Manalyze report for 65e288ecd9562f87b85143147ec232bcd5ad791d15d0e5b891c8b27897fd70ef

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2022-Sep-24 14:09:03
Detected languages	English - United States

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .ATOM`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`36153a9dc23b2785555c8e02490886e1`
SHA1	`a1ea76d2bb17d7f1e3add10a3e436a08327420aa`
SHA256	`65e288ecd9562f87b85143147ec232bcd5ad791d15d0e5b891c8b27897fd70ef`
SHA3	`268800772eb7a1dda3ba6b7c14a2d00ef471ae7985d9faed41709f8c43e5da8a`
SSDeep	`12288:j4D+Mz7r3wKaWiRT0pmDiZOwa/GwTTEac1lsm0:krLi4EzvTwM`
Imports Hash	`9658e75e10fc3fd7d91ac973da593588`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xe0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2022-Sep-24 14:09:03
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x4800`
SizeOfInitializedData	`0x1800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001BF0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0x7b000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`a7d255e517105c4f417d7c2388928d43`
SHA1	`5d6d72784fd03edca0e17b84787e0b239a856988`
SHA256	`40642f4d29c8f8556f488990afc7a640b15c1a6178081397232db049e8fdb002`
SHA3	`05ed37ece1208c10553ee1b090455a81810cf02b32ee4f629e00687f4cc228df`
VirtualSize	`0x46f0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x4800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.20479`

.rdata

MD5	`ea98805ab356fd7df8320551bcfff9e4`
SHA1	`907745612b47aaa492a8bfb43827f6f193c6598f`
SHA256	`b18308ba43f5d45ddd2c7cc25edd0374917a296de378c241be0125fdbe45897d`
SHA3	`af8d222a1dbc0da9264790946899d7d946fe341f50b42370b512a168d22f7dc5`
VirtualSize	`0x99c`
VirtualAddress	`0x6000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x4c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.66947`

.data

MD5	`bf619eac0cdf3f68d496ea9344137e8b`
SHA1	`5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5`
SHA256	`076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560`
SHA3	`622de1e1568ddef36c4b89b706b05201c13481c3575d0fc804ff8224787fcb59`
VirtualSize	`0x4a0`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.pdata

MD5	`19ee33d6739a1efd1f910dd8e785732b`
SHA1	`548b7dc84e57749733e54277dfc23938c53a9c85`
SHA256	`e831042a7bff5f9c428286dc58881fb59a0cb3cfec14d0c9a725cec3e01fd390`
SHA3	`81a8889abd6d035aa68fcd5f0f2c291e88c88d180940731dc7b07dbdb02a6e46`
VirtualSize	`0x2ac`
VirtualAddress	`0x8000`
SizeOfRawData	`0x400`
PointerToRawData	`0x5800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.97939`

.rsrc

MD5	`fb20ae2a7910d36ef7e1ed0b22953dbf`
SHA1	`53b0a43a879cf778730d8bd7309f76d73d40a678`
SHA256	`3ecd84e2d8e73672dba01382283fde59898dcd230ee8af5d9870cef983142e6a`
SHA3	`6d192e7d311d72fa64237646e50ec96550f5043fa0e8a3ed75069671657a6958`
VirtualSize	`0x1e0`
VirtualAddress	`0x9000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.7015`

.reloc

MD5	`f1ce28abfe6420d4b5c1037787f7b070`
SHA1	`ce540f1a0a0428a7159a6378532ddef6149c9124`
SHA256	`45dc3982fc91368ae932fcc98f55efea39718dc2207faf9fa424452fb4d64d09`
SHA3	`2a91c0d0b5e31c19522f795bbbcef2475f6878dce89e873460b73d07c8196675`
VirtualSize	`0x10`
VirtualAddress	`0xa000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.153703`

.ATOM

MD5	`93f1bef11b17e2679d7f3efb7cd967d5`
SHA1	`66a1607303b1e517d295f944b6272aea82ade665`
SHA256	`c105e291acf272e6d2ab243474f9ebcb55acca389f39402f8e9f5fd9efea0170`
SHA3	`cfb47da53b7773b985c7130d9d02dff3693a29fc9a6c04c898355aaa770861ad`
VirtualSize	`0x6fcb8`
VirtualAddress	`0xb000`
SizeOfRawData	`0x6fe00`
PointerToRawData	`0x6000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.99956`

Imports

KERNEL32.dll	`HeapAlloc` `HeapFree` `HeapSize` `GetProcessHeap` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetLastError` `ReleaseSRWLockExclusive` `ReleaseSRWLockShared` `TryAcquireSRWLockExclusive` `SetCriticalSectionSpinCount` `WakeAllConditionVariable`
USER32.dll	`GetMenu` `GetSystemMenu` `CheckMenuItem` `EnableMenuItem` `GetMenuItemID` `UpdateWindow` `GetWindowContextHelpId` `MessageBoxA` `MessageBoxW` `MessageBeep`

Delayed Imports

free

Ordinal	`1`
Address	`0x1000`

malloc

Ordinal	`2`
Address	`0x10a0`

realloc

Ordinal	`3`
Address	`0x11e0`

strncmp

Ordinal	`4`
Address	`0x13e0`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x17d`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91161`
MD5	`1e4a89b11eae0fcf8bb5fdd5ec3b6f61`
SHA1	`4260284ce14278c397aaf6f389c1609b0ab0ce51`
SHA256	`4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df`
SHA3	`4bb9e8b5a714cae82782f3831cc2d45f4bf4a50a755fe584d2d1893129d68353`

Version Info

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2022-Sep-24 14:09:03
Version	`0.0`
SizeofData	`308`
AddressOfRawData	`0x621c`
PointerToRawData	`0x4e1c`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2022-Sep-24 14:09:03
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0x3fba69f9`
Unmarked objects	`0`
Imports (30795)	`5`
Total imports	`22`
ASM objects (VS2022 Update 1 (17.1.6) compiler 31107)	`1`
C objects (VS2022 Update 1 (17.1.6) compiler 31107)	`13`
Exports (VS2022 Update 1 (17.1.6) compiler 31107)	`1`
Resource objects (VS2022 Update 1 (17.1.6) compiler 31107)	`1`
Linker (VS2022 Update 1 (17.1.6) compiler 31107)	`1`

Errors

Leave a comment

No comments yet.