Manalyze report for 6669ed5aede6c421f60af2d16e5b7371

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2019-Mar-22 18:59:05
TLS Callbacks	2 callback(s) detected.

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryA` `Possibly launches other programs: system`
Safe	VirusTotal score: 0/70 (Scanned on 2019-05-17 18:49:13)	`All the AVs think this file is safe.`

Hashes

MD5	`6669ed5aede6c421f60af2d16e5b7371`
SHA1	`44409bc803be9eca8e9e073ccde22c35fb6bdc0b`
SHA256	`01f67996e8119b9280f7d79edfd4cbd4145e97127e9bccda2dc902fc54085c74`
SHA3	`a33be5bb2c98ea930a6b18c97ab6d9ab6c5f4b34f9cd2ac25057989ea0de437c`
SSDeep	`96:gsAj68lRNHoqLQ++rcKjK8HGtsAQ+RcwL/LNJMKbLWYMzqxqPY4:Hj8bLQbrbjKkGyp+RFjNJMGWIqg4`
Imports Hash	`29e22280eb2b2cb04f4282bf18898688`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`7`
TimeDateStamp	2019-Mar-22 18:59:05
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DEBUG_STRIPPED` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x1200`
SizeOfInitializedData	`0x1e00`
SizeOfUninitializedData	`0x200`
AddressOfEntryPoint	`0x0000126C (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`1.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x9000`
SizeOfHeaders	`0x400`
Checksum	`0x6ac3`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
SizeofStackReserve	`0x200000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`7b2adba96f6da797733f0da10757c3e8`
SHA1	`1b6996561c143c5e1154fc19e3e637dd14379610`
SHA256	`14c0bee2247cda82e0318731e573ebee8e7939d298f272d1a4f0beb590cf0eb6`
SHA3	`244ac06bfbf2ac1fbf86f4fadfc0cf54c1c3d15479317bb17097449a2bec17dc`
VirtualSize	`0x1010`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_CODE` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.72509`

.data

MD5	`0ce3d300d58b97f92545cbc91c4c2343`
SHA1	`e557d8cd3c7ab46058ac08cf92d207510c40d220`
SHA256	`432151e1ce924dd0a773a011022e135a85bdda3291b5aa1075284327459f2c30`
SHA3	`a5df14de791135891a0255b126d31ff884f20057179004725b3ca9dc1fa9956a`
VirtualSize	`0x14`
VirtualAddress	`0x3000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.163808`

.rdata

MD5	`38da9db52dcee1c0de5e6fcc848dd684`
SHA1	`293434b50e8b370e7cf5ff0aeb82d98e1daa98af`
SHA256	`3b4abb653853b49d123aea25900079f8a80cd71fe8516d3d57a76785184a5574`
SHA3	`6d93f020a369b4764c565fd34f95e1a378fe16a3f1badf0c115865a2c52bfe44`
VirtualSize	`0x1a4`
VirtualAddress	`0x4000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.03371`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xd8`
VirtualAddress	`0x5000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_2048BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_8BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_UNINITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`74e17c6cf22d1fea2e89f6c9a8c6aee7`
SHA1	`f24e8b1628d498c1f4913e102740b3d8d5b2d272`
SHA256	`ca13688d3f3ea54b42ffac42b7ca98ef95444c0ec2546068e7df837d9bd945a1`
SHA3	`f25259b7cacc5b0e5527e28679a9c27aaf55f2e023a3439fce44103e62573ae3`
VirtualSize	`0x3bc`
VirtualAddress	`0x6000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.25957`

.CRT

MD5	`c8c61960c46f4cb56e7c61c0c2b737e0`
SHA1	`dcf2cdd4d44f927f0ec904069124ce2c3902615e`
SHA256	`299e041140d03b0f00fa52ed7389bfa03fe0f6db1f16ea147dd6990a08d04e84`
SHA3	`126d44bdc2ede7d92375c332a91b9b65ba2bf36b5200c0459a80dc57e9a21f46`
VirtualSize	`0x18`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x1e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.114463`

.tls

MD5	`ada90e347f10cd580eb49b83f2fe6c60`
SHA1	`c1f82217d25ba468bd18b597c996d4fa59f19172`
SHA256	`c177fb36695fcb69b3f69a8737255da15231a52a328248abe2c8094602ef19e5`
SHA3	`50741b244889c15989cc016d8df29948d81bf5be9e3d283b0078faa61860eb9b`
VirtualSize	`0x20`
VirtualAddress	`0x8000`
SizeOfRawData	`0x200`
PointerToRawData	`0x2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_ALIGN_1024BYTES` `IMAGE_SCN_ALIGN_16BYTES` `IMAGE_SCN_ALIGN_1BYTES` `IMAGE_SCN_ALIGN_256BYTES` `IMAGE_SCN_ALIGN_2BYTES` `IMAGE_SCN_ALIGN_32BYTES` `IMAGE_SCN_ALIGN_4096BYTES` `IMAGE_SCN_ALIGN_4BYTES` `IMAGE_SCN_ALIGN_512BYTES` `IMAGE_SCN_ALIGN_64BYTES` `IMAGE_SCN_ALIGN_8192BYTES` `IMAGE_SCN_ALIGN_MASK` `IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.219439`

Imports

KERNEL32.dll	`DeleteCriticalSection` `EnterCriticalSection` `ExitProcess` `GetLastError` `GetModuleHandleA` `GetProcAddress` `InitializeCriticalSection` `LeaveCriticalSection` `LoadLibraryA` `SetUnhandledExceptionFilter` `TlsGetValue` `VirtualProtect` `VirtualQuery`
msvcrt.dll	`__getmainargs` `__p__environ` `__p__fmode` `__set_app_type` `_cexit` `_iob` `_onexit` `_setmode` `abort` `atexit` `calloc` `fflush` `floor` `free` `fwrite` `pow` `signal` `system` `vfprintf`

Delayed Imports

Version Info

TLS Callbacks

StartAddressOfRawData	`0x408019`
EndAddressOfRawData	`0x40801c`
AddressOfIndex	`0x405080`
AddressOfCallbacks	`0x407004`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_TYPE_REG`
Callbacks	`0x004016F0` `0x004016BC`

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!