Manalyze report for 523e79b01ba600ca612f901dcbd679351826f9b6abd9ff2e4ce888c0040034cf

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Aug-02 19:46:28
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig2(h)`
Suspicious	PEiD Signature:	`FASM 1.5x` `FASM v1.5x`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryW GetProcAddress` `Can take screenshots: CreateCompatibleDC BitBlt GetDC`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`2d3ce84126ea427cb7de6cca6f542007`
SHA1	`5dcd99255aecb8ee885ca5c71ef29c2d74930698`
SHA256	`523e79b01ba600ca612f901dcbd679351826f9b6abd9ff2e4ce888c0040034cf`
SHA3	`d870383467f81b9efc40767e56fa213a11e3d3f30c1e519512e373578d8af867`
SSDeep	`1536:om76qXZa2XkNrx43JEBRJLLVFFKJSzHoMSU+qLTnLtbIVbA+04xRUxkwxImyLLO:dQVMkfHjzH/SXqLTnLRIa+31oHq`
Imports Hash	`3534cc4a5235eb62d7721297550cf36b`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2018-Aug-02 19:46:28
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0xbc00`
SizeOfInitializedData	`0xee00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001000 (Section: .code)`
BaseOfCode	`0x1000`
BaseOfData	`0xd000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x1d000`
SizeOfHeaders	`0x1000`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.code

MD5	`a95a70711a82596701e1eee0d07b0d3d`
SHA1	`e562cd550b4082237f6797efac03f950e230f43f`
SHA256	`2553a2cc6cf26a2c36dbad00133ddf646664b6abd2d61f52559f7f45bf90e8ed`
SHA3	`ea8f3f34944fcf01a41aa47169fdffa884a9f683c6f47e587cb9a0a6508ecf61`
VirtualSize	`0x1000`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`4.96182`

.text

MD5	`3894409ba0eb53d099769ebdf5916d47`
SHA1	`e9e55ad31975716c2dd90a29b8af9b1bbe9690b2`
SHA256	`2d3cc069cac5671626bdae33c4de9eafc49030838267e9ae7736ca80e82f38e2`
SHA3	`f0d5cea42ee5cd719780996938505531bbe8f9c56614ecf2db9cfaf998c4b2db`
VirtualSize	`0xaacd`
VirtualAddress	`0x2000`
SizeOfRawData	`0xac00`
PointerToRawData	`0x1400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.52606`

.rdata

MD5	`5689a20d9ea4182508be1241fd166b66`
SHA1	`c929cd2588556f1d640b199a633bb58b240375b6`
SHA256	`6c19f5de2b478b9bc2b0a29c3b33211e19fb604cf287b53f145690187ebce1b1`
SHA3	`2201057130d36856abccbec2336240c4b67237e5df9b909fcb6a208b41e909ce`
VirtualSize	`0x3ec`
VirtualAddress	`0xd000`
SizeOfRawData	`0x400`
PointerToRawData	`0xc000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.67896`

.data

MD5	`bf60e00ddf976f76c4bf14c69521caa3`
SHA1	`0db9455bd340c43cf3d57eeeb65ca9788dddacea`
SHA256	`8b6f4f42e8bb9ceaf7b69e3fb949dacd1052c9ef00803dd3e2014b6d483a2b4b`
SHA3	`f4a19e1a82f54a9661c244bf25f4fa7a375183abb75cfd0f83edb25f955f127a`
VirtualSize	`0x19dc`
VirtualAddress	`0xe000`
SizeOfRawData	`0x1400`
PointerToRawData	`0xc400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.44826`

.rsrc

MD5	`acbfa25fa7ccd414a37e7f5e8d5db2e6`
SHA1	`b7346f088f5da7be53b2b76f8ef41b438edde9b2`
SHA256	`d70c138d90db77b1274fe988fb49790370daa174e99a8bb2a7cb8b835ed56eeb`
SHA3	`daccbd41740eb46cc547b0ce80772a32f0244497d82b4c0374980c17d6217464`
VirtualSize	`0xce5c`
VirtualAddress	`0x10000`
SizeOfRawData	`0xd000`
PointerToRawData	`0xd800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.0958`

Imports

KERNEL32.DLL	`GetModuleHandleW` `HeapCreate` `HeapDestroy` `ExitProcess` `HeapFree` `HeapAlloc` `InitializeCriticalSection` `HeapReAlloc` `LoadLibraryW` `GetProcAddress` `FreeLibrary` `EnterCriticalSection` `LeaveCriticalSection` `GetCurrentProcessId` `SetLastError` `GetVersionExW` `CreateFileW` `GetFileSize` `ReadFile` `CloseHandle` `GlobalFree` `GlobalAlloc` `WriteFile` `DeleteFileW` `TlsAlloc` `DeleteCriticalSection` `InterlockedCompareExchange` `Sleep` `InterlockedExchange`
COMCTL32.DLL	`InitCommonControlsEx` `ImageList_Replace` `ImageList_Add` `ImageList_ReplaceIcon` `ImageList_Remove` `ImageList_AddMasked` `ImageList_Destroy` `ImageList_Create`
GDI32.DLL	`GetStockObject` `GetObjectType` `GetObjectW` `DeleteObject` `SetBkColor` `SetTextColor` `SelectObject` `GetTextExtentPoint32W` `CreateCompatibleBitmap` `CreateDCW` `CreateCompatibleDC` `DeleteDC` `SetStretchBltMode` `StretchBlt` `CreateSolidBrush` `GetDeviceCaps` `CreateBitmap` `SetPixel` `CreateDIBSection` `GetDIBits` `BitBlt`
gdiplus.dll	`GdipDeleteFont` `GdipDeleteGraphics` `GdipDeletePath` `GdipDeleteMatrix` `GdipDeletePen` `GdipDeleteStringFormat` `GdipFree` `GdipGetDpiX` `GdipGetDpiY`
MSVCRT.dll	`memset` `_CIlog` `wcslen` `wcsncmp` `wcscmp` `fabs` `malloc` `free` `ceil` `floor` `memcpy` `fseek` `ftell` `fread` `fclose` `pow` `??3@YAXPAX@Z` `_wcsnicmp` `wcsncpy` `_wcsdup` `_wcsicmp` `tolower` `wcscpy` `_vsnwprintf`
OLE32.DLL	`RevokeDragDrop`
USER32.DLL	`DestroyWindow` `GetWindowLongW` `GetIconInfo` `SetWindowPos` `InvalidateRect` `UpdateWindow` `RedrawWindow` `CallWindowProcW` `ReleaseCapture` `BeginPaint` `DrawStateW` `EndPaint` `SetCapture` `GetWindowRect` `ScreenToClient` `SendMessageW` `GetSystemMetrics` `CreateWindowExW` `SetWindowLongW` `ValidateRect` `GetParent` `MapWindowPoints` `IsWindowEnabled` `GetSysColor` `GetSysColorBrush` `GetDC` `ReleaseDC` `GetWindowTextLengthW` `GetWindowTextW` `GetWindow` `SetWindowTextW` `SetRect` `DrawTextW` `GetPropW` `RemovePropW` `DefWindowProcW` `SetPropW` `MoveWindow` `FillRect` `SetActiveWindow` `DestroyIcon` `LoadIconW` `LoadCursorW` `PeekMessageW` `MsgWaitForMultipleObjects` `GetMessageW` `GetActiveWindow` `TranslateAcceleratorW` `TranslateMessage` `DispatchMessageW` `RegisterClassW` `AdjustWindowRectEx` `ShowWindow` `CreateAcceleratorTableW` `UnregisterClassW` `IsWindowVisible` `SetFocus` `GetFocus` `GetKeyState` `GetClassNameW` `GetWindowThreadProcessId` `IsChild` `EnumChildWindows` `DefFrameProcW` `GetClientRect` `DestroyAcceleratorTable` `PostMessageW` `CreateIconFromResourceEx` `CreateIconFromResource` `RegisterWindowMessageW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2018-Aug-02 19:46:28
Entropy	`4.09049`
MD5	`de2b3728bed331940d6755d446621765`
SHA1	`1da65333786159c85d649d75a26e58e09d3f9d19`
SHA256	`6c191688bc4e7782fe68fbfedee7652084d51d7c7dbf734ce5a1f62d7bdf6df0`
SHA3	`4fa0466425ac7a45352684c9b6a2e1d8d78003bc3205dccde562e0f08b4764c1`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	2018-Aug-02 19:46:28
Entropy	`3.43556`
MD5	`63e4f6a65f4473e38f1f301b030f74db`
SHA1	`6d88975a2cd09526c4d96139236f8a4ce2c8b0a2`
SHA256	`d8d6ba4d7c404cf255916bb8630cdc78f01c24d11203ab22f60d12606005d9fc`
SHA3	`fa73656f1b46a65391ada11f60181670cb71e74cdd1679b969062215a4e9c818`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	2018-Aug-02 19:46:28
Entropy	`6.12942`
MD5	`4897ec165b05a2d72162e0367069c3ad`
SHA1	`8181ab1c44f50359f0a2521f5c3e45079db8499c`
SHA256	`cb73b80e8b186692e608ccec96bbc1552a77ee4600df81b4f306571c6715e07e`
SHA3	`b544114d71559db8b990e97ae13597ad0f2b0585069cb8c63e967745b28c6320`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	2018-Aug-02 19:46:28
Entropy	`6.48229`
