f5187e02835bc46ece9f052bcfc71b3bdfb53eab4727695c65a1cc1f9426af59

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1970-Jan-01 00:00:00

Plugin Output

Suspicious PEiD Signature: HQR data file
Suspicious The PE is possibly packed. Unusual section name found: .xdata
Unusual section name found: .symtab
Suspicious The PE contains functions most legitimate programs don't use. [!] The program may be hiding some of its imports:
  • LoadLibraryW
  • LoadLibraryExW
  • GetProcAddress
 Functions which can be used for anti-debugging purposes:
  • SwitchToThread
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 c5c52c7826e97673bf6f8bd7f838771c
SHA1 0c2a69891d82b7991a78263122e2da91bc5e8e40
SHA256 f5187e02835bc46ece9f052bcfc71b3bdfb53eab4727695c65a1cc1f9426af59
SHA3 2ca4a2b152b72caf9f92c10309471d2a34a4a90fbfaee4eb4d43a7ff7f06bbb3
SSDeep 24576:OMjwFX4ExFLcm8rUCCllurtxzBele5rK2udKpo:OMjMXvxem7lbCIo
Imports Hash d42595b695fc008ef2c56aabd8efd68e

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0x8b
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 8
TimeDateStamp 1970-Jan-01 00:00:00
PointerToSymbolTable 0x186c00
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 3.0
SizeOfCode 0x9f800
SizeOfInitializedData 0xd600
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000073040 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 1.0
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x1d5000
SizeOfHeaders 0x600
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x200000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 21fb774ef94059f6afb19bbe2ff312c7
SHA1 1a971d6a0da2224b98702cdc3a79b9e1a31737b6
SHA256 3a1e846c1a7a5bfed4ca0aa7eec07e560c87a0ed5df0d98e2753b17d1981dd4b
SHA3 bf5a4611fe3c82e764c8fd1dea0e8462e5b763b81f4bddc14e895659883f7244
VirtualSize 0x9f611
VirtualAddress 0x1000
SizeOfRawData 0x9f800
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.23359

.rdata

MD5 4c307c96d12388f87d02982eb9cd7179
SHA1 f005483ba30f76bb07b9fd29c8bbe9dc74f5e0d3
SHA256 f01d669fba7418566d17df5cfc815f66d70af523f7c1e2d524cbc47614dc2aba
SHA3 51cb9fe73c15156261005e763e875e16cde1400aed9cc913556dc6f946048d15
VirtualSize 0xd06f0
VirtualAddress 0xa1000
SizeOfRawData 0xd0800
PointerToRawData 0x9fe00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.48508

.data

MD5 a78686dc91ede0dab40f9a906ce47802
SHA1 e3f4d703355de18101bfdb983667c5657759ae8f
SHA256 f89369ac17a2fe90904136232c82b6db4cc2a43c8f0dcf94c83ff418fa3ebeb7
SHA3 78a31c50b0fdefc5f5b79f46fccfa94949a3634f114eea05fdc198b37e7e8a5b
VirtualSize 0x56948
VirtualAddress 0x172000
SizeOfRawData 0xd600
PointerToRawData 0x170600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.11653

.pdata

MD5 68578f6e1565e81eae075d1f723fb97d
SHA1 46438ae5277f7cfa7466dedc4ca73eac74085e1e
SHA256 40b69a55cd9a446b3ecfc1a89f41eea5d32d7de46bd8587fd644bdee13b22b93
SHA3 c305c689ebfe190ded78cba6b772c3f5a384f1188e12abd89fbf57d3f6745668
VirtualSize 0x4a04
VirtualAddress 0x1c9000
SizeOfRawData 0x4c00
PointerToRawData 0x17dc00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.11021

.xdata

MD5 e48458849df5b7472f72bb116e63468e
SHA1 495c5908811be5f8d1c74bff7e462ef5712dd009
SHA256 b25ef5398026ef65c2cf5f0fb5767d219db7a39010d75aa21954b9246b1a8688
SHA3 330f348b768ac8dde16e32cfb1e0e5af05c31b76cbea88e4549c66eb9182712a
VirtualSize 0xb4
VirtualAddress 0x1ce000
SizeOfRawData 0x200
PointerToRawData 0x182800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 1.77783

.idata

MD5 2f0b30e6bd8437f60a2a58497a93eed0
SHA1 f69b272e259ef07389c19ca72f68fa3bd224c444
SHA256 de6b2971f5272af9cde9b55de25c7de250a88f78906d56cccdc06f809349adf0
SHA3 009296420f8ede29eec749069d2049002c784d85f95b2b2c0cfa9d3a5078ae92
VirtualSize 0x53e
VirtualAddress 0x1cf000
SizeOfRawData 0x600
PointerToRawData 0x182a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.0126

.reloc

MD5 9e04b4eb8f9965b1dd7d7f567df494b1
SHA1 8005a748161682c7b39055c150cde4753c55d945
SHA256 d3bafdb045e04932bf99f44b2734b2d79fa183c0f874cfcc70e5a30f251797a3
SHA3 95be4de71ba85d95f6480449c7c5db1b2025dbe3adbec6456134945fd9341e7c
VirtualSize 0x3a60
VirtualAddress 0x1d0000
SizeOfRawData 0x3c00
PointerToRawData 0x183000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.41661

.symtab

MD5 07b5472d347d42780469fb2654b7fc54
SHA1 943ae54f4818e52409fbbaf60ffd71318d966b0d
SHA256 3e67f4a7d14b832ff2a2433e9cf0f6f5720821f67148a87c0ee2595a20c96c68
SHA3 a70a3e18515c06557b62676f2a8eb6d7d41962d8c9c7c49f4641c429cc65b977
VirtualSize 0x4
VirtualAddress 0x1d4000
SizeOfRawData 0x200
PointerToRawData 0x186c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.0203931

Imports

kernel32.dll WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
RtlVirtualUnwind
RtlLookupFunctionEntry
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler
AddVectoredContinueHandler

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.