ea681b509cd3f45437970e19dc8e81a1

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2020-Apr-24 12:49:55
Detected languages English - United States

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 8.0
Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
The PE only has 0 import(s).
Suspicious The file contains overlay data. 65024 bytes of data starting at offset 0xa200.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 ea681b509cd3f45437970e19dc8e81a1
SHA1 6e1b201be89d77f86edb074fb3ebd5f9b3955f37
SHA256 a8044485ced1841345d497de62e3468dc675698b62997807ec46e0ef93ce4306
SHA3 954103deb2c392122c07de943ebcd5b83b486a0b777ca19cc92e719d84ae5c49
SSDeep 1536:ey2XwrVXfj1fozgyqK5p9m4g8si1BYwszNUI:OwrVtofqKd4aBFs9
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2020-Apr-24 12:49:55
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xa000
SizeOfInitializedData 0x1000
SizeOfUninitializedData 0xe000
AddressOfEntryPoint 0x00018760 (Section: UPX1)
BaseOfCode 0xf000
BaseOfData 0x19000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1a000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0xe000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 999cc1476fd627c89c94e780e8e231fe
SHA1 3edcde178c086a1b7e34a5693b91cbd87a210857
SHA256 5f2dd6cd808973eb9ad5dde71f17862fa5f57e42d3c1dcff6ad64c73551704fb
SHA3 3545a8d00fb949d946be413d377d597cff105ace6ebd287e0b5bf04cd35ca848
VirtualSize 0xa000
VirtualAddress 0xf000
SizeOfRawData 0x9a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.87245

.rsrc

MD5 bee688f96bdbf99d6789df8c164b3548
SHA1 0c40b9d12556bfd430d1bb4d583869000ba58f43
SHA256 3bdde7b91c3bf2ad76c60788db3cfb4480ef807dc58304281f3377b7e7e7ffd3
SHA3 efcaffa5cae7ef37e0a9369a563835e03ba47a1ec19da509d43e07ff8bdae44c
VirtualSize 0x1000
VirtualAddress 0x19000
SizeOfRawData 0x400
PointerToRawData 0x9e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.85961

Imports

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.5674
MD5 3b2cf481b03e1192f05fdc4af00d59db
SHA1 5368966d208819b634f55f2200e37387c7e35a5e
SHA256 bc2cf301d9d1e0f3fb07fb9d372e991fccaf47a26e2451126e4dfd54f2857722
SHA3 d75e76ca050c03450ef3f8a3a6da0771f0250f446f6abf0cd85b12ed4fd7b18b

Version Info

TLS Callbacks

Load Configuration

Size 0xa4
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x413004
SEHandlerTable 0x411bf0
SEHandlerCount 3

RICH Header

XOR Key 0x41f31910
Unmarked objects 0
ASM objects (26715) 10
C++ objects (26715) 138
C objects (26715) 18
C++ objects (27521) 37
C objects (27521) 17
ASM objects (27521) 17
Imports (26715) 5
Total imports 82
265 (VS2019 Update 1 (16.1) compiler 27702) 1
Resource objects (VS2019 Update 1 (16.1) compiler 27702) 1
Linker (VS2019 Update 1 (16.1) compiler 27702) 1

Errors

[*] Warning: Section UPX0 has a size of 0!
<-- -->