Manalyze report for 01bec376497b1e5deff36967a14e9ec4ada3e6e1010ad935f1224ebfc43b5248

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2006-Oct-15 02:31:22
Detected languages	English - United States
Debug artifacts	c:\MSDev\Projects\Hash\Release\Hash.pdb
Comments	Hasherçççç¾åç
CompanyName	PCLIVEç ´è®ºå
FileDescription	Hasherçççç¾åç
FileVersion	`2,0,0,8`
InternalName	Hasher
LegalCopyright	Copyright (C) 2006 ççç
OriginalFilename	Hasher.exe
ProductName	Hasher
ProductVersion	`2,0,0,8`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5` `Uses constants related to SHA1`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`c5bca399fd538a380c6d0133821915c9`
SHA1	`3f087bc6b9518e59fecb8da4752bd3aab8c643a2`
SHA256	`01bec376497b1e5deff36967a14e9ec4ada3e6e1010ad935f1224ebfc43b5248`
SHA3	`211caaba8bbbdfc3d443e56e830c151ee9bc6726ab064d50267a71e775553e81`
SSDeep	`768:l6q3bc4ivsMwUBLrZncBxjScwcqEEYokgT:lT8lnByxjScwdErokgT`
Imports Hash	`91c8172effccd3ed565854517f1bf6fd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2006-Oct-15 02:31:22
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`7.0`
SizeOfCode	`0x4800`
SizeOfInitializedData	`0xb400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000532C (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x6000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x13000`
SizeOfHeaders	`0x400`
Checksum	`0xe0b8`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`31bfd8bbac505ef7f37e2520ca98fe48`
SHA1	`31cf22dcb06e172f0ffabff09e3867bda26fc748`
SHA256	`ecd0c242e508188b3286aa4bdcdb9c7d758dc20b31d4521f1ec3ead5bf557b01`
SHA3	`34757f8aa5348f969ae6cff083bb9ad74a2cb28b2f557d073a0f991e6b259cb9`
VirtualSize	`0x470c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.50431`

.rdata

MD5	`df68e895e8c179eec877b38c66d3649c`
SHA1	`0e762e77e21695316896989dba5ae9d7fcc40199`
SHA256	`37059a4943053969167517c61f715a75e70d12d3bfa0e2bc693abb9a6e31e488`
SHA3	`f1e69d127471908e4147cc2600b04da305f922ba69516ff8b2d7556a32aafcc3`
VirtualSize	`0xf94`
VirtualAddress	`0x6000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.2056`

.data

MD5	`9c3757b7b02d81e385895f33b05baa7e`
SHA1	`d5ce7f4a1fdc585616b5e50b840af0a9b7f5a575`
SHA256	`f34e3e4aebb5e6ace9e94da804bf1a56f113b12f29c3984214621181a664edea`
SHA3	`7ae745cb6a35cebbd77e22500e1df1acddf736adc0216f5774d2f053d700ee57`
VirtualSize	`0x81bc`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.28217`

.rsrc

MD5	`b36bf8062b9dcf494aff0dbee055e573`
SHA1	`0354db95b1bf29ef54caa3a55fd5ae2e206c41ad`
SHA256	`c7a2fddd7a951615103814a59e85759725ce9c2b9807122f876b4b86c83e95c7`
SHA3	`b283297c07c61bc8b5920a55ca776b96feed3b2b0afe4d6d739ee04cabac9990`
VirtualSize	`0x2229`
VirtualAddress	`0x10000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.67719`

