Manalyze report for 661cc270adcdca530522537da298b8c1

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2013-Sep-02 17:12:32
Detected languages	English - United States

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++ 6.0 - 8.0`
Info	Interesting strings found in the binary:	`Contains domain names: curl.haxx.se example.com http://curl.haxx.se http://curl.haxx.se/docs/http-cookies.html http://luac.multitheftauto.com http://luac.multitheftauto.com/?compile luac.multitheftauto.com multitheftauto.com`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Microsoft's Cryptography API`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Uses Microsoft's cryptographic API: CryptDestroyHash CryptCreateHash CryptAcquireContextA CryptReleaseContext CryptGetHashParam CryptHashData` `Leverages the raw socket API to access the Internet: send select __WSAFDIsSet sendto recvfrom ioctlsocket listen accept WSAStartup WSACleanup gethostname getaddrinfo freeaddrinfo getpeername WSAIoctl connect htons ntohs getsockname setsockopt recv bind socket WSASetLastError closesocket getsockopt WSAGetLastError`
Safe	VirusTotal score: 0/74 (Scanned on 2024-08-04 23:27:05)	`All the AVs think this file is safe.`

Hashes

MD5	`661cc270adcdca530522537da298b8c1`
SHA1	`d1974cf94c43ea194933b09d8cc7eb6bd57fe0d0`
SHA256	`951defd6a664c450f8a5b23e146d4531744eafbd38a52f46a0933f19453b611f`
SHA3	`0497603ce29a76ea33c1659da4fa4d3d71e3d7396a31e51f1b2dca12704e199a`
SSDeep	`12288:AYmEu0odpcMMZxSMetZvrhNyCGDW+yGTU3Cnjns:rQ5MZxSnzr/tUHyGTTjns`
Imports Hash	`12e020e36f7a4f0ca173c37bbbca12c5`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2013-Sep-02 17:12:32
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`9.0`
SizeOfCode	`0x53000`
SizeOfInitializedData	`0xd800`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00052CC0 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x54000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.0`
ImageVersion	`0.0`
SubsystemVersion	`5.0`
Win32VersionValue	`0`
SizeOfImage	`0x64000`
SizeOfHeaders	`0x400`
Checksum	`0x69ec2`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`cdca4d83811b00ea131223ea796d9996`
SHA1	`182991b824976a487fd09dbfe3af6d0e51fbe6a2`
SHA256	`abf4419f01305adf01c4b21e6f2532b6fc623e6230ce0009a59bb9b9d699eda4`
SHA3	`38ea0b33cd641ad342a89f2c904453c52dbedd0b4b5812c12cdcc03c6517d47a`
VirtualSize	`0x52ecd`
VirtualAddress	`0x1000`
SizeOfRawData	`0x53000`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.06988`

.rdata

MD5	`da055ef8a74270eba03badbb64aee92d`
SHA1	`ad6ab12523c0131bedf08d9d1eac3f69600d0abb`
SHA256	`806a52bde0a9ff982ee4a0c4d1c7e5e25011ffbf57203edba3b97e2876c9d98d`
SHA3	`d3ac6b5c841c19d4e8ec4e5090b7c8fe50cc0534a56e11e3c144b4ffb83a0595`
VirtualSize	`0xd184`
VirtualAddress	`0x54000`
SizeOfRawData	`0xd200`
PointerToRawData	`0x53400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.14335`

.data

MD5	`cf7fc12c91e86864fb736b45a64d5c52`
SHA1	`74bd432a59799534fbc62b41d703e52d8709b225`
SHA256	`57df20dad4f1e43a2e291cbfd0b4b4e6762a420cd7aa9b20e6217f570371fc22`
SHA3	`51d4dbedfb0cb33bbadbefe72e632be14c23d2342155a03297fa39f75335f3e2`
VirtualSize	`0x794`
VirtualAddress	`0x62000`
SizeOfRawData	`0x200`
PointerToRawData	`0x60600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.26828`

