Manalyze report for 2fcb923eb3b1e4a711b3a8fcdd4e88d2

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2017-Nov-16 09:29:57
Detected languages	English - United States German - Germany

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`2fcb923eb3b1e4a711b3a8fcdd4e88d2`
SHA1	`162a18b00bf415d34b0b4e57bd7adc1e07c38f0c`
SHA256	`88301c3703b14ac4602adff05762795e2d6e7163b2577bd0db2ad6f27ad53806`
SHA3	`62f85b4d3c8be7c74474d8ec931cb0888f809d47eea499c6fdcc0eb309a17b74`
SSDeep	`3072:NmhkLJEXAPx0Q99SW9tHX0b8b3PXR6v+oqPaqkJ7q3VY8LX:HCwP/tHEbdyPaqkqOeX`
Imports Hash	`9d307ccbd8af3934a7a1f9dda9ab881d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2017-Nov-16 09:29:57
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xca00`
SizeOfInitializedData	`0x1ee00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001E0D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xe000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x31000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`da2c08f8861943536cfe6d973b70b180`
SHA1	`bba7c71bc7f3a5f455350021ab15ee32141d402e`
SHA256	`5fdf3bdc47161160baa04a65d928360af7480ef4bf6038646d84d8e41a616258`
SHA3	`336b67f843c5e518ebb101d1e2374e8cf2887f0c8adf3904a7003a73f6fe1c59`
VirtualSize	`0xc9eb`
VirtualAddress	`0x1000`
SizeOfRawData	`0xca00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.66993`

.rdata

MD5	`09f11529c215d761271e4a11375cc082`
SHA1	`3b5959384ec6b657e157494ad1dbd1034a639737`
SHA256	`9bf7f5f6c856206e6abde5f9e488ef7c9adabcd46feb9f27af8b3cfea82f2d55`
SHA3	`259e2e44b15d42016e356f308f7bb3ec6d8ca2c9a78f7e75ae2df9a040a3fb81`
VirtualSize	`0x1af46`
VirtualAddress	`0xe000`
SizeOfRawData	`0x1b000`
PointerToRawData	`0xce00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.05078`

.data

MD5	`8bb1700063c576fe3cc95b1fe3d5af6a`
SHA1	`a289da9c6d817429c58a736174a0ae01de7f1e96`
SHA256	`4f625fc52bb2c63aedc8f4fb708b8e714d6f87037f4adf06674cef0de2ebafa4`
SHA3	`4d3b574e6ee8caf22ddc1b0f7b55a0a2993c58e175d6f1a857f30785fcabd22c`
VirtualSize	`0x136c`
VirtualAddress	`0x29000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x27e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.4305`

.tls

MD5	`1f354d76203061bfdd5a53dae48d5435`
SHA1	`aa0d33a0c854e073439067876e932688b65cb6a9`
SHA256	`4c6474903705cb450bb6434c29e8854f17d8324efca1fdb9ee9008599060883a`
SHA3	`991fbbd46bbd69198269fe6c247d440e0f8a7d38259b7a1e04b74790301d1d2b`
VirtualSize	`0x9`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x200`
PointerToRawData	`0x28800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0203931`

.gfids

MD5	`c1999f42d2f5d761501f46efe1dd9fe3`
SHA1	`9d07e94714b5ac1f1becc5b93fecd3aff2d3af7a`
SHA256	`919d61725414522d396f1d5d52f98b288c567443ea5c224fd29be7070029c4f8`
SHA3	`61a5e8a2a756d73eaa72951f532106dd31f5eb287e62ad8a77a98bdbdd3eaadc`
VirtualSize	`0xf8`
VirtualAddress	`0x2c000`
SizeOfRawData	`0x200`
PointerToRawData	`0x28a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.78842`

.rsrc

MD5	`da49955a14bc67968b3932e9230e4d4a`
SHA1	`3986e4ffd8ded06bc9e74a0ec1b8889a7659670d`
SHA256	`6abb430559ff25b7779be19866a7be9b205a2f48c48391a444fb393a8095c81b`
SHA3	`3695f27de7de4089615b183b4c78542465a06db499abddb2c0423847407939cd`
VirtualSize	`0x1330`
VirtualAddress	`0x2d000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x28c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.9715`

