Manalyze report for 251a550906dc561784af73cffab05ad8

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2020-Aug-08 17:42:47
Detected languages	English - United States
Debug artifacts	D:\STEAM\SRC\KittyHawk\Output_Binaries\x64\Release\SimConnect\SimConnect.pdb

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0` `MASM/TASM - sig1(h)`
Suspicious	The PE contains functions most legitimate programs don't use.	`Can access the registry: RegOpenKeyExA RegCloseKey RegQueryValueExA` `Leverages the raw socket API to access the Internet: getsockopt shutdown WSAStartup WSACleanup WSAGetLastError WSARecv WSASend getaddrinfo closesocket freeaddrinfo connect setsockopt socket`
Safe	VirusTotal score: 0/70 (Scanned on 2023-01-21 14:49:43)	`All the AVs think this file is safe.`

Hashes

MD5	`251a550906dc561784af73cffab05ad8`
SHA1	`b77e5ebf498c9af03793214665a41f153691c0ee`
SHA256	`59be35b922e61240de81cdf61135d51185b5f1df34339e00b2cac54138289864`
SHA3	`6a9ebdd6aa1c7591344c4967623df1766d51dab6e339adc7271d080523b079d1`
SSDeep	`768:K0d8fR/ilaZ6APhT+T3Dbn89VK45gVqVlVJXMxqYqcZLbE:HwRJPwFVqnrMFqcZL`
Imports Hash	`2e5fd73b89c1241b975c64b42bbb9091`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2020-Aug-08 17:42:47
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x9e00`
SizeOfInitializedData	`0x4400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000A080 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x13000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`e93bb8c358199b256227b7f6b38e1a60`
SHA1	`c15d9b5e6b3e8a7f6c7e545029ecca38f90f37eb`
SHA256	`90cc10c3d42cbffa54518d997e385209e12b0aac179cfd614ca367d531194322`
SHA3	`c0ce16e0f431f45a981e18583ef5a8e1ed2c985932c0c3fe093b230df1949fb7`
VirtualSize	`0x9c7d`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.07589`

.rdata

MD5	`61a224c76d5de45954bc40caf50c5c3d`
SHA1	`73a1c6d4dbbbd3e160be5163cbbc207a9a0518f5`
SHA256	`9a47704e6a1a048943fb5b04ea818be627f70ae6e45d68bd9e38d196342e5dae`
SHA3	`5189f82488766a99f9d3a2db6a01fcd8037f0c91e524769238785f574e925139`
VirtualSize	`0x302e`
VirtualAddress	`0xb000`
SizeOfRawData	`0x3200`
PointerToRawData	`0xa200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.79257`

.data

MD5	`41e597e9e523e96353e23c57563308e5`
SHA1	`5ab6d52ae59dd2ebc7f47a7ba3c1369dfc7f373c`
SHA256	`8e9fc4ec4eeb603abbe77bcd9713a82017960b487b00c0a255725095adf661fb`
SHA3	`5f6b8559325bb28840e68d97ab71fb875f9518fbd5ef2bd2e6172b7d09bbe623`
VirtualSize	`0x230`
VirtualAddress	`0xf000`
SizeOfRawData	`0x200`
PointerToRawData	`0xd400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.50685`

.pdata

MD5	`15cf17599e2b912c5bf797c2a1473374`
SHA1	`5a93971bc3eab636f27c4fc7ef8708a42261beb3`
SHA256	`f4ced4add37348a71df4ed4b8b79576e807e1c705207e4bfba99f5bd47ba2b54`
SHA3	`aeab92a3bd063434f4967814a507f8c062ad980e920b56d0f8d3bf90d7d86786`
VirtualSize	`0x9f0`
VirtualAddress	`0x10000`
SizeOfRawData	`0xa00`
PointerToRawData	`0xd600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.47597`

.rsrc

MD5	`bba64ad9f58f2c284d68a8ad15f6cee3`
SHA1	`d69a1ead01d0eb52ad677b9ae29e5d4cd1375530`
SHA256	`f96fe1716ac037d0ae18926f8869dcbc671746523d6e65346389af685f62cf9c`
SHA3	`58d8eafbde7a18bcce1b3c78d0b6f097a84cf6d07b42b1c4111073370b2f9edf`
VirtualSize	`0x1e0`
VirtualAddress	`0x11000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.71768`

.reloc

MD5	`00f1c23a04b0bb34844c2e6b795d2d78`
SHA1	`c23ea8c707ac2dd52c1c75c3fb1216b908bf2604`
SHA256	`0fdfd44cc7bef597a15aa1df577218dce3aecd32e905ad1b167a37639a3bd380`
SHA3	`dab2774b409d029b806a75cdda53f30c678f58f66305b491532b21fdcbf53058`
VirtualSize	`0x54`
VirtualAddress	`0x12000`
SizeOfRawData	`0x200`
PointerToRawData	`0xe200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`1.15965`

Imports

WS2_32.dll	`getsockopt` `shutdown` `WSAStartup` `WSACleanup` `WSAGetLastError` `WSARecv` `WSASend` `getaddrinfo` `closesocket` `freeaddrinfo` `connect` `setsockopt` `socket`
SHLWAPI.dll	`PathCombineA`
USER32.dll	`GetWindowThreadProcessId` `PostMessageA`
ADVAPI32.dll	`RegOpenKeyExA` `RegCloseKey` `RegQueryValueExA`
SHELL32.dll	`SHGetFolderPathA`
KERNEL32.dll	`UnhandledExceptionFilter` `IsDebuggerPresent` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `InitializeSListHead` `DisableThreadLibraryCalls` `SetUnhandledExceptionFilter` `GetCurrentThreadId` `lstrcmpiA` `QueryPerformanceFrequency` `QueryPerformanceCounter` `BindIoCompletionCallback` `IsProcessorFeaturePresent` `GetSystemTimeAsFileTime` `WaitNamedPipeA` `GetPrivateProfileSectionA` `ReadFile` `WriteFile` `CloseHandle` `GetLastError` `CancelIo` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `CreateEventA` `GetCurrentDirectoryA` `CreateFileA` `SetEvent` `Sleep` `GetCurrentProcessId` `GetModuleHandleA` `GetModuleHandleExA` `GetProcAddress` `GetPrivateProfileStringA`
MSVCP140.dll	`?_Xlength_error@std@@YAXPEBD@Z` `?_Xout_of_range@std@@YAXPEBD@Z`
VCRUNTIME140.dll	`__std_type_info_destroy_list` `memcpy` `memmove` `memset` `_CxxThrowException` `__CxxFrameHandler3` `memcmp` `__C_specific_handler` `__std_exception_copy` `__std_exception_destroy`
api-ms-win-crt-stdio-l1-1-0.dll	`__acrt_iob_func` `__stdio_common_vfprintf` `__stdio_common_vsprintf`
api-ms-win-crt-heap-l1-1-0.dll	`_callnewh` `free` `malloc`
api-ms-win-crt-runtime-l1-1-0.dll	`_execute_onexit_table` `_configure_narrow_argv` `_seh_filter_dll` `_initterm_e` `_initterm` `_initialize_onexit_table` `_cexit` `_invalid_parameter_noinfo_noreturn` `_initialize_narrow_environment`
api-ms-win-crt-convert-l1-1-0.dll	`atoi`

