3f5f2b4e916c510bd0438894492ab397

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2002-Jun-21 14:37:44

Plugin Output

Malicious The file headers were tampered with. Section .text is both writable and executable.
Section .data is both writable and executable.
The RICH header checksum is invalid.

Hashes

MD5 3f5f2b4e916c510bd0438894492ab397
SHA1 fa07e7672016e29e2a0f888b3251a184b8a97f71
SHA256 8cc19b8d830b63179369069e916a4a34c3353171dfe88c33208908845988ceaf
SHA3 50f05e7ca4cc902b12a35dccf29faf17c562b933973873e0804d9433debd565f
SSDeep 1536:WX8wm+4f22jgj4eWLt9XvK0s6gC/ac2+LASA1gUEWWVdNWfWjiCs8DJJr0bl8Da:Z+4f22j0aPP
Imports Hash 20ad6aff3690590daf36b83886f2ff9f

DOS Header

e_magic MZ
e_cblp 0
e_cp 0x91
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 2
TimeDateStamp 2002-Jun-21 14:37:44
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0x10000
SizeOfInitializedData 0x5000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001360 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x11000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x13000
SizeOfHeaders 0x1000
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 d31ca61d0d54cd282468a77291b01577
SHA1 6d05662bf32a9e7e46b99c1b9446db079e690e0e
SHA256 406e546443137251be357c72ce65fb0e80d09c5da28745782e9cbab252fcdabf
SHA3 26e82c809f97f22ff222d862149cb38d28e8718c829e0c5818071d18ba6b68c9
VirtualSize 0xf110
VirtualAddress 0x1000
SizeOfRawData 0x10000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 5.50316

.data

MD5 620f0b67a91f7f74151bc5be745b7110
SHA1 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SHA256 ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7
SHA3 a99f9ed58079237f7f0275887f0c03a0c9d7d8de4443842297fceea67e423563
VirtualSize 0x1000
VirtualAddress 0x11000
SizeOfRawData 0x1000
PointerToRawData 0x11000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

Imports

MSVBVM60.DLL _CIcos
_adj_fptan
__vbaLateIdCall
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
#100
_CIatan
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x8d156405
Unmarked objects 0
14 (7299) 1
9 (8041) 7
13 (8495) 1

Errors

[!] Error: Could not reach the requested directory (offset=0x0). [*] Warning: Please edit the configuration file with your VirusTotal API key. [!] Error: Could not load yara_rules/bitcoin.yara! [!] Error: Could not load yara_rules/monero.yara! [!] Error: Could not load yara_rules/compilers.yara! [!] Error: Could not load yara_rules/findcrypt.yara! [!] Error: Could not load yara_rules/suspicious_strings.yara! [!] Error: Could not load yara_rules/domains.yara! [!] Error: Could not load yara_rules/peid.yara!