Imports

KERNEL32.dll	`WaitForSingleObject` `SetEvent` `CreateEventA` `SetThreadPriority` `CloseHandle` `ResumeThread` `CreateFileA` `GetFileSize` `lstrcpynA` `GlobalLock` `GetTimeFormatA` `FormatMessageA` `GetDateFormatA` `WriteFile` `lstrlenA` `GlobalAlloc` `GetFileAttributesA` `FileTimeToSystemTime` `ReadFile` `GlobalUnlock` `FindFirstFileA` `GetLastError` `FindClose` `FindNextFileA` `GetCurrentDirectoryA` `GetFileTime` `FileTimeToLocalFileTime` `LocalFree` `GetModuleHandleA` `GetUserDefaultLangID` `lstrcmpA` `GetStartupInfoA`
USER32.dll	`EnableWindow` `RegisterClassA` `CloseClipboard` `GetFocus` `LoadIconA` `wsprintfA` `SetFocus` `SetDlgItemTextA` `UnregisterClassA` `EmptyClipboard` `GetDlgItem` `EndDialog` `CheckDlgButton` `IsDlgButtonChecked` `GetClassInfoA` `PostMessageA` `OpenClipboard` `SetWindowTextA` `DialogBoxParamA` `SetClipboardData` `SendMessageA`
comdlg32.dll	`GetSaveFileNameA` `GetOpenFileNameA`
SHELL32.dll	`DragAcceptFiles` `DragQueryFileA`
MSVCRT.dll	`_makepath` `_controlfp` `_except_handler3` `__set_app_type` `__p__fmode` `__p__commode` `_adjust_fdiv` `__setusermatherr` `_initterm` `__getmainargs` `_acmdln` `exit` `_XcptFilter` `_exit` `_onexit` `__dllonexit` `_splitpath` `_vsnprintf` `_snprintf` `_beginthreadex` `??2@YAPAXI@Z` `memmove` `??3@YAXPAX@Z`
SHLWAPI.dll	`PathAddBackslashA`
COMCTL32.dll	`InitCommonControlsEx`
VERSION.dll	`VerQueryValueA` `GetFileVersionInfoSizeA` `GetFileVersionInfoA`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.94605`
MD5	`82662c7862fd4192d76daee20c083c22`
SHA1	`16af085754eb83fd19da3ccbaa2affdb42fa41a5`
SHA256	`71b0a48220e3948bbcf42dd01cabcf6c1eb2b8707118ceb8c5caaceb876f4bcb`
SHA3	`eb3cdc13144506c53a86489bdf3ddf626fc3ad41f81255a01020d98dbdf2739a`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.99608`
MD5	`f4c426588bd4252baf2d834368f728d7`
SHA1	`a513e8b35860bfddba7ff349207352c9a5a6e9d9`
SHA256	`b36686d689f98d958c2b2bbc5d187c807ba2ad8068d4490546e8c801b5a1870a`
SHA3	`ae1395e50f77b26a6a5a752446fb00f71717f931b50d5d13b426732543c59f75`

101

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1f4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4224`
MD5	`53ed29efbfff590dc43c4ae0ef46e51d`
SHA1	`af34fe02558fba6d7fd7a836c396b9a5421aa95f`
SHA256	`1c8b85226a59e8a6d5c1e153d17233ff29969e63b8a6a48e353527302828749b`
SHA3	`ea335c7613050ba3ca45ae26540c1f3123b55da42292e941701a1cc2fd73c15b`

102

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.12663`
Detected Filetype	Icon file
MD5	`ff131b80d3b5f90f287f7ebf307ecd35`
SHA1	`a5aba9add3c8e7d24229a29afa5146623ee43d2b`
SHA256	`365743600699d40fef274a86084ef5ec4abaf99a83a1adc852eff39efef7d24c`
SHA3	`6d01b52f95800cf57190e35783d95b0861407446467566f940393976614986ea`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x304`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.59127`
MD5	`ca17911acd0da2978509868894634bd4`
SHA1	`334da3e3fe8de35cd8be73f07cb3765bc6616ba9`
SHA256	`acb853f8a4396b11c221130efda1c469910a31d1357f6dc4e0e2e95003de1c6a`
SHA3	`6e46726ef4c6ce43d66b8dddd091060473bea6a3ea99597d04f76b1ad992b7fe`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x215`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.11419`
MD5	`c72c63a152dbb92d813719d1127e6e8e`
SHA1	`965094190845cbae0e89c01adb40878728da70ed`
SHA256	`c28e5cd59c74907c121888a69ba8ca50ba4286c97a5d26399691257532edf7fe`
SHA3	`5393caeded5d35d0eb2ea99549c05bf53e02951c61a7f05f79ad8d61475881a1`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.0.0.8
ProductVersion	2.0.0.8
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
Comments	Hasherçççç¾åç
CompanyName	PCLIVEç ´è®ºå
FileDescription	Hasherçççç¾åç
FileVersion (#2)	2,0,0,8
InternalName	Hasher
LegalCopyright	Copyright (C) 2006 ççç
OriginalFilename	Hasher.exe
ProductName	Hasher
ProductVersion (#2)	2,0,0,8

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2006-Oct-15 02:31:22
Version	`0.0`
SizeofData	`64`
AddressOfRawData	`0x6f54`
PointerToRawData	`0x5b54`
Referenced File	c:\MSDev\Projects\Hash\Release\Hash.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x2af1839b`
Unmarked objects	`0`
Linker (8047)	`2`
14 (7299)	`4`
C objects (8047)	`11`
Imports (9210)	`6`
Imports (2067)	`2`
Imports (2179)	`7`
Total imports	`85`
100 (VS2003 (.NET) build 3077)	`6`
94 (VS2003 (.NET) build 3052)	`1`
Linker (VS2003 (.NET) build 3077)	`1`

Errors

Leave a comment

No comments yet.