e560293e641f9f1710fda7414de89f06

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2019-Jul-21 14:53:20

Plugin Output

Suspicious The PE is possibly packed. The PE only has 3 import(s).
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 e560293e641f9f1710fda7414de89f06
SHA1 1f67d889ed4c55fdcdab71d450171156aa8c1436
SHA256 409936d985f05e7cf83a501a7f627093090c77fc2f099484980a609ddbbc8336
SHA3 95c15fcaaa345a8b333b3ce88fc6f8a242eee4b10e3aad66fd9e3e854bf52e4b
SSDeep 24:etGSO2lMAarZJDhtS/heh2cPx6tKYkI6LD2:6OE/oZdhs/heh2EEtxkIOD
Imports Hash cbb5fc0c10b51883a8e3c2e455914b8a

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2019-Jul-21 14:53:20
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0x140
SizeOfInitializedData 0xe0
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000359 (Section: .text)
BaseOfCode 0x240
BaseOfData 0x380
ImageBase 0x400000
SectionAlignment 0x20
FileAlignment 0x20
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x460
SizeOfHeaders 0x240
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 6d45521a81bbdc702231b5d7ded97994
SHA1 251ee2e01913882ff78df090b58958f34aaf0a32
SHA256 8be5fabcf0c0687738e009c320e1f7e7a7798ab52f9b46ba872e926e71b3ab9e
SHA3 5bc2eea84249d0525da10e69e4cf47e507064d012019a456b92edbbea6815a3d
VirtualSize 0x139
VirtualAddress 0x240
SizeOfRawData 0x140
PointerToRawData 0x240
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.61348

.idata

MD5 fbe712de7edfcd5c7431191f9d8ed88e
SHA1 110d78f63e5cfc88351ba5076f710de6b41114b4
SHA256 aa8697c5dee735a0eae99b40d8d3b749acf3acc9f25d5f22f65a6a13cf3b5e47
SHA3 28e1c5713539514d199df2a8e4970b643f0625c8a7a0b649a81c2c0721a85507
VirtualSize 0xac
VirtualAddress 0x380
SizeOfRawData 0xc0
PointerToRawData 0x380
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.3246

.reloc

MD5 e1baab6a9b7531818a8a3223e7b4ed84
SHA1 f192b35f3fe06f6e94e66eb087350c1329c256bd
SHA256 33f71b0032d18d45a26bfc487469ad6bd34afd21c7d7abac04e0b0f0fd5f7b7c
SHA3 d74fa831c5d0c2f9e6ae4561a399ee8247f8154bc1a5bfcbcadc4ac4a09c42a0
VirtualSize 0x10
VirtualAddress 0x440
SizeOfRawData 0x20
PointerToRawData 0x440
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 1.49869

Imports

USER32.dll wvsprintfA
KERNEL32.dll GetStdHandle
WriteConsoleA

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2019-Jul-21 14:53:20
Version 0.0
SizeofData 164
AddressOfRawData 0x26c
PointerToRawData 0x26c

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xac93b199
Unmarked objects 0
Imports (26213) 5
Total imports 3
C++ objects (VS2019 Update 1 (16.1) compiler 27702) 1
Linker (VS2019 Update 1 (16.1) compiler 27702) 1

Errors

<-- -->