Manalyze report for 2f6c816b54070557f45ca0365b3902da

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2017-May-10 18:30:08
Detected languages	English - United States
Debug artifacts	C:\Users\Inode Firewall\OneDrive\Documents\Présentations\SEC102\2017\PGSE\SEC102_Laura\bin\Debug\wininetclient.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Info	The PE contains common functions which appear in legitimate applications.	`Has Internet access capabilities: InternetReadFile InternetConnectA InternetCloseHandle InternetOpenA`
Suspicious	VirusTotal score: 1/72 (Scanned on 2020-05-17 04:12:59)	`Symantec: ML.Attribute.HighConfidence`

Hashes

MD5	`2f6c816b54070557f45ca0365b3902da`
SHA1	`52702a26d171b3484f0137e72d7b9cbfcf338abd`
SHA256	`64a9c26fd2239521e2477a979f0941014637521f61abddb5ae521ce404c530df`
SHA3	`7858699cf25484c6a37d3ad5fe6d8ba61921ad086f18d2fef5b378d18d1d20de`
SSDeep	`384:rJMPDXpftIAwV3Z7YvD3XevuY4mjMisYpKZH7A0x3th:rJMzh+AwV3Z7YbxYpgH7A0xP`
Imports Hash	`8fabcebc2f7dab8e022a4e89e9bfbb18`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	2017-May-10 18:30:08
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0x5000`
SizeOfInitializedData	`0x4600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000102D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x6000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xf000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a844ecbcc63f5e5fadf0014ce4694d75`
SHA1	`930ae34052467a04b5535230a745a003a59fc5a4`
SHA256	`b1a978ae46c1cd2c9cd8a600e6485e73cc0030e3466724844df700a224956a28`
SHA3	`b5450ce43a7dd5be1b018bba16dc01987b6edf74d3213abccf854417df2afbd4`
VirtualSize	`0x4e94`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.68018`

.rdata

MD5	`29f7200d4d0aa2e131177bf4417c6114`
SHA1	`f1d86befd62cff2354e0219d97e2e42a0ce71534`
SHA256	`1a272be21e6675be11ef30da806f0cbaad2e04c29f792bea597e6591dc9e89b8`
SHA3	`2e31b28bacd2619e630acfdfc032a85d7f31a67da1597a92f6403e5d3c504eee`
VirtualSize	`0x213d`
VirtualAddress	`0x6000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x5400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.95243`

.data

MD5	`52b713d1bc15f1eee6bc43984199c211`
SHA1	`be6aa341c044845fe6bb4de7f417025b118bfc70`
SHA256	`070d0a8b96eb12bd33cf9e0d9e109e7bc4bc697bfe4a74ef1ba8651eec6ff090`
SHA3	`5271aab8c84947de5ed5e4a00bd9ab57cb75e317d670f38326e29dd2319354ac`
VirtualSize	`0x664`
VirtualAddress	`0x9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x7600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.48239`

.idata

MD5	`b7dc4480e26aa7b22178afd42223608c`
SHA1	`16bb1ee5c7ad155a73513118b5bb5c4b4d1b1ea5`
SHA256	`1d1178a8d984dbddb7cc457102366ad0de2ccde10108222926b7270aae4992e0`
SHA3	`fd884aa9a92669a5765ab57b0784cdedb46d98d976c481743e63e2ecd90fb772`
VirtualSize	`0xb9d`
VirtualAddress	`0xa000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x7800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.03736`

.gfids

MD5	`96069875f941840e876cbffd348cce91`
SHA1	`4af701989984a91f1759292d157dc8703e5f6862`
SHA256	`9ff01324f9f671882e0ec39acff5b79bc791976b6da405153f620c7ef9252982`
SHA3	`5dc2194c26d91d3e8193b1fdf2656cc5a7bb317cfe9e3754b66f06dfa20b6cdd`
VirtualSize	`0x13a`
VirtualAddress	`0xb000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.214733`

