Manalyze report for 3d8fce1f96c9a7f2a530722fbe846be2f59096352c539e3c0855549101075f43

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2021-Jan-27 13:53:55
TLS Callbacks	2 callback(s) detected.
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: /4` `Unusual section name found: /14` `Unusual section name found: /29` `Unusual section name found: /41` `Unusual section name found: /55` `Unusual section name found: /67` `Unusual section name found: /78` `Unusual section name found: /89`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Suspicious	The file contains overlay data.	`39496 bytes of data starting at offset 0x33400.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`ee1fefebe4621d7ac2290326eaab9804`
SHA1	`2d031d36b299649f37b7ba43d48dfe478a97ff6e`
SHA256	`3d8fce1f96c9a7f2a530722fbe846be2f59096352c539e3c0855549101075f43`
SHA3	`369c0e23a13f4fb2ced49eaee86bc450a99b59b149a7fa18132dddde369d043c`
SSDeep	`3072:FWwPlA4iwu8YRoCp3NIfbjFptG27n6NNTUmCj+G432:FNPl0wuH1IfbjFpt7n+NTYj+4`
Imports Hash	`636735501f714d8fb69f54535a3d77e5`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`17`
TimeDateStamp	2021-Jan-27 13:53:55
PointerToSymbolTable	`0x33400`
NumberOfSymbols	`1854`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x7800`
SizeOfInitializedData	`0xba00`
SizeOfUninitializedData	`0xc00`
AddressOfEntryPoint	`0x000014C0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x9000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x3d000`
SizeOfHeaders	`0x600`
Checksum	`0x3e166`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`faec0f6598d99bfd28c93c5a4336997b`
SHA1	`5c82fed015c27c28bfe8ccd41709f1cda01d56ba`
SHA256	`2810b2e4460e3f74f28ccb5b2d5b486c80abc71544952a6401de440f07978ff2`
SHA3	`0bd4e24973b3519f8ae6b8688dcceca7a54a3613444e110bd91707b807736502`
VirtualSize	`0x76a4`
VirtualAddress	`0x1000`
SizeOfRawData	`0x7800`
PointerToRawData	`0x600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.20531`

.data

MD5	`929d24e03f1840242cfb9ef26e0184e2`
SHA1	`43b6750245551dc446196de1663739dab0ed1317`
SHA256	`bead4908252cbb038ce6e9a2622b2a5e60899cba0c040e95d17a9f191b02ebd3`
SHA3	`52e23aaa71c25dc813e0795cc1a2bf6c2aca40880fc448ea95224ee2900725a1`
VirtualSize	`0x5c`
VirtualAddress	`0x9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.836143`

.rdata

MD5	`78f4bdc8df74a70393b828390b5f0bd2`
SHA1	`6b93e220ab68fd80b67cb2d2a46cef94954b573d`
SHA256	`87525300246512d26a7d55e9a1f605554b7b156c2f365762d68291e45dc3ac75`
SHA3	`644256d29795c9e120fc15665e326c1c611cbaf0f17c515ddacf4ad62ed72a5d`
VirtualSize	`0xdbc`
VirtualAddress	`0xa000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.49439`

/4

MD5	`06b86553961e8c8917e7754d3ab6efca`
SHA1	`16747b79a7ecc0ca97200dde619a5521bfd579fe`
SHA256	`383ac0f9f3602ea8ba21bdd480698df6efdc0307b3967d14fd8fb81bd531a076`
SHA3	`f288886f10c73ae36d347fb084cec0077840286370d204f69e4aa8d7a457acd1`
VirtualSize	`0x1868`
VirtualAddress	`0xb000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x8e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.66432`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xa74`
VirtualAddress	`0xd000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`2dbb62c10809e8d6329930e206746ecb`
SHA1	`73c7bc83367262e8ca1191b1de273fa1a41786a2`
SHA256	`ffc7cac7626ccc2784361a93d6b2ad82f06ac8b53e05d269f3945df06844d443`
SHA3	`ba2b6b224b293568fa35a853f525ce06840a6fb49dc21b55a36689b3fe23cea2`
VirtualSize	`0x6b8`
VirtualAddress	`0xe000`
SizeOfRawData	`0x800`
PointerToRawData	`0xa800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.22511`

.CRT

MD5	`a2304b31e81ad4b663b586781cd11ac5`
SHA1	`55476adaa46b5276750c4ff7387c8b77f3e590f4`
SHA256	`ae94d47399ae383fd164e3bd3406bcadb42f8ec380f72ca088cc432e0128f6b7`
SHA3	`8a9480079daa248bd4c4fe5fe1fff1d12977d51e6a2052bb6c24af59b617d4bb`
VirtualSize	`0x34`
VirtualAddress	`0xf000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.260158`

.tls

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x8`
VirtualAddress	`0x10000`
SizeOfRawData	`0x200`
PointerToRawData	`0xb200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`e7ab273f1be9c1b8b9b9d66ac394a0ab`
SHA1	`82977a1c5e938517de87831600cd6e8a0b67da51`
SHA256	`5f412b4ec2df1a42f4b5afb82f8c1d43f3e7d6153be3cda09edaee364c761b3a`
SHA3	`e9ad8b65dcdc996bd9fd1ec6af869dd25aa7db56a7cd7111418a4d3b59eb67fa`
VirtualSize	`0x4e8`
VirtualAddress	`0x11000`
SizeOfRawData	`0x600`
PointerToRawData	`0xb400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.78258`

.reloc

MD5	`52614ed61a582b56c36c5f51ec79ceef`
SHA1	`960dfe8f71e0b57230316c4e0a3db5bd6085faa6`
SHA256	`9c404920afe84b9661344cc961485b2e3c1ee84c62191a156a3de6f6a656c86c`
SHA3	`d44a90a77e65d1c168c0ea1888c365250879d43902fd39c31583da2ca8fcf5d0`
VirtualSize	`0x444`
VirtualAddress	`0x12000`
SizeOfRawData	`0x600`
PointerToRawData	`0xba00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.22858`

/14

MD5	`df87efc08a0300faf0a8d45dd8290e6d`
SHA1	`2a144a922807535ab6196ce8d962d3263da0e127`
SHA256	`c6222614218a1abd6767bb00359d81ec1ddeb915330e3b64fb1d510dceefc029`
SHA3	`d8815edcb703e0892348343973f438f0594982bcedfea26dd484d5ec93e34041`
VirtualSize	`0x450`
VirtualAddress	`0x13000`
SizeOfRawData	`0x600`
PointerToRawData	`0xc000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.76335`

/29

MD5	`9c84dd868689e8453718c2ba5ba36127`
SHA1	`e5018416c9d67623807f1083069cf3893c57746d`
SHA256	`a080aef5c3f261070c8f3d7fa5e5090b17eaad0ad8736a05beb5a1c55a60e0e6`
SHA3	`c04aef37f0d8a2d791cea06ae38dea1720dd2e0e967f64a83d135ef58f35059d`
VirtualSize	`0x10f05`
VirtualAddress	`0x14000`
SizeOfRawData	`0x11000`
PointerToRawData	`0xc600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.07375`

/41

MD5	`ef86dab33a7c33bf64eca7d225fa041d`
SHA1	`076bfe724e99441ca63b430354006835f05b81a0`
SHA256	`a3b993b081c3c645e7d52afdf183538cf6726f7986141b0f35a04b99d652e34a`
SHA3	`2977bc2d92775a12a2dc0f839355904a9eb808bd83b5d536c0ec01b4334f74a9`
VirtualSize	`0x302c`
VirtualAddress	`0x25000`
SizeOfRawData	`0x3200`
PointerToRawData	`0x1d600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.68121`

/55

MD5	`89432873d5de9cf8365d270cc8773fc8`
SHA1	`916979c9e28e33d8334b503baee963b32abee6de`
SHA256	`603ab085733d001dbabdb3d686d4a010f4d71dc27eaf9e4f4eb75a79ba975580`
SHA3	`4a7a32cd7f104f452de80cad9e22e9d017e98cdd048f0b2b255843f1185ec7c9`
VirtualSize	`0x7de0`
VirtualAddress	`0x29000`
SizeOfRawData	`0x7e00`
PointerToRawData	`0x20800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.47103`

