Manalyzer :: 1d44ddbcef4ed32a1033418ef14d0c2a

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2006-Oct-24 13:49:36

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA`
Safe	VirusTotal score: 0/71 (Scanned on 2020-12-28 02:12:33)	`All the AVs think this file is safe.`

Hashes

MD5	`1d44ddbcef4ed32a1033418ef14d0c2a`
SHA1	`77e6c169b3e27ed8b446b6737a68746f59489316`
SHA256	`a2a16a0fad88de1b2f061ccb9f0fef8ecc3f3df377481dc46aa22257585428c2`
SHA3	`9765102da5e897f90bc27022c9b39de2ba372204b8d8308608381e7e06893cea`
SSDeep	`384:+fAQUHgIoRaTXES7q3HBmlTgQnSyCaMDfKNQ4uQKSu92iluoZC:UjQqoXEr3cnS7aMDNQwRluo`
Imports Hash	`76a40b6899789b5cf7475325b2a7dd49`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xc8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2006-Oct-24 13:49:36
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x5000`
SizeOfInitializedData	`0x4000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001C2D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x6000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xa000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`362f9a5cd9a4f257bb11394f0746db18`
SHA1	`15504eba16ac8c821d8c6e49a2a8b29c8d2b1ed4`
SHA256	`61bb5293f040058dacf67b9ad220ba27e3e533b48db518d824862f6e89cd19a4`
SHA3	`4e9700adf1428fefc4d6a92f0e07911912177c2e877212771eefdb0939076b9e`
VirtualSize	`0x4f96`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.58055`

.rdata

MD5	`8aee80751447473ad2f322f2b0975da0`
SHA1	`c6f0f85a7d697fec58d50abbc532803d6cbc6e5a`
SHA256	`a769ea7712f2961ffbae1142ae2c516e66d6d9b352d0d3919b0ed52cd3b68b5a`
SHA3	`91a2cae294414af3dd9bef2aa665cfe972764e962f46c4c1ee32b69dd0e55eb2`
VirtualSize	`0x9a8`
VirtualAddress	`0x6000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.69456`

.data

MD5	`2a8f4447f7a40e2cfd0c646a41c863a3`
SHA1	`aa527c1b8b2747553ca54ac4a6ee413e1100635c`
SHA256	`7630f962432ec068e90fa6b1b5f54698db7e54ec55409708758a84e41ea13e1a`
SHA3	`e32afaae687da48bc0e7108593ae5b02ca8df07e2668ad84c25453ca22635f9a`
VirtualSize	`0x2084`
VirtualAddress	`0x7000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.39394`

Imports

WinSCard.dll	`SCardEstablishContext` `SCardListReadersA` `SCardConnectA` `SCardTransmit` `SCardReleaseContext`
KERNEL32.dll	`WideCharToMultiByte` `GetStringTypeW` `GetStringTypeA` `LCMapStringW` `LCMapStringA` `MultiByteToWideChar` `GetCommandLineA` `GetVersion` `ExitProcess` `HeapFree` `GetLastError` `CloseHandle` `WriteFile` `SetHandleCount` `GetStdHandle` `GetFileType` `GetStartupInfoA` `ReadFile` `HeapAlloc` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `GetModuleFileNameA` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `GetEnvironmentStringsW` `HeapDestroy` `HeapCreate` `VirtualFree` `RtlUnwind` `VirtualAlloc` `HeapReAlloc` `SetStdHandle` `FlushFileBuffers` `SetFilePointer` `CreateFileA` `GetCPInfo` `GetACP` `GetOEMCP` `GetProcAddress` `LoadLibraryA` `SetEndOfFile`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xe3ad8252`
Unmarked objects	`0`
C++ objects (VS98 build 8168)	`1`
14 (7299)	`11`
Total imports	`49`
19 (8034)	`5`
C objects (VS98 build 8168)	`56`

Errors

<-- -->