| Architecture |
IMAGE_FILE_MACHINE_AMD64
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| Compilation Date |
2017-Mar-27 02:21:18
|
| TLS Callbacks |
2 callback(s) detected.
|
| Debug artifacts |
Embedded COFF debugging symbols
|
| Suspicious |
The PE is possibly packed. |
Unusual section name found: .xdata
Unusual section name found: /4
Unusual section name found: /19
Unusual section name found: /31
Unusual section name found: /45
Unusual section name found: /57
Unusual section name found: /70
Unusual section name found: /81
Unusual section name found: /92
|
| Suspicious |
The file contains overlay data. |
28939 bytes of data starting at offset 0x49c00.
|
| Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
| MD5 |
4babf2bf36280181ca45d072d014ee0b
|
| SHA1 |
2edb8e1a6c39ba605cacdeb0f291d1c40536fb66
|
| SHA256 |
f6a3e1a2f0c36b24c100c0200bd4aab514fa5b5d99c5a28c825107d1c8d553a0
|
| SHA3 |
17fc4ef33075113675693da2d39d0a59a1e394ef0bff0a44ece1ff74b20f854c
|
| SSDeep |
6144:yiJLy+IfBKMLoZQMlr0LqwQEasBU4x/QrxkiskXgM/1sAUMSX4:yiJLyzxJSQLFTXWWTe2hMSX4
|
| Imports Hash |
368e78e093da6d630345960e47662ae2
|
| e_magic |
MZ
|
| e_cblp |
0x90
|
| e_cp |
0x3
|
| e_crlc |
0
|
| e_cparhdr |
0x4
|
| e_minalloc |
0
|
| e_maxalloc |
0xffff
|
| e_ss |
0
|
| e_sp |
0xb8
|
| e_csum |
0
|
| e_ip |
0
|
| e_cs |
0
|
| e_ovno |
0
|
| e_oemid |
0
|
| e_oeminfo |
0
|
| e_lfanew |
0x80
|
| Signature |
PE
|
| Machine |
IMAGE_FILE_MACHINE_AMD64
|
| NumberofSections |
19
|
| TimeDateStamp |
2017-Mar-27 02:21:18
|
| PointerToSymbolTable |
0x49c00
|
| NumberOfSymbols |
1317
|
| SizeOfOptionalHeader |
0xf0
|
| Characteristics |
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
|
| Magic |
PE32+
|
| LinkerVersion |
2.0
|
| SizeOfCode |
0x2400
|
| SizeOfInitializedData |
0x4400
|
| SizeOfUninitializedData |
0xe00
|
| AddressOfEntryPoint |
0x00000000000013D0 (Section: .text)
|
| BaseOfCode |
0x1000
|
| ImageBase |
0x6a9c0000
|
| SectionAlignment |
0x1000
|
| FileAlignment |
0x200
|
| OperatingSystemVersion |
4.0
|
| ImageVersion |
0.0
|
| SubsystemVersion |
5.2
|
| Win32VersionValue |
0
|
| SizeOfImage |
0x56000
|
| SizeOfHeaders |
0x600
|
| Checksum |
0x5b7d1
|
| Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
| DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
|
| SizeofStackReserve |
0x200000
|
| SizeofStackCommit |
0x1000
|
| SizeofHeapReserve |
0x100000
|
| SizeofHeapCommit |
0x1000
|
| LoaderFlags |
0
|
| NumberOfRvaAndSizes |
16
|
| MD5 |
d7830c900c494f76425aa94548304ada
|
| SHA1 |
de7fcd1eeb39ca31b9698834eaa214e09b7c1b37
|
| SHA256 |
33b1b157b16717f51ad064cf11ee8c6e5e80f2f05f832ba7a92d2b2d320bf5f2
|
| SHA3 |
dfb211c6657be638c53b440bfb9475f1b11b4cc12748e43c3b0f0b19118084e7
|
| VirtualSize |
0x2398
|
| VirtualAddress |
0x1000
|
| SizeOfRawData |
0x2400
|
| PointerToRawData |
0x600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
|
| Entropy |
6.09175
|
| MD5 |
7f388b3b9de0c5b2c38b52da746f238d
|
| SHA1 |
bf99113f9c4b296136ca1cd4f086986c4ffa2e39
|
| SHA256 |
