Manalyze report for 49b5c281283ab9f4f85ade3566aeae85

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1992-Jun-19 22:22:17
Detected languages	English - United States Hebrew - Israel

Plugin Output

Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32`
Info	The PE contains common functions which appear in legitimate applications.	`Possibly launches other programs: ShellExecuteA`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 1999-Sep-17 21:32:04`
Suspicious	The file contains overlay data.	`185 bytes of data starting at offset 0x7200.`
Suspicious	VirusTotal score: 2/72 (Scanned on 2025-09-15 16:25:58)	`Cylance: Unsafe` `Sophos: Patch Crack (PUA)`

Hashes

MD5	`49b5c281283ab9f4f85ade3566aeae85`
SHA1	`fe9ac5ab00c77840e5a0de81e66b886ae6948bdf`
SHA256	`0bca69d2b62a22fc2042153feab879d8735196d641aa71a6aff3c27383ffdbeb`
SHA3	`12e59c290f82729dca0569e07c017256e3cf3597dc741c7b34014a80fddc395c`
SSDeep	`768:fTZHqmKMv8BBd5lE/UaE2Zg5Ecki7FK97Vh:lHqmKI895lENE2ZgW19T`
Imports Hash	`37ce6f0c4fd82f094e4930a6db508bf9`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x4e00`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00005BE8 (Section: CODE)`
BaseOfCode	`0x1000`
BaseOfData	`0x6000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`1.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xd000`
SizeOfHeaders	`0x400`
Checksum	`0x1416d`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

CODE

MD5	`822f672e647cbac7fe23a72e3d059cdb`
SHA1	`ceb79bbcd2bfc07f366a64e1088f2b5631b6bd15`
SHA256	`fb4c41858751386b2c4b37191d13fb3aeaa2199c458296b164666535c700251c`
SHA3	`c8bf738ef72bb729fb5c63b030d176aa4156ba29c64db7f17396da81bd46baee`
VirtualSize	`0x4c88`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.43083`

DATA

MD5	`d359e1f149b1b595908d9a8582491e70`
SHA1	`1f7758b4bc34ed07c828419573a3a490e1b5f613`
SHA256	`b77f57a7f6ad82681014456a3355560d37df1a071a9f2addb355a87bfa482a20`
SHA3	`1d69c6c33bc08eb40307dd7b2052fa2b509c5a5d8908e8ba97db6251d7156978`
VirtualSize	`0x488`
VirtualAddress	`0x6000`
SizeOfRawData	`0x600`
PointerToRawData	`0x5200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.41321`

BSS

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x744`
VirtualAddress	`0x7000`
SizeOfRawData	`0`
PointerToRawData	`0x5800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`6372dba880061fc8541393be73e2caec`
SHA1	`93dc429c3c5fa363bee48d44ca38bf5461c9d72b`
SHA256	`c6779d3f45245f13a063fe7898f8e32a9577ef003e606331dc58430631b634c1`
SHA3	`31bf48f1563bd53f6a3d95159ae8639513543b6e0e69a76be24adf7cdcfa2140`
VirtualSize	`0x45e`
VirtualAddress	`0x8000`
SizeOfRawData	`0x600`
PointerToRawData	`0x5800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.51726`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x4`
VirtualAddress	`0x9000`
SizeOfRawData	`0`
PointerToRawData	`0x5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`cff87d96024acb2a8c9873f5600f0d23`
SHA1	`ade25e79dd7728c448888b2f7d4778ae51af201f`
SHA256	`ecea84906bb44efc18283c96774662213a8a2df2256c7f899266bb5c7d82e6c0`
SHA3	`0440b99c79c0e306ff5396e76e02b55d336acf6b356e73c12a0934e327a2a2c1`
VirtualSize	`0x18`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`0.204488`

.reloc

MD5	`6894410700d3ab024e9fce124dcfa139`
SHA1	`0921774f37d2d930f4b0f32e4119d881428bafd5`
SHA256	`6b95ac38139724f51dc11833080c088de092e772c65a20eaeac628c3c1b157ad`
SHA3	`5627c2ef825a97e54356b2f0410595a8a5c445ec48ee60800896cccb959dea4f`
VirtualSize	`0x408`
VirtualAddress	`0xb000`
SizeOfRawData	`0x600`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`5.13511`

.rsrc

MD5	`5a3875d12050b480ab0444f421f2a97e`
SHA1	`0966db60b43234b2e23ce9cb3bb3b955f71e9ed1`
SHA256	`18684f06db420d194359dcf994a7e1bb1669012dde1fd32db87949c815f40248`
SHA3	`9d56da90a0ed55a948e87bb0b75ec316d5aad3a8639ce34566b2a6a9056a0d89`
VirtualSize	`0xa0c`
VirtualAddress	`0xc000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x6600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`2.09472`

Imports

kernel32.dll	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `TlsSetValue` `TlsGetValue` `GetModuleHandleA` `GetModuleFileNameA` `GetLastError` `GetCommandLineA` `WriteFile` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `ExitProcess` `CreateFileA` `CloseHandle`
user32.dll	`MessageBoxA`
kernel32.dll (#2)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `TlsSetValue` `TlsGetValue` `GetModuleHandleA` `GetModuleFileNameA` `GetLastError` `GetCommandLineA` `WriteFile` `SetFilePointer` `SetEndOfFile` `RtlUnwind` `ReadFile` `RaiseException` `GetStdHandle` `GetFileSize` `GetFileType` `ExitProcess` `CreateFileA` `CloseHandle`
user32.dll (#2)	`MessageBoxA`
shell32.dll	`ShellExecuteA` `DragQueryFileA`
comdlg32.dll	`GetOpenFileNameA`

Delayed Imports

1

Type	`RT_ICON`
Language	Hebrew - Israel
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.65483`
MD5	`20c23b4f85e9a499a3d55fdc6c90e461`
SHA1	`76150833598f964fd51253fb0d01145f99efeed1`
SHA256	`722900a72eb43fcf7078b4a558d0f587923060b66bf2f6c92fe750ff64fe2668`
SHA3	`a62f35efe3bca0cc6584ab45312e8a6bc821e51ebe39554818bc48f01a937f53`

100

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x214`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19154`
MD5	`7b453e50909f15ac7bdfa1cde3acca43`
SHA1	`9726b668adea87cb0363557a6ce1d9fb3d8c38b5`
SHA256	`77aa62b35838000bd5e821167532a281b58dc2b814bd54d1d374bb2bb1fa21ca`
SHA3	`5c97191f103ed4ec4a96fc78cdf09837cd0f10629cad2f97e02dd1ad63aacd40`

63

Type	`RT_STRING`
Language	Hebrew - Israel
Codepage	UNKNOWN
Size	`0x38`
TimeDateStamp	1999-Sep-17 21:32:04
Entropy	`1.4979`
MD5	`6da83147ba6a0f4089bd32d623ba6fd7`
SHA1	`4c6fcc9d3691eed7e7ed6f3872b6bfc9f060cf5d`
SHA256	`d678eaffb88667928a131815433f383976433adb0e5829301464046a834e05b7`
SHA3	`73031b78bcb8b5da3a1b3aedbc5c4f8b6461791a0c21237d2c7db4fad05f1379`

MAINICON

Type	`RT_GROUP_ICON`
Language	Hebrew - Israel
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1999-Sep-17 21:32:04
Entropy	`2.16096`
Detected Filetype	Icon file
MD5	`d473b9c14fb701790117b6c1f43f99ef`
SHA1	`468da282e565bb368e3d665fbd10c351c787e948`
SHA256	`5f978ca21c8dd80772b74473db9f1cbaeb417a1a6ae02c506e3ef7a57b04a718`
SHA3	`6bf93e9d3467d1c0c3155dc57ebcee70cfbda0dd93e567574727e7f10b777abc`

String Table contents

@._P-DATA_.@

Version Info

TLS Callbacks

StartAddressOfRawData	`0x409000`
EndAddressOfRawData	`0x409004`
AddressOfIndex	`0x4073c8`
AddressOfCallbacks	`0x40a010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0!
[*] Warning: Section .tls has a size of 0!