e0dd5eaba07dffb7b5ff9182b49f029e

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 03:25:45

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Unusual section name found: UPX2
The PE only has 7 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Suspicious VirusTotal score: 2/69 (Scanned on 2019-07-07 15:22:30) Cylance: Unsafe
Invincea: heuristic

Hashes

MD5 e0dd5eaba07dffb7b5ff9182b49f029e
SHA1 951246b230b6f945aa0cb536a9554f94a486b7ff
SHA256 6da86cfc878c3cc1cf8780689c53b1aacd32961cfab29f7765947611a31fd22f
SHA3 331e0108f43a35b5d733bfa6ac0c5fb0236a33c02c92c1025bf350a43fabc374
SSDeep 384:QMUvgN3ME06ddyxQAEn6JqNg+pTJ2kxt00:QMUICE06ddKJapTMIq
Imports Hash 345ac8d1e559aab6307e3335e28e62c3

DOS Header

e_magic MZ
e_cblp 0xa
e_cp 0x2
e_crlc 0
e_cparhdr 0x4
e_minalloc 0xf
e_maxalloc 0xffff
e_ss 0
e_sp 0xc0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 1970-Jan-01 03:25:45
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x3000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x7000
AddressOfEntryPoint 0x0000AD80 (Section: UPX1)
BaseOfCode 0x8000
BaseOfData 0xb000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 1.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0xc000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x4000
SizeofHeapReserve 0x10000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x7000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 25ed5701be5dd09f148cbbaa04b37dc5
SHA1 ecfd427400241f0a2b7bf8e0dd9f4e609878e1d3
SHA256 6d6ad2c837e32ef62d1f2ce28af705e6375c4f641cba9696b6785d98e93e532e
SHA3 81d57b130c999638e9a84953c8e5c69cb06d0943328d406122f26430ec27c43f
VirtualSize 0x3000
VirtualAddress 0x8000
SizeOfRawData 0x3000
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.81993

UPX2

MD5 6d6259d5bef74ce09f815d42301e70d0
SHA1 f2ceaf06910410af13650bdc62916a1bd441107c
SHA256 38b1c811c6bfa1aab1992bf4f1a5a243e290638065337bdfd6110537da5e7b3f
SHA3 82bb5376f0a9c6738982eb5e5c938f1a8d1765296532643039fb01fdc635a09f
VirtualSize 0x1000
VirtualAddress 0xb000
SizeOfRawData 0x200
PointerToRawData 0x3200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.46689

Imports

KERNEL32.DLL LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
OLE32.DLL CoInitialize
OLEAUT32.DLL VariantCopy
USER32.DLL CharNextA

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!