Manalyze report for 4b40bf2ee7928b0417447365d66fe7bd

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2023-Mar-09 01:31:07
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 8.0` `MASM/TASM - sig1(h)`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`4b40bf2ee7928b0417447365d66fe7bd`
SHA1	`0d0361936e378cb39e188fe8dbf05b1a98163353`
SHA256	`41bebe130bdefc1865c5821c3352330b5f249f2208e37d95ebbefe66361ffe9b`
SHA3	`7dd9c41af51b75c610a5cd9524ccb175574ab3d6126392dee43fb28440b25970`
SSDeep	`384:f5EX1SuTYQKHiKE58AtK3A0CGkpWr3Fv:f5buzqiKE58AtkLdksLF`
Imports Hash	`3166de3a9dd46a6eb1ccc5007cc718a2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2023-Mar-09 01:31:07
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1600`
SizeOfInitializedData	`0x3800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000019A0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xa000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`f40c15a94e837b238582dcbf45b39a11`
SHA1	`9ed4b3370773f2f9538e93de4d909126937e3b8d`
SHA256	`14d1c205c00f86d8ae785ae668e2901cf23c4b488138b57e66e776f6e184a70b`
SHA3	`0905e7bd5b6235005e13923e6e8244ae8ffcd0a3b4e7eea977400fa9c330e3e5`
VirtualSize	`0x148c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.92816`

.rdata

MD5	`9de0ee21915ef0585152fdae06e19b46`
SHA1	`efbf37d0b90ef26a78003077e5b4670077fa3fd5`
SHA256	`530c48424c2b8fadc39d9d79d8b90aabe37ffac03eb9f69b3b25905e6af0460d`
SHA3	`dc31982b397e7c1482accbfef8f00dce31deed17bf074fc1f03b05bbfeb81577`
VirtualSize	`0x1220`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1400`
PointerToRawData	`0x1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.73239`

.data

MD5	`918dfccd72ba392dcd782903c66d54e8`
SHA1	`4e5456a377089979b190952fece670305a098f7a`
SHA256	`ccf3b4e1bacc7203deb53405bd6ce69cfe0339d123b0f920e54711a65093d350`
SHA3	`3f43a380b0c176acbd9567cc1ef5c858460810da014d9ac5b9381ecceb4a7325`
VirtualSize	`0x1c78`
VirtualAddress	`0x5000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x2e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`6.15077`

.pdata

MD5	`a92ee833b3f03c74eacdb780eac3a88e`
SHA1	`50dc3e6f89fa1d61f1fdb47d2ea02d22bc027cfa`
SHA256	`f8f9cef1901d4f9296cc359a3e265bf1d10e8c21dfc80378a8bc8241b5a8ecac`
SHA3	`82596cb3eb4557b0816650100afc50515591b2e9639e1d94eec1e1278a56f72e`
VirtualSize	`0x1b0`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.35835`

.rsrc

MD5	`004d0e678e525ffdfdb49f756c3148c6`
SHA1	`1118e9c2f4604b941d1c0463afa525395d86a754`
SHA256	`e42f4c332ad3da929ebeb2e30afff6fdb3dc348f16b47a31a7ee08b7e091bc48`
SHA3	`9e257ba83c0cde061588f85f85b71c5cee609ca3eceb7cab57495dba54837eb5`
VirtualSize	`0x1e0`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.69612`

.reloc

MD5	`7d77fbf0a643bace91342776e970478a`
SHA1	`2c00d00e1da2c9390f72edb69be1507f97e7aec1`
SHA256	`436fef9f9f9ea6cbf22a133b8da1f877df18a41deab1285de8016e87899fcc23`
SHA3	`757a798fc50e43fe930ca576cfe29783bca677fa23a76dd19825872149155a4c`
VirtualSize	`0x3c`
VirtualAddress	`0x9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x4a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.884786`

Imports

KERNEL32.DLL	`ReadFile` `FindFirstFileW` `GetCurrentProcess` `WriteFile` `FindNextFileA` `OpenFile` `FindClose` `GetModuleHandleA` `CloseHandle` `GetFileSize` `IsDebuggerPresent` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `RtlCaptureContext` `TerminateProcess` `GetModuleHandleW` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode` `malloc`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-runtime-l1-1-0.dll	`_register_onexit_function` `terminate` `exit` `_register_thread_local_exe_atexit_callback` `_initialize_onexit_table` `_cexit` `_c_exit` `__p___argc` `_crt_atexit` `_exit` `_initterm_e` `_initterm` `_get_initial_narrow_environment` `_initialize_narrow_environment` `_configure_narrow_argv` `__p___argv` `_set_app_type` `_seh_filter_exe`
api-ms-win-crt-stdio-l1-1-0.dll	`__p__commode` `_set_fmode`
VCRUNTIME140.dll	`__C_specific_handler` `__current_exception` `__current_exception_context` `memset` `memcpy`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x140003980`
EndAddressOfRawData	`0x140003981`
AddressOfIndex	`0x140006660`
AddressOfCallbacks	`0x140003258`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_1BYTES`
Callbacks	`0x0000000140001060`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140005008`

RICH Header

XOR Key	`0xce54cb14`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
Imports (31935)	`2`
C++ objects (31935)	`20`
C objects (31935)	`10`
ASM objects (31935)	`3`
Imports (29395)	`3`
Total imports	`58`
C objects (LTCG) (32215)	`1`
Resource objects (32215)	`1`
Linker (32215)	`1`

4b40bf2ee7928b0417447365d66fe7bd

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors