Manalyze report for 3b167739e144158ba1cef008a87e54e0

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2012-May-11 19:50:35

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExW LoadLibraryW GetProcAddress`
Safe	VirusTotal score: 0/60 (Scanned on 2020-10-05 10:09:04)	`All the AVs think this file is safe.`

Hashes

MD5	`3b167739e144158ba1cef008a87e54e0`
SHA1	`d395ff24b1cd950740a0f68e978ca34364ee9a29`
SHA256	`80e76144d7c37f9f73f76d8fb5fb32147dac2910af7b89d10d43ea84a5f69547`
SHA3	`02d8482900c2919768b4ea17679d62206daf039a961a02a28f9932049771048b`
SSDeep	`384:EbDTRhgYWoXLX4AYyfcVfjyuQez0xdsT9GPBbF/+:ETXlWMZU14x+TI1F/`
Imports Hash	`137b94cb2a7dfb4595a5dc13b869b52b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`4`
TimeDateStamp	2012-May-11 19:50:35
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`8.0`
SizeOfCode	`0x2e00`
SizeOfInitializedData	`0x1a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000038C0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x7000`
SizeOfHeaders	`0x400`
Checksum	`0x68b3`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`414723823ee4df637a0c4dcb7f5b6863`
SHA1	`8deba974216ac6555e8b208a0f0e60200b03eb69`
SHA256	`5b2ddda0a66d2b8981b256061f799c7f211233107e5a5090254e060b1e27e9a5`
SHA3	`28ac8b9706c562bef11b629e0ad6a383fc49f9bd15e66aa0f2c2453d38fdeae7`
VirtualSize	`0x2cde`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.33711`

.rdata

MD5	`56366d40f5ed100be3cd60d13f17392b`
SHA1	`6c30ec6169c6f4e19e0420f706d5eec8aa3bfec1`
SHA256	`95a9c352a8d981a0c0bd29748fe4c9b5b947aaa5303c630af02b2e58e905d023`
SHA3	`511c2013cffe65523438168bca39fd6c22e1d5c2506c8ba31b43ef30bf7be10e`
VirtualSize	`0xace`
VirtualAddress	`0x4000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.90783`

.data

MD5	`9ae077863204a76bdc0a97f2c2719d22`
SHA1	`61d72cb5a8aeb14ec6fd0f9306d8ad48377fd8d4`
SHA256	`039c757550cc4a6a292a8a8fc9607071b7dc229c562e97320ba04fa5c2d5f365`
SHA3	`7250c76b150fb5ec8da74107cf9a0cb94540a80c09c9f0a4fa18fd25dabdfb78`
VirtualSize	`0xa80`
VirtualAddress	`0x5000`
SizeOfRawData	`0x600`
PointerToRawData	`0x3e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.40402`

.pdata

MD5	`6f131dad83140f8f4aec9a021cec04c1`
SHA1	`f23a22e47c3bb0c3e4514422e273e5b563d67cae`
SHA256	`0b3180854bda32dc870120fd907d8322defc0c3ff59ceef2a4eec0162d0e0d2e`
SHA3	`60d0137aea98c92d0ba3da21c6f962b538d54d81a07b6a46a3702fab4acab3f7`
VirtualSize	`0x1a4`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.34872`

Imports

KERNEL32.dll	`WideCharToMultiByte` `FindClose` `FindNextFileW` `FindFirstFileW` `LoadLibraryExW` `GetModuleHandleW` `LoadLibraryW` `GetModuleFileNameW` `GetProcAddress` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetCurrentProcess` `FreeLibrary` `MultiByteToWideChar` `TerminateProcess` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `GetCurrentThreadId` `GetTickCount` `QueryPerformanceCounter` `RtlCaptureContext`
USER32.dll	`MessageBoxW` `CreateWindowExW` `LoadIconW` `SetClassLongPtrW`
COMCTL32.dll	`#17`
msvcrt.dll	`wcscat` `_wcsicmp` `wcscpy` `_wgetcwd` `towupper` `wcsrchr` `_wstat` `wcslen` `swscanf` `realloc` `fgetws` `_wfopen` `wcsncpy` `_wgetenv` `wcstol` `memset` `wcsncmp` `_errno` `wcspbrk` `wcscmp` `_XcptFilter` `_c_exit` `_exit` `_cexit` `__winitenv` `__wgetmainargs` `_initterm` `__setusermatherr` `_commode` `_fmode` `__set_app_type` `swprintf` `_iob` `fwprintf` `exit` `malloc` `free` `setlocale` `memcpy` `wcschr` `__C_specific_handler` `_wcsdup` `fclose`

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x5231962f`
Unmarked objects	`0`
ASM objects (40310)	`1`
Imports (40310)	`9`
Total imports	`73`
C objects (40310)	`15`
Linker (40310)	`1`

3b167739e144158ba1cef008a87e54e0

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

Imports

Delayed Imports

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors