dcc9323a16d56f20ccd851c87db9fe9d

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2018-Oct-28 11:29:33
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 6.0 - 8.0
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Suspicious VirusTotal score: 2/68 (Scanned on 2018-12-06 07:07:53) Cylance: Unsafe
Rising: Malware.Heuristic!ET#93% (RDM+:cmRtazrbWy97goXv408YeVWb/xxn)

Hashes

MD5 dcc9323a16d56f20ccd851c87db9fe9d
SHA1 a3014b80c11c192a7b7700927e06f2556b0dd9ca
SHA256 66d9b7fc45c7eba95dd1b3200d208d3a5ffddc8af3a74062e19152d7f272dd2b
SHA3 f9c6da508f3edcb4f943476c40664fabb64a4579bb1714c379882bb59edbd444
SSDeep 3072:xkz/gN5vv4e4SZ43BVkGNO53CD4hYUfskh84GWXOAg0FujoaviNJK:xkLq1vf4SZcV1Ne3zhYVAOXEJK
Imports Hash 9d54fd55823be042c685afb8509ce5a3

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2018-Oct-28 11:29:33
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x1de00
SizeOfInitializedData 0x13200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00007BB2 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1f000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x34000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 7bc8a2f5d5674160b5b834225c6f1351
SHA1 41b2a6ac69aae474004f02e951612d374f6f7873
SHA256 fa7b3990ca5917a103aa033a9070899d82b455cf7c37c71ea51b0f5184bec21c
SHA3 6d362288c07880c31754a5429c221f29a3fdd7ffa3d101b7896afada195b40f3
VirtualSize 0x1dd18
VirtualAddress 0x1000
SizeOfRawData 0x1de00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.59371

.rdata

MD5 7ea6074ef8fec902ada9fbf8da2c3ab1
SHA1 54b2bda14f31f63974dfa39a251a529ad08c289e
SHA256 363b34cdb9dba48842e951d70bd9e1cc9f863a66fed3594a4d8dc945cf66afc3
SHA3 d90deea7464f493957fdbeb5800867f50a2a4d99957518cdec9ceebc88fcd7d7
VirtualSize 0xee1c
VirtualAddress 0x1f000
SizeOfRawData 0xf000
PointerToRawData 0x1e200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.23632

.data

MD5 c2d1668f6c00d1d92bbb1b8f2fbb4e2f
SHA1 e20b260a4886127aa9afa149bdfb9950dbf1eef3
SHA256 aa442d41cedec081649276afba8ab87b77211147c51691b342e1b1394f63dd05
SHA3 6f07ca6d1913490f421448f855a30e7c1b582aa6ce25fde57d846b33fd7b0b21
VirtualSize 0x1d94
VirtualAddress 0x2e000
SizeOfRawData 0x1000
PointerToRawData 0x2d200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.1349

.rsrc

MD5 8f66f703e4f329d3a1d6d7e9351f3cfd
SHA1 c57158475393164d05f322dae72e8b85b3ce5956
SHA256 a9f1bbdd457b070a87e85d581e921f30d022196552e282efe349614eb8a60f1e
SHA3 c273afb6b53fdbff2c8ed9da6d739bd6faa74e14f6ee839c9ee8bd0627042a8b
VirtualSize 0x1e0
VirtualAddress 0x30000
SizeOfRawData 0x200
PointerToRawData 0x2e200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.7015

.reloc

MD5 dd74dc04b41784d86ae55fc7ee136d90
SHA1 c4afda9c0905deb315d02f42641c060ccfbdffa5
SHA256 b90f9cacc60354c810ab677402acb9fd588cb72524ec692d8f28a93c9da46b01
SHA3 bad355774559e97da33b22b8b7c55273249030b6ec9e7a6f0a28f6458336e0b6
VirtualSize 0x2004
VirtualAddress 0x31000
SizeOfRawData 0x2200
PointerToRawData 0x2e400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.42087

Imports

KERNEL32.dll VirtualProtect
CreateFileW
WideCharToMultiByte
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapAlloc
GetFileType
CloseHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
HeapSize
WriteConsoleW

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2018-Oct-28 11:29:33
Version 0.0
SizeofData 788
AddressOfRawData 0x2c51c
PointerToRawData 0x2b71c

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2018-Oct-28 11:29:33
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0xa0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x42e06c
SEHandlerTable 0x42c480
SEHandlerCount 39

RICH Header

XOR Key 0x562029d1
Unmarked objects 0
ASM objects (26213) 13
C++ objects (26213) 164
C objects (26213) 22
ASM objects (VS 2015/2017 runtime 26706) 20
C++ objects (VS 2015/2017 runtime 26706) 60
C objects (VS 2015/2017 runtime 26706) 33
Imports (26213) 3
Total imports 86
265 (VS2017 v15.8.9 compiler 26732) 2
Resource objects (VS2017 v15.8.9 compiler 26732) 1
Linker (VS2017 v15.8.9 compiler 26732) 1

Errors

<-- -->