03c4fd0a2d76339371f1fb257605bc814c1a07a68f0ac465731f69a867acf657

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Suspicious PEiD Signature: HQR data file
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 98b27f92e5dce6bfb75684a0ec5f306a
SHA1 ea98f619bb4f3f8e4158955c7679e7f86e78d97a
SHA256 03c4fd0a2d76339371f1fb257605bc814c1a07a68f0ac465731f69a867acf657
SHA3 e549d84b5ae31869e5f49b6de0356384a272734384bad87924a76808b5bc6f0e
SSDeep 24576:OLfl6DoL/z4+lARVpHhliQEe7hk2yPHMtPEtdgjipP:OLflgoL/z4+evlD1k2qHPqU
Imports Hash ebc247a77b4d4a804b261f97a1fd075c

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x198a00
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0xa3e00
SizeOfInitializedData 0xda00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000007D400 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x1e7000
SizeOfHeaders 0x600
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 9af4714b3383f6bbc924e354b6ff67e1
SHA1 390ebba9d85eec5b32100e18bd0d919d8341d0cb
SHA256 112363f58fbae23e08913fec3f1b3ed9d487cd9590727ee7629b5ed22c28e039
SHA3 9257297e6732055b7bd629d76028e0ce032dc18bdb5184310a649195918cd54e
VirtualSize 0xa3d51
VirtualAddress 0x1000
SizeOfRawData 0xa3e00
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.25561

.rdata

MD5 6c07c596dfd690fcbb32e898420aafc7
SHA1 e5c6b7256f2b4246e0815ee307ad27af32333dbe
SHA256 1f54255979ff7bb5888e74ed97be9e5650347edef3ee737d3d757a776edb9614
SHA3 82d8b821f79b34abb2cd79fa211cc6cf1cac2498d139d45f8810aca391272b16
VirtualSize 0xdd6c8
VirtualAddress 0xa5000
SizeOfRawData 0xdd800
PointerToRawData 0xa4400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.51073

.data

MD5 d17186b416161403080eb231b1f4209a
SHA1 6471ec681fd3c8459ff219ef62bce468caaaf4b9
SHA256 cec18e0c4ab95f3ccba5a465901023880e69acddda375e1f5e6a4a19c060a07e
SHA3 fb8de126965aa7b12e6b26594e78e5d058602370a3452df45eac8730efb762d5
VirtualSize 0x57828
VirtualAddress 0x183000
SizeOfRawData 0xda00
PointerToRawData 0x181c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.12817

.pdata

MD5 0edd2178eeb6041232cf60cc84394cf9
SHA1 88a0c6314a665ea2dfb0c56f2275c38466802575
SHA256 76c5678d56db8c2f29c3b2629cfb3de1460ec6e2a48972d995d46f4c5cac9cef
SHA3 7db3ee599205a7e030acd70db6564d2ed1b9432305cee870e70c5bf4fc5c5781
VirtualSize 0x4c08
VirtualAddress 0x1db000
SizeOfRawData 0x4e00
PointerToRawData 0x18f600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.77766

.xdata

MD5 3f337d2572ea9beb7f47f58dac5feb0c
SHA1 554783d4c50f15949706e35060f5e415dc80be33
SHA256 8ca8cff0fffbd5c0489b5339f4352dab98f5fdbebc23bfe2e4c26f59f0b19000
SHA3 39ab8950e8a7a3ca1eeafb1b8ca1ddd716902f2596e5308ff4e7b253de32ffcb
VirtualSize 0xa8
VirtualAddress 0x1e0000
SizeOfRawData 0x200
PointerToRawData 0x194400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.67294

.idata

MD5 9692b2dae8a26c05e5908e3e58faaf05
SHA1 9205f79765ab27a114d050dc1fd415d4875535df
SHA256 70846d7ee3292fdf727fdd31348b7edef38080dce5fb2943e3118130227299ff
SHA3 51729fd3d06f2a106eac6b297aa18b29f3353d71834a329ce6958f7657f3653a
VirtualSize 0x55a
VirtualAddress 0x1e1000
SizeOfRawData 0x600
PointerToRawData 0x194600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.08024

.reloc

MD5 cf2ff43a653d25efa849e5e63089da66
SHA1 48bd367cb73818470976de88840261b46eafe80d
SHA256 ecac83592a4e8a3f1e79b4fb29470752558eef0802db3287ec1814501e4dfb4b
SHA3 7a6a32bfbf621af2d2eac757800cccc7e17654719ec47c6ab4bdd726234ab26c
VirtualSize 0x3d58
VirtualAddress 0x1e2000
SizeOfRawData 0x3e00
PointerToRawData 0x194c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.42498

.symtab

MD5 07b5472d347d42780469fb2654b7fc54
SHA1 943ae54f4818e52409fbbaf60ffd71318d966b0d
SHA256 3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68
SHA3 a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977
VirtualSize 0x4
VirtualAddress 0x1e6000
SizeOfRawData 0x200
PointerToRawData 0x198a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0203931

Imports

kernel32.dll WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler
GetProcAddress
LoadLibraryExW

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.