.rsrc

MD5	`2b2e4ba5c616fae34a354c3d1387a3c0`
SHA1	`b22bfc4cf6e0e6e77115a5344589eb2e8cb875d6`
SHA256	`263a9f778d3ebf3f77ba8ae123e3a95bce7db8c9eabcd3d454416a60a307d238`
SHA3	`d1ef35f0c462f17f5d52da1f3c2e49445074cdddc96833cd6cd89bb1340f99fc`
VirtualSize	`0x2b0`
VirtualAddress	`0x63000`
SizeOfRawData	`0x400`
PointerToRawData	`0x60800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.19797`

Imports

WS2_32.dll	`send` `select` `__WSAFDIsSet` `sendto` `recvfrom` `ioctlsocket` `listen` `accept` `WSAStartup` `WSACleanup` `gethostname` `getaddrinfo` `freeaddrinfo` `getpeername` `WSAIoctl` `connect` `htons` `ntohs` `getsockname` `setsockopt` `recv` `bind` `socket` `WSASetLastError` `closesocket` `getsockopt` `WSAGetLastError`
WLDAP32.dll	`#211` `#301` `#27` `#33` `#79` `#30` `#60` `#26` `#41` `#46` `#50` `#22` `#35` `#32` `#200` `#143`
KERNEL32.dll	`GetLastError` `GetCurrentThreadId` `GetSystemTimeAsFileTime` `GetCurrentProcessId` `IsDebuggerPresent` `SetUnhandledExceptionFilter` `UnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `InterlockedCompareExchange` `InterlockedExchange` `SetFileAttributesA` `GetFileAttributesA` `QueryPerformanceCounter` `GetTickCount` `WaitForMultipleObjects` `GetFileType` `LoadLibraryA` `GetProcAddress` `GetStdHandle` `ReadFile` `FreeLibrary` `PeekNamedPipe` `FormatMessageA` `Sleep` `ExpandEnvironmentStringsA` `CloseHandle` `InitializeCriticalSection` `LeaveCriticalSection` `WaitForSingleObject` `SetLastError` `EnterCriticalSection` `DeleteCriticalSection` `SleepEx` `GetVersionExA`
ADVAPI32.dll	`CryptDestroyHash` `CryptCreateHash` `CryptAcquireContextA` `CryptReleaseContext` `CryptGetHashParam` `CryptHashData`
MSVCR90.dll	`fflush` `fwrite` `strerror` `__sys_nerr` `atoi` `fseek` `_stricmp` `memmove_s` `?what@exception@std@@UBEPBDXZ` `??1exception@std@@UAE@XZ` `??0exception@std@@QAE@XZ` `??0exception@std@@QAE@ABQBD@Z` `_CxxThrowException` `rewind` `_invalid_parameter_noinfo` `printf` `fprintf` `??3@YAXPAX@Z` `ftell` `_vscprintf` `exit` `??2@YAPAXI@Z` `?terminate@@YAXXZ` `_vsnprintf` `_unlock` `__dllonexit` `_encode_pointer` `_lock` `_onexit` `_decode_pointer` `_amsg_exit` `__getmainargs` `_cexit` `_exit` `_XcptFilter` `__initenv` `_initterm` `_initterm_e` `_configthreadlocale` `__setusermatherr` `_adjust_fdiv` `__p__commode` `__p__fmode` `__set_app_type` `_crt_debugger_hook` `_except_handler4_common` `?_type_info_dtor_internal_method@type_info@@QAEXXZ` `_invoke_watson` `_controlfp_s` `_gmtime64` `sprintf` `fputc` `memchr` `tolower` `getenv` `strncpy` `fread` `_stat64` `_lseeki64` `strtoul` `realloc` `malloc` `calloc` `free` `_beginthreadex` `strstr` `isxdigit` `islower` `isupper` `isdigit` `isalpha` `isprint` `isalnum` `isspace` `isgraph` `_time64` `fclose` `strrchr` `fopen` `fgets` `strtol` `strchr` `__iob_func` `fputs` `_strtoi64` `qsort` `memmove` `sscanf` `strncmp` `_errno` `_strdup` `_read` `_close` `_open` `_write` `_strnicmp` `_mkdir` `memcpy` `__CxxFrameHandler3` `memset` `_fstat64` `??0exception@std@@QAE@ABV01@@Z`
MSVCP90.dll	`?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z` `?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ` `?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z` `??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z` `??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z` `??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ` `??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z` `??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z` `??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z` `??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ` `?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z` `?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z` `?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z` `?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z` `?deallocate@?$allocator@D@std@@QAEXPADI@Z` `?allocate@?$allocator@D@std@@QAEPADI@Z` `?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB` `??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z` `??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z`
WINMM.dll	`timeGetTime`

Delayed Imports

curl_easy_cleanup

Ordinal	`1`
Address	`0xa160`

curl_easy_duphandle

Ordinal	`2`
Address	`0xa220`

curl_easy_escape

Ordinal	`3`
Address	`0xaa50`

curl_easy_getinfo

Ordinal	`4`
Address	`0xa1d0`

curl_easy_init

Ordinal	`5`
Address	`0x9e80`

curl_easy_pause

Ordinal	`6`
Address	`0xa620`

curl_easy_perform

Ordinal	`7`
Address	`0x9f20`

curl_easy_recv

Ordinal	`8`
Address	`0xa870`

curl_easy_reset

Ordinal	`9`
Address	`0xa510`

curl_easy_send

Ordinal	`10`
Address	`0xa8e0`

curl_easy_setopt

Ordinal	`11`
Address	`0x9ed0`

curl_easy_strerror

Ordinal	`12`
Address	`0x37820`

curl_easy_unescape

Ordinal	`13`
Address	`0xad80`

curl_escape

Ordinal	`14`
Address	`0xaa10`

curl_formadd

Ordinal	`15`
Address	`0xcc10`

curl_formfree

Ordinal	`16`
Address	`0xd020`

curl_formget

Ordinal	`17`
Address	`0xced0`

curl_free

Ordinal	`18`
Address	`0xade0`

curl_getdate

Ordinal	`19`
Address	`0x2b580`

curl_getenv

Ordinal	`20`
Address	`0x16750`

curl_global_cleanup

Ordinal	`21`
Address	`0x9e20`

curl_global_init

Ordinal	`22`
Address	`0x9cd0`

curl_global_init_mem

Ordinal	`23`
Address	`0x9d90`

curl_maprintf

Ordinal	`24`
Address	`0x26d10`

curl_mfprintf

Ordinal	`25`
Address	`0x26f00`

curl_mprintf

Ordinal	`26`
Address	`0x26ec0`

curl_msnprintf

Ordinal	`27`
Address	`0x26bf0`

curl_msprintf

Ordinal	`28`
Address	`0x26e80`

curl_multi_add_handle

Ordinal	`29`
Address	`0x272c0`

curl_multi_assign

Ordinal	`30`
Address	`0x2a770`

curl_multi_cleanup

Ordinal	`31`
Address	`0x294a0`

curl_multi_fdset

Ordinal	`32`
Address	`0x27a00`

curl_multi_info_read

Ordinal	`33`
Address	`0x29640`

curl_multi_init

Ordinal	`34`
Address	`0x272a0`

curl_multi_perform

Ordinal	`35`
Address	`0x292f0`

curl_multi_remove_handle

Ordinal	`36`
Address	`0x27560`

curl_multi_setopt

Ordinal	`37`
Address	`0x29e50`

curl_multi_socket

Ordinal	`38`
Address	`0x2a0c0`

curl_multi_socket_action

Ordinal	`39`
Address	`0x2a100`

curl_multi_socket_all

Ordinal	`40`
Address	`0x2a140`

curl_multi_strerror

Ordinal	`41`
Address	`0x37ca0`

curl_multi_timeout

Ordinal	`42`
Address	`0x2a280`

curl_multi_wait

Ordinal	`43`
Address	`0x27bd0`

curl_mvaprintf

Ordinal	`44`
Address	`0x26db0`

curl_mvfprintf

Ordinal	`45`
Address	`0x26fa0`

curl_mvprintf

Ordinal	`46`
Address	`0x26f70`

curl_mvsnprintf

Ordinal	`47`
Address	`0x26b90`

curl_mvsprintf

Ordinal	`48`
Address	`0x26f40`

curl_share_cleanup

Ordinal	`49`
Address	`0x32e40`

curl_share_init

Ordinal	`50`
Address	`0x32bc0`

curl_share_setopt

Ordinal	`51`
Address	`0x32bf0`

curl_share_strerror