.00cfg

MD5	`0a607e057d64bb98d46dd70d26368c3b`
SHA1	`16a2c03f574d9a8bf05e0c8b1c543a781937f514`
SHA256	`0e08056a17400dcb94675e95208aded4290a362093cdac8260e380660880aaec`
SHA3	`43219a66139ea3d4ce86d91e6095a56da8de290d5af8330809ae6827960822ba`
VirtualSize	`0x104`
VirtualAddress	`0xc000`
SizeOfRawData	`0x200`
PointerToRawData	`0x8600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.0611629`

.rsrc

MD5	`ecaa7d39e3740a45df577d77afc757a1`
SHA1	`0f057d27b9fa7d97f7d2109ad144bfe68d058e82`
SHA256	`b23903707f8c2a5a3904664d8e1c7ff813e103922bb2f76ade439c6193951eae`
SHA3	`7d68d00e88488522032bda440fbdc5d09d44adb5e1604515ca9404a9392e1bfd`
VirtualSize	`0x43c`
VirtualAddress	`0xd000`
SizeOfRawData	`0x600`
PointerToRawData	`0x8800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.13542`

.reloc

MD5	`5640e3ec510d82fe1ec7fb100497fd7d`
SHA1	`64825bb379bb269731a1aa2aef0ffdda51f90c92`
SHA256	`37f88a52fcf125d21b792536a11dfd7d1407f05fdab4529e09a5d1f38f06a2ee`
SHA3	`92a1bb644f7041b2878cfd5e26f953fab9fc5176576ee80b2e366a7510d84f99`
VirtualSize	`0x4a8`
VirtualAddress	`0xe000`
SizeOfRawData	`0x600`
PointerToRawData	`0x8e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.57235`

Imports

WININET.dll	`HttpOpenRequestA` `InternetReadFile` `InternetConnectA` `InternetCloseHandle` `HttpSendRequestA` `InternetOpenA`
VCRUNTIME140D.dll	`__vcrt_LoadLibraryExW` `__vcrt_GetModuleHandleW` `__vcrt_GetModuleFileNameW` `_except_handler4_common` `memset` `__std_type_info_destroy_list`
ucrtbased.dll	`_seh_filter_dll` `_initialize_onexit_table` `_register_onexit_function` `_execute_onexit_table` `_crt_atexit` `_crt_at_quick_exit` `_controlfp_s` `terminate` `_wmakepath_s` `_wsplitpath_s` `wcscpy_s` `__p__commode` `_set_new_mode` `_configthreadlocale` `_register_thread_local_exe_atexit_callback` `_c_exit` `_cexit` `__p___argv` `__p___argc` `_set_fmode` `_exit` `exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv` `__setusermatherr` `_set_app_type` `_seh_filter_exe` `_CrtDbgReportW` `_CrtDbgReport` `__stdio_common_vfprintf` `__acrt_iob_func` `__stdio_common_vsprintf_s`
KERNEL32.dll	`RaiseException` `MultiByteToWideChar` `WideCharToMultiByte` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `GetProcAddress` `FreeLibrary` `VirtualQuery` `GetProcessHeap` `HeapFree` `HeapAlloc` `GetLastError` `GetModuleHandleW` `GetStartupInfoW` `IsDebuggerPresent`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2017-May-10 18:30:08
Version	`0.0`
SizeofData	`140`
AddressOfRawData	`0x77d4`
PointerToRawData	`0x6bd4`
Referenced File	C:\Users\Inode Firewall\OneDrive\Documents\Présentations\SEC102\2017\PGSE\SEC102_Laura\bin\Debug\wininetclient.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2017-May-10 18:30:08
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x7860`
PointerToRawData	`0x6c60`

TLS Callbacks

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x4090c4`
SEHandlerTable	`0x4076d0`
SEHandlerCount	`1`

RICH Header

XOR Key	`0x592735cc`
Unmarked objects	`0`
239 (40116)	`2`
Imports (VS2015 UPD3 build 24123)	`2`
C++ objects (VS2015 UPD3 build 24123)	`23`
C objects (VS2015 UPD3 build 24123)	`13`
Imports (65501)	`5`
Total imports	`70`
C objects (VS2015 UPD3.1 build 24215)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

2f6c816b54070557f45ca0365b3902da

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.idata

.gfids

.00cfg

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

TLS Callbacks

Load Configuration

RICH Header

Errors