c9adee06f3298f15b14c5a3928a3132c03ca084fb29dd4f50101728df5e4dbc0

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Suspicious The PE is possibly packed. The PE only has 5 import(s).
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 72b939acf0722759d3c03fa398ed19a1
SHA1 f12824d79251738736e0a3f641456e6218260aa7
SHA256 c9adee06f3298f15b14c5a3928a3132c03ca084fb29dd4f50101728df5e4dbc0
SHA3 8d085cb64b93340dc177d776267f5da207281e4de6032644f2ec0859f88d43a5
SSDeep 24:W62BLOAwRZD5K0xGKBKqIeGK/hC/+MK0+GKyMqZQKCk+GKNoKl+GKAVs+0nKqTG:p2BLMZDvxLh0z+9CKk+jF+6APiq1k
Imports Hash 598b6e3bef568d9d358a60ded534bd08

DOS Header

e_magic MZ
e_cblp 0
e_cp 0
e_crlc 0
e_cparhdr 0
e_minalloc 0
e_maxalloc 0
e_ss 0
e_sp 0
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x40

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 3
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x600
SizeOfInitializedData 0x200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000002000 (Section: .text)
BaseOfCode 0x2000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x4000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.idata

MD5 a9b0cbc198abdbae527d0da4a5a54e29
SHA1 d85b072847b325201d714d2624bfef086a791f58
SHA256 1bb84b9638df1f6196e472ea24f54f5c8b7da8aeb8a872f237d8940f225459c3
SHA3 b2732ca6407b93926b9799cc7b6ad5faf43259faec59cf28393120e1b2600051
VirtualSize 0xd8
VirtualAddress 0x1000
SizeOfRawData 0x200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.48693

.text

MD5 b108cf5823a77a259398c3d7a74579d6
SHA1 9c8a06a2e6fb8cde6ddcd929304c3f85f2bc262d
SHA256 d3730dbb3aefd66bc908aae665f7fb53b15000ff8327918926e0030980e0c5c2
SHA3 b3109f9129a4d6001130981616b797800e86f6db760336986c6e7845c2dfd29f
VirtualSize 0x412
VirtualAddress 0x2000
SizeOfRawData 0x600
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 3.77857

.rdata

MD5 622d846b18d00734aa8a4aaf8689f183
SHA1 e570013cf1e0c011cc00480911b71a5b8f8d39fc
SHA256 93e2c1008bc7446c1fe220abb8bdcd84d5ef79c095c34c3056853c94c880a099
SHA3 332b6d4072161173f4480151c47b81544579b2dfea6e3da6d173a52d19597ca8
VirtualSize 0x68
VirtualAddress 0x3000
SizeOfRawData 0x200
PointerToRawData 0xc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.53801

Imports

KERNEL32.DLL ExitProcess
GetStdHandle
WriteFile
Sleep
GetTickCount

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.