608c55659092ab66ed7d6e5eab30aa976d3aa0597643d0ed9354c11fed3c6bbf
|
| SHA3 |
edfcf21df534d007fe9e9fe371d8c906d51755677a7746a9f0dc2048659f997e
|
| VirtualSize |
0x58
|
| VirtualAddress |
0x4000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x2a00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.483765
|
| MD5 |
2c0c4dfaf839ea1438cd0911c3e8cd2c
|
| SHA1 |
8c4f284cd77df872eddc8f31a6449b83fb695f6f
|
| SHA256 |
8a51764eebfb8cb5d570868dbdb50a9aebf0fff32b36f8e3960ddfdcc7b19a0a
|
| SHA3 |
5842e0be73beee0e93270b2c2565d6cbab8314981da506aa8523525ad6195d67
|
| VirtualSize |
0x5b0
|
| VirtualAddress |
0x5000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0x2c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
4.07841
|
| MD5 |
c964c84c8f01706abd96ded608af5f5b
|
| SHA1 |
78f3a3c764443faed8f5d2f3869b37d56d409eb9
|
| SHA256 |
27f947bfe4bbc1b0a5e7bbde646a0227bfd0fb0d84044424c9b6882c76ec2632
|
| SHA3 |
a514716c37edf82008ffd8efa914360564100c8a3fecd4f812c44b1bf2b50648
|
| VirtualSize |
0x2d0
|
| VirtualAddress |
0x6000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x3200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
3.01215
|
| MD5 |
3caf6e430d2e6b5540fd406bbbd52308
|
| SHA1 |
9d7a714965730145054f1242a9d0c0995728c3b7
|
| SHA256 |
98953799cf120637adca89d11ba8f04e25375f7b4af89e4240b52a37d21b0850
|
| SHA3 |
fef05760b87fb622c1da46f91d857d3d525860f028799dfc0c416044cfcd16f5
|
| VirtualSize |
0x250
|
| VirtualAddress |
0x7000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x3600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
2.84544
|
| MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
| SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
| SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
| SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
| VirtualSize |
0xd50
|
| VirtualAddress |
0x8000
|
| SizeOfRawData |
0
|
| PointerToRawData |
0
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| MD5 |
6664a0a416652052445aab2f5393341a
|
| SHA1 |
19fd3c9d6325aab46e3a62e907ef61d653acdeea
|
| SHA256 |
75d7454678bcc0fb30733ccd76877b345284d9de4af6c8deb11b05e3e3dc9848
|
| SHA3 |
42d4a6735299c98a77d7fa86bd95c4411e7614ad9f26caccc3548313846de2a2
|
| VirtualSize |
0x171
|
| VirtualAddress |
0x9000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x3a00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
|
| Entropy |
3.64664
|
| MD5 |
4db325bedc519c5b75896c67bd8a7bc1
|
| SHA1 |
8f054dd921add3a40a0482242e9f32ef61ca33d0
|
| SHA256 |
c3070f04c82d570cb5a84e9b4b0bcdddbfcdeeae483f47948f09bb1971a9c612
|
| SHA3 |
b1d0739f32f63ee86a2314add12271df10f104de112f2e50b7b8e688de461203
|
| VirtualSize |
0x74c
|
| VirtualAddress |
0xa000
|
| SizeOfRawData |
0x800
|
| PointerToRawData |
0x3c00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
3.77388
|
| MD5 |
d2575aebfcc6d0145b68d89e79a07f03
|
| SHA1 |
66323a9598ab0c4b467f14c851f48c57a4db331d
|
| SHA256 |
d4e86ed573efbb2b960e08110f9e7b81ef127c76b4d5b0725f6cb050a7c028cc
|
| SHA3 |
b4713f0ef0879300235c57cb748d7344163f6867c0c83c3bbfac97184e5d92cd
|
| VirtualSize |
0x58
|
| VirtualAddress |
0xb000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x4400
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.201539
|
| MD5 |
9e6b775fda963e82d5387f5b2b5fdc56
|
| SHA1 |
b9049885cf8e45ace2c0bf3b7c30b9aabc5824b7
|
| SHA256 |
ddff3d01fc4e7caf98a15fd2f14adc525e8d3af01d13a1e1d4b700d868d12baf
|
| SHA3 |
27a31af1c79b8c232ebb32a560bafc6c0a2db568e96ec678c8952ee65ee98f7b
|
| VirtualSize |
0x68
|
| VirtualAddress |
0xc000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x4600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
| Entropy |
0.270157
|
| MD5 |
234769445fda37f9646dddabc562e4cb
|
| SHA1 |
2a5f6f383f1a5e92072df652c9bf7d7a575631ae
|
| SHA256 |
be00edb3ae48458c2b34fd4dd94c2a0fab288459293489e3a46b5c55d19daf4b
|
| SHA3 |
622dcb085a5367d2fe0920d9a5e58fd4f14b7c0be619a898ffe87a23b450a975
|
| VirtualSize |
0x68
|
| VirtualAddress |
0xd000
|
| SizeOfRawData |
0x200
|
| PointerToRawData |
0x4800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
1.0679
|
| MD5 |
95832944e507a8566183fe6f299a20ac
|
| SHA1 |
23f63ca67000110304e2cc9d8ddd5b0fa1daa4c4
|
| SHA256 |
6e76cffab7477a29400b647a4073e46f7a27ef31b2388494c42f6cf1c827b540
|
| SHA3 |
b98934a405cd2a2454911f040e737785be50b7f5d613cd497c67b4c613f84970
|
| VirtualSize |
0x320
|
| VirtualAddress |
0xe000
|
| SizeOfRawData |
0x400
|
| PointerToRawData |
0x4a00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
1.52152
|
| MD5 |
31a5f1c3cbc2e22fe6563b903759a836
|
| SHA1 |
5a1812cc8bafbd7ba37d322663dc773a15fbac29
|
| SHA256 |
863354b621ade02752619a7739bfc8d69c24da3230648c61b939033296216913
|
| SHA3 |
4915f1837f5c0cfb9d3894e2b11af710bc9a4fbf5e8177193e947481789d34f5
|
| VirtualSize |
0x3c94d
|
| VirtualAddress |
0xf000
|
| SizeOfRawData |
0x3ca00
|
| PointerToRawData |
0x4e00
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
5.98274
|
| MD5 |
c032c046d8a3a9a4e2167b25e2eb6826
|
| SHA1 |
3f41187e053b3ca5a7d4d38f7dd165c70eabb6c4
|
| SHA256 |
ca436a09b230111a611c6c9d00fd70f1acf891299f71f69536d90f588f235fc0
|
| SHA3 |
319bfac11186323b0103b25d9f20a74a97eaf5482e05dabf7c58a7e77452a424
|
| VirtualSize |
0x1f66
|
| VirtualAddress |
0x4c000
|
| SizeOfRawData |
0x2000
|
| PointerToRawData |
0x41800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
4.54811
|
| MD5 |
13931dae901932f125f6ecb1621a50c1
|
| SHA1 |
c70ceef2b0b74aea19462277e17eb93e5432d2b8
|
| SHA256 |
0e6716ed664a56ebfd712721118d4c99318250cb57cee56202769b4afb3f75b4
|
| SHA3 |
2e59a1ff0d6cd20896f97142b3d01ca81e95c055ab5672ce4972fd4fb30c5e86
|
| VirtualSize |
0x1fee
|
| VirtualAddress |
0x4e000
|
| SizeOfRawData |
0x2000
|
| PointerToRawData |
0x43800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
5.33066
|
| MD5 |
666cd6f35601b7a6857ebff5e95e1eed
|
| SHA1 |
d4a3f0eaf8a6e3cab745178ba5153f70b7f6b866
|
| SHA256 |
87c269fec4b4382f0c340694c76e20d3623effce42b0fafb35577a5b4dc5ae7c
|
| SHA3 |
75715530d111ed66b039f04245176399a7ab508d61a81b4d8ab9d0ec2808bbab
|
| VirtualSize |
0x998
|
| VirtualAddress |
0x50000
|
| SizeOfRawData |
0xa00
|
| PointerToRawData |
0x45800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
4.31977
|
| MD5 |
db0c7268402e15534c6d08db8601d787
|
| SHA1 |
db307f660c17ded92aaad263ef77cae78828ef7c
|
| SHA256 |
b7570a94ec225d8020c39e6ebcae5a1d04122841cc58fe31014fc05551531079
|
| SHA3 |
f142811342fc87628492c973a5d93084716db9eb34496b1e3c56584390b19224
|
| VirtualSize |
0x4fe
|
| VirtualAddress |
0x51000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0x46200
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
4.31408
|
| MD5 |
1eca24d630daa870a38aea11c86f1862
|
| SHA1 |
5b650ff3da2cc738ee4429539613aa7ae051ab8b
|
| SHA256 |
523224d660d07dae6e7faebd79374be8e82a5c71feb40926e3d605396952bc5a
|
| SHA3 |
7526779d73296078881bfbe9f1c7da46d4369815502dc922db6087c9ad288d95
|
| VirtualSize |
0x2d9d
|
| VirtualAddress |
0x52000
|
| SizeOfRawData |
0x2e00
|
| PointerToRawData |
0x46800
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
2.32913
|
| MD5 |
dac5f70f2b6c4500216660a1302ac6aa
|
| SHA1 |
b58ec4232d118d6c3cde236b0d65d2a633cb485e
|
| SHA256 |
b120b14789cfff5fe5cafe00c1387f3fc5d80d7d4c5cb6d5d045cada03bf2bb5
|
| SHA3 |
6ed456cd3befddb2d381f861589a88b8733677e5fdcd9c87a83d0e8351926a47
|
| VirtualSize |
0x590
|
| VirtualAddress |
0x55000
|
| SizeOfRawData |
0x600
|
| PointerToRawData |
0x49600
|
| PointerToRelocations |
0
|
| PointerToLineNumbers |
0
|
| NumberOfLineNumbers |
0
|
| NumberOfRelocations |
0
|
| Characteristics |
IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
|
| Entropy |
1.44979
|
| KERNEL32.dll |
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
|
| msvcrt.dll |
__dllonexit
__iob_func
_amsg_exit
_initterm
_lock
_onexit
_unlock
abort
calloc
fclose
fopen
fputs
free
fscanf
fwrite
localtime
malloc
memcpy
memset
signal
sprintf
strlen
strncmp
vfprintf
_time64
|
| Ordinal |
10
|
| Address |
0x1b6f
|
| Ordinal |
11
|
| Address |
0x1a7f
|
| Ordinal |
12
|
| Address |
0x19c0
|
| Ordinal |
13
|
| Address |
0x1513
|
| Ordinal |
14
|
| Address |
0x15e3
|
| Ordinal |
15
|
| Address |
0x1752
|
| Ordinal |
16
|
| Address |
0x158b
|
| StartAddressOfRawData |
0x6a9cc000
|
| EndAddressOfRawData |
0x6a9cc060
|
| AddressOfIndex |
0x6a9c89ec
|
| AddressOfCallbacks |
0x6a9cb030
|
| SizeOfZeroFill |
0
|
| Characteristics |
IMAGE_SCN_TYPE_REG
|
| Callbacks |
0x000000006A9C20B0
0x000000006A9C2080
|
[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /19!
[*] Warning: Tried to read outside the COFF string table to get the name of section /31!
[*] Warning: Tried to read outside the COFF string table to get the name of section /45!
[*] Warning: Tried to read outside the COFF string table to get the name of section /57!
[*] Warning: Tried to read outside the COFF string table to get the name of section /70!
[*] Warning: Tried to read outside the COFF string table to get the name of section /81!
[*] Warning: Tried to read outside the COFF string table to get the name of section /92!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!