Malware score

27/344 heuristic rules

98%


malware score

Status: static.crypted.ml.gen

0
Suspect Score

0
Legit Score

19
Crypted Score

4
Packed Score

Static Analysis Indicators static.crypted.ml.gen

Digital signature check valid

Field Value

Timestamp

2017/07/04 11:34:57

Cryptography Algorithm

SHA256

Signature version

V2

Subsignature number

6

Field Value

Thumbprint

4022bb3c0398d595623a5380d5eeb520fc6150aa

Cryptography Algorithm

sha256RSA(RSA)

Signature version

V3

Issuer

COMODO SHA-256 Code Signing CA

Subject

Simon Tatham

Valid from

2015/12/10 00:00:00

Valid till

2018/12/01 23:59:59

Serial

6cd282a2d9a2c158505b178d59518b7b

Field Value

Thumbprint

d09e349fd5615f147cf855accd3c03b0833a2bc4

Cryptography Algorithm

sha256RSA(RSA)

Signature version

V3

Issuer

AddTrust External CA Root

Subject

COMODO SHA-256 Code Signing CA

Valid from

2014/12/22 00:00:00

Valid till

2020/05/30 10:48:38

Serial

00ed72df71208f7836d0ab009fca97e01f

Field Value

Thumbprint

02faf3e291435468607857694df5e45b68851868

Cryptography Algorithm

sha1RSA(RSA)

Signature version

V3

Issuer

AddTrust External CA Root

Subject

AddTrust External CA Root

Valid from

2000/05/30 10:48:38

Valid till

2020/05/30 10:48:38

Serial

01

Field Value

Thumbprint

4022bb3c0398d595623a5380d5eeb520fc6150aa

Cryptography Algorithm

sha256RSA(RSA)

Signature version

V3

Issuer

COMODO SHA-256 Code Signing CA

Subject

Simon Tatham

Valid from

2015/12/10 00:00:00

Valid till

2018/12/01 23:59:59

Serial

6cd282a2d9a2c158505b178d59518b7b

PE Markers anomalies check

Fields Values

Rich signature

found

Digital signature

found

Overlay

found

Subsystem

GUI

Compiler

Is .NET Image

Image is Native

Important PE Header Values suspect

Headers Hashes (MD5/SHA256/SSDEEP) Size

IMAGE_DOS_HEADERS

0x40

IMAGE_NT_HEADER

0x108

IMAGE_OPTIONAL_HEADERS

0xf0
ImageFileHeader Field Additional info Value Common

ImageFileHeader.Machine

0x8664

True

ImageFileHeader.TimeDataStamp

0x0

True

ImageFileHeader.Characteristics

0x22

True

ImageFileHeader.SizeOfOptionalHeader

0xf0

True

ImageOptionalHeader Field Additional info Value Common

ImageOptionalHeader.EntryPoint

0xa9384

False

ImageOptionalHeader.ImageBase

0x140000000

True

ImageOptionalHeader.Checksum

0xd315d

False

ImageOptionalHeader.LinkerVersion

14.0

True

Resources anomalies check valid

Risk Structure

0%

VersionInfo found

0%

Manifest found

0%

Message Table not found

0%

Strings Table not found

0%

RCDATA not found

0%

Icon found

0%

Icon Group not found

0%

Cursor not found

0%

Accelerator not found

Frequency anomalies check suspect

Risk Anomalies Information

0%

File Entropy

6.5535033949266

0%

File Entropy (without zeros)

6.4740453

0%

Zero Value Frequency

0.16711237460074

0%

0xFF Bytes Frequency

3.9593852

0%

Chi-Square Distribution

440411.12127315

0%

Monte Carlo Pi Value

3.4102778460782

0%

Monte Carlo Pi Error Rate

8.5525153040252

0%

Packed percent

4

Entropy status:  Not Packed  | Zero Value Frequency:  Not Packed

PE Version Info anomalies check valid

Fields Values

Original Filename

PuTTY

Company name

Simon Tatham

Product name

PuTTY suite

File description

SSH, Telnet and Rlogin client

Internal name

PuTTY

Legal copyrights

Release 0.70

Language

English (United States), codepage: 2057

SSDEEP

12:Gi3nkAX+5YAb/P01NbgP3JaGGaUGiqqDgGHryejYnqqDLiN5l9YPN5drrEHQbIAw:j0YA3ssP35OTQqNBYPNDsQ0f

MD5

7C0E20CD2D1A058DE8D25D884A685C28

SHA256

73DBB62A2EE25074BA7C0A82D4C47410EDC638AA50822FC58F75E6946B6E159F

Debug build:  False  | File version: Release 0.70 | Product version:  | Raw size: 764

Manifest check valid

Fields Values

SSDEEP

24:2dtZ5JIjKi69HQRwuzjsgsWNwmhZyOGTE9yiNy+b3SgitFMlglU4+AMAy:cT5qjKi6qRLsgsejZ9y+bCgiHsglyMy

MD5

44A9B9AB353AA5B1E1603E9DBC36673E

SHA256

D28A8A17E97E518E79E3F52BA939687E23D93BF1ED788F30DBD7B210531CFD59

                                        <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Do not attempt to do anything clever with this file, as some versions of
     Windows are very sensitive to the exact format.
     Hence, some facts below are fibs. -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
   version="0.0.0.0"
   processorArchitecture="*"
   name="PuTTY"
   type="win32" />
   <description>A network client and terminal emulator</description>
   <dependency>
   <dependentAssembly>
        <!-- Load Common Controls 6 instead of 5 to get WinXP native-
             looking controls in the client area. -->
        <assemblyIdentity type="win32"
             name="Microsoft.Windows.Common-Controls"
             version="6.0.0.0" 
             publicKeyToken="6595b64144ccf1df"
             language="*" 
             processorArchitecture="*"/>
   </dependentAssembly>
   </dependency>
   <!-- Declare us to be "DPI-aware". -->
   <asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
     <asmv3:windowsSettings
         xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
       <dpiAware>true</dpiAware>
     </asmv3:windowsSettings>
   </asmv3:application>
</assembly>

                    	            

Raw size: 1231 bytes

PE Main Icon check valid

Fields Values

SSDEEP

24:R5vqi6LD7F9uEiQH8SdjH3LlB4bjwoi9qt7heYn+3SVyfhTRLglKvFtROGZ8A/Jb:3i/cSVh8Gqt7heYn9VtQvb5//8I

MD5

1C2F624065A25403CA4A4FD8F1F4DF4F

SHA256

94D4B83C973880647B3F08C04823B86F530E4830788B2D68A40E3B5E1A0D19C9

Icon ID

0

Icon name

200

Language

Not recognized (sublanguage: Not recognized), codepage: Not recognized

Raw size: 4078 bytes | Total icons: 2

PE Sections Info valid

Name VA RVA Characteristics Virtual Size Aligned Raw Size Size Of Raw Data Pointer To Raw Data

.00cfg

0x1000

0x140001000

0x40000040 (Readable)

0x10

0x200

0x200

0x400

.rdata

0x2000

0x140002000

0x40000040 (Readable)

0x26e58

0x27000

0x27000

0x600

.bss

0x29000

0x140029000

0xc0000080 (Uninitialized Data, Readable, Writable)

0x484c

0x0

0x0

0x0

.data

0x2e000

0x14002e000

0xc0000040 (Initialized Data, Readable, Writable)

0xf01

0x1000

0x1000

0x27600

.gfids

0x2f000

0x14002f000

0x40000040 (Readable)

0xa8

0x200

0x200

0x28600

.pdata

0x30000

0x140030000

0x40000040 (Readable)

0x4e3c

0x5000

0x5000

0x28800

.rsrc

0x35000

0x140035000

0xc0000040 (Initialized Data, Readable, Writable)

0x2eb0

0x3000

0x3000

0x2d800

.text

0x38000

0x140038000

0x60000020 (Executable, Readable)

0x92c56

0x92e00

0x92e00

0x30800

.xdata

0xcb000

0x1400cb000

0x40000040 (Readable)

0x648c

0x6600

0x6600

0xc3600

.idata

0xd2000

0x1400d2000

0x40000040 (Readable)

0x2b44

0x2c00

0x2c00

0xc9c00

.reloc

0xd5000

0x1400d5000

0x42000040 (Initialized Data, Readable)

0xfc0

0x1000

0x1000

0xcc800

Total Number Of Sections (NumberOfSections): 11

PE Sections Statistics valid

Name Entropy Zero freq Ratio Hashes

.00cfg

0.1755262916559

0.98242188

0.060020069210642%

.rdata

5.8053055935192

0.27637344751603

18.72626159372%

.bss

0

0

0%

.data

2.4887929315561

0.71313477

0.48016055368514%

.gfids

1.7837158825089

0.78710938

0.060020069210642%

.pdata

5.9324888327487

0.270947265625

2.4008027684257%

.rsrc

3.9256154098567

0.50455729166667

1.4404816610554%

.text

6.4620611903976

0.12076795212766

70.523581322505%

.xdata

4.9105215151229

0.18914675245098

3.0610235297428%

.idata

4.6909570140621

0.36976207386364

1.3204415226341%

.reloc

5.3551632818048

0.073730469

0.48016055368514%

Total Number Of Sections (NumberOfSections): 11

PE imported functions suspect

| Function name: CreateBitmap | RVA: 5369574660 | HINT: 41 |
| Function name: CreateCompatibleBitmap | RVA: 5369574676 | HINT: 48 |
| Function name: CreateCompatibleDC | RVA: 5369574702 | HINT: 49 |
| Function name: CreateFontA | RVA: 5369574724 | HINT: 61 |
| Function name: CreateFontIndirectA | RVA: 5369574738 | HINT: 62 |
| Function name: CreatePalette | RVA: 5369574760 | HINT: 74 |
| Function name: CreatePen | RVA: 5369574776 | HINT: 76 |
| Function name: CreateSolidBrush | RVA: 5369574788 | HINT: 86 |
| Function name: DeleteDC | RVA: 5369574808 | HINT: 268 |
| Function name: DeleteObject | RVA: 5369574820 | HINT: 271 |
| Function name: ExcludeClipRect | RVA: 5369574836 | HINT: 346 |
| Function name: ExtTextOutA | RVA: 5369574854 | HINT: 352 |
| Function name: ExtTextOutW | RVA: 5369574868 | HINT: 353 |
| Function name: GetBkMode | RVA: 5369574882 | HINT: 469 |
| Function name: GetCharABCWidthsFloatA | RVA: 5369574894 | HINT: 477 |
| Function name: GetCharWidth32A | RVA: 5369574920 | HINT: 481 |
| Function name: GetCharWidth32W | RVA: 5369574938 | HINT: 482 |
| Function name: GetCharWidthA | RVA: 5369574956 | HINT: 483 |
| Function name: GetCharWidthW | RVA: 5369574972 | HINT: 488 |
| Function name: GetCharacterPlacementW | RVA: 5369574988 | HINT: 490 |
| Function name: GetDeviceCaps | RVA: 5369575014 | HINT: 503 |
| Function name: GetObjectA | RVA: 5369575030 | HINT: 551 |
| Function name: GetPixel | RVA: 5369575044 | HINT: 560 |
| Function name: GetStockObject | RVA: 5369575056 | HINT: 569 |
| Function name: GetTextExtentExPointA | RVA: 5369575074 | HINT: 581 |
| Function name: GetTextExtentPoint32A | RVA: 5369575098 | HINT: 585 |
| Function name: GetTextMetricsA | RVA: 5369575122 | HINT: 593 |
| Function name: IntersectClipRect | RVA: 5369575140 | HINT: 604 |
| Function name: LineTo | RVA: 5369575160 | HINT: 610 |
| Function name: MoveToEx | RVA: 5369575170 | HINT: 624 |
| Function name: Polyline | RVA: 5369575182 | HINT: 653 |
| Function name: RealizePalette | RVA: 5369575194 | HINT: 658 |
| Function name: Rectangle | RVA: 5369575212 | HINT: 661 |
| Function name: SelectObject | RVA: 5369575224 | HINT: 725 |
| Function name: SelectPalette | RVA: 5369575240 | HINT: 726 |
| Function name: SetBkColor | RVA: 5369575256 | HINT: 732 |
| Function name: SetBkMode | RVA: 5369575270 | HINT: 733 |
| Function name: SetMapMode | RVA: 5369575282 | HINT: 754 |
| Function name: SetPaletteEntries | RVA: 5369575296 | HINT: 760 |
| Function name: SetPixel | RVA: 5369575316 | HINT: 761 |
| Function name: SetTextAlign | RVA: 5369575328 | HINT: 770 |
| Function name: SetTextColor | RVA: 5369575344 | HINT: 772 |
| Function name: TextOutA | RVA: 5369575360 | HINT: 790 |
| Function name: TranslateCharsetInfo | RVA: 5369575372 | HINT: 792 |
| Function name: UnrealizeObject | RVA: 5369575396 | HINT: 794 |
| Function name: UpdateColors | RVA: 5369575414 | HINT: 795 |
| Function name: AppendMenuA | RVA: 5369575430 | HINT: 9 |
| Function name: BeginPaint | RVA: 5369575444 | HINT: 14 |
| Function name: CheckDlgButton | RVA: 5369575458 | HINT: 62 |
| Function name: CheckMenuItem | RVA: 5369575476 | HINT: 63 |
| Function name: CheckRadioButton | RVA: 5369575492 | HINT: 67 |
| Function name: CloseClipboard | RVA: 5369575512 | HINT: 75 |
| Function name: CreateCaret | RVA: 5369575530 | HINT: 91 |
| Function name: CreateDialogParamA | RVA: 5369575544 | HINT: 101 |
