1fc34d7d1dd6ed55f06758ba81c20e7df8d4a8ae6d0064d8260caf32309efeab

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2026-Jun-22 08:35:55
Detected languages English - United States
CompanyName cooMooCsiit rtrrapnfo
FileDescription Microsoft® C++ Runtime Library
FileVersion 0.20.05001.0030
InternalName Ceosheraa.VisualC.STLCLR.DLL
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename Ceosheraa.VisualC.STLCLR.DLL
ProductName Microsoft® Visual Studio® 2008
ProductVersion 0.20.05001.0030

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: .EXP
Unusual section name found: 3i25yBy
Suspicious The PE contains functions most legitimate programs don't use. Can access the registry:
  • RegCloseKey
 Leverages the raw socket API to access the Internet:
  • select
  • WSAGetLastError
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 ff6534ba0182dfd2df04b80c2dc2c518
SHA1 51461d3b8f4707ec0372f53c59020d2e55d737ad
SHA256 1fc34d7d1dd6ed55f06758ba81c20e7df8d4a8ae6d0064d8260caf32309efeab
SHA3 0463f871ad6273ecffde16978fd163e426c2e5b3033a5bb31a2388766cac2f2c
SSDeep 24576:Y9DnidlTcfeTfEON4wksbSZh8pnWDvxtSw:YZiPYGTYgGbEWzrSw
Imports Hash b5401ef1c91c1cd7356208a9ae7bf9ab

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x11c

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 2026-Jun-22 08:35:55
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 9.0
SizeOfCode 0x7000
SizeOfInitializedData 0xcb000
SizeOfUninitializedData 0x7b46
AddressOfEntryPoint 0x0000000000004D70 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 5.2
ImageVersion 0.0
SubsystemVersion 5.2
Win32VersionValue 0
SizeOfImage 0xd3000
SizeOfHeaders 0x1000
Checksum 0x27aa0c
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 6db98aad591619cb7f25aa493900304b
SHA1 7b901dbe0d16f26acf34cbd3819da9f611d85a68
SHA256 6a21964b5ee6cf74fff7754ce31b9ac8cd9d9be682e5e785a4912bf51a1ee052
SHA3 bc758965b30412ef02dd32ca86dca61f4726e0f7d41e9e843f306e785bec883f
VirtualSize 0x57d2
VirtualAddress 0x1000
SizeOfRawData 0x6000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_NO_DEFER_SPEC_EXC
Entropy 4.00051

.EXP

MD5 855bdec922fa7b31289ac844514b76cc
SHA1 19ebb541f88bb6feb28743209383b404555ba36a
SHA256 b155c55edd6de288a9291fac36310f5b144a8a390af5dba93a2676f90efc88d8
SHA3 4fda505491e4dcc90bdb9603d16c165af93c3ad2f2848d4f0c074bd38500a387
VirtualSize 0xd73
VirtualAddress 0x7000
SizeOfRawData 0x1000
PointerToRawData 0x7000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.13947

.rdata

MD5 4834b09bd65b928a6ba6754a45d16f02
SHA1 426d4248945d4ecc44158390819fd3a8de3271e9
SHA256 02441f1e4106e9170dde7c79766f5c9426c346fb38b32e800e03fd7cb0fb7024
SHA3 ce9e75cd71689f433d63921222e33beca541de2c1609a9b24918ab89e069eb23
VirtualSize 0x10a8
VirtualAddress 0x8000
SizeOfRawData 0x2000
PointerToRawData 0x8000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_READ
IMAGE_SCN_TYPE_COPY
Entropy 2.87256

.data

MD5 8b5f406897ce6da545db788d27ad7dd5
SHA1 f7383bf67bf7c065baa8e3f7d17c87f8b8e732f1
SHA256 f6865ffa68deac19b2faa10ae8e9fe3ca2f6432eabf283ef4a6eb8c6b020c15f
SHA3 e0af2db00ef06ef8ccc289e5ca87245e0e451abe4a28a59a9ddceca7b8eef25e
VirtualSize 0x9880
VirtualAddress 0xa000
SizeOfRawData 0x9000
PointerToRawData 0xa000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.49522

.pdata

MD5 9b7193d0a99ad0555351d8208bf2d335
SHA1 fa0edcea866af20b350f936516955f3076b63ef6
SHA256 cadb09e86b96f97474a9e6c0ec4d59ddc22c3f643735bc33d306a29b133fda34
SHA3 602737c03d3312721085499d018c7b787fbb99bc666bf6050a924eb36e8a4651
VirtualSize 0x1d4
VirtualAddress 0x14000
SizeOfRawData 0x1000
PointerToRawData 0x13000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.646634

3i25yBy

MD5 f65e6b94e6a57452328c87851a178d66
SHA1 7939666820637a7309c345ef7a431f0753242e55
SHA256 9dd46ba8b75d81d18b5a6e7178e38e4ad575447b8e89357094e3946007df49a1
SHA3 1da5365c5797017546dab6023c60caca65acc8f2e9fb1f7f8ec20d02ebec338e
VirtualSize 0xba390
VirtualAddress 0x15000
SizeOfRawData 0xbb000
PointerToRawData 0x14000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 7.9959

