Manalyze report for 04a8a08b1e6621e6bd1bfb15e48c5c5b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Jan-27 12:29:05
Detected languages	English - United States

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA1` `Uses constants related to SHA256` `Uses known Mersenne Twister constants`
Suspicious	The PE is possibly packed.	`Unusual section name found: \x00` `Section \x00 is both writable and executable.` `Unusual section name found: .idata` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found: coestcbn` `Section coestcbn is both writable and executable.` `Unusual section name found: csjdawae` `Section csjdawae is both writable and executable.` `Unusual section name found: .pdata\x00I` `Section .pdata\x00I is both writable and executable.` `The PE only has 2 import(s).`
Info	The PE is digitally signed.	`Signer: UBISOFT ENTERTAINMENT INC.` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`04a8a08b1e6621e6bd1bfb15e48c5c5b`
SHA1	`be4eb93b408099a5454d3e7be5aed6c88740d53e`
SHA256	`0acf5ecf170b37b3b49508f796993f03811933daaec0c6bd570ee4ed173b87de`
SHA3	`275d1255f4b15628c5f2133261cb3bb2f1f49d1685c43ed5454d3f4365d99a5b`
SSDeep	`98304:apMDb/GSuPlecO2ifRI1o27fGmgVNKqlXuiihh16LT10Vqekv2LBoDMPk2WJDrQh:jDb/TEvpiKfvgplXuiiTkYqDCPkdofxN`
Imports Hash	`baa93d47220682c04d92f7797d9224ce`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x170`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2023-Jan-27 12:29:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xf6bc00`
SizeOfInitializedData	`0x6fd600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000001CB8000 (Section: csjdawae)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1d44000`
SizeOfHeaders	`0x400`
Checksum	`0x9bcaad`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

\x00

MD5	`a49b7904421ae703e01f4019592d00cc`
SHA1	`97bf2410fd86fe9b93a32bd430bd641803151a32`
SHA256	`8e521143a09f58ffba8e9f1575cf9123e70660006cda723c11f9e91b4232d01a`
SHA3	`6e0695eb5cba268deea590ef7d0e20883d7d9aa9945b523082d5313572ffb2ff`
VirtualSize	`0x163c000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6f5800`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.90689`

.rsrc

MD5	`74aa6a020d2a104c49d9ab9e410a2130`
SHA1	`83cbe8a0967154c84cc74754379a3c61b10aa131`
SHA256	`a081484e8085cfaac5297b276bac9bb8415c335b493b4ce0ed53c25a56dcb234`
SHA3	`009929d5ed0fbe4c86cc6e7757b2bd886fe0b1e4409016a7e5e7c5e6d2dd51d4`
VirtualSize	`0x8030`
VirtualAddress	`0x163d000`
SizeOfRawData	`0x4c00`
PointerToRawData	`0x6f6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.88624`

.idata

MD5	`866aef73069d3ffbc0e1c044c64c5adf`
SHA1	`3a2dd8e58afa3a319ffbbc8a2f43ac2bff50b22e`
SHA256	`72dc02f1992fdaec1b78bcd70226ce2328f2372cbfa0ea4c809db58ec89ad47e`
SHA3	`bb49087e89215ad2cbe23ca3951b5da4637e740ad475845ed3c1f967261344da`
VirtualSize	`0x1000`
VirtualAddress	`0x1646000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6fb400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.41573`

MD5	`6000d72db7b42b26a3e56e324929d011`
SHA1	`05124b1845b5cc16e64308b87cb112180208aefa`
SHA256	`5de04b302dfb8e69a02158efc889b699dd4868df4f2699128d16c259e6c40a60`
SHA3	`c18ae2d2e12580ec0f08db5c59bedc5b9852a08cca53a41b29abedb04297a783`
VirtualSize	`0x442000`
VirtualAddress	`0x1647000`
SizeOfRawData	`0x200`
PointerToRawData	`0x6fb600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.251484`

coestcbn

MD5	`831657fc60b8f70d0ea5a3252eab1e38`
SHA1	`b8849861fecd5453786f3e1d2333b97ca669e843`
SHA256	`8fa1991b3207b525c7a0c702d96ccc26a1240bafdb2be8b28fbc6ebf745a0547`
SHA3	`01348e2168a178a95f1e279eae848075c29cd0824d1424a87fd992c027cd2da0`
VirtualSize	`0x22f000`
VirtualAddress	`0x1a89000`
SizeOfRawData	`0x22e800`
PointerToRawData	`0x6fb800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.95988`

csjdawae

MD5	`302f9ce29bb87d0b1eea0b1d0f94146d`
SHA1	`5c8ec2fc6c2ec7d0acc10fcd4dd51d34c2a4aba1`
SHA256	`786394f15f5009fd57b146c343ce45774c6f1b119d262d4ff9d43a021f8cc869`
SHA3	`b64ff601c5d59bc89dd4d115599b7363620e8d619d0f8671670534d9f6185269`
VirtualSize	`0x1000`
VirtualAddress	`0x1cb8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x92a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.52613`