| Function name: CreateMenu | RVA: 5369575566 | HINT: 109 |
| Function name: CreatePopupMenu | RVA: 5369575580 | HINT: 110 |
| Function name: CreateWindowExA | RVA: 5369575598 | HINT: 112 |
| Function name: CreateWindowExW | RVA: 5369575616 | HINT: 113 |
| Function name: DefDlgProcA | RVA: 5369575634 | HINT: 153 |
| Function name: DefWindowProcA | RVA: 5369575648 | HINT: 160 |
| Function name: DefWindowProcW | RVA: 5369575666 | HINT: 161 |
| Function name: DeleteMenu | RVA: 5369575684 | HINT: 164 |
| Function name: DestroyCaret | RVA: 5369575698 | HINT: 167 |
| Function name: DestroyWindow | RVA: 5369575714 | HINT: 173 |
| Function name: DialogBoxParamA | RVA: 5369575730 | HINT: 177 |
| Function name: DispatchMessageA | RVA: 5369575748 | HINT: 180 |
| Function name: DispatchMessageW | RVA: 5369575768 | HINT: 181 |
| Function name: DrawEdge | RVA: 5369575788 | HINT: 201 |
| Function name: EmptyClipboard | RVA: 5369575800 | HINT: 223 |
| Function name: EnableMenuItem | RVA: 5369575818 | HINT: 224 |
| Function name: EnableWindow | RVA: 5369575836 | HINT: 228 |
| Function name: EndDialog | RVA: 5369575852 | HINT: 231 |
| Function name: EndPaint | RVA: 5369575864 | HINT: 233 |
| Function name: FindWindowA | RVA: 5369575876 | HINT: 262 |
| Function name: FlashWindow | RVA: 5369575890 | HINT: 266 |
| Function name: GetCapture | RVA: 5369575904 | HINT: 281 |
| Function name: GetCaretBlinkTime | RVA: 5369575918 | HINT: 282 |
| Function name: GetClientRect | RVA: 5369575938 | HINT: 295 |
| Function name: GetClipboardData | RVA: 5369575954 | HINT: 298 |
| Function name: GetClipboardOwner | RVA: 5369575974 | HINT: 301 |
| Function name: GetCursorPos | RVA: 5369575994 | HINT: 309 |
| Function name: GetDC | RVA: 5369576010 | HINT: 310 |
| Function name: GetDesktopWindow | RVA: 5369576018 | HINT: 313 |
| Function name: GetDlgItem | RVA: 5369576038 | HINT: 318 |
| Function name: GetDlgItemTextA | RVA: 5369576052 | HINT: 320 |
| Function name: GetDoubleClickTime | RVA: 5369576070 | HINT: 322 |
| Function name: GetForegroundWindow | RVA: 5369576092 | HINT: 325 |
| Function name: GetKeyboardLayout | RVA: 5369576114 | HINT: 342 |
| Function name: GetKeyboardState | RVA: 5369576134 | HINT: 346 |
| Function name: GetMessageA | RVA: 5369576154 | HINT: 369 |
| Function name: GetMessageTime | RVA: 5369576168 | HINT: 372 |
| Function name: GetParent | RVA: 5369576186 | HINT: 380 |
| Function name: GetQueueStatus | RVA: 5369576198 | HINT: 409 |
| Function name: GetScrollInfo | RVA: 5369576216 | HINT: 419 |
| Function name: GetSysColor | RVA: 5369576232 | HINT: 425 |
| Function name: GetSystemMenu | RVA: 5369576246 | HINT: 427 |
| Function name: GetSystemMetrics | RVA: 5369576262 | HINT: 428 |
| Function name: GetWindowLongPtrA | RVA: 5369576282 | HINT: 455 |
| Function name: GetWindowPlacement | RVA: 5369576302 | HINT: 462 |
| Function name: GetWindowRect | RVA: 5369576324 | HINT: 463 |
| Function name: GetWindowTextA | RVA: 5369576340 | HINT: 467 |
| Function name: GetWindowTextLengthA | RVA: 5369576358 | HINT: 468 |
| Function name: HideCaret | RVA: 5369576382 | HINT: 476 |
| Function name: InsertMenuA | RVA: 5369576394 | HINT: 492 |
| Function name: InvalidateRect | RVA: 5369576408 | HINT: 499 |
| Function name: IsDialogMessageA | RVA: 5369576426 | HINT: 513 |
| Function name: IsDlgButtonChecked | RVA: 5369576446 | HINT: 515 |
| Function name: IsIconic | RVA: 5369576468 | HINT: 518 |
| Function name: IsWindow | RVA: 5369576480 | HINT: 533 |
| Function name: IsZoomed | RVA: 5369576492 | HINT: 540 |
| Function name: KillTimer | RVA: 5369576504 | HINT: 541 |
| Function name: LoadCursorA | RVA: 5369576516 | HINT: 546 |
| Function name: LoadIconA | RVA: 5369576530 | HINT: 550 |
| Function name: MapDialogRect | RVA: 5369576542 | HINT: 576 |
| Function name: MessageBeep | RVA: 5369576558 | HINT: 585 |
| Function name: MessageBoxA | RVA: 5369576572 | HINT: 586 |
| Function name: MessageBoxIndirectA | RVA: 5369576586 | HINT: 589 |
| Function name: MoveWindow | RVA: 5369576608 | HINT: 599 |
| Function name: MsgWaitForMultipleObjects | RVA: 5369576622 | HINT: 600 |
| Function name: OpenClipboard | RVA: 5369576650 | HINT: 610 |
| Function name: PeekMessageA | RVA: 5369576666 | HINT: 623 |
