Manalyze report for 1a1a719a59de550d811ef88dd7cde2233c18bbc76b33e4dedcd23c45a5dabe79

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2020-Aug-04 23:55:23
Detected languages	English - United States
Debug artifacts	C:\multi-runner\builds\92d31d76\0\pdi\msi\src\luttest\Release\LutTest.pdb
CompanyName	Portrait Displays
FileDescription	LutTest 3D LUT loading tool
FileVersion	`4.1.3.0`
InternalName	LutTest.exe
LegalCopyright	(c) 1993-2020 Portrait Displays, Inc. All rights reserved.
OriginalFilename	LutTest.exe
ProductName	LutTest
ProductVersion	`4.1.3.0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Suspicious	Strings found in the binary may indicate undesirable behavior:	`Accesses the WMI: ROOT\CIMV2`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegCloseKey RegQueryInfoKeyW RegCreateKeyExA RegEnumKeyExW RegSetValueExW RegSetValueExA RegOpenKeyExA RegEnumValueW RegQueryValueExW RegOpenKeyExW`
Info	The PE is digitally signed.	`Signer: PORTRAIT DISPLAYS` `Issuer: Symantec Class 3 SHA256 Code Signing CA`
Safe	VirusTotal score: 0/72 (Scanned on 2022-12-25 11:15:43)	`All the AVs think this file is safe.`

Hashes

MD5	`8d479e76e8c58b14ef2dc7e82cf444c7`
SHA1	`98b7949f1c854b9a38acf55a7448d7b1a78943da`
SHA256	`1a1a719a59de550d811ef88dd7cde2233c18bbc76b33e4dedcd23c45a5dabe79`
SHA3	`2122b88628e43d9c502b647eb6182dd78e9ec1573fa7cdfb3b9c733fb764a482`
SSDeep	`6144:Aog2uDBz35SSapYCXC1nVzDAOhp7QEJlol:AZ2uDR35DauCy1VPvp5lol`
Imports Hash	`d8516d7834d65b1d53a07f7ce811d16c`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2020-Aug-04 23:55:23
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x31a00`
SizeOfInitializedData	`0x1aa00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00011774 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x33000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x51000`
SizeOfHeaders	`0x400`
Checksum	`0x4c30c`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`9e6dd0d43a4debf9dc5e33c07991e5c2`
SHA1	`c8f723048aac6cde0fbb6f410013a0a4bd25295c`
SHA256	`8078943a83c29a9fcd5673769aadc7e3e8b9a80b59deff895831f3253ef2ea74`
SHA3	`98ead503d23c2ab96ee90cb6acca1749c067e5262998df6ff9512264571be1e8`
VirtualSize	`0x3194c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x31a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.634`

.rdata

MD5	`61dc4f8338eaa11e1959fb6455f6845b`
SHA1	`a4851fe13fb8130c9d76dedd0c67b3ffc913edaa`
SHA256	`fcad7284f41c2bf39dd489a791d26bb1fec01b48ff95a31557e8bf573b54840c`
SHA3	`cc9a38e252f6502eda57d5d567e7d4bf7ba57ddd2a59157c1c4c1d3bb7f68e6a`
VirtualSize	`0x10512`
VirtualAddress	`0x33000`
SizeOfRawData	`0x10600`
PointerToRawData	`0x31e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.51294`

.data

MD5	`bca83be91f03d61996f5e725a189514a`
SHA1	`27d7c675fcfe4de638b48ee08e32d5c358a2404c`
SHA256	`ce683b1fe3ed18e7d187a66630f7b4c83008f20d3dfabe7db3794bdbbff88c10`
SHA3	`cf24281fcb3c87e49eacb94dce65946dec8c192fd8779cc1ad9d8d7d68327b5f`
VirtualSize	`0x6b00`
VirtualAddress	`0x44000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x42400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.24698`

.gfids

MD5	`e6e6083b91e87d712a6312c18f386520`
SHA1	`cbb110be2bc8d4f396c471696c4dd99c392c3d88`
SHA256	`bd8425e284a0c6b2d5dfd5ada8936be641ddb402f89ed85c64474f838c36c36f`
SHA3	`e7579a85cbbd427fb2bb40b598a921494eda2067622a9f648b016d279d97c8ad`
VirtualSize	`0x270`
VirtualAddress	`0x4b000`
SizeOfRawData	`0x400`
PointerToRawData	`0x43600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.60165`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0x4c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x43a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.rsrc

MD5	`e10e34645e71a77ee3d2c54d31a8aee3`
SHA1	`50acd783b7457c27ac04b4cb5eedd7e185b9e397`
SHA256	`5a6e9756ab73423dfcf66fb2d63553bb4226d8fda71a588d57bc575150ef0f91`
SHA3	`64810c2e669db45b8fddb298fa48ad3a6da41c82728463092e9361c28e6bd514`
VirtualSize	`0x548`
VirtualAddress	`0x4d000`
SizeOfRawData	`0x600`
PointerToRawData	`0x43c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.81978`

.reloc

MD5	`83194f28210d49dcc86c76c97e913aec`
SHA1	`905915d1c72ff08a7e53a52a01a2b2fc5ace795e`
SHA256	`32bf0e18ee18ea62a7cce214db909bfb85ecf51bb101db486ae4cf1b39981558`
SHA3	`786de4dc26e8a40ec59ecac88f6377216d1e9dd22297a924cdcf1b0e2f4e9a97`
VirtualSize	`0x2a50`
VirtualAddress	`0x4e000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x44200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.52162`

Imports

KERNEL32.dll	`WriteConsoleW` `ReadConsoleW` `HeapSize` `SetEndOfFile` `GetLastError` `CreateFileW` `SetStdHandle` `SetEnvironmentVariableA` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetOEMCP` `IsValidCodePage` `WideCharToMultiByte` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `EncodePointer` `DecodePointer` `MultiByteToWideChar` `SetLastError` `InitializeCriticalSectionAndSpinCount` `CreateEventW` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetSystemTimeAsFileTime` `GetModuleHandleW` `GetProcAddress` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `GetStringTypeW` `GetCPInfo` `LocalFree` `CloseHandle` `SetEvent` `ResetEvent` `WaitForSingleObjectEx` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `InitializeSListHead` `RtlUnwind` `RaiseException` `FreeLibrary` `LoadLibraryExW` `ExitProcess` `GetModuleHandleExW` `HeapAlloc` `HeapReAlloc` `HeapFree` `GetModuleFileNameA` `GetStdHandle` `WriteFile` `GetCommandLineA` `GetCommandLineW` `GetACP` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `GetFileType` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `ReadFile` `SetFilePointerEx` `GetProcessHeap` `FindClose` `FindFirstFileExA` `FindNextFileA`
USER32.dll	`wsprintfW` `EnumDisplayDevicesA` `wsprintfA`
ADVAPI32.dll	`RegCloseKey` `RegQueryInfoKeyW` `RegCreateKeyExA` `RegEnumKeyExW` `RegSetValueExW` `RegSetValueExA` `RegOpenKeyExA` `RegEnumValueW` `RegQueryValueExW` `RegOpenKeyExW`
ole32.dll	`CoCreateInstance` `CLSIDFromProgID` `CoSetProxyBlanket` `CoInitialize` `CoUninitialize`
OLEAUT32.dll	`SysFreeString` `SysAllocString` `VariantClear` `GetErrorInfo`

Delayed Imports

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x328`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44677`
MD5	`0792d4e170e3ee81fbe3ca8d13d5a7b5`
SHA1	`1c8ff7f05051eec7c570be552e27c482c9f568f0`
SHA256	`4e0b7ef4f0ecfac78f37b2a6017e400e9a93990182c67fabff5ff51aa6b8e087`
SHA3	`cfd14e0ee7fe2ff48825306e461beb9c365e480874ec590e540f3932a73e9e74`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	4.1.3.0
ProductVersion	4.1.3.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Portrait Displays
FileDescription	LutTest 3D LUT loading tool
FileVersion (#2)	4.1.3.0
InternalName	LutTest.exe
LegalCopyright	(c) 1993-2020 Portrait Displays, Inc. All rights reserved.
OriginalFilename	LutTest.exe
ProductName	LutTest
ProductVersion (#2)	4.1.3.0

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Aug-04 23:55:23
Version	`0.0`
SizeofData	`98`
AddressOfRawData	`0x40e20`
PointerToRawData	`0x3fc20`
Referenced File	C:\multi-runner\builds\92d31d76\0\pdi\msi\src\luttest\Release\LutTest.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2020-Aug-04 23:55:23
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x40e84`
PointerToRawData	`0x3fc84`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2020-Aug-04 23:55:23
Version	`0.0`
SizeofData	`960`
AddressOfRawData	`0x40e98`
PointerToRawData	`0x3fc98`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2020-Aug-04 23:55:23
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x44c000`
EndAddressOfRawData	`0x44c008`
AddressOfIndex	`0x44560c`
AddressOfCallbacks	`0x4331fc`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x444084`
SEHandlerTable	`0x440d20`
SEHandlerCount	`64`

RICH Header

XOR Key	`0x475450f5`
Unmarked objects	`0`
241 (40116)	`14`
243 (40116)	`150`
242 (40116)	`29`
ASM objects (VS2015 UPD3 build 24123)	`22`
208 (65501)	`1`
C++ objects (VS2015 UPD3 build 24123)	`63`
C objects (VS2015 UPD3 build 24123)	`34`
Imports (65501)	`13`
Total imports	`125`
C++ objects (LTCG) (VS2015 UPD3 build 24210)	`4`
Resource objects (VS2015 UPD3 build 24210)	`1`
151	`1`
Linker (VS2015 UPD3 build 24210)	`1`

Errors

Leave a comment

No comments yet.