Architecture |
IMAGE_FILE_MACHINE_AMD64
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date |
2019-Mar-24 04:35:33
|
TLS Callbacks |
2 callback(s) detected.
|
Debug artifacts |
Embedded COFF debugging symbols
|
Suspicious |
The PE is possibly packed. |
Unusual section name found: .xdata
Unusual section name found: /4
Unusual section name found: /19
Unusual section name found: /31
Unusual section name found: /45
Unusual section name found: /57
Unusual section name found: /70
Unusual section name found: /81
Unusual section name found: /92
|
Malicious |
The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
- GetProcAddress
- LoadLibraryA
Functions related to the privilege level:
Enumerates local disk drives:
- GetDriveTypeA
- GetVolumeInformationA
|
Suspicious |
The file contains overlay data. |
80385 bytes of data starting at offset 0x8c000.
|
Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
MD5 |
efbb8b28036ebca80c5b16ba9a1dfa47
|
SHA1 |
6cbe3c15c34f4fb19fc734c5f632d27d31d88413
|
SHA256 |
6e51e478416ce688ae4e29f2e05a72ca56a0788dee93587bb91e8b9e73a2fb6f
|
SHA3 |
88b0432ec75b22d8c5da933c7777be4219ba91540568604bbd10c2f308b75aff
|
SSDeep |
6144:jbNrUKh4WVPHXVy8yfAtb3SNyoBJ5DSbYVEwJBNrV3xpptdEj9KNQExx5NlXOciR:jJtHPESyhxEsX7Tj0ShtroGnAzjT9
|
Imports Hash |
8dfc38f22c5f0c3e6331b40a756f2862
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x80
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections |
19
|
TimeDateStamp |
2019-Mar-24 04:35:33
|
PointerToSymbolTable |
0x8c000
|
NumberOfSymbols |
3190
|
SizeOfOptionalHeader |
0xf0
|
Characteristics |
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
|
Magic |
PE32+
|
LinkerVersion |
2.2
|
SizeOfCode |
0x25a00
|
SizeOfInitializedData |
0x32800
|
SizeOfUninitializedData |
0x2c00
|
AddressOfEntryPoint |
0x0000000000001330 (Section: .text)
|
BaseOfCode |
0x1000
|
ImageBase |
0x6f400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
5.2
|
SubsystemVersion |
5.2
|
Win32VersionValue |
0
|
SizeOfImage |
0x9b000
|
SizeOfHeaders |
0x600
|
Checksum |
0xa932b
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
SizeofStackReserve |
0x200000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
06739df1111362a284c4c4a12052f864
|
SHA1 |
99b5dcd92a688dc0e701bd0ce7e2c9cf5960b979
|
SHA256 |
f2f26382298cccc8b08f3b9f14d3764f7900f41252f11e71a2d255fd8bde7aa8
|
SHA3 |
ccee22eee5f47dc6875f369d56cf0490cb787ca3970c7417d214f8a21608465f
|
VirtualSize |
0x258a8
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0x25a00
|
PointerToRawData |
0x600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
Entropy |
5.64913
|
MD5 |
6b33e743c3dfd38ff75cf16005e62b3e
|
SHA1 |
77e819d0fc015b007523435f8808ec0e9c2e024f
|
SHA256 |
34e46c3050eb6260e1dfec6848017db61bc1eed8e45fcb1b6eec9d21e66640b1
|
SHA3 |
2e7e1775c922dafef77fd9102622f0fad1fff2b900c4475628a254f8f057f999
|
VirtualSize |
0x4d0
|
VirtualAddress |
0x27000
|
SizeOfRawData |
0x600
|
PointerToRawData |