| Function name: PeekMessageW | RVA: 5369576682 | HINT: 624 |
| Function name: PostMessageA | RVA: 5369576698 | HINT: 627 |
| Function name: PostQuitMessage | RVA: 5369576714 | HINT: 629 |
| Function name: RegisterClassA | RVA: 5369576732 | HINT: 651 |
| Function name: RegisterClassW | RVA: 5369576750 | HINT: 654 |
| Function name: RegisterClipboardFormatA | RVA: 5369576768 | HINT: 655 |
| Function name: RegisterWindowMessageA | RVA: 5369576796 | HINT: 678 |
| Function name: ReleaseCapture | RVA: 5369576822 | HINT: 680 |
| Function name: ReleaseDC | RVA: 5369576840 | HINT: 681 |
| Function name: ScreenToClient | RVA: 5369576852 | HINT: 689 |
| Function name: SendDlgItemMessageA | RVA: 5369576870 | HINT: 694 |
| Function name: SendMessageA | RVA: 5369576892 | HINT: 699 |
| Function name: SetActiveWindow | RVA: 5369576908 | HINT: 707 |
| Function name: SetCapture | RVA: 5369576926 | HINT: 708 |
| Function name: SetCaretPos | RVA: 5369576940 | HINT: 710 |
| Function name: SetClassLongPtrA | RVA: 5369576954 | HINT: 712 |
| Function name: SetClipboardData | RVA: 5369576974 | HINT: 716 |
| Function name: SetCursor | RVA: 5369576994 | HINT: 719 |
| Function name: SetDlgItemTextA | RVA: 5369577006 | HINT: 727 |
| Function name: SetFocus | RVA: 5369577024 | HINT: 730 |
| Function name: SetForegroundWindow | RVA: 5369577036 | HINT: 731 |
| Function name: SetKeyboardState | RVA: 5369577058 | HINT: 735 |
| Function name: SetScrollInfo | RVA: 5369577078 | HINT: 763 |
| Function name: SetTimer | RVA: 5369577094 | HINT: 775 |
| Function name: SetWindowLongPtrA | RVA: 5369577106 | HINT: 787 |
| Function name: SetWindowPlacement | RVA: 5369577126 | HINT: 790 |
| Function name: SetWindowPos | RVA: 5369577148 | HINT: 791 |
| Function name: SetWindowTextA | RVA: 5369577164 | HINT: 795 |
| Function name: ShowCaret | RVA: 5369577182 | HINT: 802 |
| Function name: ShowCursor | RVA: 5369577194 | HINT: 803 |
| Function name: ShowWindow | RVA: 5369577208 | HINT: 808 |
| Function name: SystemParametersInfoA | RVA: 5369577222 | HINT: 822 |
| Function name: ToAsciiEx | RVA: 5369577246 | HINT: 829 |
| Function name: TrackPopupMenu | RVA: 5369577258 | HINT: 833 |
| Function name: TranslateMessage | RVA: 5369577276 | HINT: 839 |
| Function name: UpdateWindow | RVA: 5369577296 | HINT: 863 |
| Function name: WinHelpA | RVA: 5369577312 | HINT: 888 |
| Function name: ChooseColorA | RVA: 5369577324 | HINT: 0 |
| Function name: ChooseFontA | RVA: 5369577340 | HINT: 2 |
| Function name: GetOpenFileNameA | RVA: 5369577354 | HINT: 11 |
| Function name: GetSaveFileNameA | RVA: 5369577374 | HINT: 13 |
| Function name: ShellExecuteA | RVA: 5369577394 | HINT: 307 |
| Function name: CoCreateInstance | RVA: 5369577410 | HINT: 30 |
| Function name: CoInitialize | RVA: 5369577430 | HINT: 83 |
| Function name: CoUninitialize | RVA: 5369577446 | HINT: 131 |
| Function name: ImmGetCompositionStringW | RVA: 5369577464 | HINT: 57 |
| Function name: ImmGetContext | RVA: 5369577492 | HINT: 59 |
| Function name: ImmReleaseContext | RVA: 5369577508 | HINT: 107 |
| Function name: ImmSetCompositionFontA | RVA: 5369577528 | HINT: 115 |
| Function name: ImmSetCompositionWindow | RVA: 5369577554 | HINT: 119 |
| Function name: AllocateAndInitializeSid | RVA: 5369577580 | HINT: 32 |
| Function name: CopySid | RVA: 5369577608 | HINT: 133 |
| Function name: EqualSid | RVA: 5369577618 | HINT: 280 |
| Function name: GetLengthSid | RVA: 5369577630 | HINT: 330 |
| Function name: GetUserNameA | RVA: 5369577646 | HINT: 377 |
| Function name: InitializeSecurityDescriptor | RVA: 5369577662 | HINT: 397 |
| Function name: RegCloseKey | RVA: 5369577694 | HINT: 596 |
| Function name: RegCreateKeyA | RVA: 5369577708 | HINT: 603 |
| Function name: RegCreateKeyExA | RVA: 5369577724 | HINT: 604 |
| Function name: RegDeleteKeyA | RVA: 5369577742 | HINT: 609 |
| Function name: RegDeleteValueA | RVA: 5369577758 | HINT: 619 |
| Function name: RegEnumKeyA | RVA: 5369577776 | HINT: 625 |
| Function name: RegOpenKeyA | RVA: 5369577790 | HINT: 643 |
| Function name: RegQueryValueExA | RVA: 5369577804 | HINT: 657 |
| Function name: RegSetValueExA | RVA: 5369577824 | HINT: 673 |
| Function name: SetSecurityDescriptorDacl | RVA: 5369577842 | HINT: 735 |
| Function name: SetSecurityDescriptorOwner | RVA: 5369577870 | HINT: 737 |
| Function name: Beep | RVA: 5369577900 | HINT: 93 |
| Function name: ClearCommBreak | RVA: 5369577908 | HINT: 124 |
| Function name: CloseHandle | RVA: 5369577926 | HINT: 127 |
| Function name: CompareStringW | RVA: 5369577940 | HINT: 147 |
| Function name: ConnectNamedPipe | RVA: 5369577958 | HINT: 148 |
| Function name: CreateEventA | RVA: 5369577978 | HINT: 179 |
| Function name: CreateFileA | RVA: 5369577994 | HINT: 186 |
| Function name: CreateFileMappingA | RVA: 5369578008 | HINT: 187 |
| Function name: CreateFileW | RVA: 5369578030 | HINT: 194 |
| Function name: CreateMutexA | RVA: 5369578044 | HINT: 206 |
| Function name: CreateNamedPipeA | RVA: 5369578060 | HINT: 210 |
| Function name: CreatePipe | RVA: 5369578080 | HINT: 212 |
| Function name: CreateProcessA | RVA: 5369578094 | HINT: 215 |
| Function name: CreateThread | RVA: 5369578112 | HINT: 231 |
| Function name: DeleteCriticalSection | RVA: 5369578128 | HINT: 262 |
| Function name: DeleteFileA | RVA: 5369578152 | HINT: 264 |
| Function name: EnterCriticalSection | RVA: 5369578166 | HINT: 297 |
| Function name: ExitProcess | RVA: 5369578190 | HINT: 343 |
| Function name: FindClose | RVA: 5369578204 | HINT: 366 |
| Function name: FindFirstFileA | RVA: 5369578216 | HINT: 370 |
| Function name: FindFirstFileExA | RVA: 5369578234 | HINT: 371 |
| Function name: FindNextFileA | RVA: 5369578254 | HINT: 387 |
| Function name: FlushFileBuffers | RVA: 5369578270 | HINT: 408 |
| Function name: FormatMessageA | RVA: 5369578290 | HINT: 415 |
| Function name: FreeEnvironmentStringsW | RVA: 5369578308 | HINT: 419 |
| Function name: FreeLibrary | RVA: 5369578334 | HINT: 420 |
| Function name: GetACP | RVA: 5369578348 | HINT: 426 |
| Function name: GetCPInfo | RVA: 5369578358 | HINT: 441 |
| Function name: GetCommState | RVA: 5369578370 | HINT: 460 |
| Function name: GetCommandLineA | RVA: 5369578386 | HINT: 462 |
| Function name: GetCommandLineW | RVA: 5369578404 | HINT: 463 |
| Function name: GetConsoleCP | RVA: 5369578422 | HINT: 482 |
| Function name: GetConsoleMode | RVA: 5369578438 | HINT: 500 |
| Function name: GetCurrentDirectoryA | RVA: 5369578456 | HINT: 520 |
| Function name: GetCurrentProcess | RVA: 5369578480 | HINT: 527 |
| Function name: GetCurrentProcessId | RVA: 5369578500 | HINT: 528 |
| Function name: GetCurrentThread | RVA: 5369578522 | HINT: 531 |
| Function name: GetCurrentThreadId | RVA: 5369578542 | HINT: 532 |
| Function name: GetDateFormatW | RVA: 5369578564 | HINT: 538 |
| Function name: GetEnvironmentStringsW | RVA: 5369578582 | HINT: 558 |
| Function name: GetEnvironmentVariableA | RVA: 5369578608 | HINT: 559 |
| Function name: GetFileType | RVA: 5369578634 | HINT: 581 |
| Function name: GetLastError | RVA: 5369578648 | HINT: 598 |
| Function name: GetLocalTime | RVA: 5369578664 | HINT: 599 |
| Function name: GetLocaleInfoA | RVA: 5369578680 | HINT: 600 |
| Function name: GetModuleFileNameA | RVA: 5369578698 | HINT: 616 |
| Function name: GetModuleFileNameW | RVA: 5369578720 | HINT: 617 |
| Function name: GetModuleHandleA | RVA: 5369578742 | HINT: 618 |
| Function name: GetModuleHandleExW | RVA: 5369578762 | HINT: 620 |
| Function name: GetModuleHandleW | RVA: 5369578784 | HINT: 621 |
| Function name: GetOEMCP | RVA: 5369578804 | HINT: 653 |
| Function name: GetOverlappedResult | RVA: 5369578816 | HINT: 654 |
| Function name: GetProcAddress | RVA: 5369578838 | HINT: 676 |
| Function name: GetProcessHeap | RVA: 5369578856 | HINT: 681 |
| Function name: GetProcessTimes | RVA: 5369578874 | HINT: 691 |
| Function name: GetStartupInfoW | RVA: 5369578892 | HINT: 709 |
| Function name: GetStdHandle | RVA: 5369578910 | HINT: 711 |
| Function name: GetStringTypeW | RVA: 5369578926 | HINT: 716 |
| Function name: GetSystemDirectoryA | RVA: 5369578944 | HINT: 723 |
| Function name: GetSystemTime | RVA: 5369578966 | HINT: 731 |
| Function name: GetSystemTimeAdjustment | RVA: 5369578982 | HINT: 732 |
| Function name: GetSystemTimeAsFileTime | RVA: 5369579008 | HINT: 733 |
| Function name: GetThreadTimes | RVA: 5369579034 | HINT: 759 |
| Function name: GetTickCount | RVA: 5369579052 | HINT: 761 |
| Function name: GetTimeFormatW | RVA: 5369579068 | HINT: 766 |
| Function name: GetTimeZoneInformation | RVA: 5369579086 | HINT: 768 |
| Function name: GetVersionExA | RVA: 5369579112 | HINT: 781 |
| Function name: GetWindowsDirectoryA | RVA: 5369579128 | HINT: 792 |
| Function name: GlobalAlloc | RVA: 5369579152 | HINT: 800 |
| Function name: GlobalFree | RVA: 5369579166 | HINT: 807 |
| Function name: GlobalLock | RVA: 5369579180 | HINT: 811 |
| Function name: GlobalMemoryStatus | RVA: 5369579194 | HINT: 812 |
| Function name: GlobalUnlock | RVA: 5369579216 | HINT: 818 |
| Function name: HeapAlloc | RVA: 5369579232 | HINT: 824 |
| Function name: HeapFree | RVA: 5369579244 | HINT: 828 |
| Function name: HeapReAlloc | RVA: 5369579256 | HINT: 831 |
| Function name: HeapSize | RVA: 5369579270 | HINT: 833 |
| Function name: InitializeCriticalSectionAndSpinCount | RVA: 5369579282 | HINT: 849 |
| Function name: InitializeSListHead | RVA: 5369579322 | HINT: 852 |
| Function name: IsDBCSLeadByteEx | RVA: 5369579344 | HINT: 873 |
| Function name: IsDebuggerPresent | RVA: 5369579364 | HINT: 874 |
| Function name: IsProcessorFeaturePresent | RVA: 5369579384 | HINT: 880 |
| Function name: IsValidCodePage | RVA: 5369579412 | HINT: 885 |
| Function name: LCMapStringW | RVA: 5369579430 | HINT: 921 |
| Function name: LeaveCriticalSection | RVA: 5369579446 | HINT: 933 |
| Function name: LoadLibraryA | RVA: 5369579470 | HINT: 936 |
| Function name: LoadLibraryExA | RVA: 5369579486 | HINT: 937 |
| Function name: LoadLibraryExW | RVA: 5369579504 | HINT: 938 |
| Function name: LocalAlloc | RVA: 5369579522 | HINT: 945 |
| Function name: LocalFree | RVA: 5369579536 | HINT: 949 |
| Function name: MapViewOfFile | RVA: 5369579548 | HINT: 963 |
| Function name: MulDiv | RVA: 5369579564 | HINT: 979 |
| Function name: MultiByteToWideChar | RVA: 5369579574 | HINT: 980 |
| Function name: OpenProcess | RVA: 5369579596 | HINT: 1009 |
| Function name: OutputDebugStringW | RVA: 5369579610 | HINT: 1021 |
| Function name: QueryPerformanceCounter | RVA: 5369579632 | HINT: 1072 |
| Function name: RaiseException | RVA: 5369579658 | HINT: 1092 |
| Function name: ReadConsoleW | RVA: 5369579676 | HINT: 1106 |
| Function name: ReadFile | RVA: 5369579692 | HINT: 1108 |
| Function name: ReleaseMutex | RVA: 5369579704 | HINT: 1168 |
| Function name: RtlCaptureContext | RVA: 5369579720 | HINT: 1198 |
| Function name: RtlLookupFunctionEntry | RVA: 5369579740 | HINT: 1205 |
| Function name: RtlUnwindEx | RVA: 5369579766 | HINT: 1211 |
| Function name: RtlVirtualUnwind | RVA: 5369579780 | HINT: 1212 |
| Function name: SetCommBreak | RVA: 5369579800 | HINT: 1222 |
| Function name: SetCommState | RVA: 5369579816 | HINT: 1225 |
| Function name: SetCommTimeouts | RVA: 5369579832 | HINT: 1226 |
| Function name: SetCurrentDirectoryA | RVA: 5369579850 | HINT: 1265 |
| Function name: SetEndOfFile | RVA: 5369579874 | HINT: 1273 |
| Function name: SetEnvironmentVariableA | RVA: 5369579890 | HINT: 1276 |
| Function name: SetEvent | RVA: 5369579916 | HINT: 1279 |
| Function name: SetFilePointerEx | RVA: 5369579928 | HINT: 1292 |
| Function name: SetHandleInformation | RVA: 5369579948 | HINT: 1302 |
| Function name: SetLastError | RVA: 5369579972 | HINT: 1305 |
| Function name: SetStdHandle | RVA: 5369579988 | HINT: 1328 |
| Function name: SetUnhandledExceptionFilter | RVA: 5369580004 | HINT: 1362 |
| Function name: TerminateProcess | RVA: 5369580034 | HINT: 1392 |
| Function name: TlsAlloc | RVA: 5369580054 | HINT: 1410 |
| Function name: TlsFree | RVA: 5369580066 | HINT: 1411 |
| Function name: TlsGetValue | RVA: 5369580076 | HINT: 1412 |
| Function name: TlsSetValue | RVA: 5369580090 | HINT: 1413 |
| Function name: UnhandledExceptionFilter | RVA: 5369580104 | HINT: 1426 |
| Function name: UnmapViewOfFile | RVA: 5369580132 | HINT: 1429 |
| Function name: WaitForSingleObject | RVA: 5369580150 | HINT: 1467 |
| Function name: WaitForSingleObjectEx | RVA: 5369580172 | HINT: 1468 |
| Function name: WaitNamedPipeA | RVA: 5369580196 | HINT: 1473 |
| Function name: WideCharToMultiByte | RVA: 5369580214 | HINT: 1501 |
| Function name: WriteConsoleW | RVA: 5369580236 | HINT: 1520 |
| Function name: WriteFile | RVA: 5369580252 | HINT: 1521 |

Total Number of Imported Functions:  317  | Total Number of Libraries:  8  | Total Number of Blacklisted Functions:  59

PE Resources valid

ID Type Language Size \ Offset Entropy Hashes

1

RT_ICON

1033 (0)

0x128 \ 0x2dc48

3.181873505066

2

RT_ICON

1033 (0)

0x2e8 \ 0x2dd70

3.690682172619

3

RT_ICON

1033 (0)

0x668 \ 0x2e058

2.475727310595

4

RT_ICON

1033 (0)

0xb0 \ 0x2e6c0

3.103261292008

5

RT_ICON

1033 (0)

0x130 \ 0x2e770

4.2650871697381

6

RT_ICON

1033 (0)

0x330 \ 0x2e8a0

4.1694827267605

7

RT_ICON

1033 (0)

0x128 \ 0x2ebd0

4.2919089130726

8

RT_ICON

1033 (0)

0x2e8 \ 0x2ecf8

3.9911043987182

9

RT_ICON

1033 (0)

0x668 \ 0x2efe0

2.1340134630069

10

RT_ICON

1033 (0)

0xb0 \ 0x2f648

3.01660507509

11

RT_ICON

1033 (0)

0x130 \ 0x2f6f8

3.2480472004818

12

RT_ICON

1033 (0)

0x330 \ 0x2f828

4.038779610277

102

RT_DIALOG

1033 (0)

0x76 \ 0x2fb58

2.8977944416371

110

RT_DIALOG

1033 (0)

0xba \ 0x2fbd0

3.1199749213722

111

RT_DIALOG

1033 (0)

0xfa \ 0x2fc90

3.5364779445649

113

RT_DIALOG

1033 (0)

0x8a \ 0x2fd90

3.1019301977271

200

RT_GROUP_ICON

1033 (0)

0x5a \ 0x2fe20

2.8091595924187

201

RT_GROUP_ICON

1033 (0)

0x5a \ 0x2fe80

2.9553859649922

1

RT_VERSION

1033 (0)

0x2fc \ 0x2fee0

2.2769697964938

1

RT_MANIFEST

1033 (0)

0x4cf \ 0x301e0

2.871219087713

Total Number of Resources: 20 | Total Size of Rsrc Section: 12288 | Total Entropy of Rsrc Section: 3.9256154098567 | Total Ratio of Rsrc Section: 0.014387546%

PE Opcodes Frequency & Anomalies Analyzer suspect

# Opcode Quantity of instruction Frequency of instruction Byte

2

AND

17

1.8318965%

-)

3

BSWAP

2

0.21551724%

-)

4

BT

6

0.64655173%

-)

5

CALL

55

5.926724%

-)

6

CMOVNZ

1

0.10775862%

-)

7

CMOVZ

3

0.32327586%

-)

8

CMP

65

7.00431%

-)

9

CPUID

3

0.32327586%

-)

10

DEC

5

0.53879309%

-)

11

INC

6

0.64655173%

-)

12

INT

1

0.10775862%

-)

13

INT 3

73

7.8663793%

-)

14

JA

2

0.21551724%

-)

15

JAE

11

1.1853448%

-)

16

JB

11

1.1853448%

-)

17

JBE

5

0.53879309%

-)

18

JGE

1

0.10775862%

-)

19

JL

2

0.21551724%

-)

20

JLE

1

0.10775862%

-)

21

JMP

27

2.9094827%

-)

22

JNP

1

0.10775862%

-)

23

JNZ

44

4.7413793%

-)

24

JS

1

0.10775862%

-)

25

JZ

30

3.2327585%

-)

26

LEA

40

4.3103447%

-)

27

LOCK CMPXCHG

1

0.10775862%

-)

28

MOV

222

23.922413%

-)

29

MOVSD

4

0.43103448%

-)

30

MOVSXD

2

0.21551724%

-)

31

MOVUPS

8

0.86206895%

-)

32

MOVZX

4

0.43103448%

-)

33

NEG

4

0.43103448%

-)

34

NOP

5

0.53879309%

-)

35

NOT

1

0.10775862%

-)

36

OR

19

2.0474138%

-)

37

POP

15

1.6163793%

-)

38

PUSH

15

1.6163793%

-)

39

REP MOVSB

1

0.10775862%

-)

40

RET

36

3.8793104%

-)

41

ROR

2

0.21551724%

-)

42

SBB

7

0.75431037%

-)

43

SETNZ

2

0.21551724%

-)

44

SETZ

3

0.32327586%

-)

45

SHL

2

0.21551724%

-)

46

SHR

3

0.32327586%

-)

47

SUB

28

3.0172415%

-)

48

TEST

36

3.8793104%

-)

49

XCHG

1

0.10775862%

-)

50

XGETBV

1

0.10775862%

-)

51

XOR

50

5.3879309%

-)

Load more

Total Number Of Opcodes: 928

Opcodes Frequency Chart

PE Dumped Strings suspect

# String Common

4

AWAVAUATVWSH

Yes

13

HcVH

Yes

14

AWAVAUATVWUSH

Yes

33

AVVWUSH

Yes

35

VWSH

Yes

40

AWAVAUATVWUSH

Yes

43

IcG8A

Yes

44

A9G8

Yes

55

0.0.0.0 local path or dir

No

66

AWAVATVWSH

Yes

69

AWAVAUATVWUSH

Yes

77

VWSH

Yes

79

AWAVAUATVWUSH

Yes

111

uyHc

Yes

114

M H1E

Yes

115

H3E H3E

Yes

131

cAMDD

Yes

132

entiA

Yes

133

ineIA

Yes

134

ntelE

Yes

135

AuthE

Yes

136

Genu3

Yes

141

WATAUAVAWH

Yes

149

tDE3

Yes

152

u,H

Yes

158

ffffff

Yes

164

x AVH

Yes

165

M0E3

Yes

182

x AVH

Yes

187

x AVH

Yes

212

VWAVH

Yes

217

p WH

Yes

238

p AWH

Yes

248

x AVH

Yes

257

PtdH

Yes

269

yBFu

Yes

271

yBFu

Yes

334

AA,G

Yes

341

CA,G

Yes

344

CAsH

Yes

368

CHE3

Yes

384

VWAVH

Yes

385

D8qT

Yes

399

WAVAWH

Yes

414

x ATAVAWH

Yes

422

WATAUAVAWH

Yes

465

uJfD

Yes

472

UVWATAUAVAWH

Yes

476

sHC

Yes

477

s8H

Yes

Load more

Total Number of Strings: 2829 |  Common strings: 2799 | Danger strings: 30

Bytes Frequency Chart