Delayed Imports

SimConnect_AICreateEnrouteATCAircraft

Ordinal	`1`
Address	`0x4ce0`

SimConnect_AICreateNonATCAircraft

Ordinal	`2`
Address	`0x4f20`

SimConnect_AICreateParkedATCAircraft

Ordinal	`3`
Address	`0x50f0`

SimConnect_AICreateSimulatedObject

Ordinal	`4`
Address	`0x5300`

SimConnect_AIReleaseControl

Ordinal	`5`
Address	`0x5460`

SimConnect_AIRemoveObject

Ordinal	`6`
Address	`0x5530`

SimConnect_AISetAircraftFlightPlan

Ordinal	`7`
Address	`0x5600`

SimConnect_AddClientEventToNotificationGroup

Ordinal	`8`
Address	`0x5740`

SimConnect_AddToClientDataDefinition

Ordinal	`9`
Address	`0x5830`

SimConnect_AddToDataDefinition

Ordinal	`10`
Address	`0x5940`

SimConnect_CallDispatch

Ordinal	`11`
Address	`0x5b10`

SimConnect_CameraSetRelative6DOF

Ordinal	`12`
Address	`0x5b60`

SimConnect_ClearClientDataDefinition

Ordinal	`13`
Address	`0x5c90`

SimConnect_ClearDataDefinition

Ordinal	`14`
Address	`0x5d80`

SimConnect_ClearInputGroup

Ordinal	`15`
Address	`0x5e70`

SimConnect_ClearNotificationGroup

Ordinal	`16`
Address	`0x5f60`

SimConnect_Close

Ordinal	`17`
Address	`0x6050`

SimConnect_CompleteCustomMissionAction

Ordinal	`18`
Address	`0x60a0`

SimConnect_CreateClientData

Ordinal	`19`
Address	`0x6170`

SimConnect_ExecuteMissionAction

Ordinal	`20`
Address	`0x6260`

SimConnect_FlightLoad

Ordinal	`21`
Address	`0x6330`

SimConnect_FlightPlanLoad

Ordinal	`22`
Address	`0x6440`

SimConnect_FlightSave

Ordinal	`23`
Address	`0x6550`

SimConnect_GetLastSentPacketID

Ordinal	`24`
Address	`0x6760`

SimConnect_GetNextDispatch

Ordinal	`25`
Address	`0x67a0`

SimConnect_InsertString

Ordinal	`26`
Address	`0x67f0`

SimConnect_MapClientDataNameToID

Ordinal	`27`
Address	`0x6920`

SimConnect_MapClientEventToSimEvent

Ordinal	`28`
Address	`0x6a40`

SimConnect_MapInputEventToClientEvent

Ordinal	`29`
Address	`0x6b60`

SimConnect_MenuAddItem

Ordinal	`30`
Address	`0x6ce0`

SimConnect_MenuAddSubItem

Ordinal	`31`
Address	`0x6e20`

SimConnect_MenuDeleteItem

Ordinal	`32`
Address	`0x6f70`

SimConnect_MenuDeleteSubItem

Ordinal	`33`
Address	`0x7060`

SimConnect_Open

Ordinal	`34`
Address	`0x7130`

SimConnect_RemoveClientEvent

Ordinal	`35`
Address	`0x72e0`

SimConnect_RemoveInputEvent

Ordinal	`36`
Address	`0x73b0`

SimConnect_RequestClientData

Ordinal	`37`
Address	`0x74d0`

SimConnect_RequestDataOnSimObject

Ordinal	`38`
Address	`0x7600`

SimConnect_RequestDataOnSimObjectType

Ordinal	`39`
Address	`0x7730`

SimConnect_RequestFacilitiesList

Ordinal	`40`
Address	`0x7830`

SimConnect_RequestNotificationGroup

Ordinal	`41`
Address	`0x7900`

SimConnect_RequestReservedKey

Ordinal	`42`
Address	`0x79f0`

SimConnect_RequestResponseTimes

Ordinal	`43`
Address	`0x7bf0`

SimConnect_RequestSystemState

Ordinal	`44`
Address	`0x7e10`

SimConnect_RetrieveString

Ordinal	`45`
Address	`0x7f30`

SimConnect_SetClientData

Ordinal	`46`
Address	`0x8000`

SimConnect_SetDataOnSimObject

