Manalyze report for 113c619abba72c371aa34f35b8d4513deaff7fef703bf5dbb36a36c27cebae84

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00
Detected languages	English - United States
Comments	Nueva generacion del STR
CompanyName	JSoft C.A.
FileDescription	Sistema para Tascas y Restaurantes
LegalCopyright	Copyright 2023 Javier Soques
ProductName	Sistema para Tascas y Restaurantes
ProductVersion	`0.1.0`

Plugin Output

Suspicious	PEiD Signature:	`UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX V2.00-V2.90 -> Markus Oberhumer & Laszlo Molnar & John Reiser` `UPX 2.00-3.0X -> Markus Oberhumer & Laszlo Molnar & John Reiser`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5` `Uses constants related to SHA256` `Uses constants related to SHA512`
Suspicious	The PE is packed with UPX	`Unusual section name found: UPX0` `Section UPX0 is both writable and executable.` `Unusual section name found: UPX1` `Section UPX1 is both writable and executable.` `The PE only has 4 import(s).`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`49ea3ed895b9f321911cfbe6a7315a29`
SHA1	`7667fa6a906cafeae17cf6007ecac898f877f5dd`
SHA256	`113c619abba72c371aa34f35b8d4513deaff7fef703bf5dbb36a36c27cebae84`
SHA3	`1db75dc1df83dcb2d02da1efe06c0275ed41092ed237c3122543e66a9a33b080`
SSDeep	`98304:WS/Ff4cs0/QqHy6E3NB9vBcSEDLxA/dR4JlNyF/:j/ycJ/QGy62uTxA/4fAF/`
Imports Hash	`6ed4f5f04d62b18d96b26d6db7c18840`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0x8b`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0xa30c00`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`3.0`
SizeOfCode	`0x3ef000`
SizeOfInitializedData	`0x6000`
SizeOfUninitializedData	`0x26a0000`
AddressOfEntryPoint	`0x02A8FD60 (Section: UPX1)`
BaseOfCode	`0x26a1000`
BaseOfData	`0x2a90000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.1`
ImageVersion	`1.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x2a96000`
SizeOfHeaders	`0x200`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

UPX0

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x26a0000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

UPX1

MD5	`432db1f4a4c66f1cad5bf0991095d7d1`
SHA1	`06f07683d3f6fbc17a8c5c422523f18f02e34251`
SHA256	`a873db967430dcc15121ce77b447a85d9d63026698d7b32ce4c7b40cd102c84f`
SHA3	`0b521d515e34cd0bc718e840d802edd9c73512935af8ef500f80198e57f8087c`
VirtualSize	`0x3ef000`
VirtualAddress	`0x26a1000`
SizeOfRawData	`0x3ef000`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.89544`

.rsrc

MD5	`95ae592b1eb77adfd566ecd05c59bdcd`
SHA1	`30e812e5ff92b40c82c6868c64067231cf86c3ab`
SHA256	`7e192d1d6d3f1aea4b7b72ba124c86b2b4c9f44bf91ee828ce9a7fd8dca30ce4`
SHA3	`e5645a98d14597a70d5ef61741052d32f6b33ff58b75cb13cf3d76fd818f3186`
VirtualSize	`0x6000`
VirtualAddress	`0x2a90000`
SizeOfRawData	`0x6000`
PointerToRawData	`0x3ef200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.79209`

Imports

KERNEL32.DLL	`LoadLibraryA` `ExitProcess` `GetProcAddress` `VirtualProtect`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x32bd`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92916`
Detected Filetype	PNG graphic file
MD5	`89b935a829f64f394d18dd0e4dfaec8f`
SHA1	`f68726d9f80b693d00fbfc3739c0bcda65da587b`
SHA256	`a78e64aede1b59db023b1a28d79e83295d631ec924ec6cedd464bb910d5712e7`
SHA3	`cbf3cfff7b09155e26feda0c45ab74e082463c558d43e18cfa603855c0003bc6`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xe8c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.87137`
Detected Filetype	PNG graphic file
MD5	`ebcb66f0b69f6de13609dcf172498f9b`
SHA1	`f1ee25a3a2bff2e24b8e65a127251cb8c4023216`
SHA256	`50dab62ecf5fe1878d541d97d6d41ab151c71225fc779a4ecf9734346cdb4ec8`
SHA3	`0dd5ac2ee28e34abd968f8512436d35b6eca883134e9862ec7d35552aacfb017`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x76e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.85856`
Detected Filetype	PNG graphic file
MD5	`75523a2c65aec147bcc5775ed0063549`
SHA1	`6f013cf7249ab0eaefb84ae2e99f4e280d515b79`
SHA256	`474fdeb47039d8b5b231f21ea53a93c07432eb37901fe3317d50520ab4dd8ede`
SHA3	`563bd62019843f8d1a9bbf26b73c200e5b93bede9a672b915e78d569f0ed03ca`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x58f`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.82071`
Detected Filetype	PNG graphic file
MD5	`a4d4f0c728c8499c75073f7bfb1786db`
SHA1	`1ffa2b8cb5527d85871f10f0416839b44e86820f`
SHA256	`86ae0552c19c267f32c6763b537cd29aa77410e84cbc4276beb55db30de0d9ee`
SHA3	`856c913176ea3cc146b3bf9733de69aacf6ccaaee9b79a6eef76ea0e55200777`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3dc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.68951`
Detected Filetype	PNG graphic file
MD5	`0039b0b0115d9bcb789aec1a337f6daf`
SHA1	`3ed63b16e89665923d51870a7b24daaecb62e0f3`
SHA256	`c6a5bd336cd40d8cf8ad3b97bcd96340958bd0527f5e3918b2dbe15df485dfec`
SHA3	`d27054a4c8eeb979ef27dca2aa1f4507e3485e9a825c53304da88ee371c703f6`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x225`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.52252`
Detected Filetype	PNG graphic file
MD5	`f32b6b9dd42e9027182c9ce063ba97c5`
SHA1	`83360dfc5a190f59c892f46ea78ecf3e22d1d1dc`
SHA256	`64ebac5a6fbe06ac4f22ad4dd88c3ba28c2a0e5edba3d7e4b93583bb26c5b2e3`
SHA3	`05ad14d2720db49cc21c185e255b636ccbe07679b4d61c7eba6eee6f50d96adb`

3 (#2)

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.57225`
Detected Filetype	Icon file
MD5	`c093e039838c8574fe3bcd5257b5e705`
SHA1	`0429d3915e99e6a1851258d63ece1fef848df584`
SHA256	`1f09e6f4310907c119e8ed3c0d1ce69c067d092f36a39a3e8c9e156da553f56e`
SHA3	`a6d7fefa4b3f934c974ace4caf0a8ca46aed853e902ee5f52db9e0d97653c329`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.28688`
MD5	`590fb6bb9c611323f6bd5112c0338ca4`
SHA1	`f469d731cbfd8f67dd53056b3312ef96f7822745`
SHA256	`ccac76cf63293b8eb0aded79527b28185c86e4462e8d0b4823a010ec641c6833`
SHA3	`394d6fb3894ef95fb0a4f621a26c33b9fb038a1f0d6889f0cdbc7ff60434dc2a`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.22606`
MD5	`d987d03aae1a47d31f4b11100ef30f78`
SHA1	`15f12e7bf3e022fed3a28cbb007b3e8e5debf8fa`
SHA256	`2e4b68b9299eea841256a9dcd32092fd7552830315e2a0ea9ab76272fbc15a41`
SHA3	`e5a3c34704053ab91eda192f8d75d78cd56451695541af9e6ecde9437443a285`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	0.1.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Nueva generacion del STR
CompanyName	JSoft C.A.
FileDescription	Sistema para Tascas y Restaurantes
LegalCopyright	Copyright 2023 Javier Soques
ProductName	Sistema para Tascas y Restaurantes
ProductVersion (#2)	0.1.0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section UPX0 has a size of 0!

Leave a comment

No comments yet.