Manalyze report for 5061a77301d50013f898ed39dd25dc24

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2099-Dec-22 09:17:56
Comments	Designated For CCU
CompanyName
FileDescription	CCU Diskless Tools
FileVersion	`6.0.1.1`
InternalName	CCU Diskless Tools.exe
LegalCopyright	Reiggie Resurreccion © 2025
LegalTrademarks
OriginalFilename	CCU Diskless Tools.exe
ProductName	CCU Diskless Tools
ProductVersion	`6.0.1.1`
Assembly Version	6.0.1.1

Plugin Output

Info	Interesting strings found in the binary:	`Contains domain names: crl.symauth.com http://pki-crl.symauth.com http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07 http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crl0 http://pki-ocsp.symauth.com0 pki-crl.symauth.com symauth.com`
Suspicious	The PE is possibly packed.	`Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Unusual section name found:` `Section is both writable and executable.` `Section .data is both writable and executable.`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCloseKey` `Possibly launches other programs: ShellExecuteA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`5061a77301d50013f898ed39dd25dc24`
SHA1	`b154f820c45b90b610053b80b854b6c91ca675a5`
SHA256	`316ab93771581a543456d20d6be0e58954b37dd3a3f3fcb72db2dcbad7374f60`
SHA3	`5fafff77cc9a2f9652c47ca6b886faca4150af16ecafbcf19da4ab14b8894da0`
SSDeep	`393216:d6BdD8OfS8HjfP2HIEJs+wuFNmZQzKdH7S:d6w3H9m+jNMc`
Imports Hash	`2e5467cba76f44a088d39f78c5e807b6`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`6`
TimeDateStamp	2099-Dec-22 09:17:56
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`48.0`
SizeOfCode	`0x14c6c00`
SizeOfInitializedData	`0x3ee00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x01EF8778 (Section: .data)`
BaseOfCode	`0x2000`
BaseOfData	`0x14ca000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1efc000`
SizeOfHeaders	`0x2000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x200000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

Section_1

MD5	`40792cb1dcc97ccf951c3c8cc6fc4312`
SHA1	`cb74464904fb5705ae9eb0dc2a4f9238295fe216`
SHA256	`27addfee5292a4053ff2d6aa19511fec3cc60493c8b58c7370f711b569761700`
SHA3	`87db9f5b2309e08f9d4c9b61b8bbf505f0244a283795a00706de3d53d749f62e`
VirtualSize	`0x14c8000`
VirtualAddress	`0x2000`
SizeOfRawData	`0xa71600`
PointerToRawData	`0x2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99998`

Section_2

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x40000`
VirtualAddress	`0x14ca000`
SizeOfRawData	`0`
PointerToRawData	`0xa73600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

Section_3

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x2000`
VirtualAddress	`0x150a000`
SizeOfRawData	`0`
PointerToRawData	`0xa73600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rsrc

MD5	`006c5f9554daeea197f4b6e34f93bd0c`
SHA1	`ad62cb3432c05b37864e645386c48bd1b1570fa6`
SHA256	`511656d537302447cf8f40bdadcca55b11f9c1707b59de32b6eb6dfccde73466`
SHA3	`a0d8a64b49952c6557dcddc269c65af98844cc92c2cc54755a74ba24cca17fd3`
VirtualSize	`0x40000`
VirtualAddress	`0x150c000`
SizeOfRawData	`0x3ec00`
PointerToRawData	`0xa73600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.0949`

Section_5

MD5	`6b826c8ff547cceae2d319b082174bef`
SHA1	`b64e33e764f76e17f72ef7ba62a2f275be0e5958`
SHA256	`aa7683de895ca18ed279818d5f36e96806c9b6590b31ce4ef3b6abee495d04e6`
SHA3	`4d14023d5d381b85a5a258c51bd80fa9950203208f8a5dbd8c89bf793e9e5de4`
VirtualSize	`0x79a000`
VirtualAddress	`0x154c000`
SizeOfRawData	`0x32800`
PointerToRawData	`0xab2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.99881`

.data

MD5	`e00d06bf727ff40c131a6102e4302d1f`
SHA1	`0192e633db77c6e9fe05132987cd7f3e9dc0024e`
SHA256	`4cbb690b81bd0ca71ce1a705dd30821f641f757dce4ab4492e2cb55efec3db25`
SHA3	`4dd419149783133356119c868636e7482ebc2bfd9c0a1e11b40210f6a8840f8b`
VirtualSize	`0x216000`
VirtualAddress	`0x1ce6000`
SizeOfRawData	`0x215400`
PointerToRawData	`0xae4a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`7.98073`

Imports

kernel32.dll	`GetModuleHandleA` `GetProcAddress` `ExitProcess` `LoadLibraryA`
user32.dll	`MessageBoxA`
advapi32.dll	`RegCloseKey`
oleaut32.dll	`SysFreeString`
gdi32.dll	`CreateFontA`
shell32.dll	`ShellExecuteA`
version.dll	`GetFileVersionInfoA`
mscoree.dll	`_CorExeMain`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.86713`
MD5	`bd6d360e6cba45fcca270fa71ae5c30d`
SHA1	`8212da4122b99a368984094ae3e76e2bc0c83a5c`
SHA256	`162ede4f9ad669bb34f79f7ea57a8095fef7ed91b118f81c500749d1e308f952`
SHA3	`948dc19fb2de2a4c3b24ce7d8b64fa68758fb03ef1d024ee2c2f1618316b5be1`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.94507`
MD5	`d586a6bba4ee7c936aebfd9109c215be`
SHA1	`121a6bd22f1df9b98bcbd3c0de77b657f932cf06`
SHA256	`531937e99b5c39e50296adfd26f80c0cdd8bb6e563b83c819dbec3294c55754b`
SHA3	`edee76edc82848e655885867705a18bbb7a0bb20806836f0e8831a84c40266aa`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.90552`
MD5	`6324188e3f1d62356fceb9388e9c37c4`
SHA1	`decca6acaa0d7b746bc0da07d1cad2b0e8782a42`
SHA256	`c49b975609d7827c1cec4051ea4a9b96423c0c841e26f4aea05617bd9bfde6ef`
SHA3	`2be3ed970673f8fcf5defad827a4d3af3579b4c223713a2601ee09f252b28db2`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.61125`
MD5	`da22fe48377fcef44fb8534d613d0564`
SHA1	`63b6da366d06134d4a7bc7f11f642bd19f922746`
SHA256	`ee3258fec7c32081b893809c68e331cbf7826ad356ea492c399a7e69121a702c`
SHA3	`331837ae49b74bee557da8ed2d31b3044bb319c93949f4d23a691a3eb73ac8e3`

5

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.47164`
MD5	`7fffe9ff2c9ea76346330bdd520a1cce`
SHA1	`153ec644cd7b209f74c679217a689ba3f4579f25`
SHA256	`3d2159780d2c43fb594a3fcde29fedd4de124a43910dd9da4c98b8d9bdfaea6c`
SHA3	`835b600f406df98ad457f0143444839d41db7187bb7d7451e5b84a1ccc907fa4`

6

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x5488`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.34199`
MD5	`6d9acf1693fb15c593f1a9ee006abcb9`
SHA1	`26f3033ba95f05dd67181b826aad37007a561bc5`
SHA256	`2c29a8cc2d04f283737af6d3f9f655c5c0c26bf173bbf356f400141d39b978ba`
SHA3	`a9cc5af31287315c2365bfd6a5d17834e3962f69ec442dbd65da8e08c3409f04`

7

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x94a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.18564`
MD5	`afa566a227c13b471cec358126c32d99`
SHA1	`bb50a5e52f10a639d4e40551146e2cfcabe1e1df`
SHA256	`d8e0cd8035dd943c68d2665ad4b6e6a8373a09f31024a6c3a063ba1c1ed77214`
SHA3	`c2abb4a166f6eec0d9a1da8a5ac33c1cd0b8ef567934298138c6d272525b9402`

8

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10828`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`6.00524`
MD5	`77aac4be9e75035a2ba4c696518fefac`
SHA1	`7c4b55691b2f88ab7cfa2537a00164f8dfc4be99`
SHA256	`6c874bdebbd628310ef70695ac6d3c9ba84b156d5d78b55e56a8b7bf83195c74`
SHA3	`6990d85c576e3aa6a684a87bcc7d07ffedaeda2bc50ec53950917ee91aad7ef1`

9

Type	`RT_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x15fdc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.99031`
Detected Filetype	PNG graphic file
MD5	`53ebea819aabd55a5307c012ed5ceb7c`
SHA1	`2ca94f8f8cc10ea9d241693ac772a2ac0b4ff74a`
SHA256	`733539bae350cb37b3d0904e13c7b8f2d0bb61603bdc5b4660c42583ce1195cf`
SHA3	`f746a4b37b8137599d7ec0ec4d2ddc821e80189b7bbae2d5fbfebee6ca9ff3d7`

32512

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x84`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.05309`
Detected Filetype	Icon file
MD5	`f2c64e6219ac091472cfcd8725e9cfaf`
SHA1	`0b6316ae3807fa2c846c75b6831796be5b84c08d`
SHA256	`6f98cc2fdfc13ee943607401e44198f49377d9ba9088cb8e5ced30caa6f8ae2b`
SHA3	`ef5ac235b9298b04d73ff695586d67dedaec6ace730f6911672b955fcd0192db`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x3a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.32286`
MD5	`ceb22251c2d623baa80d7e0d89cdf30a`
SHA1	`426fe71a472bf2a7cb97bd7eee3d8a8691f5d304`
SHA256	`dfe72c904334e3c8255d6ddcf9d0441c76b9e39265a6038e09f7af32f6c07dae`
SHA3	`fda99033267b1c72d7a3e6aa79b40f98d0b21fc84fc005604d5542bc2cf9f6bd`

1 (#3)

Type	`RT_MANIFEST`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0xd53`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.01752`
MD5	`a99c09dbd4a65da324e2d732f5351786`
SHA1	`164d3ec47c9487bd42d9ec580fb730a61dc156d7`
SHA256	`59c778ad5af1032a264960d8cf35e7b4226e9ab5d1d9cbe91d4f93b347768b88`
SHA3	`5e12a029662dd5cc2e838e5e40d2e0715685e718c429233ccb2e35881abdd4e6`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	6.0.1.1
ProductVersion	6.0.1.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
Comments	Designated For CCU
CompanyName
FileDescription	CCU Diskless Tools
FileVersion (#2)	6.0.1.1
InternalName	CCU Diskless Tools.exe
LegalCopyright	Reiggie Resurreccion © 2025
LegalTrademarks
OriginalFilename	CCU Diskless Tools.exe
ProductName	CCU Diskless Tools
ProductVersion (#2)	6.0.1.1
Assembly Version	6.0.1.1

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors

[!] Error: Could not read the exported DLL name.
[*] Warning: Section  has a size of 0!
[*] Warning: Section  has a size of 0!