.reloc

MD5	`8eee3198d024b2014c50daddf1de47c5`
SHA1	`155789f29940bbcac121238b9a50e8570dd7fa6f`
SHA256	`1a4b0ecebc4aa8bc6d7a1d812e566f4f152edc7300fd2830e07d219caf582edd`
SHA3	`d7647f149fb3804a59aadfaa7ea93cd509466a5b5d5bf49c2af93074b93c42c4`
VirtualSize	`0x1014`
VirtualAddress	`0x2f000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x2a000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.19404`

Imports

KERNEL32.dll	`HeapFree` `InitializeCriticalSectionEx` `HeapSize` `GetLastError` `HeapReAlloc` `RaiseException` `HeapAlloc` `DecodePointer` `DeleteCriticalSection` `GetProcessHeap` `WideCharToMultiByte` `MultiByteToWideChar` `CreateMutexA` `Sleep` `lstrcmpiW` `WriteConsoleW` `FlushFileBuffers` `SetFilePointerEx` `GetConsoleMode` `GetConsoleCP` `GetStringTypeW` `SetStdHandle` `FreeEnvironmentStringsW` `CloseHandle` `EnterCriticalSection` `LeaveCriticalSection` `CreateEventW` `GetModuleHandleW` `GetProcAddress` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `OutputDebugStringW` `EncodePointer` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `SetLastError` `RtlUnwind` `ExitProcess` `GetModuleHandleExW` `GetModuleFileNameA` `GetStdHandle` `WriteFile` `GetACP` `GetFileType` `LCMapStringW` `FindClose` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `CreateFileW`
USER32.dll	`MessageBoxW`
ole32.dll	`CoUninitialize` `CoCreateInstance` `CLSIDFromProgID` `CoInitializeEx`
OLEAUT32.dll	`#8` `#12` `#9` `#2`

Delayed Imports

1

Type	`RT_ICON`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.70565`
MD5	`78c1fc7f699d0f792524d37de23a2f2a`
SHA1	`5bbbb22e6a0605c7a9bbd72857f870730973c6d3`
SHA256	`a51128f59394728186e6866e3c90ba334c74933f3d3f856273bec7dbfb3963bb`
SHA3	`568d1b94382a0bb0d59f559b44098b0a06f84208aa6d1c86bd2a0eeabcbda4b5`

101

Type	`RT_GROUP_ICON`
Language	German - Germany
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.7815`
Detected Filetype	Icon file
MD5	`3c68f77c35c26ff079a1c410ee44fa62`
SHA1	`0b40150c95fc2c6414c90d44ee78b8d8814b3393`
SHA256	`a14e70ed824f3f17d3a51136aa08839954d6d3ccadaa067415c7bfc08e6636b0`
SHA3	`590dcbf2ec3f485a6c24e3e627f383ee7588eb49978321f12c07d8190a6c1396`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2017-Nov-16 09:29:57
Version	`0.0`
SizeofData	`920`
AddressOfRawData	`0x27e94`
PointerToRawData	`0x26c94`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2017-Nov-16 09:29:57
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x42b000`
EndAddressOfRawData	`0x42b008`
AddressOfIndex	`0x429c38`
AddressOfCallbacks	`0x40e184`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x5c`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x42900c`
SEHandlerTable	`0x427e70`
SEHandlerCount	`9`

RICH Header

XOR Key	`0x3e292404`
Unmarked objects	`0`
241 (40116)	`9`
243 (40116)	`124`
242 (40116)	`24`
C++ objects (23013)	`2`
ASM objects (VS2015 UPD3 build 24123)	`19`
C++ objects (VS2015 UPD3 build 24123)	`39`
C objects (VS2015 UPD3 build 24123)	`18`
C objects (65501)	`3`
Imports (65501)	`9`
Total imports	`110`
265 (VS2015 UPD3.1 build 24215)	`8`
Resource objects (VS2015 UPD3 build 24210)	`1`
151	`1`
Linker (VS2015 UPD3.1 build 24215)	`1`

2fcb923eb3b1e4a711b3a8fcdd4e88d2

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.tls

.gfids

.rsrc

.reloc

Imports

Delayed Imports

1

101

1 (#2)

Version Info

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors