ff2f223481c6b8aeef9053c013094de3

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Info Matching compiler(s): MASM/TASM - sig2(h)
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryA
  • GetProcAddress
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 ff2f223481c6b8aeef9053c013094de3
SHA1 8c650bbb576635107719752ecebd5951339e87b5
SHA256 e5aee10cdfd2bbfdc5f36b0efc28a398d048e2ceea8db3eafe4c8b8b339cfaf2
SHA3 0e52827570bfc9f932005c39d90cd7853f39eee1999ad567e05e05bd5aed250d
SSDeep 192:wBdI0Ji177Vny9NAx3xqXsIiu7tvLuEctdCKLJR986z9dV2EWtF:yX07Mox3gX8uxjuxoZ6pdhW
Imports Hash 322507b983aeddb89a27811817664b1d

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 3.0
SizeOfCode 0x31ac
SizeOfInitializedData 0x36f
SizeOfUninitializedData 0x13cf1
AddressOfEntryPoint 0x00003ECD (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x5000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x1b000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x1000000
SizeofStackCommit 0x100000
SizeofHeapReserve 0x1000000
SizeofHeapCommit 0x100000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 1c03738f87a1d3349caeb9753384ece3
SHA1 0a31b382193c2dae6364a45fcd0a9d5cf7da5ec2
SHA256 8a9a0e712a1a574da05811c6cc4efb251c43ecaa08ef6c9fca0f69f0a81d3689
SHA3 34e4ebc7fff8cb1be40f28302a0f976ec780c85dd424260067a758dba1231cce
VirtualSize 0x31ac
VirtualAddress 0x1000
SizeOfRawData 0x3200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.04872

.data

MD5 53bdbc039dbab32d8c6224ad6aa0282d
SHA1 ea395ddc9fd2ff4a0e95928d258141828ffdd43c
SHA256 d28bb59f807596ee215b1b4691472e025b874f89b51a82b31088e816ed0ab1b1
SHA3 af64f93624234ed5136ff888b99a538ec3ae924dc9e4a3d61446be63ca48b0ca
VirtualSize 0x36f
VirtualAddress 0x5000
SizeOfRawData 0x400
PointerToRawData 0x3600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.59226

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x13cf1
VirtualAddress 0x6000
SizeOfRawData 0
PointerToRawData 0x3a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 2283f68c3cc2611bee7bca488327bba0
SHA1 486835250266cd5ff3a71f615a1b22005351ef86
SHA256 d9d2e92374dd4eb730caf4499a82bbe9706ef841a141dabbf7c088c10c215f86
SHA3 5601a232475c4f16f785394875b8d788c1f565b11cf388d74ca5862afa8bc1ae
VirtualSize 0x59a
VirtualAddress 0x1a000
SizeOfRawData 0x600
PointerToRawData 0x3a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.89573

Imports

KERNEL32.DLL GetCommandLineA
GetProcessHeap
HeapAlloc
HeapFree
GetStdHandle
SetConsoleMode
CreateFileA
SetFilePointer
GetFileSize
WriteFile
ReadFile
CloseHandle
GetLastError
LoadLibraryA
GetProcAddress
GetTickCount
ExitProcess
GetModuleHandleA
USER32.DLL MessageBoxA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
BeginPaint
EndPaint
FillRect
InvalidateRect
GDI32.DLL Ellipse
USER32.DLL (#2) MessageBoxA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
BeginPaint
EndPaint
FillRect
InvalidateRect

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!