Manalyze report for 38dc42eef7f076eeae8231d3d7fc346a

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2018-Jul-06 02:46:14
Debug artifacts	018_7\Debug\2018_7.pdb

Plugin Output

Info	Matching compiler(s):	`InstallShield 2000` `Microsoft Visual C++` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to MD5`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Memory manipulation functions often used by packers: VirtualProtectEx VirtualAlloc` `Manipulates other processes: OpenProcess`
Suspicious	The file contains overlay data.	`47 bytes of data starting at offset 0x1e000.`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`38dc42eef7f076eeae8231d3d7fc346a`
SHA1	`f39cab4255e6087e24aa49680aa394a7bb258c2c`
SHA256	`c04464dd6da147aece18dae49403952aaa2dfb6db1ec8a806dba366a65468e15`
SHA3	`2e7eadb04deec32fa28b5c977ded6dcfa4af71cbe3a7882384ec4813a4645301`
SSDeep	`1536:bUXT5ZBF4x1MctGebwu2uHda0jk0msMzaQUI4+uCWMSBoV93+:6T5bF4xGcce88dakXm1zaQUwCBoV9u`
Imports Hash	`7c80231637d2a9187cf20b90e545b4fe`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2018-Jul-06 02:46:14
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x15000`
SizeOfInitializedData	`0xa000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002B20 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x16000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x20000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c2817bd29fff4073ee9c73daef86f0f7`
SHA1	`73839cdb4d4021644883d6cca84e8a8c461ce028`
SHA256	`525b5db4a8ec557650074e22df8ecb93033ce07815f54c3101cd59dab42fe40f`
SHA3	`7e409d5efe460427a4fe6ba6e92915f35b6a3b1c14cbc0cc3d5e20cfb48fced6`
VirtualSize	`0x1473b`
VirtualAddress	`0x1000`
SizeOfRawData	`0x15000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.45187`

.rdata

MD5	`6f53d01ee717e13cb6a7cad8ab22aa6e`
SHA1	`78dc6cfedd450952ef8addceffc4f5549376f992`
SHA256	`b0528c855a0372c93da9a523dfacc0001c181a4e782d50f6a1fed678b5fb2c1a`
SHA3	`ed648db7c0aa8c1210f70e975c833041a3af38f93090254ef10600f59b23db24`
VirtualSize	`0x1308`
VirtualAddress	`0x16000`
SizeOfRawData	`0x2000`
PointerToRawData	`0x16000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.27624`

.data

MD5	`60b7a7eaee6b896f48878aa82fe8d26b`
SHA1	`a8ad5aec2444f8befe5e95c46e80c8e485427442`
SHA256	`09b0c106b9dfe2b73681796c50b09118c5d2adb3b55000411fac4a601b93bbfa`
SHA3	`3b4710cba1ca95f9c6ed8240d3f238beb461805e258562983932517b4dc9e286`
VirtualSize	`0x591c`
VirtualAddress	`0x18000`
SizeOfRawData	`0x4000`
PointerToRawData	`0x18000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.626001`

.idata

MD5	`e837472cea3e52d8b397e6c3d75f7db3`
SHA1	`619fc161b1c14837a659cb761e89a2bad931495c`
SHA256	`e4ceaa162e379060a9b3be9ce1c753935afd6bef6ff81a1e8cbf1ec31f10394c`
SHA3	`078c510f51cd88ff00779b0f4da91c7924fb0fc3410934010f3098ec89c2f14a`
VirtualSize	`0x7ce`
VirtualAddress	`0x1e000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1c000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.55894`

.reloc

MD5	`c92f9624a7709c156d12e24671b15309`
SHA1	`dc4470fc930bd3ac516bba126c6628c88996858f`
SHA256	`faaebade0dcd5f33e078f4b4079eb135d4e8f755c84480bfdca160ddb60c4e87`
SHA3	`e4f4b62f92b3315e54990ecc5fd599c03253ea4ef11a2c2590de0cc03db44f2f`
VirtualSize	`0xebe`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1d000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.88545`

Imports

KERNEL32.dll	`VirtualProtectEx` `OpenProcess` `GetCurrentProcessId` `ExitProcess` `TerminateProcess` `GetCurrentProcess` `GetCommandLineA` `GetVersion` `IsBadWritePtr` `IsBadReadPtr` `HeapValidate` `DebugBreak` `GetStdHandle` `WriteFile` `InterlockedDecrement` `OutputDebugStringA` `GetProcAddress` `LoadLibraryA` `InterlockedIncrement` `GetModuleFileNameA` `UnhandledExceptionFilter` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `WideCharToMultiByte` `GetEnvironmentStrings` `GetEnvironmentStringsW` `SetHandleCount` `GetFileType` `GetStartupInfoA` `GetModuleHandleA` `GetEnvironmentVariableA` `GetVersionExA` `HeapDestroy` `HeapCreate` `HeapFree` `VirtualFree` `RtlUnwind` `HeapAlloc` `HeapReAlloc` `GetLastError` `VirtualAlloc` `SetConsoleCtrlHandler` `MultiByteToWideChar` `GetCPInfo` `GetACP` `GetOEMCP` `GetStringTypeA` `GetStringTypeW` `FlushFileBuffers` `SetFilePointer` `ReadFile` `LCMapStringA` `LCMapStringW` `SetStdHandle` `CloseHandle`

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2018-Jul-05 11:40:14
Version	`0.0`
SizeofData	`47`
AddressOfRawData	`0`
PointerToRawData	`0x1e000`
Referenced File	018_7\Debug\2018_7.pdb

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x259a4588`
Unmarked objects	`0`
C++ objects (VS98 SP6 build 8804)	`1`
14 (7299)	`16`
C objects (VS98 SP6 build 8804)	`62`
19 (8034)	`3`
Total imports	`55`
C++ objects (VS98 build 8168)	`1`

38dc42eef7f076eeae8231d3d7fc346a

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.idata

.reloc

Imports

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

TLS Callbacks

Load Configuration

RICH Header

Errors