Ordinal	`47`
Address	`0x8130`

SimConnect_SetInputGroupPriority

Ordinal	`48`
Address	`0x8270`

SimConnect_SetInputGroupState

Ordinal	`49`
Address	`0x8340`

SimConnect_SetNotificationGroupPriority

Ordinal	`50`
Address	`0x8410`

SimConnect_SetSystemEventState

Ordinal	`51`
Address	`0x84e0`

SimConnect_SetSystemState

Ordinal	`52`
Address	`0x85b0`

SimConnect_SubscribeToFacilities

Ordinal	`53`
Address	`0x8770`

SimConnect_SubscribeToSystemEvent

Ordinal	`54`
Address	`0x8840`

SimConnect_Text

Ordinal	`55`
Address	`0x8960`

SimConnect_TransmitClientEvent

Ordinal	`56`
Address	`0x8a80`

SimConnect_UnsubscribeFromSystemEvent

Ordinal	`57`
Address	`0x8b80`

SimConnect_UnsubscribeToFacilities

Ordinal	`58`
Address	`0x8c70`

SimConnect_WeatherCreateStation

Ordinal	`59`
Address	`0x8d60`

SimConnect_WeatherCreateThermal

Ordinal	`60`
Address	`0x8f40`

SimConnect_WeatherRemoveStation

Ordinal	`61`
Address	`0x90d0`

SimConnect_WeatherRemoveThermal

Ordinal	`62`
Address	`0x91f0`

SimConnect_WeatherRequestCloudState

Ordinal	`63`
Address	`0x92e0`

SimConnect_WeatherRequestInterpolatedObservation

Ordinal	`64`
Address	`0x9430`

SimConnect_WeatherRequestObservationAtNearestStation

Ordinal	`65`
Address	`0x9530`

SimConnect_WeatherRequestObservationAtStation

Ordinal	`66`
Address	`0x9620`

SimConnect_WeatherSetDynamicUpdateRate

Ordinal	`67`
Address	`0x9740`

SimConnect_WeatherSetModeCustom

Ordinal	`68`
Address	`0x9830`

SimConnect_WeatherSetModeGlobal

Ordinal	`69`
Address	`0x9900`

SimConnect_WeatherSetModeServer

Ordinal	`70`
Address	`0x99d0`

SimConnect_WeatherSetModeTheme

Ordinal	`71`
Address	`0x9aa0`

SimConnect_WeatherSetObservation

Ordinal	`72`
Address	`0x9bb0`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2020-Aug-08 17:42:47
Version	`0.0`
SizeofData	`101`
AddressOfRawData	`0xbb4c`
PointerToRawData	`0xad4c`
Referenced File	D:\STEAM\SRC\KittyHawk\Output_Binaries\x64\Release\SimConnect\SimConnect.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2020-Aug-08 17:42:47
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xbbb4`
PointerToRawData	`0xadb4`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2020-Aug-08 17:42:47
Version	`0.0`
SizeofData	`632`
AddressOfRawData	`0xbbc8`
PointerToRawData	`0xadc8`

TLS Callbacks

Load Configuration

Size	`0x100`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x18000f010`

RICH Header

XOR Key	`0x94c742bc`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`8`
Imports (VS 2015/2017 runtime 26706)	`4`
C++ objects (VS 2015/2017 runtime 26706)	`18`
C objects (VS 2015/2017 runtime 26706)	`7`
ASM objects (VS 2015/2017 runtime 26706)	`1`
Imports (VS2017 v14.15 compiler 26715)	`13`
Total imports	`92`
C++ objects (VS2017 v15.9.7-10 compiler 27027)	`4`
Exports (VS2017 v15.9.7-10 compiler 27027)	`1`
Resource objects (VS2017 v15.9.7-10 compiler 27027)	`1`
Linker (VS2017 v15.9.7-10 compiler 27027)	`1`