Manalyze report for 3f851a393e300c3da7e786cf7c164dbc083d98e90e01248169becf2de805b222

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Apr-09 17:48:40
Detected languages	English - United States
Debug artifacts	E:\r\ws\St_Make\code\build\win\results\Release\info\CaptiveAppEntry.vc2015.pdb

Plugin Output

Info	Interesting strings found in the binary:	Contains domain names: adobe.com http://www.adobe.com http://www.adobe.com/go/getair http://www.adobe.com/go/getair, http://www.adobe.com/go/getair. http://www.adobe.com/go/getair_br http://www.adobe.com/go/getair_cn http://www.adobe.com/go/getair_cz http://www.adobe.com/go/getair_de http://www.adobe.com/go/getair_es, http://www.adobe.com/go/getair_fr http://www.adobe.com/go/getair_it http://www.adobe.com/go/getair_jp http://www.adobe.com/go/getair_kr http://www.adobe.com/go/getair_nl http://www.adobe.com/go/getair_pl http://www.adobe.com/go/getair_ru http://www.adobe.com/go/getair_se http://www.adobe.com/go/getair_tr www.adobe.com
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryW LoadLibraryExW`
Safe	VirusTotal score: 0/67 (Scanned on 2021-09-03 07:15:45)	`All the AVs think this file is safe.`

Hashes

MD5	`852fdf05d7a5e002415ba1728e52f646`
SHA1	`67c2a767130d73f05f6dd2e58d2989e16eae7b54`
SHA256	`3f851a393e300c3da7e786cf7c164dbc083d98e90e01248169becf2de805b222`
SHA3	`120a9c30c160595e9e5933d20101c1a268cb7df9413b9a8e6a049aa06b61dc40`
SSDeep	`3072:f569XWkwazEmk+a/k+DewA3U1MIv1uVSK62:cRwaIJ+glDsUvCF`
Imports Hash	`7404853f9a2768583879ed766d465f38`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x108`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2018-Apr-09 17:48:40
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xa000`
SizeOfInitializedData	`0x21200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001660 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x2f000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f59b35c83ac338080f353398f687a0a3`
SHA1	`b6c5706375d5d28d17aed16569bd3733c167775c`
SHA256	`b092cbb2d89cccb68caf52c6db205d28d5bf2534c3a52b60b86dc110d4ff5d38`
SHA3	`1bd7406fbe970227dc953bff24a7275e9a1a207a29fdb21fa038f36be32cc330`
VirtualSize	`0x9f8e`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.37696`

.rdata

MD5	`9bbd9bdbf451426149404239141ff5d4`
SHA1	`c2df9bad6d98f38cc989f62f455b2190a44f2d7e`
SHA256	`2c6240b879eeade5e59757171aac01fe04f721fc37e4fd2cf696c8566849db2e`
SHA3	`ade65a8740a288e242255e0e1184fa54b87b52b1a32feac73f04f24933fa3391`
VirtualSize	`0xa71a`
VirtualAddress	`0xb000`
SizeOfRawData	`0xa800`
PointerToRawData	`0xa400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7171`

.data

MD5	`84624c9262c1062544130e0399a1f80b`
SHA1	`33d2259f6b516dea5d408111037377eb24723791`
SHA256	`8de290c71eb17fe6b83408002ab86b17f270bf7e93462f82f92874a83eaa5cbb`
SHA3	`378d1318267a2defc588c2679fff361381fa257b4673b13a029e5bd9e58836f0`
VirtualSize	`0x1d20`
VirtualAddress	`0x16000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x14c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.24695`

.pdata

MD5	`7f76aad04c337b8d982c7acfa08b8a45`
SHA1	`16905d1505ef4668f5bc2364eb59adbbe57876f5`
SHA256	`e058312b80df7a4eec9564298e324b7ad1246d8e48ce3b6b2b325e5f9a7d5d9e`
SHA3	`b4f251a3273e2b82780f97a275879b265bcbb57f9ff3885028058a2978fff419`
VirtualSize	`0xc0c`
VirtualAddress	`0x18000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x15800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.30241`

.rsrc

MD5	`2fa5a01ece4a4ec9d683feb23ce4ba0b`
SHA1	`4c1834b927bda2a2bac51e9ea77449d17817e0b3`
SHA256	`28b49a62d59582c31d54bdac491ee97ec2bd5c0a576486da0b0e91fdaccca363`
SHA3	`c412807a597354a18cb584e4e2f275aeb922984f7b0d5f10d3f3b3a7efcdea87`
VirtualSize	`0x147d0`
VirtualAddress	`0x19000`
SizeOfRawData	`0x14800`
PointerToRawData	`0x16600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.23299`

.reloc

MD5	`00fba9071132e899e8655c9528b757a8`
SHA1	`f67f1ff68cac481bd4a01cb1901044f06d57798c`
SHA256	`99a0f91035aba466805000cc44b0eeb8373bc5e9cab5d5160676d1119c17a445`
SHA3	`b14b0e59e59d70075d3ca74fe1290b3b2b26fb01696cceb241e24dae94dfc71d`
VirtualSize	`0x688`
VirtualAddress	`0x2e000`
SizeOfRawData	`0x800`
PointerToRawData	`0x2ae00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.90206`

Imports

KERNEL32.dll	`SetStdHandle` `WriteConsoleW` `GetProcAddress` `ExitProcess` `HeapAlloc` `GetProcessHeap` `GetModuleHandleW` `LoadLibraryW` `GetFileAttributesW` `CreateFileW` `GetUserDefaultUILanguage` `GetModuleFileNameW` `GetStdHandle` `GetCommandLineW` `RaiseException` `SetFilePointerEx` `HeapReAlloc` `HeapSize` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `IsDebuggerPresent` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetStartupInfoW` `IsProcessorFeaturePresent` `WriteFile` `CloseHandle` `InitializeCriticalSection` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `MultiByteToWideChar` `WideCharToMultiByte` `RtlUnwindEx` `GetLastError` `SetLastError` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `GetFileType` `GetCurrentProcess` `GetModuleFileNameA` `TerminateProcess` `GetModuleHandleExW` `GetACP` `LCMapStringW` `FindClose` `FindFirstFileExA` `FindNextFileA` `IsValidCodePage` `GetOEMCP` `GetCPInfo` `GetCommandLineA` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetStringTypeW` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `HeapFree`
SHELL32.dll	`CommandLineToArgvW`
USER32.dll	`MessageBoxExW`
SHLWAPI.dll	`StrCmpW`

Delayed Imports

AmdPowerXpressRequestBetterBatteryLife

Ordinal	`1`
Address	`0x16900`

NvOptimusDisablement

Ordinal	`2`
Address	`0x16904`

101

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.18541`
MD5	`b809b51017418c4208e1f8c7cf39be29`
SHA1	`8f9a1c082199c26061f19ab0a5bd0d03f9a446e5`
SHA256	`85f2591aeb2bdfd44425e88d62bc2402649cbc748b0ee52bcc4477838e039d81`
SHA3	`7b7128f70721bc86de508cbc2e2bc87d78ea8751e1988ef509403daade04a86c`

102

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.14477`
MD5	`9fcfb8f482947b2ba3dada8e1cc50ff8`
SHA1	`7b2e11fbef96cad52388a870a640ed6d74541dab`
SHA256	`4638ee98ac71792f902011685dc13e3adf22e37a8c9abc72d9ab16e0a6faad58`
SHA3	`3d716df187ae3ccf84f8aeff2d8ea058a7adbf5f540fbf0d48eb2dd9de7750ad`

103

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.14702`
MD5	`fdbb3ac0c4795858edf47f5d12acf790`
SHA1	`616e46cce3d31a282ad5265ec0a25767cf605433`
SHA256	`7ebbb9a6d2b5e5210a797a292c4b0c4ab0754b3fe69ec9b787c0719ffba89fc6`
SHA3	`ffecb9d8f9c0a1c7d35354b1cedb514560d9d102be454ea30fcf031ec930525c`

104

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.16076`
MD5	`4983b73e294deee8227b7c2288b705b1`
SHA1	`a9a83de1dc67d8305c12291a71c15eeaee8f6d23`
SHA256	`d41a80f22c4a5fb01ade63bfb23ff38e9ee16ae856f2680601578a16137fc42b`
SHA3	`6f832a0c9f2ea6b2ae75dd1bcb594bd7c812a8659a4a8b652f9d68e94fd43bd2`

100

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.7388`
Detected Filetype	Icon file
MD5	`81e8efcd40d2ddcbe1a98693bc3f8ba6`
SHA1	`d3bdbc717a91a2d2f80c0f9f0a098e6f419d1d79`
SHA256	`6c1f96b69088b607d5ea4158e382add4e3fdaa983c00b2a853d3ec2f6f74d525`
SHA3	`0ee99b81c606e04532a9057210b7ec5a43a4917f46c9117e42832d58173c6c3f`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x336`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.3298`
MD5	`73faacbcdc7822a038c4e3786814611d`
SHA1	`287208b33c407a0b361d0ce2767111875e20a9f3`
SHA256	`411d4b3df3807e19bca735fd7415be9bbbfa9a87293a2d16bc53dda75845e50f`
SHA3	`0b3da7eac75b1a2f67eeda09933c30f1ff2415251fcfab020566826e9a344c08`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2018-Apr-09 17:48:40
Version	`0.0`
SizeofData	`103`
AddressOfRawData	`0x140c8`
PointerToRawData	`0x134c8`
Referenced File	E:\r\ws\St_Make\code\build\win\results\Release\info\CaptiveAppEntry.vc2015.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2018-Apr-09 17:48:40
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x14130`
PointerToRawData	`0x13530`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2018-Apr-09 17:48:40
Version	`0.0`
SizeofData	`776`
AddressOfRawData	`0x14144`
PointerToRawData	`0x13544`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2018-Apr-09 17:48:40
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x94`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140016018`
GuardCFCheckFunctionPointer	`5368754792`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x84a4a60a`
Unmarked objects	`0`
241 (40116)	`5`
243 (40116)	`125`
242 (40116)	`14`
C++ objects (24233)	`2`
ASM objects (VS2015 UPD3 build 24123)	`7`
C++ objects (VS2015 UPD3 build 24123)	`28`
C objects (VS2015 UPD3 build 24123)	`18`
Imports (65501)	`15`
Total imports	`132`
C++ objects (LTCG) (24233)	`1`
Exports (24233)	`1`
Resource objects (VS2015 UPD3 build 24210)	`1`
Linker (24233)	`1`

Errors

Leave a comment

No comments yet.