MD5	`6c0a6964ac89a2c1eb3b8b650d9441c5`
SHA1	`749d0ab4f6b606f7ca9fc664195706840ef012de`
SHA256	`7165d6577183b7e642b6215fc3fa4ca3d79a0da80de8f53de13d44e0b94b24ea`
SHA3	`09abc6185185ec0d87c1ccc4fb5aef7d5e2e73f83a448694e572c9f5c3fa863d`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	2018-Aug-02 19:46:28
Entropy	`6.26813`
MD5	`2f0551050145539b1d89f581ce110fab`
SHA1	`7c9a9a9b23e6af79257e77e8d581fc07d6eaf193`
SHA256	`7c2e4f23259263e499f02501320b0d01f9b3bf02da5a68f7db7175f1e755cd78`
SHA3	`f21ca66aa0bbaf811e03f50bb3bfcd804fb2dad1a094b218ffd0e44b9cea630b`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4228`
TimeDateStamp	2018-Aug-02 19:46:28
Entropy	`5.79834`
MD5	`8f544cc0fd5fe2be79b0b83c38c30ca8`
SHA1	`646aff51878ffc1b9ed455e23833bbf0a597649e`
SHA256	`354ee8bc98e685f573f8607e565c99be27bc8c6c006ef15c421b3ff63761fd1a`
SHA3	`1fc4bea6c95774f1e3d18d966185177be871a2c40beec79295d475218963fe36`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	2018-Aug-02 19:46:28
Entropy	`5.8232`
MD5	`6eb382b440dc2e1d13ca1dea53bfb911`
SHA1	`89cc584606f870b78772987d3d5135c7959ba157`
SHA256	`cd38dcaf2c4b9706ea2b0b2bb10bf0cdb5e89d40dc02598d36a43325033fc75f`
SHA3	`ec5bb0bc209417c2249cc8e85c2720b961351d5b1d9cc0ced8e4078f5ff0568c`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1a68`
TimeDateStamp	2018-Aug-02 19:46:28
Entropy	`5.88037`
MD5	`c5b80b2fbce14b1cc51f97f5e739eefb`
SHA1	`ab0a71a3eeb841b73e7202b51a738f7a8f0e2ef5`
SHA256	`e79b7d60871550fc7d73a0550257c608516edf07e388997ff0f6956e06685653`
SHA3	`4f5c30e42cb90911cb49055340dfc75443ed2c955e185f3bf01af4d7c47f1484`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	2018-Aug-02 19:46:28
Entropy	`5.9708`
MD5	`9ebb66606c53f84bc42b9929af01d306`
SHA1	`75f7bac44a7930e6115eccbf4a5f37203d547509`
SHA256	`79acc32df08fa061021ec01add5553d9d02acddc089927b7e5f80a860b0845a5`
SHA3	`4bb1fdf37770ab62cebd90caa81f4924753ba8cc463b543ff9197c5039b29950`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	2018-Aug-02 19:46:28
Entropy	`6.01764`
MD5	`0e2f314ec612c5ad0ad62fb2cf55fe2b`
SHA1	`1ab8e897f7a02f9c8d96d8112b3e5cb121e15ac1`
SHA256	`80e63171aadf7b9b46747d00dcfbcc1150d3402243a4b7b4f7a36b27f34a0f81`
SHA3	`26ab24a2daed1fb7b873894e2fb9e2980a1706d54266eb8ae8ba118cd272f261`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6b8`
TimeDateStamp	2018-Aug-02 19:46:28
Entropy	`6.06797`
MD5	`dec02aeb0354e38000880519847031d9`
SHA1	`2d2cef7aa40e68eb97cbbca932c19775d2381bc4`
SHA256	`07ac12920bcd34f75c35ef99a9f6abb7048de3d74b35927c4587631d19761a61`
SHA3	`4ade5069c520ffe65fe51a00ecc6ef2db5b0d81e55b18c0daadd9ad58b4f7b86`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	2018-Aug-02 19:46:28
Entropy	`6.08674`
MD5	`53add5348c663d1a278390a8ce6b1357`
SHA1	`0b93406ba6b196f504823b3a2f05f3b89e5c5ba4`
SHA256	`1ff316cc2d47e581150419b9e94acd0abdbba50a90f5a405386a92cbb288a208`
SHA3	`0fe7b3e3148319c5f66834b5308a15e1fcb28343d13059110691db402614cee4`

1 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xae`
TimeDateStamp	2018-Aug-02 19:46:28
Entropy	`3.1196`
Detected Filetype	Icon file
MD5	`a157aaea6372c006915b1ebe849ff115`
SHA1	`b9e0f8424e7977dcae2e59d279ae30b34638624c`
SHA256	`c9f2eca2d854cbaee56ea618ec451174d107c9c096bb607b77ca0d59bdf9df1b`
SHA3	`d325aa915c6347b481cff9f7dbd3fa14f405d24b09aa97bef5044c35a3ddd3bf`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x263`
TimeDateStamp	2018-Aug-02 19:46:28
Entropy	`4.92322`
MD5	`841795bb3b61ebd511249778aa26af77`
SHA1	`59f426938522ef9906b0740821e8cc270d1ca897`
SHA256	`be809cba9d14bfb52a969d766992832b10e99e133babcdd99dc6d1bba5597cf7`
SHA3	`5fa5c36711cc5c3661248b1180ce35543201ff1dc77d158129b844f03a2144c9`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

Leave a comment

No comments yet.