Manalyze report for e002e486bb412446474cb53340bf0083

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2017-Nov-03 00:19:55
TLS Callbacks	2 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`Miscellaneous malware strings: virus`
Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: /19` `Unusual section name found: /31` `Unusual section name found: /45` `Unusual section name found: /57` `Unusual section name found: /70` `Unusual section name found: /81` `Unusual section name found: /92`
Suspicious	The PE contains functions most legitimate programs don't use.	`Leverages the raw socket API to access the Internet: WSAStartup`
Suspicious	The file contains overlay data.	`28903 bytes of data starting at offset 0x55c00.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`e002e486bb412446474cb53340bf0083`
SHA1	`b34d0e547e7db5b5b880c061ca1bd8413d9970ca`
SHA256	`636d269e4d66cdcc5f2c902af4b718c0b3fb19dd2b15da9bfa7b21cfba1dc459`
SHA3	`1082d14c772adbf3a261f2a950d787c41940f8f5470736684828fa6be135af0c`
SSDeep	`6144:WEWjl7s5t38dX6pT09uE4iU7kpmPcnFOHuln+Otc+EkzI8jSejCE8aKP3sGvLHNM:378xC4FLuEtrdX6/3OutbgRD`
Imports Hash	`ec83e34909929c3ca6c01f840156ae23`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`15`
TimeDateStamp	2017-Nov-03 00:19:55
PointerToSymbolTable	`0x55c00`
NumberOfSymbols	`1327`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x1800`
SizeOfInitializedData	`0x2a00`
SizeOfUninitializedData	`0x400`
AddressOfEntryPoint	`0x000014E0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x60000`
SizeOfHeaders	`0x400`
Checksum	`0x6788b`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`63d22734b561dc86bfac70b2e49c9af7`
SHA1	`9bbf38b8834935a5c9dc519cf5aee435a1090b64`
SHA256	`9f0124feb4db8dbd8200f628b221910c6cf16c55710854b0e6ad319c62f82437`
SHA3	`19ea4c90071a10287d143d4f8331f1485495a90256884d8fcba2186ada800682`
VirtualSize	`0x17d4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.99925`

.data

MD5	`3ca32483750067621b28b56f4881c3fe`
SHA1	`9f87b7511bdf64c3e030b384e6cbcef6e39ab760`
SHA256	`497fc254f531a3d52d417c1a6a4ad6faba1e2c3bca65521110518539c51dc3e9`
SHA3	`96e736b842a40f704cdd867b895e7de57feac7dc92e32d99130d572d9d29be75`
VirtualSize	`0x30`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.523872`

.rdata

MD5	`1381a9e8b61442ec451b69a9c391776c`
SHA1	`b2d269357d8c3932b83ef293edf7c688d529d094`
SHA256	`29377584f9e435bfe922c28dd5351c5a0c2c718184c3c09bdca37c1fb0c5d652`
SHA3	`9f306badfeb0da70c65c3fa5dc4ed2cf4c5a2a9ea502a3fa32d2265d8e601309`
VirtualSize	`0x56c`
VirtualAddress	`0x4000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.89838`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x3f0`
VirtualAddress	`0x5000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`5d050a34cbf2db3e05f0f3bdef1f3863`
SHA1	`f62f80d3f3faed9fefbe1a87c1b45871b3c93548`
SHA256	`a1055a392c4040398892dd4aeb65a3b42c1d6c28a184bd1dff93a26bcde58a23`
SHA3	`620d7903ac44c563a90685a96c60a7dc909107dcf914b130870a3956f0dd7bec`
VirtualSize	`0x5d0`
VirtualAddress	`0x6000`
SizeOfRawData	`0x600`
PointerToRawData	`0x2400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.55013`

.CRT

MD5	`0cb505faa816e94d3f673fa3b46c7329`
SHA1	`2325baface17d90d4d5e0620574d3a5b2b4ce05b`
SHA256	`4d9fccbac98a848b7b0f5a859aa29734a576485ab8e6e79802bc994b7ae80767`
SHA3	`7a7ef8d229e534e0a7c3f3849512f447a4b800690f4dfaf0236be2bfc220a437`
VirtualSize	`0x34`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.274825`

.tls

MD5	`717c992ebb58c46a5fd2eee9c322e7b3`
SHA1	`8c372ddf495029dfd80155f1fb595b23d01040f5`
SHA256	`0ce90b33e45007e9481b7f0df483602e2ee889ffa7cf81408b3d1c6e539c2307`
SHA3	`b256f62921eff9f3d2bfaf96b80d0c62a829d58c81bff84eb14c7c28629530d8`
VirtualSize	`0x20`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.204488`

/4

MD5	`3d2b445ec6aef86e38c64c5d591b6bb1`
SHA1	`635c90eccf3ee7af7a1d03ca968c41fe840c37d0`
SHA256	`ba2630f05778a96e6b109d88b52433fa1e1a2e469b9d13454ab27fd86e35c144`
SHA3	`e83e04969fbea96b01f1edbfba687f48bb6a5efe436ddd89db9144be3567b59a`
VirtualSize	`0x2c0`
VirtualAddress	`0x9000`
SizeOfRawData	`0x400`
PointerToRawData	`0x2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.74424`

/19

MD5	`c46922caf84b5db7d970a0b855d657bb`
SHA1	`f83f40e528505ebd5981bd46197d69ec6490f911`
SHA256	`a9f0681633001f44cc6c9077c685c27077765f0fabcedb94029c2b329afb80c8`
SHA3	`4423df842a362474c99d18fc89465fab9a6b979ce64dcd889891c96c20ae52ce`
VirtualSize	`0x4b960`
VirtualAddress	`0xa000`
SizeOfRawData	`0x4ba00`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.95696`

/31

MD5	`0840e3af78acc6b910b95e373845d236`
SHA1	`581aa966d0957d24684f040d36a71bf9701ba013`
SHA256	`8226249e5347f181723605dc63ac7648ac5e11223edff8672f33e609bd974717`
SHA3	`82be9f5efb0da6ae0ec1e3cd887c79c2d98bf9162346cf01f82b149a7909df90`
VirtualSize	`0x24f2`
VirtualAddress	`0x56000`
SizeOfRawData	`0x2600`
PointerToRawData	`0x4ec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.53632`

/45

MD5	`e1e6822a670dc029ca53963757e6791e`
SHA1	`e90d031ad3a697207a909021e578dcee3f8ecf39`
SHA256	`82ea0f09206e0765d9658a83f5d7912b5aa8a487d4831481b53af4fd6f8cbd75`
SHA3	`7b8706681657e17b7bbff175881cae492c004bd1243f790a720a3560e2aba2f8`
VirtualSize	`0x270f`
VirtualAddress	`0x59000`
SizeOfRawData	`0x2800`
PointerToRawData	`0x51200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.09837`

/57

MD5	`e5f99a777653462c2555fe6b7e250992`
SHA1	`7a970ea7685ba6e2e447b78315eaaf98a97cd01a`
SHA256	`b204b4771263678253db956c4bc9d96cb7bffcc941f0190213387087d60b131e`
SHA3	`ed2203707082437e77e23f3f19cb5a4f00882387bc02a9f527affffa6f87ef66`
VirtualSize	`0x790`
VirtualAddress	`0x5c000`
SizeOfRawData	`0x800`
PointerToRawData	`0x53a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.52518`

/70

MD5	`1b4648fc6764789e747ae7bf272bc860`
SHA1	`aefd841388147c1dd9661de65a5c278ba624a07d`
SHA256	`1abf7ad84f3bed08e46695064c331f3dd0129d18bd65bae9cdd2d48e4ad5fb8d`
SHA3	`f032168d0c1f512e7e90898501875eb082f028d29098d484176424842c487f96`
VirtualSize	`0x756`
VirtualAddress	`0x5d000`
SizeOfRawData	`0x800`
PointerToRawData	`0x54200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.66051`

/81

MD5	`e0bc05e5b3b88dd47a8e70ac1130a5c1`
SHA1	`2751785587c2f915f24b216a62f714d5c07b2c85`
SHA256	`edd9a1831201b8f0edff881b4af12901addeda21f9f537f5215b19b3cb0acab1`
SHA3	`851640ef2176418a3ac85cefffba3983b1bf908c533cc92cad6c30ff6ecd67a5`
VirtualSize	`0xced`
VirtualAddress	`0x5e000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x54a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.02521`

/92

MD5	`7396b91f7261582e7343fc34ac1a4136`
SHA1	`ac3c2703491fc1d401f728431dd0e3b5c9e01509`
SHA256	`f03dc928cae6d775dd33c534b0081759034ea213cdbf5176bc9ecda30ce76125`
SHA3	`ea275a398bd37ec89e2526b2367e0486a33c4d814e6216992d0068470e30ca65`
VirtualSize	`0x218`
VirtualAddress	`0x5f000`
SizeOfRawData	`0x400`
PointerToRawData	`0x55800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.5744`

Imports

KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetLastError` `GetModuleHandleA` `GetProcAddress` `GetStartupInfoA` `GetSystemTimeAsFileTime` `GetTickCount` `InitializeCriticalSection` `LeaveCriticalSection` `QueryPerformanceCounter` `SetUnhandledExceptionFilter` `Sleep` `TerminateProcess` `TlsGetValue` `UnhandledExceptionFilter` `VirtualProtect` `VirtualQuery`
msvcrt.dll	`__dllonexit` `__getmainargs` `__initenv` `__lconv_init` `__set_app_type` `__setusermatherr` `_acmdln` `_amsg_exit` `_cexit` `_fmode` `_initterm` `_iob` `_lock` `_onexit` `exit` `fprintf` `free` `fwrite` `malloc` `memcpy` `signal` `strlen` `strncmp` `_unlock` `abort` `vfprintf` `calloc`
WS2_32.dll	`WSAStartup`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x408000`
EndAddressOfRawData	`0x40801c`
AddressOfIndex	`0x405390`
AddressOfCallbacks	`0x407020`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x004018D0` `0x00401880`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /31!
[*] Warning: Tried to read outside the COFF string table to get the name of section /45!
[*] Warning: Tried to read outside the COFF string table to get the name of section /57!
[*] Warning: Tried to read outside the COFF string table to get the name of section /70!
[*] Warning: Tried to read outside the COFF string table to get the name of section /81!
[*] Warning: Tried to read outside the COFF string table to get the name of section /92!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!