Ordinal	`52`
Address	`0x37d30`

curl_slist_append

Ordinal	`53`
Address	`0x33070`

curl_slist_free_all

Ordinal	`54`
Address	`0x33120`

curl_strequal

Ordinal	`55`
Address	`0x377d0`

curl_strnequal

Ordinal	`56`
Address	`0x377f0`

curl_unescape

Ordinal	`57`
Address	`0xaa30`

curl_version

Ordinal	`58`
Address	`0x48690`

curl_version_info

Ordinal	`59`
Address	`0x48790`

1

Type	`RT_MANIFEST`
Language	English - United States
Codepage	Latin 1 / Western European
Size	`0x256`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.0207`
MD5	`5a32206e4bb9d06170ae00fa980db49b`
SHA1	`126a45f48625322ba11eb0acf1ade9115ad6802b`
SHA256	`9f2fc067639866642bb1a73fb43006d233e569d25566b16dedec472fe5d3c5c3`
SHA3	`bfab9d66b065ea131bdc44ac811cfcf4d5c43a1075f9b6d16f0c8f2f20237cac`

Version Info

TLS Callbacks

Load Configuration

Size	`0x48`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x462018`
SEHandlerTable	`0x45ecd0`
SEHandlerCount	`33`

RICH Header

XOR Key	`0x91554324`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`4`
150 (20413)	`13`
ASM objects (VS2008 SP1 build 30729)	`11`
C objects (VS2008 SP1 build 30729)	`22`
C++ objects (VS2008 SP1 build 30729)	`4`
Total imports	`289`
Imports (VS2012 build 50727 / VS2005 build 50727)	`13`
137 (VS2008 SP1 build 30729)	`119`
Exports (VS2008 SP1 build 30729)	`1`
Resource objects (VS2008 SP1 build 30729)	`1`

661cc270adcdca530522537da298b8c1

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

curl_easy_cleanup

curl_easy_duphandle

curl_easy_escape

curl_easy_getinfo

curl_easy_init

curl_easy_pause

curl_easy_perform

curl_easy_recv

curl_easy_reset

curl_easy_send

curl_easy_setopt

curl_easy_strerror

curl_easy_unescape

curl_escape

curl_formadd

curl_formfree

curl_formget

curl_free

curl_getdate

curl_getenv

curl_global_cleanup

curl_global_init

curl_global_init_mem

curl_maprintf

curl_mfprintf

curl_mprintf

curl_msnprintf

curl_msprintf

curl_multi_add_handle

curl_multi_assign

curl_multi_cleanup

curl_multi_fdset

curl_multi_info_read

curl_multi_init

curl_multi_perform

curl_multi_remove_handle

curl_multi_setopt

curl_multi_socket

curl_multi_socket_action

curl_multi_socket_all

curl_multi_strerror

curl_multi_timeout

curl_multi_wait

curl_mvaprintf

curl_mvfprintf

curl_mvprintf

curl_mvsnprintf

curl_mvsprintf

curl_share_cleanup

curl_share_init

curl_share_setopt

curl_share_strerror

curl_slist_append

curl_slist_free_all

curl_strequal

curl_strnequal

curl_unescape

curl_version

curl_version_info

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors