Architecture |
IMAGE_FILE_MACHINE_I386
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date |
2019-May-16 14:07:17
|
Suspicious |
PEiD Signature: |
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
|
Suspicious |
The PE is packed with UPX |
Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
|
Info |
The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
- LoadLibraryA
- GetProcAddress
|
Suspicious |
The PE is possibly a dropper. |
Resource E6E815853871A85C12D3A96487A9154DFA1A5E85 is possibly compressed or encrypted.
Resources amount for 83.7689% of the executable.
|
Suspicious |
No VirusTotal score. |
This file has never been scanned on VirusTotal.
|
MD5 |
fb20b7358617f4ab79c4b8a6064e4e27
|
SHA1 |
a7921ff2cb55e7f59d4421e77833477b1c4a357c
|
SHA256 |
4b52cc5bdf7799a8bec5374893f578fbed41a23aac6aef0f67cb62a890a0d945
|
SHA3 |
bed3f834abaf92d2b885117acaa7fa7a6498565c5d63822fba879ed866f23d6e
|
SSDeep |
6144:fV28oU+K4WbW1bySLtCwdetuAtwfM9CoSTcWR9A:foC+KFbW1bxbduuyCoS
|
Imports Hash |
a50e815adb2cfe3e58d388c791946db8
|
e_magic |
MZ
|
e_cblp |
0x90
|
e_cp |
0x3
|
e_crlc |
0
|
e_cparhdr |
0x4
|
e_minalloc |
0
|
e_maxalloc |
0xffff
|
e_ss |
0
|
e_sp |
0xb8
|
e_csum |
0
|
e_ip |
0
|
e_cs |
0
|
e_ovno |
0
|
e_oemid |
0
|
e_oeminfo |
0
|
e_lfanew |
0x80
|
Signature |
PE
|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections |
3
|
TimeDateStamp |
2019-May-16 14:07:17
|
PointerToSymbolTable |
0
|
NumberOfSymbols |
0
|
SizeOfOptionalHeader |
0xe0
|
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
|
Magic |
PE32
|
LinkerVersion |
2.0
|
SizeOfCode |
0x38000
|
SizeOfInitializedData |
0x12000
|
SizeOfUninitializedData |
0x21000
|
AddressOfEntryPoint |
0x00058990 (Section: UPX1)
|
BaseOfCode |
0x22000
|
BaseOfData |
0x5a000
|
ImageBase |
0x400000
|
SectionAlignment |
0x1000
|
FileAlignment |
0x200
|
OperatingSystemVersion |
4.0
|
ImageVersion |
0.0
|
SubsystemVersion |
4.0
|
Win32VersionValue |
0
|
SizeOfImage |
0x6c000
|
SizeOfHeaders |
0x1000
|
Checksum |
0
|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve |
0x100000
|
SizeofStackCommit |
0x1000
|
SizeofHeapReserve |
0x100000
|
SizeofHeapCommit |
0x1000
|
LoaderFlags |
0
|
NumberOfRvaAndSizes |
16
|
MD5 |
d41d8cd98f00b204e9800998ecf8427e
|
SHA1 |
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
SHA256 |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
SHA3 |
a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
|
VirtualSize |
0x21000
|
VirtualAddress |
0x1000
|
SizeOfRawData |
0
|
PointerToRawData |
0x200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
MD5 |
a704a88e05ac719a622916704f7fe3b9
|
SHA1 |
669c8386d5a21f7b58a2ed8e336560bb8a114bb0
|
SHA256 |
613443ff30b80cb523cba7be20cddccef5781c5a0a8ce0ebd4f5f36a0135ebe5
|
SHA3 |
7ecccdb50f158c4ee999b50c7c52309c1866079f1478b83ae61619777d3121cc
|
VirtualSize |
0x38000
|
VirtualAddress |
0x22000
|
SizeOfRawData |
0x37600
|
PointerToRawData |
0x200
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
7.99757
|
MD5 |
b013e8a31cf7a50d071411b8f5a6656a
|
SHA1 |
9537573140c3a0b7a4e0ccc838090a5920871c1f
|
SHA256 |
292c6cd963954671289e2c3ec0c96d4deba76d14411d8127e44d2ea72ad552c2
|
SHA3 |
409d0c0e996d8e406b6163caeede7a9ffef6da8c4a3fc23e3e7ed594bc352aa2
|
VirtualSize |
0x12000
|
VirtualAddress |
0x5a000
|
SizeOfRawData |
0x11200
|
PointerToRawData |
0x37800
|
PointerToRelocations |
0
|
PointerToLineNumbers |
0
|
NumberOfLineNumbers |
0
|
NumberOfRelocations |
0
|
Characteristics |
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|
Entropy |
5.11277
|
COMCTL32.DLL |
InitCommonControlsEx
|
GDI32.DLL |
GetStockObject
|
KERNEL32.DLL |
LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
|
MSVCRT.dll |
free
|
OLE32.DLL |
CoInitialize
|
SHELL32.DLL |
ShellExecuteExW
|
SHLWAPI.DLL |
PathRemoveArgsW
|
USER32.DLL |
SetFocus
|
WINMM.DLL |
timeBeginPeriod
|
Type |
RT_ICON
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x10828
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.08609
|
MD5 |
9092db9e44ef83d63d6100b27ad16382
|
SHA1 |
527b0fe749202008b8a073e68eeefe041745b87f
|
SHA256 |
c60a360a0e752321ff5a5b0b088ce58fbf4671942103525672f5d3c7811e98f3
|
SHA3 |
a7dd8f18558fb84e8d0738efb847178ccd8de6c3acb4059428210e87c56c4739
|
Type |
RT_RCDATA
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x76
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.52671
|
MD5 |
be25a215b3e45a2a52035c9fffb2755a
|
SHA1 |
f8941ba764a0f2eea7145cdb357ad0f43ecb5ff7
|
SHA256 |
8cdd79d0a8a68c0456312088cfaaf5b10c893f1080ca76dc2d255dce739728cf
|
SHA3 |
0112f31a5256759e0b1226d9d155649c726c113b28672c842b05870099c4c44a
|
Type |
RT_RCDATA
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x9
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.16993
|
MD5 |
76bec7d2886cae659067ea73efef7bc7
|
SHA1 |
780f3624951ffa4a565fe2f28acfa58a9aad469c
|
SHA256 |
db4d61d00a3e2a3f8e1ae2ca839e4f7abb99f67c8e80f6b208085e3cf6b393e6
|
SHA3 |
ea47e96b54f532fe37b626a1389f824cce12e9b1c9067924182a37000ca182ec
|
Type |
RT_RCDATA
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x8f
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
6.59145
|
MD5 |
7997d575d33be0e9e893bb8e5c819ecf
|
SHA1 |
c88b35695bc212fe88a212baa08aa5ce9ad6b9e6
|
SHA256 |
78c0e838d0942aa9fdbb1f9cf91368b461bb7686e7e09a83156d905135fbfe24
|
SHA3 |
ba4b2da5e30ac4ee037b4e4e8ec69f869be7a40d25e6ae9deebbb30428bbdebe
|
Type |
RT_RCDATA
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x10
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
3.875
|
MD5 |
3b11a875850d32bba8c6386fab19a227
|
SHA1 |
86d17fe11345d344cc04fe4a7867e68ebd1eb236
|
SHA256 |
4c6718e273c8d73412d38bc5b5586e9fa9fdf5a7ec23a65bdddd9eaa14a79706
|
SHA3 |
dea6649e4b682258b740427fb9bfcc614b1dcaac7bed29394ac520ae70a7ce92
|
Type |
RT_RCDATA
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x1
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
0
|
MD5 |
6067a176e5ed08f37f90537b9dbe76a5
|
SHA1 |
4df7138b341559a90fcf19aac099bfa6cc432cb2
|
SHA256 |
fe1dcd3abfcd6b1655a026e60a05d03a7f71e4b6070f36e6c7e9c4b6f3d3bf1b
|
SHA3 |
93d643968241c552b64aff482441773a27df9216aed93dbb4fd8749ddda1d6c0
|
Type |
RT_RCDATA
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x2c155
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
7.99901
|
MD5 |
da85cb2e4417ffe3252731c5368d5dd5
|
SHA1 |
e8e80ec6ce3fbd91cd82592546794bc77a84ecfa
|
SHA256 |
b76f12bc103257825def72d6c9a8f86cb1ab430ada558f1057fec35a4e4c8d5e
|
SHA3 |
ebeb080b3d0bebb43dd80a92522f9791ece9580b764c746d8aa8182a478987bc
|
Type |
RT_RCDATA
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x15
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
4.29708
|
MD5 |
79340729f88279d684640f91190769fb
|
SHA1 |
8399c7b99dd83cfde8396d6d7c6040f045dc01bc
|
SHA256 |
e65de3d85bc5f5e39c81428cac2a6dd6e7183367df1d9df2d60eafb58bfb1411
|
SHA3 |
1fe80fea8a480cde74c9b71e97ee17a0b9885b69895c62f735a2693bd9fd99da
|
Type |
RT_GROUP_ICON
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x14
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
1.98048
|
Detected Filetype |
Icon file
|
MD5 |
38388dda6548693f4d42f2241a4218d7
|
SHA1 |
78bedd12a20f97e31e58742381f3d0ca1edb4715
|
SHA256 |
cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba
|
SHA3 |
9ace1e9f008d60580379cdfdcd4119706c82d52d2e5fdb9e5745fa00864cc1a8
|
Type |
RT_MANIFEST
|
Language |
UNKNOWN
|
Codepage |
Latin 1 / Western European
|
Size |
0x2a0
|
TimeDateStamp |
1980-Jan-01 00:00:00
|
Entropy |
5.08821
|
MD5 |
ffd3b06250ba95d239365ef050b3627b
|
SHA1 |
16e3981245d8dbd44f33d93b203c02a44f3c2b95
|
SHA256 |
1c3703755b6e9a690e8eafaa0cc318f667cd5d4c06935b6e3cd07296df9e9dcd
|
SHA3 |
2c6baa84c172762978837565c2b2ed4f7716c0edaab79bda3a3ef74724426773
|
[*] Warning: Section UPX0 has a size of 0!