Manalyze report for 55b411b0c6869e089a16bc21a98b12eb

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Sep-23 18:23:22
Detected languages	English - United States
CompanyName	IgorWare
FileDescription	Check is Windows 64bit or 32bit?
FileVersion	`1, 5, 0, 0`
InternalName	64bit Checker
LegalCopyright	Copyright (C) 2015 IgorWare
OriginalFilename	64bit-checker.exe
ProductName	64bit Checker
ProductVersion	`1, 5, 0, 0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 7.1` `Microsoft Visual C++ 6.0 - 8.0` `Microsoft Visual C++ v7.0` `Microsoft Visual C++ v7.1 EXE` `Microsoft Visual C++ 7.0 MFC`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Can access the registry: RegCloseKey RegOpenKeyExA RegQueryValueExA` `Possibly launches other programs: ShellExecuteA` `Can create temporary files: GetTempPathA GetTempPathW CreateFileW CreateFileA` `Memory manipulation functions often used by packers: VirtualProtect VirtualAlloc`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`55b411b0c6869e089a16bc21a98b12eb`
SHA1	`e0290932704029ad3328ea5a29956a057fe576c7`
SHA256	`84e95ff9055e5fd2a46638069bdaea925ec0caa0688f52139d90f6e2e50dc4a3`
SHA3	`69f426a96d23f343c22aec281b14aae35b39e78d2b4bb648250b2b7abec71373`
SSDeep	`1536:p0bK7R9inIAvLJVS/xs9YAiQSLg+U2T1zkde6w7LsPl:p04RaXS/xsqAeg+USzkde6w7LsPl`
Imports Hash	`c24aea12bbb96e4f05cc2ed3a914ecc0`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2018-Sep-23 18:23:22
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`7.0`
SizeOfCode	`0xa000`
SizeOfInitializedData	`0xa000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001194 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xb000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x16000`
SizeOfHeaders	`0x1000`
Checksum	`0x1e55e`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`55f19745c3450d6946d056ee83732696`
SHA1	`44208ea83fd524e214182621c374a136cbf15861`
SHA256	`703d46640ed220fa3703e116081cbd67ce6d9e6e6d06411cb43edc1ec6d9690a`
SHA3	`47fdf4832d54700c08d666a9f6aa9cf3ea27adbd35b03049e9fae4b83a691c56`
VirtualSize	`0x9498`
VirtualAddress	`0x1000`
SizeOfRawData	`0xa000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.41523`

.rdata

MD5	`bf7491d6286855f7fbc2aa4d07da9a44`
SHA1	`6c51fa9ef328c751d14cfec4bcbce234f64985be`
SHA256	`2661d1e1498e05ed7e94bcf1a9e9e94cc37c0d297efb3839482075e083e2aa37`
SHA3	`9883666ca8caea9f5eb37c1521286bae5a7b27656545e97eb835daa845b31b76`
VirtualSize	`0x3688`
VirtualAddress	`0xb000`
SizeOfRawData	`0x4000`
PointerToRawData	`0xb000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.81127`

.data

MD5	`fed49991f48120b33544c226fc9bea70`
SHA1	`ef6f3926219a8d21c28bf5cd5ef8bea1310be14f`
SHA256	`43ffebbfde8e7c2e21be2a8a8f8d274fea496e2fe0ac382d9717e64bd1a8cfe7`
SHA3	`fca932e5c170b8d355813777ad1dec2e842292470474e5caec25a7f2f3f701e1`
VirtualSize	`0x14b4`
VirtualAddress	`0xf000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xf000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.15525`

.rsrc

MD5	`3d0c06309ca977215d44dba5da45c0c1`
SHA1	`e3d2399f1f26839b817a717ccf83be2772b07af4`
SHA256	`5c6b14b984a744623a8e0fc303042d07d0266b0d685f578cf332b11e6a3bc130`
SHA3	`c9f9f5f759c66653238eada7947b1ca601654289961f7d8848c3c30519bbcf19`
VirtualSize	`0x4598`
VirtualAddress	`0x11000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x10000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.91134`

Imports

KERNEL32.dll	`GetProcAddress` `CreateConsoleScreenBuffer` `GetPrivateProfileStringA` `LoadLibraryA` `WriteConsoleA` `GetSystemInfo` `GetModuleHandleA` `GetVersionExA` `CloseHandle` `GetTempPathA` `CreateThread` `VirtualProtect` `GetLocaleInfoA` `GetStringTypeW` `GetStringTypeA` `LCMapStringW` `MultiByteToWideChar` `LCMapStringA` `GetStdHandle` `GetCurrentProcessId` `GetTickCount` `QueryPerformanceCounter` `InitializeCriticalSection` `GetCPInfo` `GetOEMCP` `GetACP` `VirtualQuery` `InterlockedExchange` `RtlUnwind` `VirtualAlloc` `EnterCriticalSection` `LeaveCriticalSection` `VirtualFree` `HeapCreate` `HeapDestroy` `TlsGetValue` `TlsSetValue` `TlsFree` `GetCurrentThreadId` `SetLastError` `TlsAlloc` `DeleteCriticalSection` `GetFileType` `SetHandleCount` `GetTempPathW` `GlobalUnlock` `CreateFileW` `FileTimeToSystemTime` `CreateFileA` `GlobalAlloc` `WriteFile` `GetDateFormatA` `GetPrivateProfileStringW` `GlobalLock` `FreeLibrary` `AllocConsole` `GetSystemTimeAsFileTime` `GetEnvironmentStringsW` `GetLastError` `GetStartupInfoA` `GetCommandLineA` `HeapReAlloc` `HeapAlloc` `ExitProcess` `TerminateProcess` `GetCurrentProcess` `HeapSize` `HeapFree` `GetModuleFileNameA` `UnhandledExceptionFilter` `FreeEnvironmentStringsA` `GetEnvironmentStrings` `FreeEnvironmentStringsW` `WideCharToMultiByte`
USER32.dll	`ClientToScreen` `DestroyWindow` `SetCursor` `GetMessageA` `CloseClipboard` `GetSystemMenu` `SetTimer` `ScreenToClient` `GetWindowRect` `CreateDialogParamA` `PostQuitMessage` `KillTimer` `LoadIconA` `wsprintfA` `GetClientRect` `GetWindowTextLengthA` `SendMessageA` `wsprintfW` `GetDC` `IsDialogMessageA` `TranslateMessage` `SetWindowLongA` `MessageBoxA` `CreateWindowExA` `ReleaseDC` `EmptyClipboard` `GetDlgItem` `EndDialog` `SetWindowPos` `ShowWindow` `GetSysColorBrush` `GetMenuItemCount` `DispatchMessageA` `OpenClipboard` `GetSystemMetrics` `InsertMenuA` `SetWindowTextA` `SetClipboardData` `CallWindowProcA` `LoadCursorA` `GetDlgCtrlID` `DialogBoxParamA` `SetWindowTextW` `DestroyIcon` `GetWindowTextA`
GDI32.dll	`GetDeviceCaps` `CreateFontIndirectA` `SetBkMode` `DeleteObject` `SetTextColor`
COMDLG32.dll	`GetSaveFileNameA` `GetSaveFileNameW`
ADVAPI32.dll	`RegCloseKey` `RegOpenKeyExA` `RegQueryValueExA`
SHELL32.dll	`ShellExecuteA`

Delayed Imports

1

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x164d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.84569`
Detected Filetype	PNG graphic file
MD5	`1e25e8968cf5c48c70eed68a9795ca4e`
SHA1	`24d6b07fbc5bb2852b124dc23cc270c6a708fd40`
SHA256	`c86bf8e8e9b7b9885b6fa492323b6612bf48f98d10f55bd37f10a7212bc6a694`
SHA3	`656b99318251a8e536eca2a39d2971971ae6fe8906735bcc668e5b323238fed7`

2

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.64965`
MD5	`8d4120e0ed8444691412dd0ff0da0918`
SHA1	`acb8e9befaae82a4d0168833ce14cb2409b98ba3`
SHA256	`6caa7ea490704dd31599408db138dafb4ed613be833c84cd0fc591dfe314b71f`
SHA3	`593611432d59be3d0eb830ebd5918ebd09ea4d711ac801085c8541e6bd8e0328`

3

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33905`
MD5	`77ca7277877b6e36f72abff5b6f08faa`
SHA1	`8e53c6c0e12f4c03ca0a20c97cdda4be01b13b95`
SHA256	`d802cf427f611f368ded605a2f1afc2f6cf4a9c1d6dfc5ef3ee8a58b7b502182`
SHA3	`4caae06b21c7b7e22c91e26037fb1c1240a96591ea86c87b2e00fec75b07bc8a`

4

Type	`RT_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.64054`
MD5	`63b6bac65d3ce45734e0fed1bbcbe16f`
SHA1	`8355d6a3055c999cf51569b3da31c1c226933c6e`
SHA256	`a5f851a2ec5a6355e0445603f07b524ed7fc1c089658efed6e7d843c0edd3aef`
SHA3	`52a2acca2d62ece6102a9105e5742e8a96e5fc8c3d32994596b94c7f5f2a8f03`

102

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x126`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.24511`
MD5	`fe635b1d121fd028ef59cb9b2e7ec745`
SHA1	`f9b82d01ae1761b73d7e9b80c360fb1f334ade8d`
SHA256	`d20cb4030d5abb06d8292c878da7b72ef2c82815a15eb666454c4e9348db6fc1`
SHA3	`2a0d43ec76ca33e3c63ce03555ace56df9920ea0bf6b692e22b3483ee09bdcba`

103

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x1f0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50585`
MD5	`922e9f0f8de4bb3de976ae4d4c47ac60`
SHA1	`e8dc210ef71b2af2ef4e3ff9c41f02373ae61862`
SHA256	`eb526cb18ad0288650c5e6307686f0ce303286c08e28e505e03a38fd617e2df2`
SHA3	`6d690ca67a2a7c4c96f9becb6d2d6199d444b182f54bb7ea39f39432554200a4`

104

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x2d4`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.16451`
MD5	`c678b615782a2abf6c71d5eb9169b512`
SHA1	`11849c3b1b4af5dc5bbcc0aad2680f3ae2a20884`
SHA256	`c5706faf82b070db1e5ae7f0b9efa95013c5f3401e4bc5bd11edce07ad420f1d`
SHA3	`7c817ad3f1f77f8b11f85ad03299a9715f04c7127a887555e16c642fa1276f5d`

105

Type	`RT_DIALOG`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x142`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.17234`
MD5	`444a1121168f9b33e9a6c95a2d594174`
SHA1	`166183743762c3d15ead63ad578f41f8af1fc5fb`
SHA256	`d3cfa6f77f6bf10c43e635b5b82e2589c0cfac058ca72f2705a26c2236341b37`
SHA3	`3be53e7a83bdf5ce09671da3aaccec2624374bbdd0c702e31fc752962c74827f`

101

Type	`RT_GROUP_ICON`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.5656`
Detected Filetype	Icon file
MD5	`2cdcfd1d5b0b1c39cd0aa92ee5c44056`
SHA1	`ddd600aec142c76c6aefbb54d012aee9dbd1e126`
SHA256	`02939ebe5ad5207b1601cf2184b2e0fe2ed57620eaf3370cb46caa3211f8be07`
SHA3	`f6629f86b827827483b16aed2ebd69b52cdaf40779096f317773ab530aa4305e`

1 (#2)

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	Latin 1 / Western European
Size	`0x310`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39652`
MD5	`061b1bcd53ae7bece3480e34e79207d5`
SHA1	`b7a8cf266a6804634a8e499d14b007e30ef60000`
SHA256	`73226e31344b6421433dfdd26ebaad5281beaf7293f738d05c3563e5db158145`
SHA3	`f8396cf796cd3e323acd50ae324a53befb19a412700150ee4193213db4a63586`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x576`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.36871`
MD5	`b1e9ff7901b50fda11a96684e59d47bc`
SHA1	`55f3808d98f64f1e25216dc80e4f2927f51d1b20`
SHA256	`4a7cb6d28360d1533a39f2847c023ab9de89278b548419eeada802e4c4008166`
SHA3	`459378c1780252c64a691396d64c2745fee86ccf98c87a24611ab1754a6d6448`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.5.0.0
ProductVersion	1.5.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	UNKNOWN
CompanyName	IgorWare
FileDescription	Check is Windows 64bit or 32bit?
FileVersion (#2)	1, 5, 0, 0
InternalName	64bit Checker
LegalCopyright	Copyright (C) 2015 IgorWare
OriginalFilename	64bit-checker.exe
ProductName	64bit Checker
ProductVersion (#2)	1, 5, 0, 0

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x40f2c0`
SEHandlerTable	`0x40dab0`
SEHandlerCount	`2`

RICH Header

XOR Key	`0xd5ff184b`
Unmarked objects	`0`
C++ objects (VS2003 (.NET) SP1 build 6030)	`4`
ASM objects (VS2003 (.NET) SP1 build 6030)	`21`
C objects (VS2003 (.NET) SP1 build 6030)	`86`
Imports (VS2008 SP1 build 30729)	`13`
Total imports	`144`
100 (VS2003 (.NET) SP1 build 6030)	`2`
Linker (VS2008 build 21022)	`1`
Linker (VS2003 (.NET) SP1 build 6030)	`1`

55b411b0c6869e089a16bc21a98b12eb

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

1

2

3

4

102

103

104

105

101

1 (#2)

1 (#3)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors