3bfaab8546fcdd81d83d1be861d47114

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date 2016-Nov-03 02:50:18
Detected languages English - United States
Debug artifacts D:\黄凯乐\大二课件\逆向工程-范胖胖\CALL\Debug\函数调用.pdb

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Suspicious The PE is possibly packed. Section .textbss is both writable and executable.
Info The PE contains common functions which appear in legitimate applications. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 3bfaab8546fcdd81d83d1be861d47114
SHA1 318e0660b5439cd67f75a1aeba1fbc93939951d9
SHA256 940e594370aa7ee1f5b8faf581e63d1d081cf6a6d1f2e0cce9d31ff765ab4d1e
SHA3 4e68b4836c9d7268ec1ef1ae88abae8573e0a562d7e2ea1999ff41aef146abc1
SSDeep 384:C0E6TLRTvLjfzX6OJ3u19NisYpESbabWSJLU:CfcVvnzX6OJ3u19HYpnnUL
Imports Hash 29497f0f18023361f47522061468bcf1

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 7
TimeDateStamp 2016-Nov-03 02:50:18
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 12.0
SizeOfCode 0x3c00
SizeOfInitializedData 0x3e00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0001110E (Section: .text)
BaseOfCode 0x1000
BaseOfData 0x1000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.0
ImageVersion 0.0
SubsystemVersion 6.0
Win32VersionValue 0
SizeOfImage 0x1c000
SizeOfHeaders 0x400
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.textbss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x10000
VirtualAddress 0x1000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text

MD5 616ed67ac0e0ba825eb5506161ceb9e2
SHA1 f4a01ee3fc6f3bf4633bd3c1cb5a3c89cec1d1b7
SHA256 5b672e0e9958ebda779dc92922f1291e9c96f90f2d5f6b10fd195e6d91da4407
SHA3 f488aba050a377895912cf5e643b45615ee0d065ae4e1b097f825c30aed0b115
VirtualSize 0x3bf3
VirtualAddress 0x11000
SizeOfRawData 0x3c00
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 4.44792

.rdata

MD5 c099dc619a5cdb5b24df79b028ef37e0
SHA1 aff89fddae0201f55e241c50f6cd42a146cd57e9
SHA256 a51124844cfe6ab92e19199305fb05a3beb47dc3ea7a33163ee0de2a79f2991b
SHA3 769189dffaa501f38f7f4fedf57de86dfb8770472e72d1f0166e1ec75ebb26aa
VirtualSize 0x2071
VirtualAddress 0x15000
SizeOfRawData 0x2200
PointerToRawData 0x4000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.29362

.data

MD5 28ad60504803aa126cd9b390c1cd08ff
SHA1 23ba5da8b2d81adf8944e909191916e3448284c2
SHA256 6e4120a97eca8a596ba83ad34439920db8d845cd346e7e848f64b400d0add235
SHA3 c712f0ad14f37355384c3d38030282747ae93c4c67a57fbd38ec4f91eaa07b8a
VirtualSize 0x57d
VirtualAddress 0x18000
SizeOfRawData 0x200
PointerToRawData 0x6200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.378684

.idata

MD5 2461f2e8a8278ae7c99726df350838ed
SHA1 6a930d00624335764578a99d7622c8e86be4787e
SHA256 810efeb4eab51ddd8ec0967a098f8a5a8d83070cbfa80ce1767168b47d6ca027
SHA3 7e58fa6607f8aa787509d4ce8572244f364293cecc5acf9de6b69fca9c6eb431
VirtualSize 0x8b6
VirtualAddress 0x19000
SizeOfRawData 0xa00
PointerToRawData 0x6400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 3.85563

.rsrc

MD5 c8b7d871bef20283eae3f4285bcfb7cf
SHA1 336dcf5d46f324205b68cff3eeba304c5cb22292
SHA256 ee8ce17693ae84822bb3ceb7a35c7dbc50b793818ea907e0dca14aaf0bb51ff1
SHA3 fecf7cb9bfb0f271a9ce6a41513ccfe669ae72e1fba8da476d615b1dc54373b9
VirtualSize 0x43c
VirtualAddress 0x1a000
SizeOfRawData 0x600
PointerToRawData 0x6e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.14043

.reloc

MD5 ba9b16bd3eb6b30092b1214ddd8f1061
SHA1 e3e533b8db2973062f961380107228463401f295
SHA256 9993afa9de1489a7ed92c9391ba467bd9e40fe373be0782ba1e9fc259d533cd9
SHA3 5f20ac72da9067b4b60e102eda44bba33ae129eeebb97c2908f6bfe90ec0d9ff
VirtualSize 0x501
VirtualAddress 0x1b000
SizeOfRawData 0x600
PointerToRawData 0x7400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 4.4751

Imports

USER32.dll MessageBoxW
MSVCR120D.dll __crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_dbg
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp_s
_except_handler4_common
wcscpy_s
_wmakepath_s
_wsplitpath_s
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_commode
_fmode
__initenv
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
_CrtSetCheckCount
_CrtDbgReportW
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_CRT_RTC_INITW
printf
_invoke_watson
KERNEL32.dll IsProcessorFeaturePresent
GetModuleFileNameW
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
DecodePointer
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExW
GetProcAddress
GetLastError
RaiseException
IsDebuggerPresent
EncodePointer
GetModuleHandleW

Delayed Imports

1

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x17d
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91161
MD5 1e4a89b11eae0fcf8bb5fdd5ec3b6f61
SHA1 4260284ce14278c397aaf6f389c1609b0ab0ce51
SHA256 4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df
SHA3 4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2016-Nov-03 02:50:18
Version 0.0
SizeofData 101
AddressOfRawData 0x16714
PointerToRawData 0x5714
Referenced File D:\黄凯乐\大二课件\逆向工程-范胖胖\CALL\Debug\函数调用.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics 0
TimeDateStamp 2016-Nov-03 02:50:18
Version 0.0
SizeofData 20
AddressOfRawData 0x1677c
PointerToRawData 0x577c

TLS Callbacks

Load Configuration

Size 0x48
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x418024
SEHandlerTable 0
SEHandlerCount 0

RICH Header

XOR Key 0x94818be9
Unmarked objects 0
221 (20806) 2
C objects (20806) 19
C++ objects (20806) 7
Imports (65501) 3
Imports (VS2008 SP1 build 30729) 2
Total imports 56
C++ objects (31010) 1
Resource objects (VS2013 build 21005) 1
Linker (31010) 1

Errors

[*] Warning: Section .textbss has a size of 0!
<-- -->