Manalyze report for 500ce2907b26f14de8a7c71cb7b189c6

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2001-Jun-11 09:27:16
Debug artifacts	AppVIntegration.pdb

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: http://schemas.microsoft.com http://schemas.microsoft.com/appv/2010/manifest http://schemas.microsoft.com/appv/2013/manifest http://schemas.microsoft.com/appv/2014/manifest http://schemas.microsoft.com/appv/2019/manifest http://schemas.microsoft.com/appx/2010/manifest http://xml.org microsoft.com schemas.microsoft.com`
Suspicious	The PE is possibly packed.	`The PE only has 0 import(s).`
Info	No VirusTotal score.	`A scan of the file is currently queued.`

Hashes

MD5	`500ce2907b26f14de8a7c71cb7b189c6`
SHA1	`e2c07e683a6b68352b381ab91e65eff81f9e8b86`
SHA256	`5341e9312b6e24d224f26b08d55dc2883cef46ab7ec04a0a7a7b7b2997e6c773`
SHA3	`cd3192f45b57a14be2bb3d232d3d6fca2c64b18f9fc0b6b5d94452e3e8c9b353`
SSDeep	`24576:oKrR3Z38Dk/DcfLNVfGxk2n3jJXP4LGSrfr62Ro0cC1:oKrR358YLchVuxk+3j9cr62Ro0cC1`
Imports Hash	`d41d8cd98f00b204e9800998ecf8427e`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2001-Jun-11 09:27:16
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xef000`
SizeOfInitializedData	`0xa3000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00000000000D4910 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`6.1`
Win32VersionValue	`0`
SizeOfImage	`0x193000`
SizeOfHeaders	`0x1000`
Checksum	`0x19dbb4`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x40000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`fc19ff297db61b95b662dfdbbf7e0008`
SHA1	`44a98f00613d5f704de5e7804738253ebd5a83a8`
SHA256	`2ca23cfcbc99bcaca7c2d865a164127cece0d0d016affc95b3ce8413be048998`
SHA3	`781bbe0ef5f1b4004fc276cc81fd9692de7e44a9aac6636b177c107a9701c0c2`
VirtualSize	`0xee8a6`
VirtualAddress	`0x1000`
SizeOfRawData	`0xef000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.36082`

.rdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x840f6`
VirtualAddress	`0xf0000`
SizeOfRawData	`0x85000`
PointerToRawData	`0xf0000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.data

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xfe20`
VirtualAddress	`0x175000`
SizeOfRawData	`0xf000`
PointerToRawData	`0x175000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.pdata

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x9ed0`
VirtualAddress	`0x185000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x184000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.rsrc

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x430`
VirtualAddress	`0x18f000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x18e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0`

.reloc

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2ff8`
VirtualAddress	`0x190000`
SizeOfRawData	`0x3000`
PointerToRawData	`0x18f000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0`

Imports

Delayed Imports

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2001-Jun-11 09:27:16
Version	`0.0`
SizeofData	`44`
AddressOfRawData	`0x148e34`
PointerToRawData	`0x148e34`
Referenced File	AppVIntegration.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2001-Jun-11 09:27:16
Version	`0.0`
SizeofData	`1100`
AddressOfRawData	`0x148e60`
PointerToRawData	`0x148e60`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2001-Jun-11 09:27:16
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x1492ac`
PointerToRawData	`0x1492ac`

UNKNOWN (#2)

Characteristics	`0`
TimeDateStamp	2001-Jun-11 09:27:16
Version	`0.0`
SizeofData	`4`
AddressOfRawData	`0x1492d0`
PointerToRawData	`0x1492d0`

TLS Callbacks

StartAddressOfRawData	`0x1801492f8`
EndAddressOfRawData	`0x180149300`
AddressOfIndex	`0x180183b30`
AddressOfCallbacks	`0x1800fbb08`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1801810b0`
GuardCFCheckFunctionPointer	`6443479080`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x13d48d37`
Unmarked objects	`0`
Imports (29395)	`26`
Imports (VS2008 SP1 build 30729)	`11`
Total imports	`1398`
C objects (29395)	`15`
ASM objects (29395)	`4`
C++ objects (29395)	`26`
Exports (29395)	`1`
264 (29395)	`162`
253 (29395)	`2`
Resource objects (29395)	`1`
Linker (29395)	`1`

Errors

[!] Error: Could not read an import's name.
[*] Warning: IMAGE_EXPORT_DIRECTORY field Characteristics is reserved and should be 0!
[!] Error: Could not read the exported DLL name.
[!] Error: Could not read an IMAGE_RESOURCE_DIRECTORY.
[!] Error: Could not read an IMAGE_BASE_RELOCATION!
[*] Warning: Could not read a WIN_CERTIFICATE's header.
[*] Warning: Section .rdata is larger than the executable!
[*] Warning: Section .rdata is larger than the executable!
[*] Warning: Section .data is larger than the executable!
[*] Warning: Section .data is larger than the executable!
[*] Warning: Section .pdata is larger than the executable!
[*] Warning: Section .pdata is larger than the executable!
[*] Warning: Section .rsrc is larger than the executable!
[*] Warning: Section .rsrc is larger than the executable!
[*] Warning: Section .reloc is larger than the executable!
[*] Warning: Section .reloc is larger than the executable!
[*] Warning: Section .rdata is larger than the executable!
[*] Warning: Section .data is larger than the executable!
[*] Warning: Section .pdata is larger than the executable!
[*] Warning: Section .rsrc is larger than the executable!
[*] Warning: Section .reloc is larger than the executable!