Manalyze report for 58879d33de3b941768f59ae7b0f7d8b76a5f0f0498a2a283d11781b4e8ec0313

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Nov-04 17:23:50
Detected languages	English - United States
Debug artifacts	C:\Users\benst\Documents\GD\instances\v7\XINPUT9_1_0.pdb

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA LoadLibraryW GetProcAddress LoadLibraryExW`
Suspicious	VirusTotal score: 1/70 (Scanned on 2025-03-02 05:25:48)	`APEX: Malicious`

Hashes

MD5	`370feecb87bb976bc5bc0f2a4ee6f2df`
SHA1	`f1eeec5c4717ed0956dee8593f5a4acee6a27bef`
SHA256	`58879d33de3b941768f59ae7b0f7d8b76a5f0f0498a2a283d11781b4e8ec0313`
SHA3	`327e997046de7c142b730d45a789bfa2f8f40fa8fdf03ad1495c376fdfd6a22f`
SSDeep	`1536:shLWlZ90Z5KkcczSl7FosALHABP0a1INZTZ5sWVqtcdlA9pzcpvOn:qLWv9SKQzSDALHANIN7jlA9pzimn`
Imports Hash	`42778d0f366861bc3aaafd8e329d44fe`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	2021-Nov-04 17:23:50
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`14.0`
SizeOfCode	`0xd400`
SizeOfInitializedData	`0x9c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000306E (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0xf000`
ImageBase	`0x10000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x1c000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`ed5e9e443f5e855d8285798a371cb916`
SHA1	`ec684aa5f21146db5f017d2e4736c81f377389d0`
SHA256	`f1557404fa6587ce2a096f0bd7598c0a19950e74206032da22734fd2c1ae9eae`
SHA3	`32c8832dccdbda1639284c0cf6da398d3b9405a3ea98d5c8a4c20a6745cdcf0f`
VirtualSize	`0xd252`
VirtualAddress	`0x1000`
SizeOfRawData	`0xd400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.58468`

.rdata

MD5	`833c9b2a81f07e9ecfb6a6b7d204eb51`
SHA1	`43117ad3845eb7eec92e390dfdd3eb37e1f4039e`
SHA256	`95652ad2c85cbc305345d5d7af6e9a271020edaf3c8e9389570b64f3c9fb9543`
SHA3	`6c23a82281eeaf83c1f55dc90c7b2cab8775b76d44c4d95a7dcbd0ee0c880dc0`
VirtualSize	`0x7136`
VirtualAddress	`0xf000`
SizeOfRawData	`0x7200`
PointerToRawData	`0xd800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.86929`

.data

MD5	`843d1b2cae8c16b651b0b6c3fb52ab32`
SHA1	`e7c8a10660fecfceeea97920a3ca124305e66ab7`
SHA256	`c82482db052e2921ddc45572bb5232aefd512bfae3124bf004d2f04045920a0f`
SHA3	`d0e3b1195551261be8b26f16d75586944a397c4fe39e8448437e4410e3ce4275`
VirtualSize	`0x14a8`
VirtualAddress	`0x17000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x14a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.54425`

.rsrc

MD5	`436304f849b273c480eefc83eaa80e99`
SHA1	`e9485dc3443833490be6eff846e4ed71075a0f30`
SHA256	`24c679c19861b29d27c4db0ef275e16449e22d4eb130291d940bb993c0573dfb`
SHA3	`e6a4830ac02516cd9a8bee0fb49fecb9b69ad561052f8b4ba098364a0e470c9b`
VirtualSize	`0xf8`
VirtualAddress	`0x19000`
SizeOfRawData	`0x200`
PointerToRawData	`0x15600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.52496`

.reloc

MD5	`aecb9f2b96c309a795e9ba1c3ceb971d`
SHA1	`3d105514167f0c95eab0296534663fe924589559`
SHA256	`a167f08ea776ddd56588d8836a3057c0cfb311d99ac1ce1726a8ee2a62b2a21c`
SHA3	`c7220ba03d0347c43faaef689f71a07a7274d4916bfa081c458f60a9fbc1a23e`
VirtualSize	`0x1124`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x15800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.37438`

Imports

KERNEL32.dll	`GetSystemDirectoryW` `LoadLibraryA` `LoadLibraryW` `GetProcAddress` `FreeLibrary` `WriteConsoleW` `LocalFree` `FormatMessageA` `CreateFileW` `FindClose` `FindFirstFileExW` `FindNextFileW` `SetFilePointerEx` `AreFileApisANSI` `CloseHandle` `GetLastError` `MultiByteToWideChar` `WideCharToMultiByte` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `QueryPerformanceCounter` `GetCurrentProcessId` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `InitializeSListHead` `IsDebuggerPresent` `GetStartupInfoW` `GetModuleHandleW` `RtlUnwind` `RaiseException` `InterlockedFlushSList` `SetLastError` `EncodePointer` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `InitializeCriticalSectionAndSpinCount` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `LoadLibraryExW` `GetCPInfo` `ExitProcess` `GetModuleHandleExW` `GetModuleFileNameW` `HeapAlloc` `HeapFree` `GetStringTypeW` `IsValidCodePage` `GetACP` `GetOEMCP` `GetCommandLineA` `GetCommandLineW` `GetEnvironmentStringsW` `FreeEnvironmentStringsW` `LCMapStringW` `GetProcessHeap` `GetStdHandle` `GetFileType` `HeapSize` `HeapReAlloc` `SetStdHandle` `FlushFileBuffers` `WriteFile` `GetConsoleOutputCP` `GetConsoleMode` `DecodePointer`

Delayed Imports

XInputGetCapabilities

Ordinal	`1`
Address	`0x2080`

XInputGetDSoundAudioDeviceGuids

Ordinal	`2`
Address	`0x2090`

XInputGetState

Ordinal	`3`
Address	`0x20a0`

XInputSetState

Ordinal	`4`
Address	`0x20b0`

2

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x91`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.8858`
MD5	`f7ad1eab748bc07570a57ec87787cf90`
SHA1	`0b1608da9fef218386e825db575c65616826d9f4`
SHA256	`d2952e57023848a37fb0f21f0dfb38c9000f610ac2b00c2f128511dfd68bde04`
SHA3	`6c9541b36948c19ae507d74223621875b3af4064f7cd8200bdb97e15a047e96a`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2021-Nov-04 17:23:50
Version	`0.0`
SizeofData	`81`
AddressOfRawData	`0x14f4c`
PointerToRawData	`0x1374c`
Referenced File	C:\Users\benst\Documents\GD\instances\v7\XINPUT9_1_0.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2021-Nov-04 17:23:50
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x14fa0`
PointerToRawData	`0x137a0`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2021-Nov-04 17:23:50
Version	`0.0`
SizeofData	`684`
AddressOfRawData	`0x14fb4`
PointerToRawData	`0x137b4`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2021-Nov-04 17:23:50
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0xbc`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x10017004`
SEHandlerTable	`0x10014f20`
SEHandlerCount	`11`

RICH Header

XOR Key	`0x8b134187`
Unmarked objects	`0`
ASM objects (27412)	`10`
C++ objects (27412)	`136`
C objects (27412)	`18`
C objects (VS 2015/2017/2019 runtime 29804)	`15`
ASM objects (VS 2015/2017/2019 runtime 29804)	`17`
C++ objects (VS 2015/2017/2019 runtime 29804)	`35`
Imports (27412)	`3`
Total imports	`107`
C++ objects (LTCG) (VS 2015/2017/2019 runtime 29913)	`1`
Exports (VS 2015/2017/2019 runtime 29913)	`1`
Resource objects (VS 2015/2017/2019 runtime 29913)	`1`
Linker (VS 2015/2017/2019 runtime 29913)	`1`

Errors

Leave a comment

No comments yet.