Manalyze report for 6586c35e0c0347184b1f96252b4b2c0c

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2022-Jul-26 06:21:32
Detected languages	English - United States
Debug artifacts	C:\Users\joezid\Source\Repos\ASCWG2\x64\Release\ASCWG2.pdb

Plugin Output

Info	Libraries used to perform cryptographic operations:	`Microsoft's Cryptography API`
Info	The PE contains common functions which appear in legitimate applications.	`Uses Microsoft's cryptographic API: CryptAcquireContextW CryptCreateHash CryptHashData CryptDestroyHash CryptGetHashParam CryptReleaseContext`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`6586c35e0c0347184b1f96252b4b2c0c`
SHA1	`ae11bac648490f5997ef22c5511025dd2ce4260a`
SHA256	`adb8f23a8cbe3cfe7a54f4ab4476fe78d81a8503bf5d9704249e988f2f530d24`
SHA3	`574d1644321dfc848abfbe652c6c8f892fb7f4a832dd5fd94b4867f35eb37863`
SSDeep	`192:IacT7n2w2FT6NqEvfokAj9rMrMPc0fCUdzfoesQ5tfqla:ncHn2woT6NNvQkAZr00fr1frsw`
Imports Hash	`9398199c44a885c2e5819b2299270897`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2022-Jul-26 06:21:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1a00`
SizeOfInitializedData	`0x2000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001E94 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`d2d34375509af1c9206f82c5a0e1cb3d`
SHA1	`c1a5a514c07ecc298903af252542e133bcf8357e`
SHA256	`f039da8288d85173a549ea8945b3ad11c3bbdb03883d12d2540a53b9529a0729`
SHA3	`2db5f33c27fa10bd8aa3bd9fdbb92e198ce8e64c7d115014398ef33f76712543`
VirtualSize	`0x196c`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1a00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.75731`

.rdata

MD5	`a197929a90921300637d12735d234dfb`
SHA1	`35f50a6ffafe08485e10f6f22e0b62c815f15879`
SHA256	`67ff549f98c6a9e1fb51d9cc7aba9634231f7743588cb2bd37cf294d84aadce2`
SHA3	`b41018b383cacb202dcd23f0a285e2e094a17797cb5e393aa3e9d4550383c7e7`
VirtualSize	`0x1154`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.22768`

.data

MD5	`df472dc55d3b30057eb5fc703f6e33fa`
SHA1	`599b17bf94a08deb831c54748da8a829caf16fd9`
SHA256	`c068a0fad040f60494b0daa4a2a17fbdea2bdb3da2c5e1540507a69f57cfa17f`
SHA3	`ce5bc46e8f40a2aa939a93d1835faf32446abb053542bdfdb7be717e8b68ffa0`
VirtualSize	`0x648`
VirtualAddress	`0x5000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.464663`

.pdata

MD5	`fe4ef3babc9ebbce7fe5f4296221f777`
SHA1	`a9e13a35e28490a055caac940facdb6692ca4c4e`
SHA256	`09015682f998b13d05463cd73a81cd98bfe6eb1d932adb329305f30913e39d9d`
SHA3	`447d466f9403cd703fa5819917e4c264141f35550bbc85764257b4f388c0d07e`
VirtualSize	`0x198`
VirtualAddress	`0x6000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.12793`

.rsrc

MD5	`0b35de07beeb30d1d6013cbca2846303`
SHA1	`c98626ce4d587471d115df6f42cb0f5221f13689`
SHA256	`c9ed38ed40cfe8c1718cbf78be16bb4aa76b76097a449f9ea315aee9fd20df0d`
SHA3	`76678b071daa4ec33980be3b819260aea5ade31193b0580e19b41e16156137cf`
VirtualSize	`0x1e0`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7015`

.reloc

MD5	`1d1a38575df7a6c782d8f1cc4f72a186`
SHA1	`75ffbee83df1eb122c98e7e41a1bffb3d2758fa5`
SHA256	`7c8eb53cb5b645659dbbf6298088dad5929ba69a280a630dbf87ad9e22981c03`
SHA3	`19061f26161824293865f86a34e253c2962d0dc1f3d67a811d5ee85b99fd621e`
VirtualSize	`0x2c`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x3600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.62196`

Imports

KERNEL32.dll	`GetFileSize` `CreateFileA` `GetLastError` `VirtualAlloc` `ReadFile` `IsDebuggerPresent` `InitializeSListHead` `GetSystemTimeAsFileTime` `GetCurrentThreadId` `GetCurrentProcessId` `QueryPerformanceCounter` `IsProcessorFeaturePresent` `TerminateProcess` `GetCurrentProcess` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `RtlVirtualUnwind` `RtlLookupFunctionEntry` `RtlCaptureContext` `GetModuleHandleW`
ADVAPI32.dll	`CryptAcquireContextW` `CryptCreateHash` `CryptHashData` `CryptDestroyHash` `CryptGetHashParam` `CryptReleaseContext`
VCRUNTIME140.dll	`__current_exception` `__current_exception_context` `__C_specific_handler` `memset`
api-ms-win-crt-runtime-l1-1-0.dll	`_initialize_onexit_table` `_register_onexit_function` `_get_initial_narrow_environment` `__p___argv` `terminate` `__p___argc` `_cexit` `_register_thread_local_exe_atexit_callback` `_initialize_narrow_environment` `_configure_narrow_argv` `_c_exit` `_set_app_type` `_seh_filter_exe` `_exit` `_initterm_e` `exit` `_crt_atexit` `_initterm`
api-ms-win-crt-stdio-l1-1-0.dll	`__stdio_common_vfprintf` `__p__commode` `_set_fmode` `__acrt_iob_func`
api-ms-win-crt-math-l1-1-0.dll	`__setusermatherr`
api-ms-win-crt-locale-l1-1-0.dll	`_configthreadlocale`
api-ms-win-crt-heap-l1-1-0.dll	`_set_new_mode`

Delayed Imports

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2022-Jul-26 06:21:32
Version	`0.0`
SizeofData	`83`
AddressOfRawData	`0x3580`
PointerToRawData	`0x2380`
Referenced File	C:\Users\joezid\Source\Repos\ASCWG2\x64\Release\ASCWG2.pdb

IMAGE_DEBUG_TYPE_VC_FEATURE

Characteristics	`0`
TimeDateStamp	2022-Jul-26 06:21:32
Version	`0.0`
SizeofData	`20`
AddressOfRawData	`0x35d4`
PointerToRawData	`0x23d4`

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Jul-26 06:21:32
Version	`0.0`
SizeofData	`620`
AddressOfRawData	`0x35e8`
PointerToRawData	`0x23e8`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2022-Jul-26 06:21:32
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

Size	`0x138`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140005008`

RICH Header

XOR Key	`0xe153cb3a`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`10`
Imports (VS 2015/2017/2019 runtime 29118)	`2`
C++ objects (VS 2015/2017/2019 runtime 29118)	`18`
C objects (VS 2015/2017/2019 runtime 29118)	`10`
ASM objects (VS 2015/2017/2019 runtime 29118)	`3`
Imports (27412)	`5`
Total imports	`60`
C++ objects (LTCG) (VS2019 Update 8 (16.8.5-6) compiler 29337)	`1`
Resource objects (VS2019 Update 8 (16.8.5-6) compiler 29337)	`1`
Linker (VS2019 Update 8 (16.8.5-6) compiler 29337)	`1`

6586c35e0c0347184b1f96252b4b2c0c

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_VC_FEATURE

IMAGE_DEBUG_TYPE_POGO

IMAGE_DEBUG_TYPE_ILTCG

TLS Callbacks

Load Configuration

RICH Header

Errors