Manalyze report for 0533955d39f432641484679e51b00ef9

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2017-May-10 18:30:05
Detected languages	English - United States
Debug artifacts	C:\Users\Inode Firewall\OneDrive\Documents\Présentations\SEC102\2017\PGSE\SEC102_Laura\bin\Debug\httpclient.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	The PE contains functions most legitimate programs don't use.	`Leverages the raw socket API to access the Internet: freeaddrinfo getaddrinfo #116 #115 #23 #22 #19 #16 #4 #3 #111`
Safe	VirusTotal score: 0/70 (Scanned on 2019-05-30 20:13:09)	`All the AVs think this file is safe.`

Hashes

MD5	`0533955d39f432641484679e51b00ef9`
SHA1	`b8e23ae7c10840ffef2ece79371c0044f0bbde9d`
SHA256	`c0e4e4444d5d9777a28fab56ce89e4b3662e0d382da5b9e1fbc5880de73a6573`
SHA3	`2ef703848d79d40ebd146edb61a98461540f74d2bd66e76e9898ea083d995aa2`
SSDeep	`384:XeZ/eRiKbqOR+C3/HOt5aatfZ69J7AW9YepisYpKivTx3t:Xe/Wd3/Hy5aqfM9B5YpTvTx`
Imports Hash	`548a39ac115e184edb13029b3a68d209`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2017-May-10 18:30:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x5800`
SizeOfInitializedData	`0x4600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001037 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x7000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x10000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`08c594d5fffd9a8b07477449741b49cd`
SHA1	`ea9b15c5e8ac64429bb0ad4aef9d4c48c1b56958`
SHA256	`c0d472ef8500c59410795e39ffafb2351ab41a191fd5b7b754da64a47d0b5b03`
SHA3	`1164ffdaf633c3d75579e0cb8dd2a5f905ae2c6f398f91e6dd6ec09eaf54e157`
VirtualSize	`0x56de`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.74792`

.rdata

MD5	`7ca3c43a42dfa586d7f810d6db7e4677`
SHA1	`f00a43f3f4bd5268321ab855284b2f0741ca50b8`
SHA256	`547ea4878aec5917bc533d7bd3616c1ff53fc13c598490aedfc6b3154fc1ecfd`
SHA3	`2566300165c2ab33d2d057f14ff60ace056d53588e9f8c3003429a98f37a7ec3`
VirtualSize	`0x213d`
VirtualAddress	`0x7000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x5c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.95679`

.data

MD5	`8b2cefe95fee3d424e7c79d0a9e4caf0`
SHA1	`b5b4693b0d6e8c2a0e0841fe9f5e3d7bee4fb34d`
SHA256	`7c06b00b390095a36fb303e2f5834d13a971eec1d1a34053c6e61ce66aa93913`
SHA3	`32463877c0735ee1882923a64cdaa07b01a1aa8fd675dd6429638b5053373247`
VirtualSize	`0x7fc`
VirtualAddress	`0xa000`
SizeOfRawData	`0x400`
PointerToRawData	`0x7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.38992`

.idata

MD5	`e4e0a0056fc972354bf093135bce4572`
SHA1	`5271bb51b20c5b11cd379b3469ac984f4f53c6f8`
SHA256	`0e3676aeb46b90fa16e16df8c384e06f19cb11a5d1d568fa0ca6e8301d7bc57a`
SHA3	`689ea77b758c134822da57a996d69e2ca0c36b6b5cb68a79a9fe5e2861005d95`
VirtualSize	`0xbca`
VirtualAddress	`0xb000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x8200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.06214`

.gfids

MD5	`96069875f941840e876cbffd348cce91`
SHA1	`4af701989984a91f1759292d157dc8703e5f6862`
SHA256	`9ff01324f9f671882e0ec39acff5b79bc791976b6da405153f620c7ef9252982`
SHA3	`5dc2194c26d91d3e8193b1fdf2656cc5a7bb317cfe9e3754b66f06dfa20b6cdd`
VirtualSize	`0x13a`
VirtualAddress	`0xc000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.214733`

