5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2018-Dec-15 22:23:51

Plugin Output

Info The PE contains common functions which appear in legitimate applications. Possibly launches other programs:
  • CreateProcessW
Safe VirusTotal score: 0/72 (Scanned on 2026-04-19 20:35:26) All the AVs think this file is safe.

Hashes

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA3 0e143becb43aa8c3cd9a0f81b33c923ddeaa6ab1f0e2c40f2e4e0a7aefeba6bd
SSDeep 96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Imports Hash d31c5eb927119d00232e4d4b0e32fcdb

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xc0

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 4
TimeDateStamp 2018-Dec-15 22:23:51
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 6.0
SizeOfCode 0xc00
SizeOfInitializedData 0x1600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00001087 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x2000
ImageBase 0x10000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x5000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 890431e36e919195edf4fd2f05fc27c8
SHA1 bb18d5fca8bd8d6215c24f9d017466f8e35af809
SHA256 b66d392085616261ca51e37399bddc463cd87ecb676e3047b745f93e58c7b5b8
SHA3 16e4ce5044a22ec29ca1479aec41aca9fd29c511088ffc5289ea2186721f587c
VirtualSize 0xac4
VirtualAddress 0x1000
SizeOfRawData 0xc00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.91541

.rdata

MD5 ed8590a3a1fbc35153ec7cf2f2cdf2c9
SHA1 050afca8e9059bb803c1f2dbec91a6d421d50c05
SHA256 b4044de7202050207789e5805de1eac714fb410185b891b646c4e83997003758
SHA3 d76cf55067a66aa2ecfbf88e613368968f8aeef82c7024a7cd9a25bac3afd32c
VirtualSize 0x54c
VirtualAddress 0x2000
SizeOfRawData 0x600
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.57509

.data

MD5 7ec6082f4e8ecd3bff7b9011fc76a999
SHA1 4d18d8cd89bc8fd5c053e12198cb846e45515955
SHA256 0b3c0f5dc2e9e1be54a40aec25d3de2f2cf7a70d0182054cbac666b68136722a
SHA3 ec62213d6ec32fd61ddf96cfcc658ed3f5bce74e2587b97fb706f9218148dfe5
VirtualSize 0xcd4
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0x1600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.395

.reloc

MD5 760f585728af64d3fbf4e9f78ca3eedf
SHA1 ea2eb973c834c372cc21bc4ba18aefcdafa5db4a
SHA256 28390c5becb1c1accea687f176ca62c631d59995b3be01e77317561fa38cae94
SHA3 e8f089a23c9a837d51ec4ec61d84123b152416ab6e78fb60d95187a94bd3e563
VirtualSize 0x1c0
VirtualAddress 0x4000
SizeOfRawData 0x200
PointerToRawData 0x1800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.02339

Imports

KERNEL32.dll GetModuleHandleW
MultiByteToWideChar
lstrlenA
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyW
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessW
GetStartupInfoW
CreatePipe
GetProcAddress
lstrcpynW
DeleteFileW
lstrcmpiW
GetCurrentProcess
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
ExitProcess
GetCommandLineW
GlobalLock
GetVersion
lstrlenW
USER32.dll SendMessageW
FindWindowExW
CharNextW
wsprintfW
CharPrevW
ADVAPI32.dll InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Delayed Imports

Exec

Ordinal 1
Address 0x1000

ExecToLog

Ordinal 2
Address 0x102d

ExecToStack

Ordinal 3
Address 0x105a

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0xf79fe4ef
Unmarked objects 0
Total imports 46
Imports (VS2003 (.NET) build 4035) 7
48 (9044) 2
Linker (VC++ 6.0 SP5 imp/exp build 8447) 1

Errors

Leave a comment

No comments yet.