Manalyze report for 429db63eb6937538f54dd94808a454df

Summary

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0` `MASM/TASM - sig1(h)`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW LoadLibraryW`
Info	The PE is digitally signed.	`Signer: ESET` `Issuer: VeriSign Class 3 Code Signing 2010 CA`
Safe	VirusTotal score: 0/68 (Scanned on 2021-03-27 06:22:29)	`All the AVs think this file is safe.`

MD5	`429db63eb6937538f54dd94808a454df`
SHA1	`ce52310c8517fe93d4f2487f77171f4e52237f6a`
SHA256	`e3ea2ca8a1ab8500c71cba1298a45efaf516a4d8f99e7f1c17db870c9aa344d9`
SHA3	`5e41e49542a7b47646ec04fc896ac43fcf4ba9825eb2c5afca3440c977ec4535`
SSDeep	`1536:LBVtJv96D5gs7cAsuPhCVvJmcTzRlPfsWjcda9/SdePgh2:LP96D5PvhSbPga9/seH`
Imports Hash	`f80e5dc4ae926d7197ff9faa3f5c4299`

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2017-May-26 12:36:00
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x10400`
SizeOfInitializedData	`0x8800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001CBD (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x12000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`0.0`
SubsystemVersion	`5.1`
Win32VersionValue	`0`
SizeOfImage	`0x1b000`
SizeOfHeaders	`0x400`
Checksum	`0x22067`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

MD5	`3f2f2055ffc88193b42df29e2b694f70`
SHA1	`0188d2c416cc0cf996f628823dff6740f7c3af65`
SHA256	`a6573d567fd8c589d3800a7b7743adabc06668eee45c2954e611882bc96f8932`
SHA3	`d4d1aa57a12e74e2b56267ebfc586608a3164e923c93c6abcff89b1e8a16b31a`
VirtualSize	`0x1039f`
VirtualAddress	`0x1000`
SizeOfRawData	`0x10400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.497`

MD5	`2e40f3c4355f583e246aa788473e17fe`
SHA1	`b48a240a6573232eecbc3fc7a230cda591c95033`
SHA256	`1bd781a0d6ab4a37b1b26fc7a2e49104785d6211e3ede657b80dc73734e1dfb0`
SHA3	`6742de0881ca0ed8c258fa92d20a3d4d72d1aa7feb36621b41cb5c05084b527f`
VirtualSize	`0x574c`
VirtualAddress	`0x12000`
SizeOfRawData	`0x5800`
PointerToRawData	`0x10800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.41937`

MD5	`df725c393b98e4ef2dd6cc8514be9bb0`
SHA1	`fd2258c9f1d5bc2d9c4e72241bee93c6c77f7a75`
SHA256	`850d2cffdd72c7935dc3dc11e5713a3878e06d562d2f2ec2da0b973560cddbfa`
SHA3	`7da622ebdcdfdc03c1a5ce2795214ed8269ad2b50ebdb477082d5e81f0d09c64`
VirtualSize	`0x2eb8`
VirtualAddress	`0x18000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x16000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.69527`

KERNEL32.dll	`ExitProcess` `IsDebuggerPresent` `GetStdHandle` `GetTickCount` `ReadConsoleA` `WriteConsoleA` `GetCommandLineA` `EncodePointer` `DecodePointer` `IsProcessorFeaturePresent` `GetLastError` `SetLastError` `InterlockedIncrement` `InterlockedDecrement` `GetCurrentThread` `GetCurrentThreadId` `GetModuleHandleExW` `GetProcAddress` `AreFileApisANSI` `MultiByteToWideChar` `WriteFile` `GetModuleFileNameW` `GetProcessHeap` `GetFileType` `InitializeCriticalSectionAndSpinCount` `DeleteCriticalSection` `GetStartupInfoW` `GetModuleFileNameA` `QueryPerformanceCounter` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `WideCharToMultiByte` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `GetModuleHandleW` `CreateSemaphoreW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCPInfo` `EnterCriticalSection` `LeaveCriticalSection` `FatalAppExitA` `HeapFree` `Sleep` `InterlockedExchange` `FreeLibrary` `LoadLibraryExW` `SetConsoleCtrlHandler` `OutputDebugStringW` `LoadLibraryW` `RtlUnwind` `GetStringTypeW` `HeapAlloc` `HeapReAlloc` `HeapSize` `GetDateFormatW` `GetTimeFormatW` `CompareStringW` `LCMapStringW` `GetLocaleInfoW` `IsValidLocale` `GetUserDefaultLCID` `EnumSystemLocalesW` `FlushFileBuffers` `GetConsoleCP` `GetConsoleMode` `SetStdHandle` `SetFilePointerEx` `WriteConsoleW` `CloseHandle` `CreateFileW`

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x418480`
SEHandlerTable	`0x416ba0`
SEHandlerCount	`3`