f887a331c5cd6feb7b2558c2234ad5c5

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to MD5
Suspicious The PE contains functions most legitimate programs don't use. Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 f887a331c5cd6feb7b2558c2234ad5c5
SHA1 6e9d46bb74f5a0c1f9fda8f22e330faa034a3609
SHA256 873e9ef811067c6290ce0e3b5acd7c7fdc398bf4a3d3e645fb4a15efc5fcf814
SHA3 de0d7c1a06ec61a579f7add33ea2e34f235f8d698f56da88d3856c2ab2e8fe3d
SSDeep 768:eHoPR0kHg9yNm/EPPdbnx2W8X20Flty0uiNbZRP9r2s8rraQaJhvR7w9BQXTFLW:GQg2XrjYvvuiNZl8f9GDFWyiKIbm
Imports Hash bd79bd2c3331dab1eba31a59a7717c2e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xd8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 14.0
SizeOfCode 0xaa00
SizeOfInitializedData 0x6800
SizeOfUninitializedData 0
AddressOfEntryPoint 0xA2E60000 (Section: ?)
BaseOfCode 0x1000
BaseOfData 0xc000
ImageBase 0x5d1a0000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 5.1
ImageVersion 0.0
SubsystemVersion 5.1
Win32VersionValue 0
SizeOfImage 0x15000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1cb75097a784cc7c8d91f5081a4777bf
SHA1 f8f6e50d587c9993aa07cfcad79b929c9e6c48ed
SHA256 646a89c560c76c3b1583b9a6a9f450ccc1e23ed306785d8450b1d9abdf08cde0
SHA3 6f55fbdd745e1c28296bc8c945174074c4b03bb465780d7e4450168e2feaae1b
VirtualSize 0xb000
VirtualAddress 0x1000
SizeOfRawData 0xaa00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.14828

.data

MD5 69566c44767e15df1ede888f6df328f5
SHA1 c70b988b6ab6cde8808fcccf9a71025ce294fed7
SHA256 de3de522bf00eb5a51c6cbd867c7cb5a1024605a8789c5415299ec71f9317a21
SHA3 5dcf27f17c655b0bc436707c83ef0478107d130534db1f9b7ce57cfae957b084
VirtualSize 0x7000
VirtualAddress 0xc000
SizeOfRawData 0x6200
PointerToRawData 0xae00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.45165

.idata

MD5 a76a91d8a2ff062aecd25ae01d7dd5c0
SHA1 93f6a8abcdbb9a524fa3835250c9ec732dadedff
SHA256 1753b05cb5e18f2ce0fd40ae17c05d49870dfe0e394996eb0d2342baa4fa33e1
SHA3 fb54e59d0793efe82d98d06b3c68639e5b35f539530f74f48ba090a170da94df
VirtualSize 0x1000
VirtualAddress 0x13000
SizeOfRawData 0x200
PointerToRawData 0x11000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.17099

.reloc

MD5 b9e2aa7825ef35cb1bfbf01c0a7062a4
SHA1 8a62fc77e76b67ac1e283f0f197470a7dd6837c7
SHA256 ac488f30ef7c961df8ee2e704a1af9c00a8a250801dc15667fab70df48467160
SHA3 8ae1a7098b8524c0a9a23f5c96db569454d072abf021de3dc2d67104a913c1cf
VirtualSize 0x1000
VirtualAddress 0x14000
SizeOfRawData 0x400
PointerToRawData 0x11200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.38703

Imports

KERNEL32.dll VirtualFree
VirtualAlloc
WideCharToMultiByte
GetCurrentProcess
GetLastError
CloseHandle
GetSystemInfo
VirtualProtect
GetModuleHandleA
GetProcAddress
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
CompareStringW
lstrlenW
lstrcatW
GetStdHandle

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2019-Mar-18 18:18:07
Version 0.0
SizeofData 108
AddressOfRawData 0x3e30
PointerToRawData 0x3230

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2019-Mar-18 18:18:07
Version 0.0
SizeofData 20
AddressOfRawData 0x3e9c
PointerToRawData 0x329c

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2019-Mar-18 18:18:07
Version 0.0
SizeofData 328
AddressOfRawData 0x3eb0
PointerToRawData 0x32b0

IMAGE_DEBUG_TYPE_ILTCG

Characteristics 0
TimeDateStamp 2019-Mar-18 18:18:07
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read the exported DLL name.
<-- -->