Manalyze report for 1a985147e4ab082a3f4da52a27525aa4

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2012-May-14 23:00:51
TLS Callbacks	2 callback(s) detected.

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Changes object ACLs: SetNamedSecurityInfoW`
Safe	VirusTotal score: 0/73 (Scanned on 2019-05-11 03:58:16)	`All the AVs think this file is safe.`

Hashes

MD5	`1a985147e4ab082a3f4da52a27525aa4`
SHA1	`2899fd61842ba03b7527728774d2e64491b66251`
SHA256	`03e7fc4b59ef56723f33c3531c292288051670a34112c1f8c896b0309fe8df78`
SHA3	`e061dca7766167ba7e4c3f10c78dc2322906e1ad0642f4d7a4c9d70fa8359972`
SSDeep	`384:c8enyH3Ghd+HM79DNSh75ECRUAeDDTt/NGJ/ZWvYR8LOdwPjwhYY1DRB7MZRhSc:gFHih759RmhEboYR8aTtBIdCkU7`
Imports Hash	`52e767394a394cd83ca527afb3ddeffe`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`9`
TimeDateStamp	2012-May-14 23:00:51
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x5600`
SizeOfInitializedData	`0x2800`
SizeOfUninitializedData	`0xa00`
AddressOfEntryPoint	`0x0000000000001530 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0xf000`
SizeOfHeaders	`0x400`
Checksum	`0xe388`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e3d96a497caeea09d0f2a324078be594`
SHA1	`91b67bd4c19a87057c5c81661d48c014a436c4d5`
SHA256	`0e8a599b622426abcf86cea5973b4a2814f6c70a629c03f81e0580f3feac02c6`
SHA3	`b5abf42d44822838563e1df00e4a08365d1938e0c15b267446c214ee55eefd5d`
VirtualSize	`0x54a0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.02673`

.data

MD5	`86c5a14c44e58db75ec80873d17b4ba0`
SHA1	`29464afa80699f6207fb09c902e8a01975a0b1b4`
SHA256	`889bc9c7c8caffaf8d9bfaa11e33ba101d398116eabd1f51ccbf5f4c9c9dc77d`
SHA3	`8432b20057a48a9455853ee4e5fe65249f5cf2edf14d66d5566cbb5e4030942f`
VirtualSize	`0x80`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.636744`

.rdata

MD5	`13dafb57c8ebeac01dc316f469b87d56`
SHA1	`bc9fa58ef725f1c5e58e2db3d6a1767a7424c85c`
SHA256	`519d841bb0c8a921566418e96cbc2ec76156d05c01d7d741025ba2b2ea46f35b`
SHA3	`ba3aef5721982436b7f9fcef32390a53eaf950d1585d04d0e3c1a48e2120feb8`
VirtualSize	`0xac0`
VirtualAddress	`0x8000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x5c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.471`

.pdata

MD5	`6a3c175f5fcc118f308f87eb19afa648`
SHA1	`faaddeaff24aa2fcda7453e0044ce2b4b0fe0aa2`
SHA256	`f644f81918844f261bb97ed2a8322cbe5c3defc4b9c42fc5223be81b797e4f24`
SHA3	`3e1bfd6932f7ce2ce46c77b708f453654f5ad0d49f8634a04102da433425ab48`
VirtualSize	`0x3cc`
VirtualAddress	`0x9000`
SizeOfRawData	`0x400`
PointerToRawData	`0x6800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.94505`

.xdata

MD5	`a88de21247c7ce362796737745e90e7e`
SHA1	`d1f6c70bb1b05ad94346ceacf213599e5ca4a2ce`
SHA256	`ad6a7d98c7f1118f6371651314662e4717f88bd42456d3ddb7bce1ef0b4a4873`
SHA3	`3673cf3fcd62193b350cfdf21271f66497b2dc2ccc38e1a7ad4ff793457f4b4e`
VirtualSize	`0x3cc`
VirtualAddress	`0xa000`
SizeOfRawData	`0x400`
PointerToRawData	`0x6c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.14213`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x9e0`
VirtualAddress	`0xb000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`fac53ee0587b7104be7fe0c531e790b4`
SHA1	`c80c105ee511809f4a6da641c51a9e3fb97475a9`
SHA256	`3b58d29c37a9e872c0076ae3cfa3c61d80e7f6165310a72eed24650cb21eadaa`
SHA3	`f158196e61b6db1a89c18d17c8b1619dc91534634a9f3b0461b7fe8d49554183`
VirtualSize	`0xcec`
VirtualAddress	`0xc000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.00744`

.CRT

MD5	`af82bac555a92d8af193465e18002822`
SHA1	`075588e112cbc72cdd896f4017927ab87c7ea4f6`
SHA256	`fbeac63ce7700e75314229d48fea26707899f2a1299b0ffa05cd7fc1e26e4b5d`
SHA3	`aecc9f1932792ff4e477b94d474d84325df44861917c3f91dbf518cacc6aac91`
VirtualSize	`0x68`
VirtualAddress	`0xd000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.269445`

.tls

MD5	`afb4a111f85adf566145c36f40df1c4f`
SHA1	`e3fcf847a2025b5d42a5851d045c4fe5e5404063`
SHA256	`9da2a2fd448b260a473da971d2be371feb34fa8d583c5f999af68467086e2bf8`
SHA3	`c493d9ea1e8eaf973b3cefdea4f115d3c858d3f4bf34ace930ef233d5cae2507`
VirtualSize	`0x48`
VirtualAddress	`0xe000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.21777`

Imports

ADVAPI32.dll	`AdjustTokenPrivileges` `GetTokenInformation` `LookupPrivilegeValueW` `OpenProcessToken` `SetEntriesInAclW` `SetNamedSecurityInfoW`
KERNEL32.dll	`CloseHandle` `CreateFileW` `DeleteCriticalSection` `DeleteFileW` `EnterCriticalSection` `FindClose` `FindFirstFileExW` `FindNextFileW` `GetCurrentProcess` `GetCurrentProcessId` `GetCurrentThreadId` `GetFileAttributesExW` `GetFileAttributesW` `GetFileInformationByHandle` `GetLastError` `GetModuleHandleA` `GetProcAddress` `GetStartupInfoA` `GetSystemTimeAsFileTime` `GetTickCount` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryA` `LocalAlloc` `LocalFree` `QueryPerformanceCounter` `RemoveDirectoryW` `RtlAddFunctionTable` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetFileAttributesW` `SetUnhandledExceptionFilter` `Sleep` `TerminateProcess` `TlsGetValue` `UnhandledExceptionFilter` `VirtualProtect` `VirtualQuery`
msvcrt.dll	`__C_specific_handler` `__dllonexit` `__getmainargs` `__initenv` `__iob_func` `__lconv_init` `__set_app_type` `__setusermatherr` `__wgetmainargs` `_acmdln` `_amsg_exit` `_cexit` `_fmode` `_initterm` `_lock` `_onexit` `_snwprintf` `_unlock` `abort` `calloc` `exit` `fprintf` `free` `fwprintf` `fwrite` `malloc` `memcpy` `memmove` `realloc` `signal` `strlen` `strncmp` `vfprintf` `wcschr` `wcscmp` `wcslen` `wcsncpy` `wcsrchr` `wprintf`
SHELL32.dll	`SHFileOperationW`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x40e041`
EndAddressOfRawData	`0x40e044`
AddressOfIndex	`0x40b06c`
AddressOfCallbacks	`0x40d040`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x0000000000404F20` `0x0000000000404EF0`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!