2ec6c0afe0196166880b691421aecd48066622db04d751856400b7fb018ef5b6

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2022-Apr-13 02:04:54

Plugin Output

Info Matching compiler(s): Microsoft Visual C++ 8.0
Suspicious The PE is possibly packed. The PE only has 6 import(s).
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 332b035410cd581685f54bc7d3605032
SHA1 9e9ad8d1fab1f1ec414b57af2d7f0092db9211ce
SHA256 2ec6c0afe0196166880b691421aecd48066622db04d751856400b7fb018ef5b6
SHA3 9ed094a2fd88b0badb7af7af924edb0c2c27379f7be094cba6bc1bf1fe26a273
SSDeep 12:e/n0+xrOdaTlXCcX9XwASjLSHmXsC7JF8nAIr:e/0+xrCapbX/2LkmXnTI
Imports Hash 81b960fda085bba73c3e9e5f8269c002

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xa0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 5
TimeDateStamp 2022-Apr-13 02:04:54
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x400
SizeOfInitializedData 0
SizeOfUninitializedData 0
AddressOfEntryPoint 0x000000000000119A (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x6000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x400000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 48d1c8a61e024e0e839922812fb24dae
SHA1 3c69ccdd5b3547bb3ed9f67fb943e5ec7c29d953
SHA256 14e1ff4ab0437e6d401a34f8ffdd29191bf3f3eafcafc7c068c89264e44835d3
SHA3 54293b1675f331c2f1db720dd599fc6bc56dc67d0c807ee45a0c6c4e2121bf72
VirtualSize 0x3b9
VirtualAddress 0x1000
SizeOfRawData 0x400
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 0.0873988

.rdata

MD5 c90a572343c9705309dece0ef8ddf7a5
SHA1 7b796c2b132cd870262581e40062f4c7c49d69db
SHA256 f1ca21bd2f8d9e9beef04cc45a042e7b50d6560de9678fac193475c173613155
SHA3 31d41604da5ad3759737d229bdf16fd7e2dcae6d56eb7292e39e745cdbca8257
VirtualSize 0x10a
VirtualAddress 0x2000
SizeOfRawData 0x400
PointerToRawData 0x800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.18445

.data

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0xc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.rsrc

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0x4000
SizeOfRawData 0x200
PointerToRawData 0xe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0

.reloc

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0x5000
SizeOfRawData 0x200
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0

Imports

USER32.dll RegisterClassExA
DispatchMessageA
MessageBoxA
GetMessageA
CreateWindowExA
SendMessageA

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.