.00cfg

MD5	`64c2dc6d092b246a63c2cd73194a44af`
SHA1	`6f831cca33f70916dbda959ff029027b3dd97cb3`
SHA256	`8ca5db74628925d7a2d04f8fd01fe4caaea4f323c9ff304295019d7de8e745b4`
SHA3	`bc11d6881dbf706c23a8b80818af1b36750693191ef8fc500e6d9265ea3aa288`
VirtualSize	`0x104`
VirtualAddress	`0xd000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0611629`

.rsrc

MD5	`303b3828e907aba1ef2b388f25ba9b5f`
SHA1	`dc8b3cd4ecc247ce69dfcd4094568bb0c3642734`
SHA256	`f53e342e145f575f43dae0905ab37541480ae3115f6acaeee9276e4d2fd8c7c0`
SHA3	`797b27c50943dfb146bc7174e1a3c35ea9471ada92ef7b6f9e3fb66095b727f3`
VirtualSize	`0x43c`
VirtualAddress	`0xe000`
SizeOfRawData	`0x600`
PointerToRawData	`0x9200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.13542`

.reloc

MD5	`caeb66da3902bbeef3e99895f0dde7be`
SHA1	`d7e9e76103bd5314a6be8decfaba83736814985d`
SHA256	`fe4cf0a57dd12011fa1f2b7484a37d80093c707ec07a2644369b8b45ea9d826f`
SHA3	`07a594c501abe8db9691fb184ae977fb9a0dcb582269f4812b410ddaab8d5db6`
VirtualSize	`0x521`
VirtualAddress	`0xf000`
SizeOfRawData	`0x600`
PointerToRawData	`0x9800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.96341`

Imports

WS2_32.dll	`freeaddrinfo` `getaddrinfo` `#116` `#115` `#23` `#22` `#19` `#16` `#4` `#3` `#111`
VCRUNTIME140D.dll	`__vcrt_LoadLibraryExW` `__vcrt_GetModuleHandleW` `__vcrt_GetModuleFileNameW` `_except_handler4_common` `__std_type_info_destroy_list` `memset`
ucrtbased.dll	`_configthreadlocale` `_set_new_mode` `__p__commode` `__stdio_common_vsprintf_s` `_seh_filter_dll` `_initialize_onexit_table` `_register_onexit_function` `_execute_onexit_table` `_crt_atexit` `_crt_at_quick_exit` `_controlfp_s` `terminate` `_wmakepath_s` `_wsplitpath_s` `wcscpy_s` `_register_thread_local_exe_atexit_callback` `_cexit` `__p___argv` `__p___argc` `_set_fmode` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv` `__setusermatherr` `_set_app_type` `_seh_filter_exe` `_CrtDbgReportW` `_CrtDbgReport` `malloc` `__stdio_common_vsprintf` `__stdio_common_vfprintf` `__acrt_iob_func` `strlen` `strcmp` `_c_exit`
KERNEL32.dll	`RaiseException` `MultiByteToWideChar` `WideCharToMultiByte` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetStartupInfoW` `GetModuleHandleW` `GetLastError` `HeapAlloc` `HeapFree` `GetProcAddress` `FreeLibrary` `VirtualQuery` `GetProcessHeap` `IsDebuggerPresent`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-May-10 18:30:05
Version	`0.0`
SizeofData	`137`
AddressOfRawData	`0x87d4`
PointerToRawData	`0x73d4`
Referenced File	C:\Users\Inode Firewall\OneDrive\Documents\Présentations\SEC102\2017\PGSE\SEC102_Laura\bin\Debug\httpclient.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2017-May-10 18:30:05
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x8860`
PointerToRawData	`0x7460`

TLS Callbacks

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x40a258`
SEHandlerTable	`0x4086d0`
SEHandlerCount	`1`

RICH Header

XOR Key	`0xd8e735cc`
Unmarked objects	`0`
239 (40116)	`2`
Imports (VS2015 UPD3 build 24123)	`2`
C++ objects (VS2015 UPD3 build 24123)	`23`
C objects (VS2015 UPD3 build 24123)	`13`
Imports (65501)	`5`
Total imports	`79`
C objects (VS2015 UPD3.1 build 24215)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

0533955d39f432641484679e51b00ef9

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.idata

.gfids

.00cfg

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

TLS Callbacks

Load Configuration

RICH Header

Errors