ada04faffa9f8effb87cd474bd9449d79ce2a0e0ca99527de88d2093e7ff105c

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Info Interesting strings found in the binary: Contains domain names:
  • http://geoff.greer.fm
  • http://geoff.greer.fm/ag
Suspicious The PE is possibly packed. Unusual section name found: .buildid
Unusual section name found: /4
Unusual section name found: /14
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryA
Suspicious The file contains overlay data. 29 bytes of data starting at offset 0x11600.
Safe VirusTotal score: 0/72 (Scanned on 2025-07-22 23:34:45) All the AVs think this file is safe.

Hashes

MD5 459ba144ee824b7eb8091e47ba6a21cf
SHA1 451413cb6557e9c36eab6e6abd689e88825c4a84
SHA256 ada04faffa9f8effb87cd474bd9449d79ce2a0e0ca99527de88d2093e7ff105c
SHA3 a592c3cbca658b8c59f05adba8bb492af97559e1bc104cc62f1d1dec6f274566
SSDeep 1536:l+kF0tZxk2gSyOFyzkWTPQHc9iafXp0pduhJUW2:lpTOgzkWTPGc9jfSpqB2
Imports Hash 6a27af3b97b89973a76afaabcd7d2168

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 9
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x11600
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x9600
SizeOfInitializedData 0x11000
SizeOfUninitializedData 0x10c00
AddressOfEntryPoint 0x00001000 (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xb000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 1.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x28000
SizeOfHeaders 0x400
Checksum 0x11980
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 bf80d101d508bc068499249ded4ded23
SHA1 045bb2292fb1685786f0b3106fa9df452b440300
SHA256 1f1ac51c64161c626795002b8653d1da43a4102b951da1210e3ecaddaeb5a560
SHA3 20735e4ecf8728a572a18373341dec8b2fc19e50e860e1d874eb4c6c2a8a91e8
VirtualSize 0x9414
VirtualAddress 0x1000
SizeOfRawData 0x9600
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.85733

.data

MD5 2bc64634b29e2cf37451d421f4df8eaf
SHA1 cb8e4d8e8f05eb0defb335312935dd4d1791fbab
SHA256 d366e58106e638ef7b0f936f4fbe760b3b7950c497fe6fdb6c0f1c0e841316d4
SHA3 536d90cb7ae1aeaf2fb111f10bf4ff82e4fd28086f97a58bb0c6489daedf665e
VirtualSize 0x1744
VirtualAddress 0xb000
SizeOfRawData 0x1800
PointerToRawData 0x9a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.72121

.rdata

MD5 e892fefcd3560b99538af4ee3d7b2b2f
SHA1 800ef58b3762d51addaab9fad54647d956c438a1
SHA256 e6da63d274e961c284f8373f292cabc3bc5c1e7ac6c72edf8df9348939c36b8c
SHA3 00a7f6b374eac518dfaafa23b365137072a9d09b5c9766b7478607991faf41eb
VirtualSize 0x3490
VirtualAddress 0xd000
SizeOfRawData 0x3600
PointerToRawData 0xb200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.95313

.buildid

MD5 ae10ec86a3443d46c3fa0112200a88cb
SHA1 c4346fd1e623b082af7ea4d3d59eaf4eaca8226c
SHA256 518157061db7498546a7964b27cee60d5083cdc397a0ada33361cbcecf8a7fee
SHA3 719b0e084fcf7fb0230cd9d37b4f6111688bab7b601b59d999295898b0962965
VirtualSize 0x35
VirtualAddress 0x11000
SizeOfRawData 0x200
PointerToRawData 0xe800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.557168

/4

MD5 7ab852042b795beda4520dcf1715482b
SHA1 ad60e294e07da9550ea8db227b012b4506fa47d7
SHA256 65766e65dda5c59fe827fb7e2f110b72a62f50199f152775ff49dbef00daea3c
SHA3 dfc9720866ed5f29412c404680a53dcea0b27d05bcd9ddb7e18486fa73380e59
VirtualSize 0x1468
VirtualAddress 0x12000
SizeOfRawData 0x1600
PointerToRawData 0xea00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.59298

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x10ad4
VirtualAddress 0x14000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_2048BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_8BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata

MD5 35532211f1cd3fa9f12e25a4c86b59d6
SHA1 9f3899c927944435c4b886946f5cecc0f42b2bed
SHA256 90c3990a2571ba48e036a3af254104cbc02b275c1196b2044fbf46ebe878c4e7
SHA3 f7228e00c69c4c1ee0a615e9c0b352acebf80a173df82d30a9c8a0bafcd2acba
VirtualSize 0xcec
VirtualAddress 0x25000
SizeOfRawData 0xe00
PointerToRawData 0x10000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.62979

.rsrc

MD5 8a088a4045f0cc169c60b1cfd9f37843
SHA1 c77f72f8f678608606d14e9438acf5b3c44f6e9d
SHA256 c281e7ff06a12bd9a3df11edc5e5ee57aa617840b4e14e760448d087687ed1d7
SHA3 f3bfd7cbaf4da1a42030f9bccfd1c030c5f9e36fe47bcdc3e461780851104903
VirtualSize 0x4e8
VirtualAddress 0x26000
SizeOfRawData 0x600
PointerToRawData 0x10e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.78493

/14

MD5 ae8c0d9740c73d816373d9a2954b3bea
SHA1 0480237dc4e6725a54489c8d0c388eea0ee78998
SHA256 497c76b5edb75318df4ad01a856a55a0e1938412445f04cd408e7ea0ff185f74
SHA3 b6e5d8846c53d9075085981bc6251ccdcc2695b01503f5e5bfc76471e9591b4b
VirtualSize 0x10
VirtualAddress 0x27000
SizeOfRawData 0x200
PointerToRawData 0x11400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_ALIGN_1024BYTES
IMAGE_SCN_ALIGN_16BYTES
IMAGE_SCN_ALIGN_1BYTES
IMAGE_SCN_ALIGN_256BYTES
IMAGE_SCN_ALIGN_2BYTES
IMAGE_SCN_ALIGN_32BYTES
IMAGE_SCN_ALIGN_4096BYTES
IMAGE_SCN_ALIGN_4BYTES
IMAGE_SCN_ALIGN_512BYTES
IMAGE_SCN_ALIGN_64BYTES
IMAGE_SCN_ALIGN_8192BYTES
IMAGE_SCN_ALIGN_MASK
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.273279

Imports

cygwin1.dll __assert_func
__cxa_atexit
__errno
__getreent
__locale_ctype_ptr
__main
_dll_crt0@0
_fdopen64
_fopen64
_fstat64
_impure_ptr
_lstat64
_mmap64
_open64
_stat64
atoi
calloc
close
closedir
cygwin_detach_dll
cygwin_internal
dll_dllcrt0
exit
fclose
fdopen
fflush
fileno
flockfile
fnmatch
fopen
fopencookie
fprintf
fputc
fputs
fread
free
fstat
funlockfile
fwrite
getc_unlocked
getenv
getline
getopt_long
getpagesize
gettimeofday
isatty
lstat
madvise
malloc
memcmp
memcpy
memset
mmap
munmap
open
opendir
optarg
optind
pclose
perror
popen
posix_memalign
printf
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_wait
pthread_create
pthread_exit
pthread_join
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock
putchar
puts
read
readdir
realloc
realpath
stat
strchr
strcmp
strcpy
strdup
strerror
strlen
strncmp
strncpy
strndup
strpbrk
strstr
strtol
sysconf
tolower
toupper
vasprintf
vfprintf
warn
cyglzma-5.dll lzma_auto_decoder
lzma_code
lzma_end
cygpcre-1.dll pcre_compile
pcre_config
pcre_exec
pcre_free
pcre_study
pcre_version
cygz.dll inflate
inflateEnd
inflateInit2_
zError
cyggcc_s-1.dll __emutls_get_address
KERNEL32.dll FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA

Delayed Imports

1

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x48f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.13793
MD5 5aa04ce935e78505e230765e85c34355
SHA1 6c93b8c5fde8be4b2231dca6b8ec513cdc82c991
SHA256 a73f26a8d504043f785d7360e8febf2eeb8522ec873a0d4dd5d1d4bfd1e67d3d
SHA3 149467cafc03ba34b33cd8076fc2771413760822357952de205dbae2b5cb8059

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
SizeofData 25
AddressOfRawData 0x1101c
PointerToRawData 0xe81c

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Tried to read outside the COFF string table to get the name of section /4! [*] Warning: Tried to read outside the COFF string table to get the name of section /14! [*] Warning: Section .bss has a size of 0!
Leave a comment

No comments yet.