Manalyze report for 68e789d06e0eb043bc41a0726e6e238cd6a2e8dd7ee50a378db79a3c6f39696b

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2018-Mar-09 10:50:30
Detected languages	English - United States
CompanyName	Embarcadero Technologies, Inc.
FileDescription	Embarcadero Memory Manager
FileVersion	`25.0.29899.2631`
InternalName	Borlndmm
LegalCopyright	Copyright Â© 1996,2018 Embarcadero Technologies, Inc.
OriginalFilename	Borlndmm.Dll
ProductVersion	`25.0`
ProductName	Embarcadero Memory Manager
InternalRevision	92631000

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .didata`
Suspicious	The PE contains functions most legitimate programs don't use.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress` `Functions which can be used for anti-debugging purposes: SwitchToThread`
Info	The PE's resources present abnormal characteristics.	`The binary may have been compiled on a machine in the UTC-8 timezone.`
Info	The PE is digitally signed.	`Signer: Idera` `Issuer: Symantec Class 3 SHA256 Code Signing CA`
Safe	VirusTotal score: 0/67 (Scanned on 2018-07-13 00:38:41)	`All the AVs think this file is safe.`

Hashes

MD5	`54a9b38780a4888c8dd01fc7642c2670`
SHA1	`c27914d163e6a63159821525d946c52800ec0980`
SHA256	`68e789d06e0eb043bc41a0726e6e238cd6a2e8dd7ee50a378db79a3c6f39696b`
SHA3	`bf1192c015051a33b665ce47a5bca1bfac463c71d67d3c904debe9d78cf0080b`
SSDeep	`1536:le4OC445ODObdxxBuh4RVjRs+M6kqS3wCKIcdfghL:X4aaERs+3iwVdc`
Imports Hash	`274e80410d066b5f06ba5c71cf9756d1`

DOS Header

e_magic	`MZ`
e_cblp	`0x50`
e_cp	`0x2`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0xf`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0x1a`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x100`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`10`
TimeDateStamp	2018-Mar-09 10:50:30
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`8.2`
SizeOfCode	`0x11800`
SizeOfInitializedData	`0x6400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000000F780 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x41000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.2`
ImageVersion	`5.2`
SubsystemVersion	`5.2`
Win32VersionValue	`0`
SizeOfImage	`0x29000`
SizeOfHeaders	`0x400`
Checksum	`0x24a8a`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0`
SizeofStackCommit	`0`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x2000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`6804cd3cbebea4ed331ea001a43d9f73`
SHA1	`4eba9af35d9c1b3a9371cfa3d4b6f65b074ceab0`
SHA256	`3640366b4d9e5835a7faea1f174f9130fe6954bc7295294de447012dab1b0aaa`
SHA3	`1648fd7c6eabc294b4d52640af8c369485928c5ce2dcce06b9a9681d57ebe580`
VirtualSize	`0x11730`
VirtualAddress	`0x1000`
SizeOfRawData	`0x11800`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.70522`

.data

MD5	`6e1b81bbc91b0dd0cdfc9ee60d1b957d`
SHA1	`f1cdf24afdac8e03222101256032a545f2c46adf`
SHA256	`409418e06b6e72c33e83aa1ddc8264f3d00e7bb818d6af243189fa6e24b89ff8`
SHA3	`df7e2018965f8ec660cc22566f32bf8a522eda20021e701901516a4431876557`
VirtualSize	`0x2b20`
VirtualAddress	`0x13000`
SizeOfRawData	`0x2c00`
PointerToRawData	`0x11c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.51215`

.bss

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0xa450`
VirtualAddress	`0x16000`
SizeOfRawData	`0`
PointerToRawData	`0`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`

.idata

MD5	`00b4737ac7e92eb060eeb4856f38c796`
SHA1	`b7b0757a8b3f0e8364f57d67705afc16deec5ebf`
SHA256	`c852d54ee0377a73c3b2e7bf5a6aa023605243171183348a42a5a501c1bcb385`
SHA3	`6d4a5c33e4e1ace101bba623aade1d0f0550739fba0bebb2e316b17eaf4ef195`
VirtualSize	`0x5b4`
VirtualAddress	`0x21000`
SizeOfRawData	`0x600`
PointerToRawData	`0x14800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.79892`

.didata

MD5	`45a7ea6089dfba25efae6f0c39a4edbd`
SHA1	`c79b83c934ee9ed3602f256f25542ea9c915bc35`
SHA256	`8e77decd69be7b2f5d1e672121b2549b48591f0d3cdcfde81be7c97f33d4dd7a`
SHA3	`9b65c2ff46343783e31cef50dddb554158c15fcd9dc65792ec74d5cea778aeaa`
VirtualSize	`0x180`
VirtualAddress	`0x22000`
SizeOfRawData	`0x200`
PointerToRawData	`0x14e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.93692`

.edata

MD5	`2534b88f7cade76dfa5615f126002c49`
SHA1	`03bcb1fa35d03c7c825916a49689e5a268b2b738`
SHA256	`495124b88b90cadd6a00b5145a790c01e837770a1e78ba66e834b030bbd39336`
SHA3	`9b96f6b84a3e55dcc98884afa05da1bd41cbe7f23a47c4a6e5dafa73ebe70882`
VirtualSize	`0x265`
VirtualAddress	`0x23000`
SizeOfRawData	`0x400`
PointerToRawData	`0x15000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.7361`

.rdata

MD5	`91cf318af6f7080eef0a8f6bf98e68cc`
SHA1	`87c035a61c0ac65ff9a56d0b0bac4d7e36636354`
SHA256	`60ddf86f1fb94581a9d6d35f522d5c5e7b221f745166617d8a6e1d773b507020`
SHA3	`bb4db0949a7104ac4117fe9bc01b9668fb3f966341c13610d5c32fec5c8a83b4`
VirtualSize	`0x45`
VirtualAddress	`0x24000`
SizeOfRawData	`0x200`
PointerToRawData	`0x15400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`1.18997`

.reloc

MD5	`1c2597ad52cc31ea938a9680d7e82b00`
SHA1	`bbe2d9015d249feaa1110fbbac4cc6c48368ef4b`
SHA256	`aae5da62f9a4d489f32de6dcfe380cc6f8218bf6f8e3192f130726173da5bcb2`
SHA3	`38e5af5a7ac02fcef58317fd019d21e935fd1155bc3d92bad07cc06edfc3618d`
VirtualSize	`0xf60`
VirtualAddress	`0x25000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x15600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.74414`

.pdata

MD5	`fd825e83787b2bf6a5db8846433b6640`
SHA1	`8c2070c6d548a7bcfb5a16e5d8388be73d0035f6`
SHA256	`e8d4ba84f27f3efb9b2dc5d435330925dd8d14d71b73563549364102ece99547`
SHA3	`0ad6fc74e5ed59bb03ac951df61022266295c5d062c16fee10eb99c796804b1e`
VirtualSize	`0x11ac`
VirtualAddress	`0x26000`
SizeOfRawData	`0x1200`
PointerToRawData	`0x16600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.84456`

.rsrc

MD5	`4e1c89f0ef1b155f80ee6969787c6a1a`
SHA1	`f38d1dbc6efb01bc461fcd1b2535fd49c8f1cf5d`
SHA256	`791e8469bdddd313d02368487c012b54d1fca11f50674b898c0c32d43bce5b9f`
SHA3	`49581f855760d23a55d5a5eeb2dd51b5c2f6fdfe7b265c25abdce0029e1c88ae`
VirtualSize	`0x800`
VirtualAddress	`0x28000`
SizeOfRawData	`0x800`
PointerToRawData	`0x17800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.51296`

Imports

kernel32.dll	`GetLastError` `RtlUnwindEx` `GetACP` `CompareStringW` `LocalFree` `CloseHandle` `TlsAlloc` `WideCharToMultiByte` `GetTickCount` `MultiByteToWideChar` `LoadLibraryA` `GetVersion` `VirtualFree` `RaiseException` `GetStartupInfoW` `ExitProcess` `SwitchToThread` `InitializeCriticalSection` `VirtualAlloc` `WriteFile` `RtlUnwind` `GetSystemInfo` `GetCommandLineW` `GetProcAddress` `DeleteCriticalSection` `TlsGetValue` `GetStdHandle` `GetVersionExW` `TlsSetValue` `GetModuleHandleW` `FreeLibrary` `LocalAlloc` `GetCurrentThreadId` `UnhandledExceptionFilter` `TlsFree` `VirtualQuery` `SetThreadLocale` `Sleep`
user32.dll	`MessageBoxA`
oleaut32.dll	`SysFreeString`
kernel32.dll (delay-loaded)	`GetLastError` `RtlUnwindEx` `GetACP` `CompareStringW` `LocalFree` `CloseHandle` `TlsAlloc` `WideCharToMultiByte` `GetTickCount` `MultiByteToWideChar` `LoadLibraryA` `GetVersion` `VirtualFree` `RaiseException` `GetStartupInfoW` `ExitProcess` `SwitchToThread` `InitializeCriticalSection` `VirtualAlloc` `WriteFile` `RtlUnwind` `GetSystemInfo` `GetCommandLineW` `GetProcAddress` `DeleteCriticalSection` `TlsGetValue` `GetStdHandle` `GetVersionExW` `TlsSetValue` `GetModuleHandleW` `FreeLibrary` `LocalAlloc` `GetCurrentThreadId` `UnhandledExceptionFilter` `TlsFree` `VirtualQuery` `SetThreadLocale` `Sleep`

Delayed Imports

Attributes	`0x1`
Name	`kernel32.dll`
ModuleHandle	`0x22060`
DelayImportAddressTable	`0x22078`
DelayImportNameTable	`0x220a8`
BoundDelayImportTable	`0x220d8`
UnloadDelayImportTable	`0x220f8`
TimeStamp	`1970-Jan-01 00:00:00`

dbkFCallWrapperAddr

Ordinal	`1`
Address	`0x1c1b8`

__dbk_fcall_wrapper

Ordinal	`2`
Address	`0xbee0`

GetAllocMemSize

Ordinal	`3`
Address	`0xf750`

GetAllocMemCount

Ordinal	`4`
Address	`0xf740`

GetHeapStatus

Ordinal	`5`
Address	`0xf180`

DumpBlocks

Ordinal	`6`
Address	`0xf760`

ReallocMemory

Ordinal	`7`
Address	`0xb140`

FreeMemory

Ordinal	`8`
Address	`0xb120`

GetMemory

Ordinal	`9`
Address	`0xb110`

@Borlndmm@SysUnregisterExpectedMemoryLeak$qqrpi

Ordinal	`10`
Address	`0xe9c0`

@Borlndmm@SysRegisterExpectedMemoryLeak$qqrpi

Ordinal	`11`
Address	`0xe960`

@Borlndmm@SysAllocMem$qqri

Ordinal	`12`
Address	`0xe490`

@Borlndmm@SysReallocMem$qqrpvi

Ordinal	`13`
Address	`0xe110`

@Borlndmm@SysFreeMem$qqrpv

Ordinal	`14`
Address	`0xdef0`

@Borlndmm@SysGetMem$qqri

Ordinal	`15`
Address	`0xdb20`

@Borlndmm@HeapRelease$qqrv

Ordinal	`16`
Address	`0xf710`

@Borlndmm@HeapAddRef$qqrv

Ordinal	`17`
Address	`0xf6f0`

BORLAND_SIG

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb2`
TimeDateStamp	2018-Mar-09 02:50:32
Entropy	`5.91298`
MD5	`146cee7844ae0a50cee31bc12b173c54`
SHA1	`e95ca0d1169c9636341bd44b5645af85b90bfd2a`
SHA256	`59503b612f714325ff08ab839a7d4e913b71beaa73dc849dcd0423efa7fa911a`
SHA3	`1559f3a7f25c464e606e57e92bd2cc4d79cffd3e5dff4ecb1fac3fd2538ddf4e`

DVCLAL

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x10`
TimeDateStamp	2018-Mar-09 02:50:32
Entropy	`4`
MD5	`d8090aba7197fbf9c7e2631c750965a8`
SHA1	`04f73efb0801b18f6984b14cd057fb56519cd31b`
SHA256	`88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610`
SHA3	`a5a67ad8166061d38fc75cfb2c227911de631166c6531a6664cd49cfb207e8bb`

PACKAGEINFO

Type	`RT_RCDATA`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x6c`
TimeDateStamp	2018-Mar-09 02:50:32
Entropy	`4.62185`
MD5	`24d50c34f0b019a245c54c3976aae51a`
SHA1	`e75231f623b52f87d6b82cbfcd47cb9794502a52`
SHA256	`3566eb2855aacb3f803af07ff7b665d1c624d1cbcb2d02aad14e6d24eee18d95`
SHA3	`19453a848e4bfbc29198702b814d227c12748b36b2084d31e8cf5240eebab11f`

PLATFORMTARGETS

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	2018-Mar-09 02:50:32
Entropy	`1`
MD5	`25daad3d9e60b45043a70c4ab7d3b1c6`
SHA1	`0e356ba505631fbf715758bed27d503f8b260e3a`
SHA256	`47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254`
SHA3	`47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3a8`
TimeDateStamp	2018-Mar-09 02:50:32
Entropy	`3.43663`
MD5	`329073af0dbf099d0bc95979018454f7`
SHA1	`f3a22f13dfed9975e35fb6b31f2dae73f6659032`
SHA256	`950b205d8e2761abf3ab3f32ef1594951113fef22f8cf4050a6361d70ad497e5`
SHA3	`1e55753a676c7ded80823a9f1764970287943054fbaa338160e561d59a282f70`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	25.0.29899.2631
ProductVersion	25.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS` `VOS_DOS_WINDOWS16` `VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS_OS232` `VOS_OS232_PM32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Embarcadero Technologies, Inc.
FileDescription	Embarcadero Memory Manager
FileVersion (#2)	25.0.29899.2631
InternalName	Borlndmm
LegalCopyright	Copyright Â© 1996,2018 Embarcadero Technologies, Inc.
OriginalFilename	Borlndmm.Dll
ProductVersion (#2)	25.0
ProductName	Embarcadero Memory Manager
InternalRevision	92631000

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!

Leave a comment

No comments yet.