Manalyze report for 61314e23226a17d48b332e50442382ee

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1992-Jun-19 22:22:17

Plugin Output

Suspicious	PEiD Signature:	`D1S1G v1.1 beta --> D1N`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Can access the registry: RegQueryValueExA RegOpenKeyExA RegCloseKey`
Suspicious	The PE header may have been manually modified.	`The resource timestamps differ from the PE header: 2020-Jun-29 10:37:56`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`61314e23226a17d48b332e50442382ee`
SHA1	`a5a88039774c6cc03b6b69738dae7b7b61418e7d`
SHA256	`61c9d34c1bf6a25c3e5429bc1c7e570412587ab92e929886186c89504a2f98d2`
SHA3	`49b7fbce282ac13757dd26c86777bdfa8356ac495e554e57af9ed58a6de91ec6`
SSDeep	`192:ngJHSn95v5ZEAyIjp1sN/8yBBW9dBcWqGFsmxIfiFRQjcW2u1f:mezhZEAyI91y8yi9IWnumSfiFRAzv`
Imports Hash	`c1676ff44f74cb962633bd28bd4cd73c`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`8`
TimeDateStamp	1992-Jun-19 22:22:17
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_BYTES_REVERSED_HI` `IMAGE_FILE_BYTES_REVERSED_LO` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x2c00`
SizeOfInitializedData	`0xe00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00003A70 (Section: CODE)`
BaseOfCode	`0x1000`
BaseOfData	`0x4000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xb000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x4000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

CODE

MD5	`d1002ea907b468224dbc36d63de85bd0`
SHA1	`303e940b56413b11fbebe090ad4e5e2dd73a8735`
SHA256	`6fb8fe66cda1b6185007508a274a57b07295fc8fbeab4ecd783df44c116854fc`
SHA3	`fa454d4d4bedd1d13bdb291984b7595f4fd71101eb2f6034f6d51e7088424c4d`
VirtualSize	`0x2aa0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.2918`

DATA

MD5	`5fe8a1f414117b604dbd34229067b228`
SHA1	`522f4cdacd00a32c50e711355be07d4e771d2fa5`
SHA256	`91cf43aae11b417b85552a047095a913b93a4a95ee7478e93f17f57ea6069e5e`
SHA3	`6269b5bfa6c3c4000301b78a427ed84d64ba09e26abcdae0c5eecbf5a2915ea0`
VirtualSize	`0xa0`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.85343`

BSS

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x669`
VirtualAddress	`0x5000`
SizeOfRawData	`0`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`7249103736b46ee8b0c78d379f7bef5b`
SHA1	`a75a8156c81be4e965e64bddad609373be9cfe64`
SHA256	`b913007dde207d7c2e5081d0d510a1ec37a1dab35ded96a5b2f966d3cf9a6724`
SHA3	`00ae438cf844e73f74141276a98343bef0de47f6ecbb22863059afc4651669ea`
VirtualSize	`0x3cc`
VirtualAddress	`0x6000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.15488`

.tls

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x8`
VirtualAddress	`0x7000`
SizeOfRawData	`0`
PointerToRawData	`0x3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.rdata

MD5	`753527920e84ff25027979eeb2bca12a`
SHA1	`d430b67c2b4a0ac2c7cd3c473f0a59e603b74717`
SHA256	`dbbfadad07010cab9518637166ef6de375f1af7efaaa8fece242ecaa5709d8b6`
SHA3	`87c9a6454265de5404932ef3795bfcaff101347d15b1df814c33cf5b4e8e30e2`
VirtualSize	`0x18`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`0.197438`

.reloc

MD5	`8955ce47e1a15584e0e37d1fda1cbbc5`
SHA1	`c8422d0b365a4718679d95d3cef36d48eb17c9d7`
SHA256	`3585d90fb40f0e6bb4b68f0aa01d86aae56b0c51db1bd3e6b535e7aaa8dabb4d`
SHA3	`7935795c512616f9a81b7a7668c5e62b0184214b32c69075d7374ee46788be51`
VirtualSize	`0x318`
VirtualAddress	`0x9000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`5.61272`

.rsrc

MD5	`cecba72a28d44aae44085c5158c3ecf1`
SHA1	`141ff970cedab62f78da72b464d4c4a59a9de7f5`
SHA256	`91856f586badd516e7e71faa6477d515800fce66c010bb1c1b7b2dbec0c0ee11`
SHA3	`f4802609a1119342a1251a7c1da544636ed2ce4e96779eb7f048f7967445073f`
VirtualSize	`0x200`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_SHARED`
Entropy	`2.31752`

Imports

kernel32.dll	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
user32.dll	`GetKeyboardType` `MessageBoxA`
advapi32.dll	`RegQueryValueExA` `RegOpenKeyExA` `RegCloseKey`
kernel32.dll (#2)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`
kernel32.dll (#3)	`DeleteCriticalSection` `LeaveCriticalSection` `EnterCriticalSection` `InitializeCriticalSection` `VirtualFree` `VirtualAlloc` `LocalFree` `LocalAlloc` `GetVersion` `GetCurrentThreadId` `GetThreadLocale` `GetStartupInfoA` `GetLocaleInfoA` `GetCommandLineA` `FreeLibrary` `ExitProcess` `WriteFile` `UnhandledExceptionFilter` `RtlUnwind` `RaiseException` `GetStdHandle`

Delayed Imports

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2020-Jun-29 10:37:56
Entropy	`4`
MD5	`d8090aba7197fbf9c7e2631c750965a8`
SHA1	`04f73efb0801b18f6984b14cd057fb56519cd31b`
SHA256	`88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610`
SHA3	`a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x4c`
TimeDateStamp	2020-Jun-29 10:37:56
Entropy	`4.41931`
MD5	`e2b8f87ea4d17d326885f60855edc4f0`
SHA1	`79ddf00e60c9d000c4e36f91e72baa7007506b87`
SHA256	`ba8a0f556b7d5259f2aa37582c43027e97a68bb8f3aea99e781080a67e38b9eb`
SHA3	`257e4d5048eccd33015f8a8f49627380dd660953a8552220a07535f96e1767ab`

Version Info

TLS Callbacks

StartAddressOfRawData	`0x407000`
EndAddressOfRawData	`0x407008`
AddressOfIndex	`0x404084`
AddressOfCallbacks	`0x408010`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`(EMPTY)`

Load Configuration

RICH Header

Errors

[*] Warning: Section BSS has a size of 0!
[*] Warning: Section .tls has a size of 0!