f14bf3efec9b874584ad7755b3e1a44a

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_EFI_APPLICATION
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .setup
The PE only has 0 import(s).
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 f14bf3efec9b874584ad7755b3e1a44a
SHA1 bed4c6af752c2373277c7221e8b80d1d0a59cad7
SHA256 61e1cf6a95424b3cce506751fb4977f4c3e95550dfbb6d4fbb8c84a30607b5a2
SHA3 7128d2f157f34c7ab6231214ec9138cc0780657113ccac23278e047304f54420
SSDeep 98304:BMNVTDq1E5yx7YxNenddGQB3njCvSQFvEgKpV+6SgR8ZpnE7a0RNPeDBI:qvTlMYGnpBISkvEJXSgR4pE7a0RNPAO
Imports Hash d41d8cd98f00b204e9800998ecf8427e

DOS Header

e_magic MZ
e_cblp 0x7ea
e_cp 0xc000
e_crlc 0x8c07
e_cparhdr 0x8ec8
e_minalloc 0x8ed8
e_maxalloc 0x8ec0
e_ss 0x31d0
e_sp 0xfbe4
e_csum 0xbefc
e_ip 0x40
e_cs 0x20ac
e_ovno 0xb409
e_oemid 0xc031
e_oeminfo 0x16cd
e_lfanew 0x82

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 4
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 1
SizeOfOptionalHeader 0xa0
Characteristics IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED

Image Optional Header

Magic PE32+
LinkerVersion 2.0
SizeOfCode 0x57d780
SizeOfInitializedData 0
SizeOfUninitializedData 0x16d1680
AddressOfEntryPoint 0x00000000000048F0 (Section: .text)
BaseOfCode 0x200
ImageBase 0
SectionAlignment 0x20
FileAlignment 0x20
OperatingSystemVersion 0.0
ImageVersion 0.0
SubsystemVersion 0.0
Win32VersionValue 0
SizeOfImage 0x1c4f000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_EFI_APPLICATION
SizeofStackReserve 0
SizeofStackCommit 0
SizeofHeapReserve 0
SizeofHeapCommit 0
LoaderFlags 0
NumberOfRvaAndSizes 6

.setup

MD5 a354d71ee31843675a3f1cbdddb2ee8a
SHA1 fe9437f5019f17b056da4a0a22b9a92e2cf26b05
SHA256 5209f03e4d908ea8d051a178fc15c28277250351221ad01dd781563296f80b24
SHA3 fb68aa9b099f97b3c4fc094045f4789305ef5fe999c75e218fc5ef8b2e08beda
VirtualSize 0x43e0
VirtualAddress 0x200
SizeOfRawData 0x43e0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.12721

.reloc

MD5 e28090232bba7df12fedf4446882bb12
SHA1 7d2841f9034b162ed09bff271cd67ff6ac620a3b
SHA256 53fb7c2d6c7e6ac75066c81b707bec5ca44794abae5e2279bdd7e1cddad57a92
SHA3 ef2d8504518843086d6b9cffd078bf794ce92332210a0bba480fa5e9969abff4
VirtualSize 0x20
VirtualAddress 0x45e0
SizeOfRawData 0x20
PointerToRawData 0x45e0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.597455

.text

MD5 5946cee8a1f770d7cd7a0853b1628bb2
SHA1 b48f3a5fabbb830de3c8811981ba7c67fb91658e
SHA256 05703510b0fd8c5dbb7aab02f6d121b9d12dc64c041a941cfa62f151e0c031fc
SHA3 b7346c8a41662a2c3f5d31833d3130f7e69f994f437be1a29356d933fa064e6b
VirtualSize 0x579380
VirtualAddress 0x4600
SizeOfRawData 0x579380
PointerToRawData 0x4600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 7.93024

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x16d1680
VirtualAddress 0x57d980
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_NOT_PAGED
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
<-- -->