce000
|
| SizeOfRawData |
0x2c800
|
| PointerToRawData |
0x35c000
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
4.25806
|
| MD5 |
222a4c43d10f99c71c4b32b1224068fe
|
| SHA1 |
5aa2906584a93fcee48aeedaa15c762f0380a525
|
| SHA256 |
68f1a982ddda985c573c35c66390c7e472ab5e0f745733fa74535e335e2e8693
|
| SHA3 |
3790189a4e05da7f1d040dd0faeace3c6c6c8b7b788a0207a0fd3dffbef69534
|
| VirtualSize |
0x200
|
| VirtualAddress |
0x15fb000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x388800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.309997
|
| kernel32.dll |
LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
|
| USER32.dll |
GetSubMenu
|
| UxTheme.dll |
GetThemeSysColor
|
| SHLWAPI.dll |
PathRemoveFileSpecW
|
| WS2_32.dll |
#7
|
| IPHLPAPI.DLL |
GetAdaptersInfo
|
| COMCTL32.dll |
ImageList_BeginDrag
|
| MPR.dll |
WNetGetUserW
|
| MSIMG32.dll |
AlphaBlend
|
| AVICAP32.dll |
capCreateCaptureWindowW
|
| WINMM.dll |
waveInClose
|
| MSACM32.dll |
acmDriverOpen
|
| VERSION.dll |
GetFileVersionInfoA
|
| WTSAPI32.dll |
WTSQuerySessionInformationW
|
| NETAPI32.dll |
NetQueryDisplayInformation
|
| ACTIVEDS.dll |
#9
|
| WININET.dll |
InternetAttemptConnect
|
| WINHTTP.dll |
WinHttpReceiveResponse
|
| OLEACC.dll |
LresultFromObject
|
| gdiplus.dll |
GdipBitmapLockBits
|
| IMM32.dll |
ImmGetContext
|
| oledlg.dll |
#8
|
| GDI32.dll |
DeleteObject
|
| WINSPOOL.DRV |
DocumentPropertiesA
|
| SHELL32.dll |
DragAcceptFiles
|
| ole32.dll |
OleSetMenuDescriptor
|
| OLEAUT32.dll |
#2
|
| COMDLG32.dll |
GetSaveFileNameW
|
| ADVAPI32.dll |
CreateProcessAsUserW
|
[!] Error: Could not read the IMAGE_EXPORT_DIRECTORY.