Manalyzer :: 2bd9418e8873037f3cf938094620053a

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2009-May-15 01:12:00
Debug artifacts	Embedded COFF debugging symbols

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Suspicious	The PE is possibly packed.	`Unusual section name found: .stab` `Unusual section name found: .stabstr`
Safe	VirusTotal score: 0/65 (Scanned on 2018-04-01 18:25:03)	`All the AVs think this file is safe.`

Hashes

MD5	`2bd9418e8873037f3cf938094620053a`
SHA1	`c051a46ceff5c304fe91f1af9a79169d11083be7`
SHA256	`4aad966b2efc7861d249ede8b294b32b1af06326080b801544dbbec7020342a0`
SHA3	`64a00668462327c0c5a34f9f7ae7b0a60be51b7cf89e6b13fff3d51c40c1e508`
SSDeep	`12288:+vLTIoOQHZ/POBEwIEA8tAiC1sngzHawKrWKUYUZh60EUE:+DTImVP8tAiCkgLZYUZh60Q`
Imports Hash	`969450f170e523a114f3efdb1cd0ce9f`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2009-May-15 01:12:00
PointerToSymbolTable	`0xece00`
NumberOfSymbols	`1099`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x6e00`
SizeOfInitializedData	`0x4600`
SizeOfUninitializedData	`0x200`
AddressOfEntryPoint	`0x00001280 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x8000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xf2000`
SizeOfHeaders	`0x400`
Checksum	`0xf33dd`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c87729ddb31a84497fd4596cb3e67368`
SHA1	`4951d6a8baa36c983ecc0271ccf1f8c61c0849e7`
SHA256	`018c124a551ca73a7f1ff361b1b57179983075c30eb03130e31580dadfea9d39`
SHA3	`fd9db71f153e615df3c183d1712031b6997338cbde50d439736e60bdf61b3663`
VirtualSize	`0x6d08`
VirtualAddress	`0x1000`
SizeOfRawData	`0x6e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.32806`

.data

MD5	`fcaebcaaed552c04415ad1d57bd542ff`
SHA1	`91dc5b6b35761fc16359efd7a23bbcd833928bd2`
SHA256	`af29f4ac882d9ff7ec3e805bbd4b141c791a469a09215095531c598eff3690bf`
SHA3	`cb6671b9b397827cb80b9faf9692f996879743ce9d6a5132a10498b2cbdeb801`
VirtualSize	`0xc`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.143459`

.rdata

MD5	`0d69d155f618e34a6a9bf382f727daea`
SHA1	`0110ee4bdad5e9edfa096d525bd1949c22eae2c9`
SHA256	`a90bc66fdf672da986afe9aacbbe6fee20bdf043f811a08cc78fbd3683daa44e`
SHA3	`add69598415bf08ff07d57ed5ddf8501273c5c9e95eb01c8f34f47f0748800dd`
VirtualSize	`0x3b60`
VirtualAddress	`0x9000`
SizeOfRawData	`0x3c00`
PointerToRawData	`0x7400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.15569`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470`
VirtualSize	`0x148`
VirtualAddress	`0xd000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.idata

MD5	`f457e240e1a4dc4f6cd1bb6fe774afab`
SHA1	`ae0f38f59debbec19b3b16c7ccd8ca199fd9f63b`
SHA256	`d9cb3f8fd4c7db2e2eb2ab9a2fb75b7a4a32ea3ea8f306131e0b52511ae40f7f`
SHA3	`0641b6ef5266826793f3c964bb8c4256d3998dd38f332b6b6c96fab0abf478a4`
VirtualSize	`0x710`
VirtualAddress	`0xe000`
SizeOfRawData	`0x800`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.3034`

.stab

MD5	`c9fc2267705e41407813849c48d3cec3`
SHA1	`094aba4ab8c715ddb9a1afcf37e1bea20ca9fa61`
SHA256	`3a3d11eb12ddf0b74d13cb8c2ab3be1640afdd1222308a2ba67908dda824d4ec`
SHA3	`8b227c566993531a1d350480e1c1415ba1fbe6fd16349c8d12d7d36b3860f2ab`
VirtualSize	`0x2814c`
VirtualAddress	`0xf000`
SizeOfRawData	`0x28200`
PointerToRawData	`0xb800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_LNK_REMOVE` `IMAGE_SCN_MEM_DISCARDABLE`
Entropy	`3.7095`

.stabstr

MD5	`b4a5ac8c774e1ddcd477c4929e8f9158`
SHA1	`ae3fee029483cbfb8d5397ea56800def7b082551`
SHA256	`fea8332878e610d293a1d606ba85e64fc0b78efea0092ffcfbddd2cf78ff5dd7`
SHA3	`0a1d6d1cf4d285d31740e322859f6422d65edd1205b2251361d00013c085eb71`
VirtualSize	`0xb92f3`
VirtualAddress	`0x38000`
SizeOfRawData	`0xb9400`
PointerToRawData	`0x33a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_LNK_REMOVE` `IMAGE_SCN_MEM_DISCARDABLE`
Entropy	`5.48479`

Imports

msvcrt.dll	`_strdup`
msvcrt.dll (#2)	`_strdup`
KERNEL32.dll	`CloseHandle` `CreateFileA` `ExitProcess` `GetFileSize` `GetLastError` `GetModuleFileNameA` `ReadFile` `SetLastError` `SetUnhandledExceptionFilter` `Sleep`
AdbWinApi.dll	`AdbCloseHandle` `AdbCreateInterfaceByName` `AdbEnumInterfaces` `AdbGetInterfaceName` `AdbGetSerialNumber` `AdbGetUsbDeviceDescriptor` `AdbGetUsbInterfaceDescriptor` `AdbNextInterface` `AdbOpenDefaultBulkReadEndpoint` `AdbOpenDefaultBulkWriteEndpoint` `AdbReadEndpointSync` `AdbWriteEndpointSync`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF symbol's section number is bigger than the number of sections!
[*] Warning: COFF String Table's reported size is bigger than the remaining bytes!
[*] Warning: Section .bss has a size of 0!
[*] Warning: Section .bss has a size of 0!