Manalyze report for 484bb9faab3fe338b9578f85d4d3c028

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2004-Sep-14 06:41:04
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++` `Microsoft Visual C++ v6.0` `Microsoft Visual C++ v5.0/v6.0 (MFC)`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Possibly launches other programs: CreateProcessA` `Can create temporary files: CreateFileA GetTempPathA`
Suspicious	The file contains overlay data.	`911725 bytes of data starting at offset 0xb000.` `The overlay data has an entropy of 7.9998 and is possibly compressed or encrypted.` `Overlay data amounts for 95.2909% of the executable.`
Safe	VirusTotal score: 0/72 (Scanned on 2019-04-04 19:50:44)	`All the AVs think this file is safe.`

Hashes

MD5	`484bb9faab3fe338b9578f85d4d3c028`
SHA1	`0021cc8addcb30772ffd84380957a978669e11a7`
SHA256	`edf099fd901068d5ceb60de7d3a271f60d2f077828ddb6a5bec2b42b0bfe1be0`
SHA3	`43d5f5760fd84c7a2ec1eb9a4fce71bfbe4f183d48cf8bd702a9cc569b75a92d`
SSDeep	`24576:xtrADEKXE/F9+SiqtwW7xbKtjYpFK2nwU5MMd9w:x5ADEKU/+S4B2p9+`
Imports Hash	`e5f3e9f33555d0472d5821f30d52316d`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xd8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2004-Sep-14 06:41:04
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`6.0`
SizeOfCode	`0x5000`
SizeOfInitializedData	`0x13000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000289F (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x6000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x19000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2d4b742be24c010042598d7b7b2d5505`
SHA1	`a022d23cc883aca9bff868de5389adb4df1c7677`
SHA256	`29e40f1d1911096c131e3b9dad60cf8e8ffcec1c0f47d345c44e4b3c758e8821`
SHA3	`7730021cdb131aa36f3fece8939da8e9968f8297405b38b19f1b0fa2168d3e36`
VirtualSize	`0x4984`
VirtualAddress	`0x1000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.3916`

.rdata

MD5	`19a96a1d9cf1694b38c0436aeeb24156`
SHA1	`a0c55dc34c2806e664ea52cb432fb2321705bbdc`
SHA256	`be37a803037ac225b793f1dcc2819203f04af7000ac5fb586e48822e40519bec`
SHA3	`db2ce2561ee7083a8bb6e79c30d99924030097449aac52ee767d1bd089bc1bcf`
VirtualSize	`0x9f2`
VirtualAddress	`0x6000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.82704`

.data

MD5	`13a5ebe38e73392ca486fa1e0ba34db6`
SHA1	`ca7f02ba26331a648370cefa24eecb9878f9748a`
SHA256	`9233a2abb5fed52bed1bb84aaa9792773dbb2293266f1be4cf3dd7302c6b543d`
SHA3	`f0b70d3820353d1732298619b2cc2e954400a54ac0dbe8557615765668e2548e`
VirtualSize	`0x1047c`
VirtualAddress	`0x7000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x7000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.550084`

.rsrc

MD5	`4ab7e4f3b33180c44a971eca24007b41`
SHA1	`5a2a3fad3651d8f4d778941802c6ef2dd1c61b5e`
SHA256	`e8d19a30ce4f01388cd04e096fcbebbbb270c1dc39c27cd35a801841e8ea5880`
SHA3	`993f1aff5331745812c2929993dc3c4593f2037a7fe79e5672caec65d60eb34b`
VirtualSize	`0x620`
VirtualAddress	`0x18000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.45058`

Imports

KERNEL32.dll	`RtlUnwind` `SetFilePointer` `GetFileSize` `CreateFileA` `CloseHandle` `SetFileTime` `DosDateTimeToFileTime` `WriteFile` `lstrlenA` `lstrcatA` `lstrcpyA` `DeleteFileA` `WaitForSingleObject` `CreateProcessA` `Sleep` `GetTempPathA` `GetTickCount` `GetModuleFileNameA` `GetEnvironmentStrings` `GetEnvironmentStringsW` `GetStringTypeA` `LCMapStringW` `GetStringTypeW` `MultiByteToWideChar` `LoadLibraryA` `LCMapStringA` `GetModuleHandleA` `GetStartupInfoA` `GetCommandLineA` `GetVersion` `ExitProcess` `ReadFile` `HeapAlloc` `HeapFree` `TerminateProcess` `GetCurrentProcess` `UnhandledExceptionFilter` `FreeEnvironmentStringsA` `FreeEnvironmentStringsW` `WideCharToMultiByte` `HeapCreate` `VirtualFree` `SetHandleCount` `GetStdHandle` `GetFileType` `GetEnvironmentVariableA` `GetVersionExA` `HeapDestroy` `VirtualAlloc` `HeapReAlloc` `GetOEMCP` `GetCPInfo` `GetACP` `GetProcAddress`
USER32.dll	`GetSystemMetrics` `SendMessageA` `LoadImageA` `CreateDialogParamA` `wsprintfA` `DestroyWindow` `MessageBoxA`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76364`
MD5	`457b0a5c078eb97cecea2885213379a4`
SHA1	`9094a73491c8a939e11f4a7edfd5f121b42418ce`
SHA256	`c07a2fd539d3867b5d9fcc84d4c871ca5e05e268180403ab0581ff621d0b34ec`
SHA3	`01217674ce7727476656f2f31a781a94db6f1a3ef4a7683a0c552651efab836e`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.21155`
MD5	`eaad99262c606cbad0143959b9d206f0`
SHA1	`c0294efe9704168200399274635f475193423005`
SHA256	`cc0bfc61b399f1cb52d80aab37fd52386d2903b76c45092cc22eaf32422ef0db`
SHA3	`5eb08eafebcc9c7cd94452387bf86b700b9829d6eb415a37c31ca5b257ab994e`

104

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xc8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19532`
MD5	`ea23434e4fda6f5db98ca4a6d4a24d6c`
SHA1	`6b53252c30b2bc219f79ef412a83bf6093cb0bde`
SHA256	`266b1886f2a6d2ed42409bf9f1b7efbd983e0b865243afcab143fa9c267a5b51`
SHA3	`94ba5f1fd61c1f15455ba5c90b1d93e3a31e0398fcfc0124f6d2f2cf7ac2f207`

103

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

Version Info

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x8a66067d`
Unmarked objects	`0`
C++ objects (8047)	`3`
14 (7299)	`14`
C objects (8047)	`27`
19 (8034)	`5`
Total imports	`62`
C++ objects (VC++ 6.0 SP5 build 8804)	`2`
Resource objects (VS98 SP6 cvtres build 1736)	`1`

484bb9faab3fe338b9578f85d4d3c028

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

2

104

103

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors