f0e57f0256dac4613893398252d361d6

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2020-Mar-22 14:10:54
Detected languages English - United States
TLS Callbacks 2 callback(s) detected.

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • MinGW.org
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Possibly launches other programs:
  • CreateProcessA
Can create temporary files:
  • CreateFileA
  • GetTempPathA
Suspicious The file contains overlay data. 3542741 bytes of data starting at offset 0xc600.
The overlay data has an entropy of 7.99994 and is possibly compressed or encrypted.
Overlay data amounts for 98.5894% of the executable.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 f0e57f0256dac4613893398252d361d6
SHA1 1cf614ffab0e930fe3e78f8f380026ea4a770a1d
SHA256 d9157d87bab307d2c171e44d2e2dd3a7207d9e280810b1a12bbeaf0c446a8134
SHA3 d058254ec84d048787b90c750d377544c7b698f1812099aad2f1aeb7e56ada05
SSDeep 98304:ge1eVNBEezj9JdqzBgq51qjEgFQx1NXfoHv:nYNBEezj9JQpOQiQbOHv
Imports Hash 764e5a47ba2f669368132b0b08f5dbd6

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 9
TimeDateStamp 2020-Mar-22 14:10:54
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x6a00
SizeOfInitializedData 0xc200
SizeOfUninitializedData 0x400
AddressOfEntryPoint 0x000012E0 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x8000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x13000
SizeOfHeaders 0x400
Checksum 0x14f2c
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 5fabcf3a15581fd8ca288804f71f5642
SHA1 d793aa7668cff50cfd742199a9d6e2f054924707
SHA256 00ed41b5a4d2ac594f70eef0f6edb1f1bc0e3c3c38730dc6ea1370c923223724
SHA3 450f3d758c979751f76fe68cc5e98b8b6fff1234c0b91d962de69d00979b6347
VirtualSize 0x6834
VirtualAddress 0x1000
SizeOfRawData 0x6a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.09743

.data

MD5 38d4d69172c14b9a1c6444c671fc7e18
SHA1 b9e5ade89194b5048a6d63c829cddee517d279e8
SHA256 3972cd80b52bbe3589a9208409b8c07bf95e8ee3bd371dbfd93061e0f22ae76e
SHA3 75e5df4badf5826ad6df95ba24ffd2c05c28cd54986fc5262c48baf79ac14b90
VirtualSize 0x98
VirtualAddress 0x8000
SizeOfRawData 0x200
PointerToRawData 0x6e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.754822

.rdata

MD5 5a05235ca88376ed7ddccaecbfcae08c
SHA1 ba98f6aefd45d76ce620a3cfddeefe94ef35e0cb
SHA256 e94652aff9497620842df0b7bb266e83831073dafcc4ab2c47f01782962e35a3
SHA3 6691b35fdb5d9bda1dc1d737359a83bb445580593848f6e8552202f45933c552
VirtualSize 0x784
VirtualAddress 0x9000
SizeOfRawData 0x800
PointerToRawData 0x7000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.99232

.eh_fram

MD5 8fb7f15607689e83613f777755b84413
SHA1 29578a373773f98cd90f432de2db9bcd77b98553
SHA256 477e6aca3d15e63fdacfd274c326bbc048488f72bdf11e0e17a98c24d937998b
SHA3 3e10e8d3d2d0c8ba0df4f1fdb97802e5381a173ea0b7a3a054d85cd8bfe6ccc1
VirtualSize 0x1528
VirtualAddress 0xa000
SizeOfRawData 0x1600
PointerToRawData 0x7800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.98316

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x2c4
VirtualAddress 0xc000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 e7b2ac0bc7e23c02e30482f6fbd85fac
SHA1 210addbe738ad76f7939acccdf7fde5a0cd1ceba
SHA256 ac9334ce6124dd0b1ce733617bfed528b557e8f2e4f424375b7790852c52adc5
SHA3 c753f0f6e761044597eb9ad92fe3b4d86cbbbd5ae17384632f08ed0528ef6ae1
VirtualSize 0x948
VirtualAddress 0xd000
SizeOfRawData 0xa00
PointerToRawData 0x8e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.63006

.CRT

MD5 05b5d6568f4d20f47f5835884f00b2db
SHA1 2f8b2c6801de542e204d19ae3fcaa79f65815ba0
SHA256 56bb6e86704e0ba948865a4710bf6981ff6f4f9cb0dc26a51d691840c009d413
SHA3 64bbadec4f4668ccf0d15001dc0fe094e405048ee587092d9b6a34e6a7bc74ff
VirtualSize 0x18
VirtualAddress 0xe000
SizeOfRawData 0x200
PointerToRawData 0x9800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.114463

.tls

MD5 e37e7341e33ff73dd7eefbe664f4d8fb
SHA1 49f2408186521a0a15f21e8855a8587b1e8e62b6
SHA256 68048065dffd22dbda40335e8a8ac94760f29558d0d532b9b0cf63116b2fd4b2
SHA3 58a4b6d314abd40147514f3c68dfc3d751c16bb8ec2eb7f8c6e6d2779ba486cf
VirtualSize 0x20
VirtualAddress 0xf000
SizeOfRawData 0x200
PointerToRawData 0x9a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.22482

.rsrc

MD5 72ad8ec007fbe41b6be51a72252d88f8
SHA1 079ded585a90a05df7b23256f2b5e31f6208f5d5
SHA256 ff709b169e726856374b9b79aeca0a2f5299c89b76bbbf98c999a72a78a18df8
SHA3 f649721ae31cecb723714fb2d4820b1237cc1c2313c59eeb97446a849cd1df93
VirtualSize 0x2920
VirtualAddress 0x10000
SizeOfRawData 0x2a00
PointerToRawData 0x9c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 6.0684

Imports

KERNEL32.dll CloseHandle
CreateDirectoryA
CreateFileA
CreateFileMappingA
CreateProcessA
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetExitCodeProcess
GetFileSize
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
MoveFileExA
RemoveDirectoryA
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetEnvironmentVariableA
SetUnhandledExceptionFilter
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA
msvcrt.dll _strdup
_stricoll
msvcrt.dll (#2) _strdup
_stricoll

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x668
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.24491
MD5 18ad7b7bfbed48e67fcbbc338ccfc3d2
SHA1 ee05e10bf508b9ace9c64483e7b7ab246922fdb8
SHA256 69c5e62c0f417dc13993b671762263869f8d4688800f1101aa95ad66b1f96af8
SHA3 0fe91110ce6f78b5e818d9b3b5ac882a5172dea09e21c5dc62b0035c166a4cda

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.63558
MD5 1c9183555b750264e588538d4f3c9f45
SHA1 760ffe7759b63bd8ca26ee383cf946aff2141760
SHA256 03ca8f806302eac4fc996973dbb6085ace8ba8c3717280580aba99c16b0add7d
SHA3 6d47ee808e93894d0123bf868846954998ea12ac70c6dd2e44714bb6a27b713a

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.0199
MD5 14078640875f30a29ba260fbed2a4c99
SHA1 7e6f04aca1547530e53537dd1208f1fc617bd219
SHA256 ddb6ee3f70fa427695c818c47d6d5141ab14e01831f78418be0a21cc47db17eb
SHA3 6353013a9cc5f1e26025caa147f62623a0dcecf9d009d50c89958b19f4a4825b

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.40365
MD5 56e1a95b13dbb488147f2e392de32e28
SHA1 7e631fd4ba8cc8c7e7f3ddb0021dbbb6011d2895
SHA256 7c3b0aaee3df0fe48db7dab5f8fa2cd0dcb994227f2dcc3309f539689cd5c065
SHA3 55999840b22b21317572746c9c86c89e944b58a00234de0e4c131cb02b1167ce

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.31745
MD5 7df6a165165ed376d7264eddfac6cc1d
SHA1 aa34bbb0a650f08b75ad98913d596fc9f9c2d9cd
SHA256 adc819100c64b5b6bfcdfeb9172ebeda8df86a3a130e1c8bab1ea7c273a34dd8
SHA3 4e19fb88afb79344f4a54febdde789df23fd8fb65688e188f7f6d415da4dfc78

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.10519
MD5 67ad9b8ad0241292bcbb423a2d21e2f9
SHA1 28a8b3e1264ec680c00ce1ff0abf867e6301259d
SHA256 efe336bd083aab8736cfc5884bb0fe746ef99c70c01971a4b83e74e17781df9e
SHA3 8eba8f7a143dd607eeccf3ee8294d3abad8b1d62e1fd62b9a0a4dbf8e34b9fdb

101

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x5a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.86669
Detected Filetype Icon file
MD5 172fa8d15b72e28b37524dde17ca5f1a
SHA1 f0802242829ad5cf23a38178e7fe1ae903f489de
SHA256 10774da934323cf587f613f65626937843c1b879d7ce6539f113d2e8f6746fd5
SHA3 a3864189b88346971cc48cfc813b8e69102d1446a3f9e11f1991abf2c7867af0

Version Info

TLS Callbacks

StartAddressOfRawData 0x40f001
EndAddressOfRawData 0x40f01c
AddressOfIndex 0x40c050
AddressOfCallbacks 0x40e004
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x004054F0
0x004054A0

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!