.pdata\x00I

MD5	`b932da95553fc221cab8adc55a371854`
SHA1	`2d6955b47f7b0eb6cf9d69c1c118415f4856dcab`
SHA256	`ce951f87fab66840fd52738b200f97fa4a7b7593111b8c6a94182694e4382777`
SHA3	`3067189889974b19d117f9efed4134e238a799f4d320611f9353bced32b59943`
VirtualSize	`0x8b000`
VirtualAddress	`0x1cb9000`
SizeOfRawData	`0x8a800`
PointerToRawData	`0x92a200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.77856`

Imports

kernel32.dll	`lstrcpy`
comctl32.dll	`InitCommonControls`

Delayed Imports

AmdPowerXpressRequestHighPerformance

Ordinal	`1`
Address	`0x133ef8c`

NvOptimusEnablement

Ordinal	`2`
Address	`0x133ef88`

UnityPluginLoad

Ordinal	`3`
Address	`0xa7db40`

UnityPluginUnload

Ordinal	`4`
Address	`0xc089c0`

mosquitto_connack_string

Ordinal	`5`
Address	`0xbbcf60`

mosquitto_connect

Ordinal	`6`
Address	`0xbbcfd0`

mosquitto_connect_async

Ordinal	`7`
Address	`0xbbd030`

mosquitto_connect_bind

Ordinal	`8`
Address	`0xbbd090`

mosquitto_connect_bind_async

Ordinal	`9`
Address	`0xbbd0f0`

mosquitto_connect_callback_set

Ordinal	`10`
Address	`0xbbd150`

mosquitto_connect_srv

Ordinal	`11`
Address	`0xbbe9f0`

mosquitto_destroy

Ordinal	`12`
Address	`0xbbd1a0`

mosquitto_disconnect

Ordinal	`13`
Address	`0xbbd1c0`

mosquitto_disconnect_callback_set

Ordinal	`14`
Address	`0xbbd220`

mosquitto_lib_cleanup

Ordinal	`15`
Address	`0xbbd270`

mosquitto_lib_init

Ordinal	`16`
Address	`0xbbd290`

mosquitto_lib_version

Ordinal	`17`
Address	`0xbbd2e0`

mosquitto_log_callback_set

Ordinal	`18`
Address	`0xbbd310`

mosquitto_loop

Ordinal	`19`
Address	`0xbbd360`

mosquitto_loop_forever

Ordinal	`20`
Address	`0xbbd650`

mosquitto_loop_misc

Ordinal	`21`
Address	`0xbbd7d0`

mosquitto_loop_read

Ordinal	`22`
Address	`0xbbd900`

mosquitto_loop_start

Ordinal	`23`
Address	`0xbbd9d0`

mosquitto_loop_stop

Ordinal	`24`
Address	`0xbbda20`

mosquitto_loop_write

Ordinal	`25`
Address	`0xbbdae0`

mosquitto_max_inflight_messages_set

Ordinal	`26`
Address	`0xbbdbb0`

mosquitto_message_callback_set

Ordinal	`27`
Address	`0xbbdbd0`

mosquitto_message_copy

Ordinal	`28`
Address	`0xbbdc20`

mosquitto_message_free

Ordinal	`29`
Address	`0xbbdce0`

mosquitto_message_retry_set

Ordinal	`30`
Address	`0xbbdd30`

mosquitto_new

Ordinal	`31`
Address	`0xbbdd60`

mosquitto_opts_set

Ordinal	`32`
Address	`0xbbde60`

mosquitto_pub_topic_check

Ordinal	`33`
Address	`0xbbdea0`

mosquitto_publish

Ordinal	`34`
Address	`0xbbded0`

mosquitto_publish_callback_set

Ordinal	`35`
Address	`0xbbe0f0`

mosquitto_reconnect

Ordinal	`36`
Address	`0xbbe140`

mosquitto_reconnect_async

Ordinal	`37`
Address	`0xbbe150`

mosquitto_reconnect_delay_set

Ordinal	`38`
Address	`0xbbe160`

mosquitto_reinitialise

Ordinal	`39`
Address	`0xbbe180`

mosquitto_socket

Ordinal	`40`
Address	`0xbbe4c0`

mosquitto_socks5_set

Ordinal	`41`
Address	`0xbbe9f0`

mosquitto_strerror

Ordinal	`42`
Address	`0xbbe4d0`

mosquitto_sub_topic_check

Ordinal	`43`
Address	`0xbbe620`

mosquitto_sub_topic_tokenise

Ordinal	`44`
Address	`0xbbe690`

mosquitto_sub_topic_tokens_free

Ordinal	`45`
Address	`0xbbe850`

mosquitto_subscribe

Ordinal	`46`
Address	`0xbbe8c0`

mosquitto_subscribe_callback_set

Ordinal	`47`
Address	`0xbbe930`

mosquitto_threaded_set

Ordinal	`48`