/67

MD5	`80d2f951236dcfd67879c10406be7f70`
SHA1	`60b29425a126c5916158e0b8b40c8aec01ffb7ce`
SHA256	`8c0b9c9aed4b1b05dbfc1533f9a4ff4ec627fc4e19738bfbe0be27b3113d1c16`
SHA3	`a0bc9aba012b5f0d4d99293859d04d484a7c987b86ace1e3356a1636569a791d`
VirtualSize	`0x67a`
VirtualAddress	`0x31000`
SizeOfRawData	`0x800`
PointerToRawData	`0x28600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.37432`

/78

MD5	`4811ce82711bbe8bad80205eb3cb9270`
SHA1	`f7843ac92dcea403c6b7c4b28551bb07cd299045`
SHA256	`5719ed999dca764c77376cc501406614f1c6e27234d45b26f99a9fda74737122`
SHA3	`13986166b4347f81ab3e58fb1ebbad349f17c9e655a1e7a45e590548e8cdba94`
VirtualSize	`0x98e4`
VirtualAddress	`0x32000`
SizeOfRawData	`0x9a00`
PointerToRawData	`0x28e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.00636`

/89

MD5	`1794aa20c38d916033626953fbfb7688`
SHA1	`9f7f4d5b3808fc64441c66fd9e188699032184ff`
SHA256	`8f74c9883c71bd4b2ad6afe28a24f5bea367461dfbe1c573f4810f55218bebd3`
SHA3	`faf05c35823b89f0178d4418b219c58128684539b94499dd9860bfa0fffee49b`
VirtualSize	`0xa18`
VirtualAddress	`0x3c000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x32800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`2.85917`

Imports

KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `FreeLibrary` `GetLastError` `GetModuleHandleA` `GetModuleHandleW` `GetProcAddress` `GetStartupInfoA` `InitializeCriticalSection` `IsDBCSLeadByteEx` `LeaveCriticalSection` `LoadLibraryA` `MultiByteToWideChar` `SetUnhandledExceptionFilter` `Sleep` `TlsGetValue` `VirtualProtect` `VirtualQuery` `WideCharToMultiByte`
msvcrt.dll	`__getmainargs` `__initenv` `__lconv_init` `__mb_cur_max` `__p__acmdln` `__p__commode` `__p__fmode` `__set_app_type` `__setusermatherr` `_amsg_exit` `_cexit` `_errno` `_initterm` `_iob` `_lock` `_onexit` `_unlock` `abort` `atoi` `calloc` `exit` `ferror` `fopen` `fprintf` `fputc` `fread` `free` `fseek` `ftell` `fwrite` `localeconv` `malloc` `memcmp` `memcpy` `memset` `rewind` `setlocale` `signal` `strchr` `strerror` `strlen` `strncmp` `vfprintf` `wcslen`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x48f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.13793`
MD5	`5aa04ce935e78505e230765e85c34355`
SHA1	`6c93b8c5fde8be4b2231dca6b8ec513cdc82c991`
SHA256	`a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d`
SHA3	`149467cafc03ba34b33cd8076fc2771413760822357952de205dbae2b5cb8059`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x410000`
EndAddressOfRawData	`0x410004`
AddressOfIndex	`0x40d064`
AddressOfCallbacks	`0x40f020`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x00401B80` `0x00401B30`

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4!
[*] Warning: Tried to read outside the COFF string table to get the name of section /14!
[*] Warning: Tried to read outside the COFF string table to get the name of section /29!
[*] Warning: Tried to read outside the COFF string table to get the name of section /41!
[*] Warning: Tried to read outside the COFF string table to get the name of section /55!
[*] Warning: Tried to read outside the COFF string table to get the name of section /67!
[*] Warning: Tried to read outside the COFF string table to get the name of section /78!
[*] Warning: Tried to read outside the COFF string table to get the name of section /89!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.