1978df083a7056b1a01f2317e0ff2889

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2018-Feb-01 20:18:05

Plugin Output

Info Matching compiler(s): MASM/TASM - sig2(h)
Info Cryptographic algorithms detected in the binary: Uses constants related to CRC32
Uses constants related to MD5
Uses constants related to SHA1
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
  • LoadLibraryW
 Possibly launches other programs:
  • CreateProcessW
 Can create temporary files:
  • GetTempPathW
  • CreateFileW
Info The PE's resources present abnormal characteristics. Resource B3E36E6F4ACABAC13DD11692E2EADB10 is possibly compressed or encrypted.
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 1978df083a7056b1a01f2317e0ff2889
SHA1 20d8e6bb4ae7f38cba309d01f232216ca2e4c187
SHA256 3eb532d80364fb6201435dbf5ce55546057bed2cb96a7124c7c3ae661798b107
SHA3 a81c3a630ba698800b6289a50cbdb5c08b65006c44324e481fcb3f6cecf2e115
SSDeep 1536:kv7ftfkS5g9YOms+gZcQipICdXkNDqLLZX9lItVGL++eIOlnToIfjvwhH2zOj:kDFfHgTWmCRkGbKGLeNTBfjvm2U
Imports Hash 2c5f2513605e48f2d8ea5440a870cb9e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 5
TimeDateStamp 2018-Feb-01 20:18:05
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x11200
SizeOfInitializedData 0xd200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001000 (Section: .code)
BaseOfCode 0x1000
BaseOfData 0x13000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x22000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.code

MD5 da73045b586ab1e28e607f483a0c2ce0
SHA1 507983a0abe672ba6203b221d333ee56d059efd9
SHA256 9e4a4a5a85d7f56dbe993993414ad1845cda9d3f676803a7a3bbc95cfb8dec2a
SHA3 2206812f5c8ca53d71da884605200869a369ab2dcf9c347f0e057f122989afd4
VirtualSize 0x387e
VirtualAddress 0x1000
SizeOfRawData 0x3a00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.52797

.text

MD5 45a4903077d6f7155f4006b168c87dca
SHA1 e45017f5e1a6c39a392914fc2b62281d81e3d806
SHA256 2785518da47da968edd245918c6ce4b38a1f1d314c9556b36b26d14e4cb00c94
SHA3 29b0134b9172776f45523d8b8f87084f34819a92754a0f43c6abd57c5fe03cf5
VirtualSize 0xd642
VirtualAddress 0x5000
SizeOfRawData 0xd800
PointerToRawData 0x3e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.54615

.rdata

MD5 fc9dcbeb475affc5d4c8d32f8314c9b3
SHA1 372c95f62895d5a5c1d8b320ce5c57a1cae3d3a8
SHA256 be3aaad4078e702cd46b669fec9d297dfb3684b17454dbaca12b835376f9d542
SHA3 c63e0fefe810327ac7eea78ccbe4000fd153b28a413add8bcf628052a546845f
VirtualSize 0x33a8
VirtualAddress 0x13000
SizeOfRawData 0x3400
PointerToRawData 0x11600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.11033

.data

MD5 4e32bf8420113d6f5fac2b6714154284
SHA1 ff0d77a426d5f3f65ad34292d768b20b28bc24cd
SHA256 430ebdb926e1169a63cb23e09c77b87c87bcfedc0b562e764a7aed376fc5bd37
SHA3 38070612964a548b854cf878fc730e071ff6679096c1887dfc6a67abcc3a7ec8
VirtualSize 0x178c
VirtualAddress 0x17000
SizeOfRawData 0x1200
PointerToRawData 0x14a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.10185

.rsrc

MD5 1febfcf22c5b7d28922fbd74c7a74b4d
SHA1 f1ba3bc674ad8ebd9310ec68b2424dac19340cda
SHA256 ab373aa050ce569e8e67765618edd04f9089311e11a95a28f3b507cfd83eba07
SHA3 39ca220194937a43e04ba18dbfe68eb7e9e14c0ab12a4e3e5c2e0651bacaca72
VirtualSize 0x8b64
VirtualAddress 0x19000
SizeOfRawData 0x8c00
PointerToRawData 0x15c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.07857

Imports

MSVCRT.dll memset
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
free
_wcsicmp
wcslen
wcscpy
wcscmp
wcscat
memcpy
tolower
malloc
KERNEL32.dll GetModuleHandleW
HeapCreate
GetStdHandle
SetConsoleCtrlHandler
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
GetProcAddress
GetVersionExW
Sleep
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
PeekNamedPipe
TerminateProcess
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
DuplicateHandle
CreatePipe
CreateProcessW
GetExitCodeProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject
USER32.DLL CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos
GDI32.DLL GetStockObject
COMCTL32.DLL InitCommonControlsEx
SHELL32.DLL ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW
WINMM.DLL timeBeginPeriod
OLE32.DLL CoInitialize
CoTaskMemFree
SHLWAPI.DLL PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x67e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.35457
MD5 a9ba2dbb7783fec2cef404b579befbd7
SHA1 cd0ccdaab6cd876837acbc0ec989fd38706601fd
SHA256 001d383c48c1be5616d1434f45598f6f1a91ac11b7c0c2b71d60482abeb35d4a
SHA3 bc72912b1539d0c8d7f97d9fa73a3799e82422de2732ca50cac36449c5775ceb

5E78552D06

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 0
MD5 55a54008ad1ba589aa210d2629c1df41
SHA1 bf8b4530d8d246dd74ac53a13471bba17941dff7
SHA256 4bf5122f344554c53bde2ebb8cd2b7e3d1600ad631c385a5d7cce23c7785459a
SHA3 2767f15c8af2f2c7225d5273fdd683edc714110a987d1054697c348aed4e6cc7

6E62C8D3040F2756FD739287DF85F3EF

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0xe
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.23593
MD5 7bb55e591962edd967c9a3039407256c
SHA1 e84642313805d66ef70fdada202992d040a1c2cc
SHA256 8fcbd3ba77d0af716d0b3f342b877539512ba665a6c5ad7999a531bff05a6a91
SHA3 116f25e12adcabbb7a50c5223cf85536391d06d1114f226b2e5d018f6907ff91

AA83D85FA6157CB279E2C4FFAAB109AC281EF9A5

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x12
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.05881
MD5 1e5d1a66bc3566a46c5064a41cfc76ff
SHA1 55e5f326a531ec183f9c555ac8f300c3cca2058a
SHA256 3e0fcbf79d60ed25dad68d9fd9a5edbc76c863172bf0dc77856d39c2b6129fb5
SHA3 d21cb3c35c92babe34fea544002b05207ccff35cb43f30ccb4c738aecdf45924

B3E36E6F4ACABAC13DD11692E2EADB10

Type RT_RCDATA
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x1e30
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.97536
MD5 143aa9fef0bdf651153468cbbd69f257
SHA1 908ce16018ee0366ecf6c4a6b00b2bffc107e7c5
SHA256 a036118af4b9eb50ca3547e9c1d178491a30b0f6fb1f3530c5217f2893991f3a
SHA3 106d7cf37fa5ebc935554354d3a9a7c2aabdc041f39f12179fa3e15b09a24fe7

1 (#2)

Type RT_GROUP_ICON
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.91924
Detected Filetype Icon file
MD5 eeea78b1cdafb203817ab9c01e3cd177
SHA1 6b0cb3a6a93e84e9d38882e8cf910bdc7bcaf089
SHA256 525979e8f412425450ba6282ca1697b9f1933aaa9d801e4a0a1dc3c48ba43711
SHA3 897dd31533c13343d520d1c23140b25fbb323442167633bcce293be83c6977c0

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage Latin 1 / Western European
Size 0x263
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.92322
MD5 841795bb3b61ebd511249778aa26af77
SHA1 59f426938522ef9906b0740821e8cc270d1ca897
SHA256 be809cba9d14bfb52a969d766992832b10e99e133babcdd99dc6d1bba5597cf7
SHA3 5fa5c36711cc5c3661248b1180ce35543201ff1dc77d158129b844f03a2144c9

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors