Manalyze report for 4b1d5ec11b2b5db046233a28dba73b83

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2008-Mar-14 01:42:55
Detected languages	English - United States
FileDescription	QuickSFV Application
FileVersion	`2, 3, 6, 0`
InternalName	QuickSFV
LegalCopyright	Copyright (C) 2008
OriginalFilename	QuickSFV.exe
ProductName	QuickSFV Application
ProductVersion	`2, 3, 6, 0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: PayPal.com hotmail.com http://www.paypal.com http://www.quicksfv.org https://order.kagi.com https://order.kagi.com/?LWP order.kagi.com paypal.com quicksfv.org www.paypal.com www.quicksfv.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to MD5`
Suspicious	The PE is possibly packed.	`Unusual section name found: .text2`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Possibly launches other programs: ShellExecuteA`
Malicious	VirusTotal score: 4/72 (Scanned on 2026-02-21 21:53:35)	`APEX: Malicious` `Jiangmin: Packed.Krap.gwhv` `MaxSecure: Trojan.Malware.331160341.susgen` `Webroot: W32.Malware.Gen`

Hashes

MD5	`4b1d5ec11b2b5db046233a28dba73b83`
SHA1	`3a4e464d3602957f3527727ea62876902b451511`
SHA256	`a6371461da7439f4ef7008ed53331209747cba960b85c70a902d46451247a29c`
SHA3	`ed1ae4d1da14d3d8ca476863a40020e6c51921261e020b563a6875ea82ebe1bc`
SSDeep	`1536:lYfzZTBgMtgBKOX8eXDfRQpDm63htpmKvEZfn0X8u165J+S0YKxjy1:liVTBTgQOX80I59VJ165J+S0YKx+1`
Imports Hash	`a82b0a037498afa9656fbab30b7e5107`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2008-Mar-14 01:42:55
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x12600`
SizeOfInitializedData	`0x6a00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000A6DC (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x15000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x82f000`
SizeOfHeaders	`0x400`
Checksum	`0x22ba8`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`565da30732e0decbc7aef929bd4b844f`
SHA1	`bd7a3dcaa561194dd978118e3e224c18a80ba923`
SHA256	`89b3c13667a6555007f360609ef611942e03164bd77ba5a48cd37dae6554108b`
SHA3	`08a723efcb099e2a89a44067de5f5b21de37fffa6ebe4bfad6609f3d6e5d161d`
VirtualSize	`0x112a6`
VirtualAddress	`0x1000`
SizeOfRawData	`0x11400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.54325`

.text2

MD5	`9af0a97c8e80e552f64e59afa70bd08c`
SHA1	`6770fb334abb1baf5390540ae999e1a48ae98b45`
SHA256	`0ac237fb54eef5cf5b56eeccfd23856a4aee46db42eb19407186c7363c7d20e7`
SHA3	`04495b1e211c1c72880a9844d3ca1c529fdecde6b3924be17cb797f77d5ee98c`
VirtualSize	`0x1076`
VirtualAddress	`0x13000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x11800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.61036`

.rdata

MD5	`ad539db3feec4269e14eacad6ad92fad`
SHA1	`07ab7e733970bb58f8ae4490b941a62356e9292e`
SHA256	`294bea7065ac05186815586717464e4eba5476bc30826a4e612d8c49f1ceec90`
SHA3	`1591b70407f56f84c0f4ae096aa3672e1cb1eda1574fe0d037ef7a6e66759bd1`
VirtualSize	`0x368a`
VirtualAddress	`0x15000`
SizeOfRawData	`0x3800`
PointerToRawData	`0x12a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.41931`

.data

MD5	`20a60b73259f8c40617f3efc9896083b`
SHA1	`8e7f46692ebaf4ed448d822f6ef67688b287139d`
SHA256	`3f1d83286a48ec175d19081c6641c2f7f94fceea1c807101ef501b5d218af4d5`
SHA3	`e783027b4f22e14ab862612e753ed66afdae73b4a8fb816431b46e3ea98ff916`
VirtualSize	`0x813e90`
VirtualAddress	`0x19000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x16200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.74213`

.rsrc

MD5	`d7c5cd95f8c8cbc1cd01fbfdc389895e`
SHA1	`9e94554d2dcd42af0d2a6180aefc2289a0d106bd`
SHA256	`9edd64116ea102de76fc78ebb2827e614eb78a6cea75f5382abe7f837e888c5e`
SHA3	`8e013f172cc03f95363bd3d5c2d27f73f686b86f98c381b48f03619ef4b62d08`
VirtualSize	`0x1a5c`
VirtualAddress	`0x82d000`
SizeOfRawData	`0x1c00`
PointerToRawData	`0x17800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.99338`

Imports

COMCTL32.dll	`ImageList_Add` `ImageList_Create` `#17` `ImageList_GetImageCount`
KERNEL32.dll	`FindNextFileA` `FindFirstFileA` `GetLastError` `CreateFileA` `WaitForMultipleObjects` `ReadFile` `MapViewOfFile` `CreateThread` `CreateEventA` `CreateSemaphoreA` `GetVersionExA` `WriteFile` `CreateDirectoryA` `GetCurrentDirectoryA` `SetEndOfFile` `SetFilePointer` `DeleteFileA` `WritePrivateProfileStringA` `GlobalUnlock` `GlobalLock` `FreeLibrary` `GetProcAddress` `LoadLibraryA` `GetPrivateProfileStringA` `VirtualAlloc` `InitializeCriticalSection` `DeleteCriticalSection` `LeaveCriticalSection` `VirtualFree` `EnterCriticalSection` `WideCharToMultiByte` `GetFileTime` `Sleep` `ResetEvent` `SetCurrentDirectoryA` `GetTickCount` `GetSystemTimeAsFileTime` `GetModuleFileNameA` `HeapSize` `WriteConsoleW` `GetConsoleOutputCP` `WriteConsoleA` `LocalFree` `InitializeCriticalSectionAndSpinCount` `FindClose` `GetLocaleInfoA` `GetStringTypeW` `GetStringTypeA` `FlushFileBuffers` `GetConsoleMode` `GetConsoleCP` `SetStdHandle` `GetCurrentProcessId` `QueryPerformanceCounter` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `GetEnvironmentStrings` `FreeEnvironmentStringsA` `LCMapStringW` `MultiByteToWideChar` `LCMapStringA` `ExitProcess` `HeapCreate` `HeapReAlloc` `RtlUnwind` `GetFileType` `GetStdHandle` `SetHandleCount` `GetCurrentThreadId` `SetLastError` `TlsFree` `TlsSetValue` `TlsAlloc` `TlsGetValue` `GetModuleHandleW` `IsValidCodePage` `GetOEMCP` `GetACP` `InterlockedDecrement` `InterlockedIncrement` `GetCPInfo` `HeapFree` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `GetStartupInfoA` `GetCommandLineA` `GetFileSize` `CreateFileMappingA` `ReleaseSemaphore` `UnmapViewOfFile` `SetEvent` `WaitForSingleObject` `CloseHandle` `LocalAlloc` `lstrlenA` `lstrcpyA` `GlobalAlloc` `GlobalFree` `HeapAlloc` `MoveFileA`
USER32.dll	`EndPaint` `SetWindowLongA` `DefWindowProcA` `WindowFromPoint` `KillTimer` `GetParent` `SetTimer` `GetDesktopWindow` `IsWindow` `SetWindowTextA` `MsgWaitForMultipleObjects` `PeekMessageA` `TranslateMessage` `DispatchMessageA` `LoadIconA` `RegisterClassA` `LoadMenuA` `SetWindowPlacement` `LoadBitmapA` `AppendMenuA` `ReleaseCapture` `EnableMenuItem` `GetCursorPos` `TrackPopupMenu` `SetCapture` `CallWindowProcA` `PostMessageA` `OpenClipboard` `EmptyClipboard` `SetClipboardData` `CloseClipboard` `GetSystemMenu` `CheckMenuItem` `DialogBoxParamA` `GetWindowPlacement` `MoveWindow` `GetSysColor` `MessageBeep` `InvalidateRect` `SetFocus` `GetMenu` `EndDialog` `GetSystemMetrics` `GetDlgItemTextA` `GetDlgItem` `ShowWindow` `DestroyWindow` `DestroyMenu` `wvsprintfA` `GetWindowRect` `SendMessageA` `wsprintfA` `MessageBoxA` `GetDC` `ReleaseDC` `CreateWindowExA` `GetClientRect` `LoadCursorA` `RegisterClassExA` `UnregisterClassA` `GetWindowLongA` `BeginPaint` `CreatePopupMenu`
GDI32.dll	`MoveToEx` `LineTo` `SetBkColor` `TextOutA` `CreateFontA` `GetTextExtentPoint32A` `SetTextColor` `SetBkMode` `SelectObject` `ExtTextOutA` `DeleteObject` `GetStockObject`
COMDLG32.dll	`GetOpenFileNameA` `CommDlgExtendedError`
SHELL32.dll	`SHBrowseForFolderA` `ShellExecuteA` `SHGetPathFromIDListA` `SHGetMalloc`
ole32.dll	`CoUninitialize` `CoInitialize`

Delayed Imports

IMAGES

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xa28`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.90007`
MD5	`6ec6677f1d34703c05dc2546651fabf7`
SHA1	`6a4fd1c27ebe0a3bc9f803b56cbc6a5347e6fe5f`
SHA256	`e1370b06630f8ffc4f1ad5e28e810bce91b837e9d794c69d5a68ddebc7643849`
SHA3	`c148f8cd13a5ac5a106ad8a56b1e74f757aca902eac70a1c5eaab0f131f86b6b`
Preview

MASKIMAGES

Type	`RT_BITMAP`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0xf0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.58671`
MD5	`13f9601d6e0bc660bbdc5863ef132232`
SHA1	`27b40b18386637717a1075f2d3af7eb6613a9d42`
SHA256	`b8cde1ab43843454f9303c5a2bfd069c415fd0f4c29655809ca6e06b4efff997`
SHA3	`497df9bc730151456008692beee926b5779e14932f8a82770cf5cb9107220395`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03398`
MD5	`a8312a953ca88a074bc5d35444ffb93d`
SHA1	`2380eab7c87793e8517c34ef34b12d8d218e97e2`
SHA256	`2372e9eb0667ae1d6ad2d25c4bcdf0c626c13fc0c353dd322869e3249812212a`
SHA3	`e468cc502f9a8a319dd19a262fa6625ca53e75947c576001431f2112d48ed46e`

2

Type	`RT_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.4305`
MD5	`b0d0dee90d13f349b18e83e9bb044962`
SHA1	`e5c54d701324f3fa3ad2eff9947cf61d0b06d950`
SHA256	`45a29f9b138f2f3e00dc5a857e09589914b46800e5bc5b7230f153fe1f3fadc5`
SHA3	`78f023b6fe0842fccd474c90f16d8709809fe15c75e347dbc1ee0ada13680b0a`

109

Type	`RT_MENU`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x86`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.94666`
MD5	`702930994dd29583a0dbe4ef3d833158`
SHA1	`5f0363bd9f116071f82c5f7ae90c254d23deede7`
SHA256	`175563bfa8f2a7587d4c4754075111beee90516c4af01c9d452878ed0264e0cc`
SHA3	`85d1ff1b54ac5b2c71cd5019f341788531d69001761f8ec4aa69103b64fb1a43`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x3ea`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.63238`
MD5	`a815f7654ca0925ef2ba0949271d590f`
SHA1	`77b15670156a7628d15d4130ca98d76284150960`
SHA256	`d213a19cac6d5db062c6f52e15dba3f66cc077a9736c56e55244f2282f7cd3e6`
SHA3	`f1f2e2de99cd51b06450fac484ecf88f1641bd56ec9a35549d0025a9f2443d93`

101

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.37086`
Detected Filetype	Icon file
MD5	`d59e0d372ea5fd8c1f4de744376a6af4`
SHA1	`6883ce60e71a83424db0b41d0ab6bf61080e3de2`
SHA256	`b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b`
SHA3	`5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x2b4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.3954`
MD5	`c662a9e76b92294efe200fb59dfbce37`
SHA1	`0eea0935f4945f8fa9d57976a60cad442dde2c7d`
SHA256	`69ea6ab5b939c2c3100c12bc095b8ffcb3bd401a2dcd16142fa1e5c239489b39`
SHA3	`ac012db015f779d36a33157c6339b68c42900631b9409c806ea89634d184b3e4`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x15a`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.79597`
MD5	`24d3b502e1846356b0263f945ddd5529`
SHA1	`bac45b86a9c48fc3756a46809c101570d349737d`
SHA256	`49a60be4b95b6d30da355a0c124af82b35000bce8f24f957d1c09ead47544a1e`
SHA3	`1244ed60820da52dc4b53880ec48e3b587dbdbd9545f01fa2b1c0fcfea1d5e9e`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	2.3.6.0
ProductVersion	2.3.6.0
FileFlags	`(EMPTY)`
FileOs	`(EMPTY)`
FileType	`VFT_APP`
Language	English - United States
FileDescription	QuickSFV Application
FileVersion (#2)	2, 3, 6, 0
InternalName	QuickSFV
LegalCopyright	Copyright (C) 2008
OriginalFilename	QuickSFV.exe
ProductName	QuickSFV Application
ProductVersion (#2)	2, 3, 6, 0

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xf9407ce5`
Unmarked objects	`0`
Unmarked objects (#2)	`3`
150 (20413)	`2`
C++ objects (VS2008 build 21022)	`36`
ASM objects (VS2008 build 21022)	`19`
Imports (VS2012 build 50727 / VS2005 build 50727)	`15`
Total imports	`208`
C objects (VS2008 build 21022)	`123`
Linker (VS2008 build 21022)	`1`
Resource objects (VS2008 build 21022)	`1`

4b1d5ec11b2b5db046233a28dba73b83

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.text2

.rdata

.data

.rsrc

Imports

Delayed Imports

IMAGES

MASKIMAGES

1

2

109

103

101

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors