Manalyze report for 505665eec269d92cc7aee7fba0da01fd

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2022-Dec-07 22:09:48
Detected languages	English - United States
TLS Callbacks	1 callback(s) detected.
Debug artifacts	E:\Projects\RSAPatch\x64\Release\RSAPatch.pdb

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Uses Windows's Native API: NtProtectVirtualMemory NtQuerySection` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc`
Safe	VirusTotal score: 0/70 (Scanned on 2022-12-19 22:47:33)	`All the AVs think this file is safe.`

Hashes

MD5	`505665eec269d92cc7aee7fba0da01fd`
SHA1	`f9c199f7f668fcf2f93f1015cd6545687a5adfb4`
SHA256	`a975a8b113b702e30f9af6fd60f19376d3bf461192e852aa79fb443aaf573360`
SHA3	`fb4f27bce720eb37474cff0ea0a596e9791afd840b6405d25f30cab777d897dc`
SSDeep	`1536:+Bd+yJi/7TuwA8b+T09d8M8ToUF5TsC1fxgKTIIvL38tmckVPxIiTcsmDz:md+yJi/7Tuwl+Tk8M8rfsC1fxgKTPT8`
Imports Hash	`01e6e5a83c61376f6a8ddf4b21bb29bd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x110`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`8`
TimeDateStamp	2022-Dec-07 22:09:48
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0xb400`
SizeOfInitializedData	`0x9200`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000B3B0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x180000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1a000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`da65365f6db903974c22fa254e8cc756`
SHA1	`da79705bb5b9029c849f6c92045302bdff72ef25`
SHA256	`0fa4c1f3c984d6a2588944910adffecff935a1ae434bb5ea22bc6f8878bad734`
SHA3	`a908fc6e8a7e3f45cddf7c69bbea4a0d95ee76bba6da85fbd89e33a99ea48790`
VirtualSize	`0xb307`
VirtualAddress	`0x1000`
SizeOfRawData	`0xb400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.01179`

.rdata

MD5	`88d7d3f00b519e3fcd922ee8bdb35f1d`
SHA1	`dffee20625cca736fda84396efe30a88a8f0b066`
SHA256	`4142b9edd2da0eae02cda0676da097b0958fd560ff8509d6fa23959eba2bb38d`
SHA3	`a7642fbde8cc010ca40db7d69c88a546642d4f221b987567a9b68aa77e3571c5`
VirtualSize	`0x4bc6`
VirtualAddress	`0xd000`
SizeOfRawData	`0x4c00`
PointerToRawData	`0xb800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.90714`

.data

MD5	`07fa2ddf4f2477b5df16972243631851`
SHA1	`ac90f91dae120960d4ba0eb43ce2dbb0a2d71809`
SHA256	`18aba3e38ea119b562c73d0721233d51e2b64d8fad5ff016704fb5d2f8cac8b5`
SHA3	`bbf6a864cedcad0b9486e0e0141469cf60527f2801aa8edde99ab7c5a6bb4864`
VirtualSize	`0xb98`
VirtualAddress	`0x12000`
SizeOfRawData	`0x600`
PointerToRawData	`0x10400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.15482`

.pdata

MD5	`30cd18e6cea24548d4865948daf6abc8`
SHA1	`44dececa729be9f41bd4d56b7aac2794c04fabb6`
SHA256	`b217d8f8c50f00e84f5359aaff724c3925c2e84ca576e4bc58dbe8352ad8b1b7`
SHA3	`bcd5071a067e72c186dc5e07f023d60997b1e840ce7b421bdcd72f88be057761`
VirtualSize	`0xc24`
VirtualAddress	`0x13000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x10a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.1047`

.detourc

MD5	`aac2b658e6e167ae316959c59cf39192`
SHA1	`4b4f5efe46012c80aa1a73cc438e6408ded37ded`
SHA256	`810450f2c54584e7a0bfcc342e226c16953c54d2a21c81512c777218280f55fe`
SHA3	`15966f849efe38276d17380850c498e344b0508bef8b299fafd7e12ed55ce6bb`
VirtualSize	`0x21c0`
VirtualAddress	`0x14000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x11800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.72328`

.detourd

MD5	`edda25907019e5cc74c177f6952e5e4b`
SHA1	`7a4f78401ecb1ae9f682732465ae6077089ebb13`
SHA256	`67edb63255622d74f26750550ba3dd665fbccf95fd0ab08e4a26ba7d8ac3a162`
SHA3	`f4a44987a5bb73b0e511a980a6e46723e30252562c97bcd39a080b05991cde7d`
VirtualSize	`0x18`
VirtualAddress	`0x17000`
SizeOfRawData	`0x200`
PointerToRawData	`0x13a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.116115`

.rsrc

MD5	`c7a4e8ec050a078d37fff5197af953e2`
SHA1	`784777cf91f2e66d2365857920832d0aeb42b2f2`
SHA256	`0d3b93bdf46bf7f8f95b2d1f0a238f3fbc7a9febff472395d5b94c584dff2a9a`
SHA3	`efc3694772697746a97b725b084216e6d0148c7db1b1608bd6d592d64ad9e8da`
VirtualSize	`0x1e0`
VirtualAddress	`0x18000`
SizeOfRawData	`0x200`
PointerToRawData	`0x13c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7123`

.reloc

MD5	`771de7103cd332c79150601c64a0d076`
SHA1	`66ec0a5b202aec2ae119ca59ca9f5a0083734e63`
SHA256	`6547d72880af068243f72e441f767f0b6dadbffe763986cb95cb84c9b50713f5`
SHA3	`9d6a1a1a8c5e1cab9ca01ebfc60c3803f591c3a903c76547ae5cfc1e58a341f9`
VirtualSize	`0x51c`
VirtualAddress	`0x19000`
SizeOfRawData	`0x600`
PointerToRawData	`0x13e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`4.92176`

Imports

KERNEL32.dll	`GetModuleFileNameA` `VirtualProtect` `Sleep` `CreateFileA` `DisableThreadLibraryCalls` `CloseHandle` `CreateThread` `GetCurrentProcessId` `GetSystemDirectoryA` `LoadLibraryA` `GetProcAddress` `GetStdHandle` `WriteConsoleA` `SetConsoleMode` `GetModuleHandleA` `AttachConsole` `AllocConsole` `VirtualQuery` `VirtualFree` `VirtualAlloc` `FlushInstructionCache` `SetThreadContext` `GetThreadContext` `ResumeThread` `SuspendThread` `GetCurrentThreadId` `GetCurrentThread` `GetCurrentProcess` `GetLastError` `SetLastError` `GetCurrentDirectoryW` `AreFileApisANSI` `MultiByteToWideChar` `WideCharToMultiByte` `LocalFree` `FormatMessageA` `GetLocaleInfoEx` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `QueryPerformanceCounter` `GetSystemTimeAsFileTime` `InitializeSListHead`
USER32.dll	`EnumWindows` `GetWindowThreadProcessId` `GetClassNameA`
MSVCP140.dll	`?always_noconv@codecvt_base@std@@QEBA_NXZ` `?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `??1_Lockit@std@@QEAA@XZ` `??0_Lockit@std@@QEAA@H@Z` `?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ` `?_Xout_of_range@std@@YAXPEBD@Z` `?_Winerror_map@std@@YAHH@Z` `?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A` `?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z` `?id@?$ctype@D@std@@2V0locale@2@A` `?_Xlength_error@std@@YAXPEBD@Z` `?getloc@ios_base@std@@QEBA?AVlocale@2@XZ` `??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ` `??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z` `?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z` `?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ` `??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ` `?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ` `?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z` `?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ` `?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z` `?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z` `?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ` `?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z` `?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z` `??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z` `??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ` `??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ` `?_Syserror_map@std@@YAPEBDH@Z` `??Bid@locale@std@@QEAA_KXZ`
ntdll.dll	`NtProtectVirtualMemory` `NtQuerySection`
VCRUNTIME140_1.dll	`__CxxFrameHandler4`
VCRUNTIME140.dll	`__std_terminate` `__current_exception` `__std_exception_destroy` `__C_specific_handler` `memcpy` `memset` `__current_exception_context` `__std_type_info_destroy_list` `_CxxThrowException` `__std_exception_copy` `memmove`
api-ms-win-crt-stdio-l1-1-0.dll	`ungetc` `setvbuf` `fgetpos` `fread` `fwrite` `_get_stream_buffer_pointers` `__stdio_common_vsnprintf_s` `fsetpos` `fgetc` `fclose` `_fseeki64` `fputc` `fflush`
api-ms-win-crt-heap-l1-1-0.dll	`malloc` `free` `_callnewh`
api-ms-win-crt-runtime-l1-1-0.dll	`_initialize_narrow_environment` `_configure_narrow_argv` `_seh_filter_dll` `_initialize_onexit_table` `_register_onexit_function` `_execute_onexit_table` `terminate` `_crt_atexit` `_invalid_parameter_noinfo` `_initterm` `_cexit` `_invalid_parameter_noinfo_noreturn` `_initterm_e` `_errno`
api-ms-win-crt-filesystem-l1-1-0.dll	`_lock_file` `_unlock_file`
api-ms-win-crt-convert-l1-1-0.dll	`strtoul`
api-ms-win-crt-string-l1-1-0.dll	`strcmp`
api-ms-win-crt-locale-l1-1-0.dll	`___lc_codepage_func`

Delayed Imports

GetFileVersionInfoA

Ordinal	`1`
Address	`0x7150`

GetFileVersionInfoByHandle

Ordinal	`2`
Address	`0x7156`

GetFileVersionInfoExA

Ordinal	`3`
Address	`0x715c`

GetFileVersionInfoExW

Ordinal	`4`
Address	`0x7162`

GetFileVersionInfoSizeA

Ordinal	`5`
Address	`0x7168`

GetFileVersionInfoSizeExA

Ordinal	`6`
Address	`0x716e`

GetFileVersionInfoSizeExW

Ordinal	`7`
Address	`0x7174`

GetFileVersionInfoSizeW

Ordinal	`8`
Address	`0x717a`

GetFileVersionInfoW

Ordinal	`9`
Address	`0x7180`

VerFindFileA

Ordinal	`10`
Address	`0x7186`

VerFindFileW

Ordinal	`11`
Address	`0x718c`

VerInstallFileA

Ordinal	`12`
Address	`0x7192`

VerInstallFileW

Ordinal	`13`
Address	`0x7198`

VerLanguageNameA

Ordinal	`14`
Address	`0x719e`

VerLanguageNameW

Ordinal	`15`
Address	`0x71a4`

VerQueryValueA

Ordinal	`16`
Address	`0x71aa`

VerQueryValueW

Ordinal	`17`
Address	`0x71b0`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Dec-07 22:09:48
Version	`0.0`
SizeofData	`70`
AddressOfRawData	`0xecb0`
PointerToRawData	`0xd4b0`
Referenced File	E:\Projects\RSAPatch\x64\Release\RSAPatch.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-Dec-07 22:09:48
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0xecf8`
PointerToRawData	`0xd4f8`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Dec-07 22:09:48
Version	`0.0`
SizeofData	`912`
AddressOfRawData	`0xed0c`
PointerToRawData	`0xd50c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2022-Dec-07 22:09:48
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x18000f0c0`
EndAddressOfRawData	`0x18000f0c1`
AddressOfIndex	`0x180012494`
AddressOfCallbacks	`0x18000d508`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_1BYTES`
Callbacks	`0x0000000180004130`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x180012020`

RICH Header

XOR Key	`0x60587787`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`14`
C objects (31823)	`8`
ASM objects (31823)	`3`
C++ objects (31823)	`22`
Imports (31823)	`6`
C++ objects (VS2019 Update 7 (16.7.1) compiler 29111)	`3`
Imports (30795)	`7`
Total imports	`196`
C++ objects (LTCG) (31933)	`3`
ASM objects (VS2022 Update 3 (17.3.4-5) compiler 31630)	`1`
Exports (31933)	`1`
Resource objects (31933)	`1`
Linker (31933)	`1`

505665eec269d92cc7aee7fba0da01fd

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.detourc

.detourd

.rsrc

.reloc

Imports

Delayed Imports

GetFileVersionInfoA

GetFileVersionInfoByHandle

GetFileVersionInfoExA

GetFileVersionInfoExW

GetFileVersionInfoSizeA

GetFileVersionInfoSizeExA

GetFileVersionInfoSizeExW

GetFileVersionInfoSizeW

GetFileVersionInfoW

VerFindFileA

VerFindFileW

VerInstallFileA

VerInstallFileW

VerLanguageNameA

VerLanguageNameW

VerQueryValueA

VerQueryValueW

2

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors