c89adf6a2a6d6f2d95d375ed87c61506

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2024-May-05 06:22:42
TLS Callbacks 1 callback(s) detected.
Debug artifacts 1pplus43.pdb

Plugin Output

Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 c89adf6a2a6d6f2d95d375ed87c61506
SHA1 b9d531b6b5a934afb2fb797a46af60f7958e6e19
SHA256 284f8f99b95798e9845de12e31e6594c1f0e41c2485c36b8c9a508f50198ee88
SHA3 e84cef0f0adabdafd85e026e352a9c2fd175232b53474dce7d69250fbecfcc42
SSDeep 1536:bm3550CpjmxcjPp611BDBsXECEPAormEfpfabB4A40IQAm7KkmElJcGj4yHSBVX:b8cxA6bBNlSExweStlJRj/Hy7TGD
Imports Hash 90a85126bb2d7583e2bd3d07df1dcb23

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2024-May-05 06:22:42
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x19400
SizeOfInitializedData 0xac00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000018460 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x29000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 60bd488c9beba11775311702176a7662
SHA1 bf5f67bd790acc7df7570ec513964e480102a8ba
SHA256 44915a9fe7aaedcdcdc4eb2db3df82759c88ea68353e2455f31495a719b26b7f
SHA3 63aa62823966a7997a015f6052a3ca191c8c2d3d87b6a5e4f49888247079e6eb
VirtualSize 0x1922a
VirtualAddress 0x1000
SizeOfRawData 0x19400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.31906

.rdata

MD5 d38f8544b16eb52c3c5e00f9d47f3813
SHA1 7f3d08dc8f11c8652ee7517f90e8096110926d4a
SHA256 1fd9833c79e0312337ac32675991d906a6d552a0fd871a633c7af49946e14093
SHA3 8567c91e0999f42b77c8eba12b332fea2dab26293d88e5b099b72feef34a7c52
VirtualSize 0x90da
VirtualAddress 0x1b000
SizeOfRawData 0x9200
PointerToRawData 0x19800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.16616

.data

MD5 028280bc88243cfb124785278982ff17
SHA1 29c3ab9ff416fa8a918776d5a73ce92a2cb4be7b
SHA256 9db03d62b25dac107434e0e85b18d71f8f3138fc7da552199586537a1129f8ef
SHA3 074c4965f0503667ba91b0ad3f8cd356e88e519d538e190506b333308fe022e0
VirtualSize 0x2f8
VirtualAddress 0x25000
SizeOfRawData 0x200
PointerToRawData 0x22a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.61881

.pdata

MD5 8db8bad5f33f2133b4e02f3cfe36660f
SHA1 360da8dcea97b213bd980cbc0442720f1bcdd4db
SHA256 d3495469077cee806948f1f0e2e3faa5e407d766ef9379c76eac7dd32c5493ad
SHA3 e64886cc6dbc27a3aecb7129042a1c264f526d4f89763c3bf9e525d580a877f0
VirtualSize 0x11c4
VirtualAddress 0x26000
SizeOfRawData 0x1200
PointerToRawData 0x22c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.17832

.reloc

MD5 a780da991208d680697a87b6c5e5c5d4
SHA1 ba9f54fb9e404c478706f94433ba9b98fd159a54
SHA256 992e1dfbee31dc9a9dc422379217a92c5b5d6457e973df241e150acbb3e301c6
SHA3 28e51b617f7ecd04dcd06aeea3d0019c529a25f61cf7418f3d4169e9ae9910ab
VirtualSize 0x3f8
VirtualAddress 0x28000
SizeOfRawData 0x400
PointerToRawData 0x23e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.41255

Imports

api-ms-win-core-synch-l1-2-0.dll WaitOnAddress
WakeByAddressAll
WakeByAddressSingle
KERNEL32.dll SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
CloseHandle
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
WaitForSingleObject
QueryPerformanceCounter
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetCurrentProcess
GetStdHandle
GetCurrentProcessId
HeapFree
HeapReAlloc
lstrlenW
ReleaseMutex
GetProcessHeap
HeapAlloc
GetConsoleMode
GetModuleHandleW
FormatMessageW
MultiByteToWideChar
WriteConsoleW
GetCurrentThread
IsProcessorFeaturePresent
GetModuleHandleA
GetProcAddress
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetSystemTimeAsFileTime
GetCurrentThreadId
ntdll.dll RtlNtStatusToDosError
NtWriteFile
VCRUNTIME140.dll __current_exception
__current_exception_context
__C_specific_handler
_CxxThrowException
memcmp
memmove
memset
memcpy
__CxxFrameHandler3
api-ms-win-crt-runtime-l1-1-0.dll _initterm_e
exit
_exit
_initterm
_get_initial_narrow_environment
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
__p___argc
_initialize_onexit_table
_initialize_narrow_environment
_register_onexit_function
_crt_atexit
terminate
_set_app_type
_seh_filter_exe
api-ms-win-crt-math-l1-1-0.dll __setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll _set_fmode
__p__commode
api-ms-win-crt-locale-l1-1-0.dll _configthreadlocale
api-ms-win-crt-heap-l1-1-0.dll free
_set_new_mode

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2024-May-05 06:22:42
Version 0.0
SizeofData 37
AddressOfRawData 0x206f4
PointerToRawData 0x1eef4
Referenced File 1pplus43.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2024-May-05 06:22:42
Version 0.0
SizeofData 20
AddressOfRawData 0x2071c
PointerToRawData 0x1ef1c

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2024-May-05 06:22:42
Version 0.0
SizeofData 816
AddressOfRawData 0x20730
PointerToRawData 0x1ef30

TLS Callbacks

StartAddressOfRawData 0x140020a80
EndAddressOfRawData 0x140020ae0
AddressOfIndex 0x140025268
AddressOfCallbacks 0x14001b328
SizeOfZeroFill 0
Characteristics IMAGE_SCN_ALIGN_8BYTES
Callbacks 0x000000014000A870

Load Configuration

Size 0x140
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1400250c0

RICH Header

XOR Key 0xf96db8eb
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 12
Imports (33218) 2
C++ objects (33218) 23
C objects (33218) 9
ASM objects (33218) 3
Imports (29395) 8
Total imports 174
Unmarked objects (#2) 14
Linker (33523) 1

Errors

<-- -->