Manalyze report for 0f69527de6fb5a6fc41cb8e7ff6df960

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2008-Mar-19 21:26:15
Detected languages	English - United States
Debug artifacts	c:\users\cpeterson\desktop\uaclaunch\release\UACLaunch.pdb

Plugin Output

Info	Matching compiler(s):	`MSVC++ v.8 (procedure 1 recognized - h)`
Malicious	The PE contains functions mostly used by malware.	`Possibly launches other programs: ShellExecuteW` `Functions related to the privilege level: OpenProcessToken`
Suspicious	VirusTotal score: 1/68 (Scanned on 2019-03-15 02:15:10)	`ClamAV: Win.Trojan.Agent-5614803-0`

Hashes

MD5	`0f69527de6fb5a6fc41cb8e7ff6df960`
SHA1	`1559492cb796c1c6a02a443dfa1a0d1b261d152d`
SHA256	`5319edcef615628a09f4a6b0c98713af0c95750fb03d1561dbd4e212be1dd45d`
SHA3	`a01c22f86b2151a51e572f5f8f36906372bd24d2a71e1082b884df33f30dafc9`
SSDeep	`192:ApyZwFN8CGkR5i+tzpDsd5f1In+suAONDDia24IeSnMTcpOOSVqUkTpDE:jsY43tlDszNIn+srON/ijnMTpOSu1E`
Imports Hash	`dd9ffa807667cae2941178415864c3b9`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2008-Mar-19 21:26:15
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`8.0`
SizeOfCode	`0x1a00`
SizeOfInitializedData	`0x1800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002214 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x7000`
SizeOfHeaders	`0x400`
Checksum	`0x11704`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`49284c1cd571869ee0570064f86ad461`
SHA1	`6db5256ebc7ace65ee52095c98bd0b1f558210cd`
SHA256	`dfb7c099b2aeb0d86695a79124ba0be8d4bdf8cba4c3550c487fe4c4e63a1e08`
SHA3	`65d38a7befa575348683fbc0c8c720e506cc17ebb605e6de16e26f94f821d31d`
VirtualSize	`0x19b8`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.0981`

.rdata

MD5	`8fb163c84589a610daac0e3bb34db7fb`
SHA1	`f96d441a5915d1dc3c3de0612ab20d1e12fcd7cd`
SHA256	`df1a0fc46d92cde6cb6f14a1d11d11c34fcc712912406ff79349028ef0b3e8ab`
SHA3	`03d426477d95d8b0310c1116f90537c80f470a7ed129bea71d810d031d2a748f`
VirtualSize	`0x13e2`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.77529`

.data

MD5	`0262f9a23dfee69f3e0e5218ccaede4a`
SHA1	`f20fe717a55cf923b8bfef299ca1e9435a981ca1`
SHA256	`53f7bea4ec3c395ef508274f8c61eeba07110e0ecc72d421679896c41590e313`
SHA3	`bcae63de67b2e9b2ca3ca7a5120135da43013c1f21d31aac3340e06413d2be9d`
VirtualSize	`0x3c8`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.09903`

.rsrc

MD5	`44c356767879ca79354af54d08a8717b`
SHA1	`aaa8a9a96b48bd5fe37464fad20a8beaa9b93fdb`
SHA256	`c5a96bab26f02579b886bfdc2edae68f9871ac45c0a3461f2f7314ecaa9e584e`
SHA3	`e7bf84ed13b9349f46399a0374c22c56e3c2ae0b0b9b4d6a545f607213bf8338`
VirtualSize	`0x1ac`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.28848`

Imports

SHELL32.dll	`CommandLineToArgvW` `ShellExecuteW`
KERNEL32.dll	`InterlockedDecrement` `GetCurrentProcess` `Sleep` `GetCurrentProcessId` `GetCommandLineW` `GetCurrentThreadId` `GetTickCount` `GetSystemTimeAsFileTime` `CloseHandle` `SetUnhandledExceptionFilter` `QueryPerformanceCounter` `IsDebuggerPresent` `GetProcessHeap` `UnhandledExceptionFilter` `TerminateProcess` `GetStartupInfoA` `InterlockedCompareExchange` `InterlockedExchange` `HeapFree`
USER32.dll	`wsprintfW`
ADVAPI32.dll	`GetTokenInformation` `OpenProcessToken`
ole32.dll	`CoInitializeEx` `CoCreateInstance` `CoUninitialize` `CoInitializeSecurity`
OLEAUT32.dll	`#6` `#150` `#2` `#149` `#9` `#8`
MSVCP80.dll	`??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z` `??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ` `??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z` `??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z`
MSVCR80.dll	`_XcptFilter` `rand` `srand` `_time64` `??3@YAXPAX@Z` `??2@YAPAXI@Z` `printf` `_CxxThrowException` `_amsg_exit` `__getmainargs` `_cexit` `_exit` `__CxxFrameHandler3` `_ismbblead` `exit` `_acmdln` `_initterm` `_initterm_e` `_configthreadlocale` `__setusermatherr` `_adjust_fdiv` `__p__commode` `__p__fmode` `_encode_pointer` `__set_app_type` `_except_handler4_common` `_crt_debugger_hook` `?terminate@@YAXXZ` `_unlock` `__dllonexit` `_lock` `_onexit` `_decode_pointer` `_invoke_watson` `_controlfp_s` `?_type_info_dtor_internal_method@type_info@@QAEXXZ`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x154`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.08566`
MD5	`0549a01545d67cc0c9486e96436c4e65`
SHA1	`8d7059bae0f1a3c56ff430415e059f6b74bc53df`
SHA256	`4c7c973b7c4a6d704375147c6853e9031ad06434836858820a611d2032b4e85a`
SHA3	`4e4e1e13230a3ebe9e95b7c033a42396ccb7bd61d426190a67945bdfcc59e406`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2008-Mar-19 21:26:15
Version	`0.0`
SizeofData	`83`
AddressOfRawData	`0x3910`
PointerToRawData	`0x2710`
Referenced File	c:\users\cpeterson\desktop\uaclaunch\release\UACLaunch.pdb

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x405038`
SEHandlerTable	`0x403a00`
SEHandlerCount	`3`

RICH Header

XOR Key	`0x17d47bcb`
Unmarked objects	`0`
126 (50327)	`1`
ASM objects (VS2012 build 50727 / VS2005 build 50727)	`4`
C++ objects (VS2012 build 50727 / VS2005 build 50727)	`8`
Total imports	`83`
Imports (VS2012 build 50727 / VS2005 build 50727)	`17`
C objects (VS2012 build 50727 / VS2005 build 50727)	`22`
114 (VS2012 build 50727 / VS2005 build 50727)	`1`
Linker (VS2012 build 50727 / VS2005 build 50727)	`1`

0f69527de6fb5a6fc41cb8e7ff6df960

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors