8e07102b134fd0d4816624830623c1bb380d86639bfe78cd187acbff42fd8102

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2021-Jan-06 21:43:49

Plugin Output

Suspicious The PE is possibly packed. The PE only has 4 import(s).
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 c576b5b152ff1c60e8786987d7536a68
SHA1 cd85c22ff1da94dcdf86fcd300cdd4620e4926eb
SHA256 8e07102b134fd0d4816624830623c1bb380d86639bfe78cd187acbff42fd8102
SHA3 b4bdc269c03c91d12c33e3ed53b5cd07406f103260c22db638fb7f432692bf1d
SSDeep 6:idqyhIu5MbsEIrn5pmlOP21KgRkv2X++:eC+Mb2r7SOuAgFX
Imports Hash fda8de4777caf04a85b2c3cfc78737e3

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x40

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 3
TimeDateStamp 2021-Jan-06 21:43:49
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x400
SizeOfInitializedData 0
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001202 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x4000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 48d1c8a61e024e0e839922812fb24dae
SHA1 3c69ccdd5b3547bb3ed9f67fb943e5ec7c29d953
SHA256 14e1ff4ab0437e6d401a34f8ffdd29191bf3f3eafcafc7c068c89264e44835d3
SHA3 54293b1675f331c2f1db720dd599fc6bc56dc67d0c807ee45a0c6c4e2121bf72
VirtualSize 0x3a5
VirtualAddress 0x1000
SizeOfRawData 0x400
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 0.0873988

.rdata

MD5 4ba1f30824b07af6daca1a3b5f36b5fe
SHA1 697d3a854cbaf9f32aefbda7a9cbb09c8e2ef710
SHA256 e46c73562000c291fedc2c6913c16c97896af5f97146279c55a985fc6c0319a1
SHA3 c1ad137220c79d6c505ad851920790061fa56e819d0b93975fef31886b4419b0
VirtualSize 0xca
VirtualAddress 0x2000
SizeOfRawData 0x400
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.912472

.data

MD5 bf619eac0cdf3f68d496ea9344137e8b
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SHA3 622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59
VirtualSize 0x100
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0xa00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

Imports

USER32.dll GetMessageA
CreateWindowExA
PostQuitMessage
RegisterClassExA

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.