.rsrc

MD5 8e4d27735359deeb0182f1c24f88a0db
SHA1 2c4342393e6306005f8cb56d30b8c5cf2dbc3538
SHA256 5e60af1a185f7e19da5875b31de55d8034192507184787f5619f4e8fc8c25d8f
SHA3 e41e7604571dfc658124bb346ee25cac901dead7404b7619103f1d26a1c9bc47
VirtualSize 0x420
VirtualAddress 0xd0000
SizeOfRawData 0x1000
PointerToRawData 0xcf000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.11323

.reloc

MD5 f7f9e4413108a1555f3f543facb818ee
SHA1 210a053fea2a64af4728e0999f5287861df6df94
SHA256 876bea8e829b11edeeea136aee2de2a484dc0ec46c34b649453d14ae8c0abbf8
SHA3 876c837ff5659a812d95f1eb47d2e1d1ffbb3a71dd4d346801345068c9da91d7
VirtualSize 0x176c
VirtualAddress 0xd1000
SizeOfRawData 0x2000
PointerToRawData 0xd0000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_TYPE_NOLOAD
Entropy 3.55803

Imports

VERSION.dll GetFileVersionInfoW
WS2_32.dll select
WSAGetLastError
KERNEL32.dll SystemTimeToFileTime
SetStdHandle
GetSystemWow64DirectoryA
GetSystemTimeAsFileTime
TerminateProcess
GetModuleFileNameA
GetBinaryTypeA
GetModuleFileNameW
LoadLibraryExW
QueryPerformanceCounter
SetMailslotInfo
GetACP
FillConsoleOutputCharacterW
HeapLock
FillConsoleOutputAttribute
LocalAlloc
DuplicateHandle
FlushFileBuffers
GetFileSize
LoadLibraryW
LoadLibraryA
WaitForSingleObjectEx
GetModuleHandleA
VirtualAlloc
EnterCriticalSection
IsProcessorFeaturePresent
GetVersionExA
GetPrivateProfileSectionNamesA
SetThreadPriorityBoost
LZ32.dll LZInit
GetExpandedNameW
OLEAUT32.dll LoadTypeLibEx
VarBoolFromR4
POWRPROF.dll GetPwrCapabilities
SHELL32.dll FindExecutableA
ADVAPI32.dll GetLengthSid
OpenEncryptedFileRawW
RegCloseKey
COMCTL32.dll CreatePropertySheetPageA
ole32.dll CoGetMalloc
OleRun
USER32.dll DrawIconEx
SetUserObjectSecurity
AnyPopup
IntersectRect
SetCursorPos
DragObject
GetMenuItemInfoW
RealChildWindowFromPoint
DeregisterShellHookWindow
GetClipboardSequenceNumber
AttachThreadInput
HideCaret
InvalidateRgn
TrackPopupMenuEx
GetDialogBaseUnits
GetNextDlgGroupItem
SetForegroundWindow
WindowFromDC
GDI32.dll EnumFontsA
SetPolyFillMode
GetSystemPaletteUse
AbortPath
WidenPath
PlgBlt
GetGraphicsMode
msvcrt.dll vfprintf
memset
wcscoll
isprint

Delayed Imports

1

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x3bc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.48756
MD5 1cce5595877f4a9b00cc8af413a102a3
SHA1 61fa990f7d8c219ed4a5526d934182e787f0593f
SHA256 96095b5649182e4fb5ca9eca0e67d340de16f37b87bd882803d9bdb07a8f36cd
SHA3 22e3c5d41f25a538207b9557a1abecd0eeeb12d318d47c00fef2694e7a100644

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 0.2.500.1003
ProductVersion 0.2.500.1003
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DLL
Language English - United States
CompanyName cooMooCsiit rtrrapnfo
FileDescription Microsoft® C++ Runtime Library
FileVersion (#2) 0.20.05001.0030
InternalName Ceosheraa.VisualC.STLCLR.DLL
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename Ceosheraa.VisualC.STLCLR.DLL
ProductName Microsoft® Visual Studio® 2008
ProductVersion (#2) 0.20.05001.0030
Resource LangID English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x892a84fc
Unmarked objects 0
ASM objects (VS2013 build 21005) 0
Exports (VS2017 v15.5.3-4 build 25834) 34
C++ objects (VS2012 UPD1 build 51106) 62
Exports (VS2013 UPD3 build 30723) 112
C++ objects (VS2012 build 50727 / VS2005 build 50727) 125
Resource objects (VS2012 build 50727 / VS2005 build 50727) 98
C objects (VS2012 UPD4 build 61030) 40
Exports (VS2015 UPD2 build 23918) 30
ASM objects (VS2013 UPD5 build 40629) 20
ASM objects (VS2012 UPD2 build 60315) 89
Linker (VS2012 UPD2 build 60315) 2
Linker (VS2013 build 21005) 100
C objects (VS2015 UPD1 build 23506) 21
Linker (VS2015 UPD3.1 build 24215) 76

Errors

[*] Warning: directory 13 has a size of 0! This PE may have been manually crafted! [*] Warning: Could not read the name of the DLL to be delay-loaded! [!] Error: directory 0 has a RVA of 0 but a non-null size.
Leave a comment

No comments yet.