Manalyze report for 1d91adcf1168c32201db6376e9a8e8a8

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Jun-26 14:06:45
Detected languages	English - United States

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`The PE only has 7 import(s).`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`1d91adcf1168c32201db6376e9a8e8a8`
SHA1	`d6721d8b4c6c90fc041362b45748daac695ab5f4`
SHA256	`15ef0a1d45c7e02a8963f3c1917e957a657938c6f0e1b70ebfebc41f62533395`
SHA3	`cab2fc38265eb950ca61d485f6ba3571a97f24ee00fb775b2d80bd2099be7fff`
SSDeep	`6144:0c+iEDfMcdu7UFImUuSgYwUE7LjXkkMHL6HgdcetJcC/fGAwjDfLXRox68dXx:0pDf6KIKSgYwUMYkAdcetJcCXvwjDry`
Imports Hash	`da2dcae38cb7d5fb4bb2e12742d74cfd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2018-Jun-26 14:06:45
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x1000`
SizeOfInitializedData	`0x4d600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000016AD (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x2000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x53000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3a70ca817d9aec6e31d062bad6393ad5`
SHA1	`7417540f039bed842e87f403c009e67e7d89180b`
SHA256	`7730f7a3850878d391b75ae62de81e3abebc44aa7734e4837d2610a576dc4cf2`
SHA3	`ddef03bad2eb8c4bfe437d9433721586a9f5e25371f06fb737bcfff0b929e20e`
VirtualSize	`0xf5a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.40688`

.rdata

MD5	`ff341affec3b30c699dc9ae88dbff2de`
SHA1	`e420af7a64a6d8afd6045a75cbe989d9f8656528`
SHA256	`e86b5e93acb698d610df5e41b9e12c6ff8d6520405f2548ed7fce750e4755f46`
SHA3	`6e2bc4577c4dfc937e1fa27665e5d63088b8848b08e567cf8ec01d312cc22431`
VirtualSize	`0x4c164`
VirtualAddress	`0x2000`
SizeOfRawData	`0x4c200`
PointerToRawData	`0x2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.99912`

.data

MD5	`96718e72185ac37f8b2bc5a1bd049f1a`
SHA1	`9f399388906d4ecfa6ccc68aad884f59e3ba7e4d`
SHA256	`0df7dd1743ba70e0890c0e0dc81ab5d75b331d02c1338a8001b9234e82429e6b`
SHA3	`fd1735f9528646b0fdb2c40ad4b16d1e000d8158098799c241a9a11433905b3f`
VirtualSize	`0xe50`
VirtualAddress	`0x4f000`
SizeOfRawData	`0xe50`
PointerToRawData	`0x4f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.15392`

.rsrc

MD5	`ff3791ff3353a1cb142916deda2fa7fc`
SHA1	`51a3dc0af940e0d88ae9fa45f5bf5047809e3e15`
SHA256	`fc0b6527b92364591c0ff705e4e5d8a54f6b9664b7ec29a8259f7198803feba8`
SHA3	`14c637239214f541c2904cdf03caecafd5ec3d40c441a5d6ced0056d680c37cc`
VirtualSize	`0x1e0`
VirtualAddress	`0x50000`
SizeOfRawData	`0x200`
PointerToRawData	`0x50000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7015`

.reloc

MD5	`c863644fb93c8ac805845b2818d8343f`
SHA1	`c4ca5a4ecb2a9c25e8727f9f22744fe9b99e34a8`
SHA256	`aafcf262c0b8490e85469f753224f0388ef84b185c1a417aebe56a6716319168`
SHA3	`7991a40cc882cca0e5291c8c8bad932cf99431e1df4a2529e44e7c65a099b405`
VirtualSize	`0x2000`
VirtualAddress	`0x51000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x51000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.200921`

Imports

KERNEL32.dll	`HeapAlloc` `HeapFree` `GetProcessHeap` `FreeLibrary` `LoadLibraryA` `ExitProcess` `GetTickCount`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2018-Jun-26 14:06:45
Version	`0.0`
SizeofData	`236`
AddressOfRawData	`0x4dfbc`
PointerToRawData	`0x4d3bc`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xc08e780d`
Unmarked objects	`0`
Imports (VS2017 v15.?.? build 25203)	`3`
Total imports	`8`
C++ objects (VS2017 v15.6.6 compiler 26131)	`11`
Resource objects (VS2017 v15.6.6 compiler 26131)	`1`
Linker (VS2017 v15.6.6 compiler 26131)	`1`

1d91adcf1168c32201db6376e9a8e8a8

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_POGO

TLS Callbacks

Load Configuration

RICH Header

Errors