fb20b7358617f4ab79c4b8a6064e4e27

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2019-May-16 14:07:17

Plugin Output

Suspicious PEiD Signature: UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX v2.0 -> Markus, Laszlo & Reiser (h)
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX -> www.upx.sourceforge.net
UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser
UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser
Suspicious The PE is packed with UPX Unusual section name found: UPX0
Section UPX0 is both writable and executable.
Unusual section name found: UPX1
Section UPX1 is both writable and executable.
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Suspicious The PE is possibly a dropper. Resource E6E815853871A85C12D3A96487A9154DFA1A5E85 is possibly compressed or encrypted.
Resources amount for 83.7689% of the executable.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 fb20b7358617f4ab79c4b8a6064e4e27
SHA1 a7921ff2cb55e7f59d4421e77833477b1c4a357c
SHA256 4b52cc5bdf7799a8bec5374893f578fbed41a23aac6aef0f67cb62a890a0d945
SHA3 bed3f834abaf92d2b885117acaa7fa7a6498565c5d63822fba879ed866f23d6e
SSDeep 6144:fV28oU+K4WbW1bySLtCwdetuAtwfM9CoSTcWR9A:foC+KFbW1bxbduuyCoS
Imports Hash a50e815adb2cfe3e58d388c791946db8

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2019-May-16 14:07:17
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x38000
SizeOfInitializedData 0x12000
SizeOfUninitializedData 0x21000
AddressOfEntryPoint 0x00058990 (Section: UPX1)
BaseOfCode 0x22000
BaseOfData 0x5a000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x6c000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

UPX0

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x21000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1

MD5 a704a88e05ac719a622916704f7fe3b9
SHA1 669c8386d5a21f7b58a2ed8e336560bb8a114bb0
SHA256 613443ff30b80cb523cba7be20cddccef5781c5a0a8ce0ebd4f5f36a0135ebe5
SHA3 7ecccdb50f158c4ee999b50c7c52309c1866079f1478b83ae61619777d3121cc
VirtualSize 0x38000
VirtualAddress 0x22000
SizeOfRawData 0x37600
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.99757

.rsrc

MD5 b013e8a31cf7a50d071411b8f5a6656a
SHA1 9537573140c3a0b7a4e0ccc838090a5920871c1f
SHA256 292c6cd963954671289e2c3ec0c96d4deba76d14411d8127e44d2ea72ad552c2
SHA3 409d0c0e996d8e406b6163caeede7a9ffef6da8c4a3fc23e3e7ed594bc352aa2
VirtualSize 0x12000
VirtualAddress 0x5a000
SizeOfRawData 0x11200
PointerToRawData 0x37800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.11277

Imports

COMCTL32.DLL InitCommonControlsEx
GDI32.DLL GetStockObject
KERNEL32.DLL LoadLibraryA
ExitProcess
GetProcAddress
VirtualProtect
MSVCRT.dll free
OLE32.DLL CoInitialize
SHELL32.DLL ShellExecuteExW
SHLWAPI.DLL PathRemoveArgsW
USER32.DLL SetFocus
WINMM.DLL timeBeginPeriod

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.08609
MD5 9092db9e44ef83d63d6100b27ad16382
SHA1 527b0fe749202008b8a073e68eeefe041745b87f
SHA256 c60a360a0e752321ff5a5b0b088ce58fbf4671942103525672f5d3c7811e98f3
SHA3 a7dd8f18558fb84e8d0738efb847178ccd8de6c3acb4059428210e87c56c4739

29E53520DFB64A10C4F1B28581EA59D2

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x76
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.52671
MD5 be25a215b3e45a2a52035c9fffb2755a
SHA1 f8941ba764a0f2eea7145cdb357ad0f43ecb5ff7
SHA256 8cdd79d0a8a68c0456312088cfaaf5b10c893f1080ca76dc2d255dce739728cf
SHA3 0112f31a5256759e0b1226d9d155649c726c113b28672c842b05870099c4c44a

2D7E1C6003CA4FB35CB700354C8AD9B9B81CF4A3

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x9
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.16993
MD5 76bec7d2886cae659067ea73efef7bc7
SHA1 780f3624951ffa4a565fe2f28acfa58a9aad469c
SHA256 db4d61d00a3e2a3f8e1ae2ca839e4f7abb99f67c8e80f6b208085e3cf6b393e6
SHA3 ea47e96b54f532fe37b626a1389f824cce12e9b1c9067924182a37000ca182ec

59EEA5321FF3EE8B517F8958B6A44F2E2F314769

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x8f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.59145
MD5 7997d575d33be0e9e893bb8e5c819ecf
SHA1 c88b35695bc212fe88a212baa08aa5ce9ad6b9e6
SHA256 78c0e838d0942aa9fdbb1f9cf91368b461bb7686e7e09a83156d905135fbfe24
SHA3 ba4b2da5e30ac4ee037b4e4e8ec69f869be7a40d25e6ae9deebbb30428bbdebe

6B068CE26A51CC4B5BE4BDE75BA4E335

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x10
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.875
MD5 3b11a875850d32bba8c6386fab19a227
SHA1 86d17fe11345d344cc04fe4a7867e68ebd1eb236
SHA256 4c6718e273c8d73412d38bc5b5586e9fa9fdf5a7ec23a65bdddd9eaa14a79706
SHA3 dea6649e4b682258b740427fb9bfcc614b1dcaac7bed29394ac520ae70a7ce92

BCD9A7DF07

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 6067a176e5ed08f37f90537b9dbe76a5
SHA1 4df7138b341559a90fcf19aac099bfa6cc432cb2
SHA256 fe1dcd3abfcd6b1655a026e60a05d03a7f71e4b6070f36e6c7e9c4b6f3d3bf1b
SHA3 93d643968241c552b64aff482441773a27df9216aed93dbb4fd8749ddda1d6c0

E6E815853871A85C12D3A96487A9154DFA1A5E85

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2c155
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.99901
MD5 da85cb2e4417ffe3252731c5368d5dd5
SHA1 e8e80ec6ce3fbd91cd82592546794bc77a84ecfa
SHA256 b76f12bc103257825def72d6c9a8f86cb1ab430ada558f1057fec35a4e4c8d5e
SHA3 ebeb080b3d0bebb43dd80a92522f9791ece9580b764c746d8aa8182a478987bc

E99BD84F988B90AC8A9D5197784111B3

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x15
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.29708
MD5 79340729f88279d684640f91190769fb
SHA1 8399c7b99dd83cfde8396d6d7c6040f045dc01bc
SHA256 e65de3d85bc5f5e39c81428cac2a6dd6e7183367df1d9df2d60eafb58bfb1411
SHA3 1fe80fea8a480cde74c9b71e97ee17a0b9885b69895c62f735a2693bd9fd99da

1 (#2)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.98048
Detected Filetype Icon file
MD5 38388dda6548693f4d42f2241a4218d7
SHA1 78bedd12a20f97e31e58742381f3d0ca1edb4715
SHA256 cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba
SHA3 9ace1e9f008d60580379cdfdcd4119706c82d52d2e5fdb9e5745fa00864cc1a8

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x2a0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.08821
MD5 ffd3b06250ba95d239365ef050b3627b
SHA1 16e3981245d8dbd44f33d93b203c02a44f3c2b95
SHA256 1c3703755b6e9a690e8eafaa0cc318f667cd5d4c06935b6e3cd07296df9e9dcd
SHA3 2c6baa84c172762978837565c2b2ed4f7716c0edaab79bda3a3ef74724426773

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!
<-- -->