e7e07f366af0b0004e752d763915628b

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Unusual section name found: UPX2
The PE only has 4 import(s).
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 e7e07f366af0b0004e752d763915628b
SHA1 63d92cbef73407f2e87a36d70b26395135f22517
SHA256 df4c1a905d75579ab17d53ac91676639973acf0f8b7a8fdafdb672e12f8087f7
SHA3 3d6ec87e2872129be5d25f75096d35d6427f8f274a079a0c8d5a6374c802a725
SSDeep 24576:2Ha13Y9Usd/TVlUYUyRdPCos+Xb4wYq17S:waZYtbVNuos+XbCM2
Imports Hash 6ed4f5f04d62b18d96b26d6db7c18840

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 3
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x2a8600
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0xd5000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0x227000
AddressOfEntryPoint 0x00000000002FC1F0 (Section: UPX1)
BaseOfCode 0x228000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x2fe000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x227000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 d785114323bbff15ee85ca6f5c04a97f
SHA1 abc5ee1591d0286ef6ece34e08b107497e3d1c9d
SHA256 b8ab7fcb1285a7f981bb3246c47dbc4f6756f5bf1460824dad90e89efbed8a23
SHA3 7bc6bf62faa0f4ffd4d4c280ec1c96c1086cbcba68f414c0070418b439d716f2
VirtualSize 0xd5000
VirtualAddress 0x228000
SizeOfRawData 0xd4e00
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99974

UPX2

MD5 71eb5af23493f97ffcfc2e98d92521f3
SHA1 448f2818fb818848d34fe3f291588339475db4ad
SHA256 28324b20cecef5eee9fc04d5e01b7ab1f8a7b6adddfc98240b5010830d85a0e9
SHA3 9bc9d2b901d96a9ac0615b15b19a2c5c90d5aa12264f231943f877821b0fe3ae
VirtualSize 0x1000
VirtualAddress 0x2fd000
SizeOfRawData 0x200
PointerToRawData 0xd5000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.37191

Imports

KERNEL32.DLL LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!