Manalyze report for 29773e52816e1ae356c3d01ad34b10a7

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2018-Jul-18 14:10:28
Detected languages	English - United States
Debug artifacts	C:\Users\terrykitsune\source\repos\Project5\Debug\Project5.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	The PE is possibly packed.	`Section .textbss is both writable and executable.`
Info	The PE contains common functions which appear in legitimate applications.	`Possibly launches other programs: system`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`29773e52816e1ae356c3d01ad34b10a7`
SHA1	`ab8d95cfec4c72899279a7fe8d2efd473b1c4100`
SHA256	`4e0cd1994504dd4e979ec3920a10e6506e92b9dfe8e783875bb8bad4e6c5f463`
SHA3	`7d6b856e35a40b3b76efd8c27bd3b4f6b3a3a671c0645cae77f773bf5fbd148f`
SSDeep	`384:I25E6X/WCPF8bcBQPJfK6wJ9EEGYILHgYcIisYp4g/Axxd2k:vZuCPjBQPJfK6lEYAYpYprAxxd`
Imports Hash	`b02e15f207d5de600cffe5cd9283deb8`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2018-Jul-18 14:10:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x5400`
SizeOfInitializedData	`0x4200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00011055 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1f000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.textbss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x10000`
VirtualAddress	`0x1000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.text

MD5	`c66fb460085e64ef5850f5376c861372`
SHA1	`f829d6684fef4d5c9924df14685d3b9afd19b81e`
SHA256	`ea80c3800b9570171ba9970596586dcc708698720f640208a2445c0dd46bb3ef`
SHA3	`ab6f38b117854b287fcd97fca2d10de0fc0fea3f8efbf22cc2936ff959072c6e`
VirtualSize	`0x5233`
VirtualAddress	`0x11000`
SizeOfRawData	`0x5400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.4558`

.rdata

MD5	`4c509e47047cfbc6e29d1123782a9330`
SHA1	`8066d85bc7ed0ae3b8e9b5664e3844171c474d85`
SHA256	`42958f3dc5d126c26f64a67537710a4c6fc496d150eaf146f8b5ff449ec479d0`
SHA3	`2b5f327d490c25319c86a5e64aa82eddc1e019305e8200e1762f8c3ae000c8d6`
VirtualSize	`0x20b9`
VirtualAddress	`0x17000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x5800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.97864`

.data

MD5	`04506f9eab2ab6b26d21071843e98bf3`
SHA1	`5a1f539e7803ba330c4108e703cbb89d0558399b`
SHA256	`a2fb6d9481075d473b2619ceebf87db6d26d61d8d9e25b9e481a80354423510d`
SHA3	`3e961acfbf04cc57bdea5790026a955a044aa5fa971e49881c3a781b1ebfe596`
VirtualSize	`0x584`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.344302`

.idata

MD5	`f9388173089b22e4378beb79c1cdc465`
SHA1	`06d20cd667deebfa9ab89839bef58938e71e7764`
SHA256	`8793e4ec916a096510f1514660922cafd8a9f0b033a5ef3cf00af5e96e2d6af9`
SHA3	`76232c860c5ae0c546e71e4adabd741ab4a7fdb0c1d2e0c0bb5dd27c20572ebb`
VirtualSize	`0xaad`
VirtualAddress	`0x1b000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.05474`

.00cfg

MD5	`e52dcc4fda094e05f31b03da1b871dc6`
SHA1	`a7f7f607a75a98793f5a6604802d81411f45d87a`
SHA256	`d68b6f529fb6b531a5064e9a528282906e09f4f87f3f4b5c2fe965c3a00294e6`
SHA3	`eec99d5615526bbb228b8e205c41c95445e35c935e9cdba91cfa81cd6e0af8e7`
VirtualSize	`0x104`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0611629`

.rsrc

MD5	`999736f3764b622e493be268181ce18c`
SHA1	`f9c28b8c509e3f34a04ad654e012d9673259e7ee`
SHA256	`ac1b06ac54b1e989ceb4f8b44ac4fb480a8fb02569b72aadbe13b802931e71f4`
SHA3	`678579b24be3e25c0e931d73a32bfb213a236eeff1e012851448dfea0ca8f004`
VirtualSize	`0x43c`
VirtualAddress	`0x1d000`
SizeOfRawData	`0x600`
PointerToRawData	`0x8a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.14043`

.reloc

MD5	`4cb6bc683e5e5b73693a190eb31b46bd`
SHA1	`de651930ba77ef025abbee8a4f4751d1b34a1071`
SHA256	`583645df3a3b1e68dc53ef2a866f7e189ec48e041621494728f20381c4558b79`
SHA3	`726adf4e4e4c1156e8354fb6af86f1f19845dd4955a07b4cf8a205d85b311896`
VirtualSize	`0x531`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x600`
PointerToRawData	`0x9000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.36198`

Imports

VCRUNTIME140D.dll	`__vcrt_GetModuleFileNameW` `_except_handler4_common` `memset` `__vcrt_GetModuleHandleW` `__vcrt_LoadLibraryExW` `__std_type_info_destroy_list`
ucrtbased.dll	`__p__commode` `strcpy_s` `strcat_s` `__stdio_common_vsprintf_s` `_configthreadlocale` `_initialize_onexit_table` `_register_onexit_function` `_execute_onexit_table` `_crt_atexit` `_crt_at_quick_exit` `_controlfp_s` `terminate` `_wmakepath_s` `_wsplitpath_s` `wcscpy_s` `_set_new_mode` `_register_thread_local_exe_atexit_callback` `_c_exit` `_cexit` `__p___argv` `__p___argc` `_set_fmode` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv` `__setusermatherr` `_set_app_type` `_seh_filter_exe` `_CrtDbgReportW` `_CrtDbgReport` `system` `__stdio_common_vfprintf` `puts` `fopen` `_seh_filter_dll`
KERNEL32.dll	`GetStartupInfoW` `RaiseException` `MultiByteToWideChar` `WideCharToMultiByte` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetProcAddress` `FreeLibrary` `VirtualQuery` `GetProcessHeap` `HeapFree` `HeapAlloc` `GetLastError` `GetModuleHandleW` `IsDebuggerPresent` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2018-Jul-18 14:10:28
Version	`0.0`
SizeofData	`87`
AddressOfRawData	`0x187b0`
PointerToRawData	`0x6fb0`
Referenced File	C:\Users\terrykitsune\source\repos\Project5\Debug\Project5.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2018-Jul-18 14:10:28
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x18808`
PointerToRawData	`0x7008`

TLS Callbacks

Load Configuration

Size	`0xa0`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x41a000`
SEHandlerTable	`0`
SEHandlerCount	`0`

RICH Header

XOR Key	`0x9c29a22f`
Unmarked objects	`0`
Imports (VS2015/2017 runtime 25810)	`3`
C++ objects (VS2015/2017 runtime 25810)	`23`
C objects (VS2015/2017 runtime 25810)	`13`
Imports (VS2017 v15.?.? build 25203)	`4`
Total imports	`68`
C++ objects (VS2017 v15.5.3-4 build 25834)	`1`
Resource objects (VS2017 v15.5.3-4 build 25834)	`1`
Linker (VS2017 v15.5.3-4 build 25834)	`1`

Errors

[*] Warning: Section .textbss has a size of 0!