Manalyze report for 329b18b89ada5717afedf37ba068d5d6a8018a68f9343818d6bba49c171b8382

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2025-Jul-16 21:05:54
Detected languages	English - United States
Debug artifacts	C:\Users\Inquallity\xtraining\xtraining-re101\Track 01\track_01\Debug\track_01.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	The PE is possibly packed.	`Section .textbss is both writable and executable.` `Unusual section name found: .msvcjmc`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`07d6e389dc520c7eff21e816c85a64b9`
SHA1	`30cbdd15911bad1c64a05c334470d7dd3dc76a65`
SHA256	`329b18b89ada5717afedf37ba068d5d6a8018a68f9343818d6bba49c171b8382`
SHA3	`3c520c67666eb02d2762b8c9813dfb07786485857d605a0e7c977975853e35a4`
SSDeep	`384:JXPpF+yqXbQHRm2USCYAnRz1HxwPhdSddiBuD2BtaFVQ:Jn+yGQHRmU8hIhVBuDotaC`
Imports Hash	`4d5f460f239617a15843c169ee11795b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`9`
TimeDateStamp	2025-Jul-16 21:05:54
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x5a00`
SizeOfInitializedData	`0x4800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00011023 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x20000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.textbss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x10000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.text

MD5	`7a608abd44cb86c7a595a10d492e91f8`
SHA1	`cbfc49bbf8aa232b7188e4dbbae5264bcfef2ba3`
SHA256	`948cea0321d9f585cadf5f9c05e3c8f61b1caa19986313219d9664380634bea7`
SHA3	`aefcbc6c8d0852eaa6912c31ccbe90e6f3db775606b424291c544a8c1401f416`
VirtualSize	`0x5914`
VirtualAddress	`0x11000`
SizeOfRawData	`0x5a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.50433`

.rdata

MD5	`158503753001e0d56de545c1b3a09e92`
SHA1	`d0aa652ad75ed74d414116df06ebc3b8a99ae95e`
SHA256	`e7e6b5c5de451490120a7a05a74670211b443932bd12bfcf8081505d71e79fcf`
SHA3	`ff976dcc9bc99f75b60af67ec52279fc73f024ace36f67811e8cbae417772a2c`
VirtualSize	`0x2369`
VirtualAddress	`0x17000`
SizeOfRawData	`0x2400`
PointerToRawData	`0x5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.82451`

.data

MD5	`430a1e92998f7025251642461573f43e`
SHA1	`da9b8f814018483d3e5d367aab4b56c46b19e015`
SHA256	`dfb9b3398d9d4985733adef4f109446e2b764a0f86daeda9b07edd78cf2df3c0`
SHA3	`c43c8e91f83af1bec3ca10d900d0d48bd44cae6b88917b2d985072196287ee3b`
VirtualSize	`0x640`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.43799`

.idata

MD5	`df843b86f73d07610cc063e03a56d98a`
SHA1	`8cef1fa7534499a7bbf9b655416f58d9b6026ce6`
SHA256	`8447f461c87d293417170cdcfda70f3b4c06f26a4d0445d3bfd048253c746b10`
SHA3	`3a828370ff4f3a3373d506273a6ba3b37ec96306cec7b0b5a4f65a5f2b0378b0`
VirtualSize	`0xade`
VirtualAddress	`0x1b000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.11556`

.msvcjmc

MD5	`2187fc2ce5385b6cb4df784b0f589490`
SHA1	`292a3819ff2211eb6c2441a9b97ce407f87fbf27`
SHA256	`6ea4bbb0fb7568b7193d7df4cd72489ad4ba11b14281363650311adf107a6526`
SHA3	`fcaae8d15e6b13631b8f9e1a164cefacb3e1134f75e73712ddd0277bc6e5c768`
VirtualSize	`0x10a`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.127617`

.00cfg

MD5	`721b83e68b93cd4641963d4f0db89775`
SHA1	`dedd45b284ad67b26f5dfe119c909a4c9c774b3e`
SHA256	`33e854d4c95bd08c31eb53ce5bdce5d2e8b16782af02b95605e250a09b7d6a07`
SHA3	`143802ec50b583a815cf01a043b7916734d08ff17032f524c1a147f9600d3153`
VirtualSize	`0x10e`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x200`
PointerToRawData	`0x9200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.110557`

.rsrc

MD5	`e0ca99079dd48b1a6872fb7af4b6a49d`
SHA1	`17d24844cc786a6ced5d3eb15398bb266bf09cfb`
SHA256	`4f3f06cb178cb2fe1784c3d7196088cfa990745680becc70daccf116d339805f`
SHA3	`435b73334fb90b28c8845f8d85766907a305ef26427c52b21b814666aad45ab1`
VirtualSize	`0x43c`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x600`
PointerToRawData	`0x9400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.14043`

.reloc

MD5	`20c7122e90e9cd5ffd94a02ecddbefca`
SHA1	`ad6bf40a9f667c2c8078bc7ffa6924c2c0edf13d`
SHA256	`bbe87720937186d6f64fb9204007513a0b74b0a972150d1e22aeff4757b3aee9`
SHA3	`275461e4017a8d3b44191521d5e21d32cf6584e21f0742f558c9a0b324e37bdb`
VirtualSize	`0x5b9`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x600`
PointerToRawData	`0x9a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.85638`

Imports

VCRUNTIME140D.dll	`__vcrt_GetModuleFileNameW` `_except_handler4_common` `memset` `__current_exception_context` `__current_exception` `__vcrt_GetModuleHandleW` `__vcrt_LoadLibraryExW` `__std_type_info_destroy_list`
ucrtbased.dll	`strcat_s` `__stdio_common_vsprintf_s` `__p__commode` `_initialize_onexit_table` `_register_onexit_function` `_execute_onexit_table` `_crt_atexit` `_crt_at_quick_exit` `_controlfp_s` `terminate` `_wmakepath_s` `_wsplitpath_s` `wcscpy_s` `strcpy_s` `_set_new_mode` `_configthreadlocale` `_register_thread_local_exe_atexit_callback` `_c_exit` `_cexit` `__p___argv` `__p___argc` `_set_fmode` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv` `__setusermatherr` `_set_app_type` `_seh_filter_exe` `_CrtDbgReportW` `_CrtDbgReport` `__stdio_common_vfprintf` `__acrt_iob_func` `_seh_filter_dll`
KERNEL32.dll	`HeapAlloc` `IsDebuggerPresent` `RaiseException` `MultiByteToWideChar` `WideCharToMultiByte` `QueryPerformanceCounter` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `TerminateProcess` `GetCurrentProcess` `GetProcAddress` `FreeLibrary` `VirtualQuery` `GetProcessHeap` `HeapFree` `GetCurrentThreadId` `GetLastError` `GetModuleHandleW` `IsProcessorFeaturePresent` `GetStartupInfoW` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `InitializeSListHead`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2025-Jul-16 21:03:57
Version	`0.0`
SizeofData	`107`
AddressOfRawData	`0x18a4c`
PointerToRawData	`0x784c`
Referenced File	C:\Users\Inquallity\xtraining\xtraining-re101\Track 01\track_01\Debug\track_01.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2025-Jul-16 21:03:57
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x18ab8`
PointerToRawData	`0x78b8`

TLS Callbacks

Load Configuration

Size	`0xc0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x41a040`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

XOR Key	`0x45c3bc0e`
Unmarked objects	`0`
Imports (35207)	`3`
C objects (35207)	`13`
C++ objects (35207)	`25`
Imports (33140)	`4`
Total imports	`68`
C objects (35211)	`1`
Resource objects (35211)	`1`
Linker (35211)	`1`

Errors

[*] Warning: Section .textbss has a size of 0!

Leave a comment

No comments yet.