0x26000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.426395
|
MD5 |
64c1a93a523e43214b49d10037a0e6f9
|
SHA1 |
f39d42a118ec508a86ffa8202c46bb9cd426aec4
|
SHA256 |
57f28e67d284ac39d001bd1a1012f2b513480daeee2b9759253bc630097d0978
|
SHA3 |
12b46958f243ce3b0330f8eb9b55fec7708d7e629794c5c4e3ac62fb69e6f36e
|
VirtualSize |
0x6170
|
VirtualAddress |
0x28000
|
SizeOfRawData |
0x6200
|
PointerToRawData |
0x26600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
5.34227
|
MD5 |
9c71d65d7acc40cd032d9d777455092a
|
SHA1 |
21f52e0bd43f94046eaf78bf118f5d246fd88c3e
|
SHA256 |
d8472abec1c716a95a1c02314eb513cd13ca407a56a2f99a76cfd266728478a7
|
SHA3 |
bb4fdc8a71b593dadb7848d38ae8c0f423208e840114162dbf92c8bb9e550b91
|
VirtualSize |
0x19a4
|
VirtualAddress |
0x2f000
|
SizeOfRawData |
0x1a00
|
PointerToRawData |
0x2c800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
5.3819
|
MD5 |
149006af3c5084ac1946a666fe43663a
|
SHA1 |
64ee156ea86870ce6663779c41d1f5d208e29c49
|
SHA256 |
795902b55126a9829fef08850a42aeb1b1b6efefe0cb4b1aa65ebc61d0b10430
|
SHA3 |
f7b2fb96ad853e50d43ca2d77c64108f008d22a683d45098a57b4a50f76ac9f3
|
VirtualSize |
0x1850
|
VirtualAddress |
0x31000
|
SizeOfRawData |
0x1a00
|
PointerToRawData |
0x2e200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
3.54505
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x2a38
|
VirtualAddress |
0x33000
|
SizeOfRawData |
0
|
PointerToRawData |
0
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
420899c233f2ee1434f7a30cb9f28993
|
SHA1 |
bdb7eac89ba3fd14d02b89b623884d383a1c0366
|
SHA256 |
c620d52c8e841ec09a09c643501ff6838951c2820a38123fedfbabd36ead60ae
|
SHA3 |
e8361461b7d44daaf9e7dc8ca78721b9c55e76927d0fb57205f2523d2a404572
|
VirtualSize |
0x14a3
|
VirtualAddress |
0x36000
|
SizeOfRawData |
0x1600
|
PointerToRawData |
0x2fc00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
Entropy |
5.38147
|
MD5 |
73a0b9aa580e1133e149540b68481f1e
|
SHA1 |
1950cd2a0047ca4dc13cdb7859f7f20e6df6234c
|
SHA256 |
bb7852265d782d2d65a668de9233a6ad11469f0eec78ff5b90e667a09188067d
|
SHA3 |
945809b8c5857149535414ac2ea8537116a707444f880a98f458bd51af4177d4
|
VirtualSize |
0x11a0
|
VirtualAddress |
0x38000
|
SizeOfRawData |
0x1200
|
PointerToRawData |
0x31200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
4.52908
|
MD5 |
10c5d026a402206a59d8f32391be72cf
|
SHA1 |
102b3269bfe047de77fabed4cf175144183b60c0
|
SHA256 |
4fabcdb583f72b2a12ec4986378d431c20d4f1dcc7283645321041a77bdbefeb
|
SHA3 |
a7eeb36a50ad54735be9e60deb74f917856915a03f1de2188cafc9cfb8cb7746
|
VirtualSize |
0x58
|
VirtualAddress |
0x3a000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x32400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0.20692
|
MD5 |
bf619eac0cdf3f68d496ea9344137e8b
|
SHA1 |
5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
|
SHA256 |
076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
|
SHA3 |
622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
|
VirtualSize |
0x10
|
VirtualAddress |
0x3b000
|
SizeOfRawData |
0x200
|
PointerToRawData |
0x32600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
0
|
MD5 |
aa3ad7c9fd61efaab1b6e6f76e0d74e6
|
SHA1 |
605ec7aeba2c9984b5eaab2aa6d508af8baec6ed
|
SHA256 |
67e6eddd295c9772f274cd68e25afa7f8adb78a21a2b983a26175682a23f1620
|
SHA3 |
71af9c63788dccd48f3c610d8043a1a68204e59cd13335233be2c99fb03ee6f6
|
VirtualSize |
0x498
|
VirtualAddress |
0x3c000
|
SizeOfRawData |
0x600
|
PointerToRawData |
0x32800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
4.58508
|
MD5 |
04e03718e47cb435546a5fecf74c9277
|
SHA1 |
b902d9f537c7e0f4a7c09d93d6436ec58117856d
|
SHA256 |
c55ec1dbe4f05954f27bf2c9ca84cd6e2853017ad5b0610cd2d8b14b7429d9f6
|
SHA3 |
102095ac58067eac4d54352210f8a4fc025dc1a8502e58bbec972b8370a7f899
|
VirtualSize |
0x420
|
VirtualAddress |
0x3d000
|
SizeOfRawData |
0x600
|
PointerToRawData |
0x32e00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
1.43689
|
MD5 |
fde3beeaa7bba19e47ab37414c22ed45
|
SHA1 |
f82a16345233a861aff165cecc03a4b43220f7f5
|
SHA256 |
157d0948e03bb763a18d1dc9518b946e806639c0fe0e94b6f97de05639a2eedb
|
SHA3 |
be84b861fe420de7aa2a7dc034952477f96d9a740a28b64882bf27409f130efd
|
VirtualSize |
0x490b8
|
VirtualAddress |
0x3e000
|
SizeOfRawData |
0x49200
|
PointerToRawData |
0x33400
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
6.00523
|
MD5 |
6ebbb4d9a1148d563aaa025f0a6e555b
|
SHA1 |
aece70fd53b5a074aaf3a4dd186bb53fe605fc90
|
SHA256 |
79a3dbed8eaf3c7ceb859b82a2c702d82e75dc1a019c60d36399233102867a22
|
SHA3 |
a9d76b0ffbb6b346ee3a0ef1ac67573dc966661953c7e97317723d041211f29d
|
VirtualSize |
0x30cf
|
VirtualAddress |
0x88000
|
SizeOfRawData |
0x3200
|
PointerToRawData |
0x7c600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
4.64863
|
MD5 |
39c5add4b712f4de6658f37743a584a3
|
SHA1 |
6ffc0c290a1661aa108ec0ad3b970a10ba8c3f4c
|
SHA256 |
63585e01601e7554c42f6a9fb5ef18eda64761102b0d1a82e2f88b74d863a4a7
|
SHA3 |
89c4f2edd425eb97469d8f80b6f60a49e34d1f88b3a9181d1b3103d7fecc2656
|
VirtualSize |
0x455c
|
VirtualAddress |
0x8c000
|
SizeOfRawData |
0x4600
|
PointerToRawData |
0x7f800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
5.58434
|
MD5 |
c1ee000d1ed30ef905c9366137b62060
|
SHA1 |
2b2b4fe11fb71be4372cc7285ee5d21f5bfa238b
|
SHA256 |
ebcff6fad980e86c2d0167db2fd29a1eecf1cbc6b717b4460d9f2cfd4011547d
|
SHA3 |
0cd67157689c1bf327f74deae8dfeba915660f831025876003fc03e97db9b4bc
|
VirtualSize |
0x11f0
|
VirtualAddress |
0x91000
|
SizeOfRawData |
0x1200
|
PointerToRawData |
0x83e00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
4.39079
|
MD5 |
c229c2cea9e8c32b88726e90295e8144
|
SHA1 |
a3823162c2f275f9ab9586071a3a0248d814906c
|
SHA256 |
fd2bd9bd82faa9b3a316cb9c5ea8b455a73b14b5bcfc18e8d37d21bb0fb4f7ca
|
SHA3 |
1af310bfd6505c6cbb5e355f1781989f49bf189cc1868c3191a72b54168eb636
|
VirtualSize |
0x945
|
VirtualAddress |
0x93000
|
SizeOfRawData |
0xa00
|
PointerToRawData |
0x85000
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
4.71722
|
MD5 |
37fce3288c94061c6d18e6b7d8619482
|
SHA1 |
cfe053aab0eae9ce92aa4aee4aa716b40ca8d3d1
|
SHA256 |
3d1f038e5533f9cdb988656aefe0a85582dcaae39df216c77b30916a47743855
|
SHA3 |
fa06e4ea6ff259ea860b8ec6063ebe5b6b48aa5c9a11fca6abb8aad63479fab2
|
VirtualSize |
0x5b2e
|
VirtualAddress |
0x94000
|
SizeOfRawData |
0x5c00
|
PointerToRawData |
0x85a00
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
2.20726
|
MD5 |
99bf3eaa13cb97c35191826d4b300f6f
|
SHA1 |
69576480d7a06a337424c006a00555293e18ecbb
|
SHA256 |
10f8539b1f469ff365892047dd0638acb4e048c2cde0eae04e263ff7f1c4d1ea
|
SHA3 |
2b65341e759a8f62be5442a43ec4814ad530e0ce85123e8e276a8ee13bde02a3
|
VirtualSize |
0x810
|
VirtualAddress |
0x9a000
|
SizeOfRawData |
0xa00
|
PointerToRawData |
0x8b600
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
Entropy |
1.37679
|
allegro-5.2.dll |
al_calloc_with_context
al_create_path
al_cstr
al_destroy_path
al_fopen_interface
al_free_with_context
al_get_file_userdata
al_malloc_with_context
al_path_cstr
al_set_errno
al_set_fs_interface
al_set_new_file_interface
al_ustr_append_chr
al_ustr_append_cstr
al_ustr_free
al_ustr_new
al_ustr_prev_get
al_ustr_size
al_ustr_to_buffer
|
ADVAPI32.dll |
OpenProcessToken
|
KERNEL32.dll |
CloseHandle
CreateDirectoryW
CreateEventA
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDriveTypeA
GetFileAttributesExW
GetFileSize
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetVolumeInformationA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
QueryPerformanceCounter
ReadFile
RemoveDirectoryW
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetErrorMode
SetEvent
SetFilePointer
SetUnhandledExceptionFilter
Sleep
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteFile
|
msvcrt.dll |
__iob_func
_amsg_exit
_exit
_initterm
_lock
_snwprintf
_unlock
_vsnprintf
abort
calloc
free
fwprintf
fwrite
malloc
memcmp
memcpy
memmove
memset
mktime
raise
realloc
signal
strchr
strcmp
strcpy
strlen
strncmp
strncpy
strrchr
vfprintf
wcscpy
|
SHELL32.dll |
SHGetFolderPathW
|
USER32.dll |
CreateWindowExA
DefWindowProcW
DestroyWindow
DispatchMessageW
GetMessageW
MessageBoxW
PostMessageW
RegisterClassExA
TranslateMessage
UnregisterClassA
|
Ordinal |
10
|
Address |
0x7b1b
|
Ordinal |
11
|
Address |
0x6f81
|
Ordinal |
12
|
Address |
0x7d32
|
Ordinal |
13
|
Address |
0x7ed2
|
Ordinal |
14
|
Address |
0x5016
|
Ordinal |
15
|
Address |
0x8352
|
Ordinal |
16
|
Address |
0x52ea
|
Ordinal |
17
|
Address |
0x5078
|
Ordinal |
18
|
Address |
0x5092
|
Ordinal |
19
|
Address |
0x506b
|
Ordinal |
20
|
Address |
0x32ac
|
Ordinal |
21
|
Address |
0x34f7
|
Ordinal |
22
|
Address |
0x3268
|
Ordinal |
23
|
Address |
0x6fa5
|
Ordinal |
24
|
Address |
0x3576
|
Ordinal |
25
|
Address |
0x596e
|
Ordinal |
26
|
Address |
0x50b9
|
Ordinal |
27
|
Address |
0x659f
|
Ordinal |
28
|
Address |
0x5954
|
Ordinal |
29
|
Address |
0x5a1c
|
Ordinal |
30
|
Address |
0x5304
|
Ordinal |
31
|
Address |
0x5317
|
Ordinal |
32
|
Address |
0x41b0
|
Ordinal |
33
|
Address |
0x6fd8
|
Ordinal |
34
|
Address |
0x48aa
|
Ordinal |
35
|
Address |
0x7011
|
Ordinal |
36
|
Address |
0x61a6
|
Ordinal |
37
|
Address |
0x57a3
|
Ordinal |
38
|
Address |
0x56e4
|
Ordinal |
39
|
Address |
0x5582
|
Ordinal |
40
|
Address |
0x5608
|
Ordinal |
41
|
Address |
0x728f
|
Ordinal |
42
|
Address |
0x72af
|
Ordinal |
43
|
Address |
0x726f
|
Ordinal |
44
|
Address |
0x5da5
|
Ordinal |
45
|
Address |
0x781f
|
Ordinal |
46
|
Address |
0x787f
|
Ordinal |
47
|
Address |
0x23cf7
|
Ordinal |
48
|
Address |
0x23e97
|
Ordinal |
49
|
Address |
0x24037
|
Ordinal |
50
|
Address |
0x23c23
|
Ordinal |
51
|
Address |
0x23dcb
|
Ordinal |
52
|
Address |
0x23f63
|
Ordinal |
53
|
Address |
0x23d60
|
Ordinal |
54
|
Address |
0x23efd
|
Ordinal |
55
|
Address |
0x240a1
|
Ordinal |
56
|
Address |
0x23c8c
|
Ordinal |
57
|
Address |
0x23e31
|
Ordinal |
58
|
Address |
0x23fcd
|
Ordinal |
59
|
Address |
0x4ead
|
Ordinal |
60
|
Address |
0x5819
|
Ordinal |
61
|
Address |
0x7c30
|
Ordinal |
62
|
Address |
0x82ef
|
Ordinal |
63
|
Address |
0x7d60
|
Ordinal |
64
|
Address |
0x3425
|
Ordinal |
65
|
Address |
0x5c26
|
Ordinal |
66
|
Address |
0x536a
|
Ordinal |
67
|
Address |
0x7f89
|
Ordinal |
68
|
Address |
0x4fe6
|
Ordinal |
69
|
Address |
0x23b53
|
Ordinal |
70
|
Address |
0x23b8e
|
Ordinal |
71
|
Address |
0x23bc4
|
Ordinal |
72
|
Address |
0x23af0
|
Ordinal |
73
|
Address |
0x23b0c
|
Ordinal |
74
|
Address |
0x23b26
|
Ordinal |
75
|
Address |
0x23b34
|
Ordinal |
76
|
Address |
0x23b75
|
Ordinal |
77
|
Address |
0x23ba9
|
Ordinal |
78
|
Address |
0x23ae0
|
Ordinal |
79
|
Address |
0x23b00
|
Ordinal |
80
|
Address |
0x23b18
|
Ordinal |
81
|
Address |
0x5db8
|
Ordinal |
82
|
Address |
0x7bbc
|
Ordinal |
83
|
Address |
0x9bf9
|
Ordinal |
84
|
Address |
0x5834
|
Ordinal |
85
|
Address |
0x9b0f
|
Ordinal |
86
|
Address |
0x9672
|
Ordinal |
87
|
Address |
0x95fb
|
Ordinal |
88
|
Address |
0x9588
|
Ordinal |
89
|
Address |
0x96e9
|
Ordinal |
90
|
Address |
0x91fe
|
Ordinal |
91
|
Address |
0x9193
|
Ordinal |
92
|
Address |
0x9279
|
Ordinal |
93
|
Address |
0x9a25
|
Ordinal |
94
|
Address |
0x79f7
|
Ordinal |
95
|
Address |
0x7a57
|
Ordinal |
96
|
Address |
0x241e6
|
Ordinal |
97
|
Address |
0x24310
|
Ordinal |
98
|
Address |
0x24438
|
Ordinal |
99
|
Address |
0x2414c
|
Ordinal |
100
|
Address |
0x24280
|
Ordinal |
101
|
Address |
0x243a0
|
Ordinal |
102
|
Address |
0x24233
|
Ordinal |
103
|
Address |
0x24358
|
Ordinal |
104
|
Address |
0x24484
|
Ordinal |
105
|
Address |
0x24199
|
Ordinal |
106
|
Address |
0x242c8
|
Ordinal |
107
|
Address |
0x243ec
|
Ordinal |
108
|
Address |
0x1ae06
|
Ordinal |
109
|
Address |
0x24538
|
Ordinal |
110
|
Address |
0x24be9
|
Ordinal |
111
|
Address |
0x244d0
|
Ordinal |
112
|
Address |
0x24b04
|
Ordinal |
113
|
Address |
0x24aba
|
Ordinal |
114
|
Address |
0x24c85
|
Ordinal |
115
|
Address |
0x248d8
|
Ordinal |
116
|
Address |
0x24a95
|
Ordinal |
117
|
Address |
0x24adf
|
Ordinal |
118
|
Address |
0x24b29
|
Ordinal |
119
|
Address |
0x35a00
|
Ordinal |
120
|
Address |
0x2c440
|
Ordinal |
121
|
Address |
0x2bfc0
|
Ordinal |
122
|
Address |
0x2c120
|
Ordinal |
123
|
Address |
0x2c260
|
Ordinal |
124
|
Address |
0x2d060
|
Ordinal |
125
|
Address |
0x2c580
|
Ordinal |
126
|
Address |
0x2c6c0
|
Ordinal |
127
|
Address |
0x2cf00
|
Ordinal |
128
|
Address |
0x2d1e0
|
Ordinal |
129
|
Address |
0x2c800
|
Ordinal |
130
|
Address |
0x2cb60
|
Ordinal |
131
|
Address |
0x86a0
|
Ordinal |
132
|
Address |
0x8a0e
|
Ordinal |
133
|
Address |
0x8929
|
Ordinal |
134
|
Address |
0x882e
|
Ordinal |
135
|
Address |
0x8451
|
Ordinal |
136
|
Address |
0x2879
|
Ordinal |
137
|
Address |
0x21ba
|
Ordinal |
138
|
Address |
0x52f7
|
Ordinal |
139
|
Address |
0x4907
|
Ordinal |
140
|
Address |
0x822b
|
Ordinal |
141
|
Address |
0xa770
|
Ordinal |
142
|
Address |
0xa8f3
|
Ordinal |
143
|
Address |
0xaa8f
|
Ordinal |
144
|
Address |
0xb749
|
Ordinal |
145
|
Address |
0xb901
|
Ordinal |
146
|
Address |
0xad35
|
Ordinal |
147
|
Address |
0xb814
|
Ordinal |
148
|
Address |
0xb981
|
Ordinal |
149
|
Address |
0xa749
|
Ordinal |
150
|
Address |
0xad62
|
Ordinal |
151
|
Address |
0xb6a7
|
Ordinal |
152
|
Address |
0xb6fa
|
Ordinal |
153
|
Address |
0xad49
|
Ordinal |
154
|
Address |
0xb9b2
|
Ordinal |
155
|
Address |
0xad2a
|
Ordinal |
156
|
Address |
0xb140
|
Ordinal |
157
|
Address |
0xb3c0
|
Ordinal |
158
|
Address |
0xb348
|
Ordinal |
159
|
Address |
0xb384
|
Ordinal |
160
|
Address |
0xb44c
|
Ordinal |
161
|
Address |
0xb9d6
|
Ordinal |
162
|
Address |
0xb5da
|
Ordinal |
163
|
Address |
0xbc10
|
Ordinal |
164
|
Address |
0xb641
|
Ordinal |
165
|
Address |
0xb513
|
Ordinal |
166
|
Address |
0x81e0
|
Ordinal |
167
|
Address |
0x82a0
|
Ordinal |
168
|
Address |
0x3141
|
Ordinal |
169
|
Address |
0x48b6
|
Ordinal |
170
|
Address |
0x18a0
|
Ordinal |
171
|
Address |
0x1c00
|
Ordinal |
172
|
Address |
0x1ef0
|
Ordinal |
173
|
Address |
0x18d0
|
Ordinal |
174
|
Address |
0x18b0
|
StartAddressOfRawData |
0x6f43b000
|
EndAddressOfRawData |
0x6f43b008
|
AddressOfIndex |
0x6f4356ac
|
AddressOfCallbacks |
0x6f43a030
|
SizeOfZeroFill |
0
|
Characteristics |
IMAGE_SCN_TYPE_REG
|
Callbacks |
0x000000006F425190
0x000000006F425160
|
[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /31!
[*] Warning: Tried to read outside the COFF string table to get the name of section /45!
[*] Warning: Tried to read outside the COFF string table to get the name of section /57!
[*] Warning: Tried to read outside the COFF string table to get the name of section /70!
[*] Warning: Tried to read outside the COFF string table to get the name of section /81!
[*] Warning: Tried to read outside the COFF string table to get the name of section /92!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!