Address	`0xbbe980`

mosquitto_tls_insecure_set

Ordinal	`49`
Address	`0xbbe9f0`

mosquitto_tls_opts_set

Ordinal	`50`
Address	`0xbbe9f0`

mosquitto_tls_psk_set

Ordinal	`51`
Address	`0xbbe9f0`

mosquitto_tls_set

Ordinal	`52`
Address	`0xbbe9f0`

mosquitto_topic_matches_sub

Ordinal	`53`
Address	`0xbbea00`

mosquitto_unsubscribe

Ordinal	`54`
Address	`0xbbeb90`

mosquitto_unsubscribe_callback_set

Ordinal	`55`
Address	`0xbbec10`

mosquitto_user_data_set

Ordinal	`56`
Address	`0xbbec60`

mosquitto_username_pw_set

Ordinal	`57`
Address	`0xbbec70`

mosquitto_want_write

Ordinal	`58`
Address	`0xbbed30`

mosquitto_will_clear

Ordinal	`59`
Address	`0xbbed50`

mosquitto_will_set

Ordinal	`60`
Address	`0xbbed60`

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.18991`
MD5	`bd6c29645e4c1bb99b2995988b4df29e`
SHA1	`2881a0f25cdcab028a35eec21112412a7c6a28cd`
SHA256	`7f9c4de8994bfcae6efb753b1993a4de7bb644bed3ad290f2d81bf1f1e3257fe`
SHA3	`3b196443c10a0889fe5701bb278504a72a74cabe901d97e30c9604ee9f210442`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.31744`
MD5	`245112e636361b1d9bf7107b0f82a347`
SHA1	`98ba1449f43607566ef83bcff811f10ee08abc81`
SHA256	`1a5b5a3ca29844fa83605326027208aa1b162f4404efbf0afb48cb809845fb29`
SHA3	`581ff0c3952f847a58841e018010ae80fe0602ddb3b1ae44970b37fe139773b6`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.3607`
MD5	`6df016381e158ede41677e249307f310`
SHA1	`283f07d964e502979a9555bb8f4d7a2d2295e7fb`
SHA256	`58fcdef0c1046097670b8c77e9685a1dbe50057f36228e409b3908bb7e2b59d7`
SHA3	`9f5efde6f8be4dc3d82266b0b388a826961fbe15b2fa220f35b8489ce50e3ea4`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.07899`
MD5	`7b715b12733dcc59a665be9ab043e7e0`
SHA1	`5a7d21829228ba3f326e0455629116ac5d12b1a5`
SHA256	`916189bba873448ca8e2f3b348176d1ae68d6f136fb8929c96ed9e72eb8e016c`
SHA3	`79213f9c090fa71e24cf8f759e21944790c050df5f7545402b21737fd4a52bb5`

DI_APP

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.62308`
Detected Filetype	Icon file
MD5	`bec82d9c5028d979a420e534950d6233`
SHA1	`e1bd3221bbc5ba3e8172dc4e58089198b2ff4347`
SHA256	`0885230f1722c42fe74e368066038da27b8391506ba1582add2d240e41b30ab1`
SHA3	`c6629df6bbc335ec2e5c14a509e058afe8ca773892a9aa4fc96ba37eafef2cc7`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x14163a000`
EndAddressOfRawData	`0x14163a00c`
AddressOfIndex	`0x141caf0f0`
AddressOfCallbacks	`0x141caf100`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

XOR Key	`0x82947db`
Unmarked objects	`0`
241 (40116)	`31`
243 (40116)	`208`
242 (40116)	`53`
C++ objects (23013)	`2`
Imports (VS2015 UPD3 build 24123)	`2`
Imports (2207)	`2`
199 (41118)	`5`
ASM objects (VS2015 UPD3 build 24123)	`16`
C++ objects (VS2015 UPD3 build 24123)	`135`
C objects (VS2015 UPD3 build 24123)	`44`
C objects (65501)	`7`
C objects (24245)	`66`
C++ objects (24245)	`80`
Imports (VS2012 UPD4 build 61030)	`2`
C++ objects (24234)	`518`
C objects (24234)	`543`
C++ objects (65501)	`1`
208 (65501)	`3`
Imports (65501)	`29`
Total imports	`505`
C++ objects (VS2015 UPD3.1 build 24215)	`1221`
C objects (VS2015 UPD3.1 build 24215)	`43`
Exports (VS2015 UPD3.1 build 24215)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
151	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`