Manalyze report for 2f52937aab6f97dbf2b20b3d4a4b1226

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2012-Mar-07 23:01:48
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Functions which can be used for anti-debugging purposes: CreateToolhelp32Snapshot` `Functions related to the privilege level: AdjustTokenPrivileges OpenProcessToken` `Manipulates other processes: EnumProcessModules Process32First Process32Next OpenProcess`
Safe	VirusTotal score: 0/68 (Scanned on 2017-10-27 15:19:49)	`All the AVs think this file is safe.`

Hashes

MD5	`2f52937aab6f97dbf2b20b3d4a4b1226`
SHA1	`e4c4dddd9afd29fe225921e77f8550b9603a378f`
SHA256	`1e98540985a0d3ecbea20334bf6e27f08c31a34612df4b92e4be8fd4e6be1e7b`
SHA3	`70ad455a0ed8827a067b1c7a953f2cfece4979021e4c917c6b71ea063d17220f`
SSDeep	`768:Tfm723pSzbEOAZOcZxpfF5XBRLhZZR2Zk9nXTrOVJhVfgHGADS1o5nf:TfmS+b3WbvFVBZIkBXTrOtCVH5nf`
Imports Hash	`dcf05f8932f6cf7d16f3ae6d83b7fdd0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2012-Mar-07 23:01:48
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x9000`
SizeOfInitializedData	`0x3200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001D7E (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xa000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x10000`
SizeOfHeaders	`0x400`
Checksum	`0x10585`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`566756fa24f508b62350da2216479b29`
SHA1	`10d6173157b90957c3c03a7e8f869aeb49aaadf5`
SHA256	`392b8d871ab3fac3807fc1d2dd6d0242a5db70e586df5d0fde78bd3502395b39`
SHA3	`0438dd938817e94a54de34e73cbc88275d0384a8950f53143c07af1312a2c0f0`
VirtualSize	`0x8f80`
VirtualAddress	`0x1000`
SizeOfRawData	`0x9000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.563`

.rdata

MD5	`08add0f8a6deccb2511aa2b43d7e14a2`
SHA1	`5b5cebbe9d9508ca84de2fcf7f725304c6d4a5d6`
SHA256	`068042a76a6c7427171e38874a11987266d785b77f400b8290bde922de7e8b01`
SHA3	`9d78946929a4860192fb5ce66a25069eed23c98f77e29ab608033e398f1a9ecc`
VirtualSize	`0x1fae`
VirtualAddress	`0xa000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x9400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.48623`

.data

MD5	`03befc6a744e3b4d56ee1e333d72f63f`
SHA1	`aab038b8c6eeb92a9edab0f8cb2010382d40c07e`
SHA256	`2e22840a886242f061ee410b9d0a102500734cedf7d111bf998cc2996a88ec47`
SHA3	`7e9b31865551890119a2d9ec0f6f95ff173ae849d5455c1bd60f074b2f67a60d`
VirtualSize	`0x2ae4`
VirtualAddress	`0xc000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xb400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.10066`

.rsrc

MD5	`7475142898eff4c64c9c7ace29d4959f`
SHA1	`5b99a8193486f6a99004a1eca9193c66bb33acf5`
SHA256	`4b0e6088fab90ff6de00317c9fa1e173a6a9cada6529a3a8b57aa2d1b7137dca`
SHA3	`e228b6c745852363029f00ac04ba6378133ba8d71fefdca03c1299039bf45ab5`
VirtualSize	`0x1b4`
VirtualAddress	`0xf000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.09798`

Imports

PSAPI.DLL	`EnumProcessModules` `GetModuleFileNameExA`
KERNEL32.dll	`Process32First` `CreateToolhelp32Snapshot` `CloseHandle` `Process32Next` `GetLastError` `GetCurrentProcess` `OpenProcess` `GetModuleFileNameA` `GetModuleHandleW` `Sleep` `GetProcAddress` `ExitProcess` `GetCommandLineA` `TerminateProcess` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `IsDebuggerPresent` `EnterCriticalSection` `LeaveCriticalSection` `HeapFree` `GetCPInfo` `InterlockedIncrement` `InterlockedDecrement` `GetACP` `GetOEMCP` `IsValidCodePage` `TlsGetValue` `TlsAlloc` `TlsSetValue` `TlsFree` `SetLastError` `GetCurrentThreadId` `HeapAlloc` `LCMapStringA` `WideCharToMultiByte` `MultiByteToWideChar` `LCMapStringW` `WriteFile` `GetStdHandle` `DeleteCriticalSection` `LoadLibraryA` `InitializeCriticalSectionAndSpinCount` `FreeEnvironmentStringsA` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `SetHandleCount` `GetFileType` `GetStartupInfoA` `HeapCreate` `VirtualFree` `QueryPerformanceCounter` `GetTickCount` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `SetFilePointer` `GetConsoleCP` `GetConsoleMode` `RtlUnwind` `VirtualAlloc` `HeapReAlloc` `GetStringTypeA` `GetStringTypeW` `GetLocaleInfoA` `HeapSize` `SetStdHandle` `WriteConsoleA` `GetConsoleOutputCP` `WriteConsoleW` `FlushFileBuffers` `CreateFileA`
ADVAPI32.dll	`LookupPrivilegeValueA` `AdjustTokenPrivileges` `OpenProcessToken`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x40c000`
SEHandlerTable	`0x40b4a0`
SEHandlerCount	`3`

RICH Header

XOR Key	`0x39de946d`
Unmarked objects	`0`
150 (20413)	`1`
ASM objects (VS2008 SP1 build 30729)	`17`
C objects (VS2008 SP1 build 30729)	`95`
Imports (VS2012 build 50727 / VS2005 build 50727)	`7`
Total imports	`92`
C++ objects (VS2008 SP1 build 30729)	`33`
Resource objects (VS2008 SP1 build 30729)	`1`

2f52937aab6f97dbf2b20b3d4a4b1226

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors