Manalyze report for 1ba7dfdd6e63e33aaf6d6aa509c728f44ec96fdf08437d55eda37e951e1ab806

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1970-Jan-01 00:00:00

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0`
Suspicious	The PE is possibly packed.	`Unusual section name found: .xdata` `The PE only has 0 import(s).`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`834b8f9bffc2384d185cd22fd2196a48`
SHA1	`b888887e586787ee2261986cc8cca35a0335e786`
SHA256	`1ba7dfdd6e63e33aaf6d6aa509c728f44ec96fdf08437d55eda37e951e1ab806`
SHA3	`bd789b004ebbc6072a02c71fc49b40218115e6d547501c3104aa79113385fa70`
SSDeep	`96:hIkzNd/aYTerwzFph1pSClJ5cOkmV1PnxBIai0Truemb:qqaNEzFpLpSgfcOkmV1PnxBIai0Tru`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	1970-Jan-01 00:00:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`2.0`
SizeOfCode	`0x600`
SizeOfInitializedData	`0xe00`
SizeOfUninitializedData	`0x200`
AddressOfEntryPoint	`0x00000000000015A9 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x1c44b0000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x8000`
SizeOfHeaders	`0x400`
Checksum	`0xc54e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2562495f1c0d402862ece6ec8f0d145a`
SHA1	`5a8b74a3613a020ed825935ab5131e3d0f3cd825`
SHA256	`bb87acfb7b4f6205c732130c33b2696d79ccf0891650bc2f99bf789141f6377d`
SHA3	`7b0842c759ac48247b0da7583a1630738817870e16f9bf5d0f88a301392f459f`
VirtualSize	`0x5e0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.07548`

.rdata

MD5	`0abdfd099a1aa65c14d2a6c02e7fc332`
SHA1	`86d9304aabf47ff7cede3181780d5cdd52adbb69`
SHA256	`e6a401f467c74767ff15bd568a0209c2f12babe1e34a0d0176b2da81dba06a39`
SHA3	`5e6d4cf7115162918313e394d38ba6d2a0b70a022dd8801ea3591cc4c2b95a81`
VirtualSize	`0x120`
VirtualAddress	`0x2000`
SizeOfRawData	`0x200`
PointerToRawData	`0xa00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.49646`

.pdata

MD5	`4433ecd7c6fcc58ad577a740e6b08701`
SHA1	`3d33057e0250df9fdb43ca436f963ccdf1a2bb07`
SHA256	`4c924e0853fe4908bcc885b6b05e02d917bac8deabaef5734f035ffc6e5fadd4`
SHA3	`3024ceacf5d914ddc6bc93abc1964c60447685b9af71a2e260111c5bef0055ba`
VirtualSize	`0x6c`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.882372`

.xdata

MD5	`91018d3c8b2f4505cc6bdf821dbabc49`
SHA1	`c7860b536fed7343187a8a2d1eb622412e483b4b`
SHA256	`96d02795ab2f57b537cc84bca25146e7c728deecba273893d97e3a1e365228cd`
SHA3	`450848afe6972b9f1b98cda888a072c77d3a756ebdbef0159535514e590cf224`
VirtualSize	`0x68`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.30249`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x60`
VirtualAddress	`0x5000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.edata

MD5	`b063b81c145d1e61720b4948ba72bf5e`
SHA1	`377a3bc1304e2c812a2bce750f543f0fa1d91418`
SHA256	`c9e3c4aa457deca51b74e386775ed11af2ff9a2459265844e8eeb54290f529ad`
SHA3	`93af0499effc56bb0259230e2e8942740eb4d297504793876ca05948246da6c6`
VirtualSize	`0x587`
VirtualAddress	`0x6000`
SizeOfRawData	`0x600`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.81273`

.idata

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x14`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

Imports

Delayed Imports

GetFileVersionInfoA

Ordinal	`1`
Address	`0x60de`
ForwardName	`C:\\Windows\\System32\\version.GetFileVersionInfoA`

GetFileVersionInfoByHandle

Ordinal	`2`
Address	`0x6125`
ForwardName	`C:\\Windows\\System32\\version.GetFileVersionInfoByHandle`

GetFileVersionInfoExA

Ordinal	`3`
Address	`0x617a`
ForwardName	`C:\\Windows\\System32\\version.GetFileVersionInfoExA`

GetFileVersionInfoExW

Ordinal	`4`
Address	`0x61c5`
ForwardName	`C:\\Windows\\System32\\version.GetFileVersionInfoExW`

GetFileVersionInfoSizeA

Ordinal	`5`
Address	`0x6210`
ForwardName	`C:\\Windows\\System32\\version.GetFileVersionInfoSizeA`

GetFileVersionInfoSizeExA

Ordinal	`6`
Address	`0x625f`
ForwardName	`C:\\Windows\\System32\\version.GetFileVersionInfoSizeExA`

GetFileVersionInfoSizeExW

Ordinal	`7`
Address	`0x62b2`
ForwardName	`C:\\Windows\\System32\\version.GetFileVersionInfoSizeExW`

GetFileVersionInfoSizeW

Ordinal	`8`
Address	`0x6305`
ForwardName	`C:\\Windows\\System32\\version.GetFileVersionInfoSizeW`

GetFileVersionInfoW

Ordinal	`9`
Address	`0x6354`
ForwardName	`C:\\Windows\\System32\\version.GetFileVersionInfoW`

VerFindFileA

Ordinal	`10`
Address	`0x639b`
ForwardName	`C:\\Windows\\System32\\version.VerFindFileA`

VerFindFileW

Ordinal	`11`
Address	`0x63d4`
ForwardName	`C:\\Windows\\System32\\version.VerFindFileW`

VerInstallFileA

Ordinal	`12`
Address	`0x640d`
ForwardName	`C:\\Windows\\System32\\version.VerInstallFileA`

VerInstallFileW

Ordinal	`13`
Address	`0x644c`
ForwardName	`C:\\Windows\\System32\\version.VerInstallFileW`

VerLanguageNameA

Ordinal	`14`
Address	`0x648b`
ForwardName	`C:\\Windows\\System32\\version.VerLanguageNameA`

VerLanguageNameW

Ordinal	`15`
Address	`0x64cc`
ForwardName	`C:\\Windows\\System32\\version.VerLanguageNameW`

VerQueryValueA

Ordinal	`16`
Address	`0x650d`
ForwardName	`C:\\Windows\\System32\\version.VerQueryValueA`

VerQueryValueW

Ordinal	`17`
Address	`0x654a`
ForwardName	`C:\\Windows\\System32\\version.VerQueryValueW`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.