Manalyze report for 6a3d209ea00cdf67e2d2d1a721db65a6

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2009-Apr-15 20:41:42
Detected languages	English - United States
CompanyName	McAfee, Inc., Foundstone, Inc.
FileDescription	BinText file string extractor
FileVersion	`3, 0, 3, 0`
InternalName	bintext
LegalCopyright	Copyright © 2009 McAfee, Inc., Foundstone, Inc.
OriginalFilename	bintext.exe
ProductName	bintext
ProductVersion	`3, 0, 3, 0`

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C++` `Microsoft Visual C++ v6.0`
Suspicious	The PE contains functions most legitimate programs don't use.	`Can take screenshots: GetDC CreateCompatibleDC`
Suspicious	VirusTotal score: 1/72 (Scanned on 2023-10-31 14:30:22)	`APEX: Malicious`

Hashes

MD5	`6a3d209ea00cdf67e2d2d1a721db65a6`
SHA1	`ac428201ad35ef133cb0c634b36bd020edd3a6cb`
SHA256	`3f8ed11fe74e2b0b470274d1cf65e98f50f2cd1fede963fc64e635e4364d4eb1`
SHA3	`bb50c840f0352d8486217858b7e8a2139f34b91a3cf5e8487d4e8b8051dc3c2a`
SSDeep	`768:PKuwkUQ4FEFMZJCt3cRAm6f1mtvtBXWvSdgHPAC1pkF:PKZk6FEFAJdem69m7s6dgHPACHe`
Imports Hash	`0380757c3a562b08ea82cab442cb17cd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2009-Apr-15 20:41:42
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`7.0`
SizeOfCode	`0x3600`
SizeOfInitializedData	`0x5e00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000422D (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x5000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`4.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xc000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`8d5e3187f7425bba1bca50950690c5c7`
SHA1	`db9ec828fb9133bddcc2385f21fd2d1916463ac2`
SHA256	`594888fe6e767da6276f7412f95205c95322162f9eb95783e2a983713e1810c3`
SHA3	`71f79cf7389292e02bdba24f17b63441d7224d506a8fb7f8625ac336fb3fcc03`
VirtualSize	`0x3432`
VirtualAddress	`0x1000`
SizeOfRawData	`0x3600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.17424`

.rdata

MD5	`6be8c5c74c30dc30118ee7d282fd10e4`
SHA1	`3e55e7623870747236e217f07dda24712e543c79`
SHA256	`16f69209ac056822040052c1a90baf0bcd047ff2e65755cf9d2d556ee0432ed1`
SHA3	`1d6928cd9f3b7701907df275e727cf3f0004fa8fdefcaeb45e00c52011f84f7e`
VirtualSize	`0x1d6a`
VirtualAddress	`0x5000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x3a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.94766`

.data

MD5	`3234e0aa5bc9a56e00568b02063a9733`
SHA1	`9c487aadd7fbf72eaf7b99262481bbb27fb029fc`
SHA256	`219b2ca9aad1d3914dbf99f08f93d3d27dfd824aac0852a5124b1e8464d865f6`
SHA3	`2e4c98450d0cb3f85deddf194c76cdfbfaec043e6898b7e8bc9976af3af19854`
VirtualSize	`0xd10`
VirtualAddress	`0x7000`
SizeOfRawData	`0x200`
PointerToRawData	`0x5800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.60577`

.rsrc

MD5	`8a6627550a30b7ee08b47952c0b90e91`
SHA1	`4acd026765b0f00075a8d9e0efd7cd49902e5951`
SHA256	`d091fa43ad219c60e3d2e6729e24014db0fa277cd4d9cac2b0984f0c87e11dcb`
SHA3	`c3db192b09fccf8d10efc31a4f490f51928c42eab9572f19950fec1a077a2c79`
VirtualSize	`0x3168`
VirtualAddress	`0x8000`
SizeOfRawData	`0x3200`
PointerToRawData	`0x5a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.98093`

Imports

COMCTL32.dll	`ImageList_AddMasked` `ImageList_Create` `InitCommonControlsEx` `ImageList_Destroy`
KERNEL32.dll	`GetStartupInfoA` `GetModuleHandleA` `lstrcpynA` `lstrlenA` `CloseHandle` `LoadLibraryA` `GlobalUnlock` `GlobalLock` `GlobalAlloc` `ReadFile` `SetFilePointer` `CreateFileA` `GetTickCount` `WriteFile` `lstrcmpA` `SetThreadPriority` `GetThreadPriority` `GetCurrentThread` `FreeLibrary`
USER32.dll	`SetFocus` `CreateWindowExA` `GetSystemMetrics` `RegisterClassExA` `LoadCursorA` `LoadIconA` `TrackPopupMenu` `GetSubMenu` `GetCursorPos` `PostQuitMessage` `CreateDialogParamA` `MessageBoxA` `OpenClipboard` `EmptyClipboard` `GetWindowTextA` `CloseClipboard` `SetWindowTextA` `SetForegroundWindow` `PostMessageA` `SetWindowLongA` `LoadMenuA` `SendDlgItemMessageA` `GetClientRect` `GetMenu` `AdjustWindowRect` `GetWindowRect` `DestroyMenu` `DestroyWindow` `IsDialogMessageA` `DefWindowProcA` `GetDlgItemTextA` `SetClipboardData` `ScreenToClient` `MoveWindow` `EnableWindow` `wsprintfA` `SetDlgItemTextA` `LoadBitmapA` `LoadImageA` `GetDC` `ReleaseDC` `BeginPaint` `EndPaint` `GetDlgItemInt` `SetDlgItemInt` `ShowWindow` `InvalidateRect` `SetWindowPos` `UpdateWindow` `GetWindowLongA` `CallWindowProcA` `HideCaret` `GetDlgItem` `SendMessageA` `PeekMessageA` `GetMessageA` `TranslateMessage` `DispatchMessageA` `CopyRect`
GDI32.dll	`DeleteDC` `StretchBlt` `RealizePalette` `SelectPalette` `SelectObject` `CreateCompatibleDC` `CreateHalftonePalette` `CreatePalette` `GetDIBColorTable` `GetObjectA` `CreateFontIndirectA` `CreateSolidBrush` `SetBkColor` `SetTextColor` `GetStockObject` `DeleteObject`
comdlg32.dll	`GetOpenFileNameA` `GetSaveFileNameA`
SHELL32.dll	`DragAcceptFiles` `DragQueryFileA`
MSVCRT.dll	`__CxxFrameHandler` `_strlwr` `strstr` `sprintf` `memmove` `??3@YAXPAX@Z` `??2@YAPAXI@Z` `malloc` `free` `strchr` `__dllonexit` `_onexit` `_exit` `_XcptFilter` `exit` `__getmainargs` `_initterm` `__setusermatherr` `_adjust_fdiv` `__p__commode` `__p__fmode` `__set_app_type` `_except_handler3` `_controlfp` `calloc` `_stricmp` `_acmdln`

Delayed Imports

111

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0x15de`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.03593`
MD5	`b595a0e02ad3d5cc30d5f51a7fff3346`
SHA1	`2a9d720f7386ef7c50a3bececc90def4fa0359e0`
SHA256	`c748efc9c9b620ee87e115a90fc2507318d8836e1b807dad029b51442accf031`
SHA3	`70c6b2d6cf1658e140eb9043139993b100eae8d562f4bc8473a18ee3ad5a4c44`
Preview

136

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.76871`
MD5	`a3b55274cbd91f272844a37ca99d22f2`
SHA1	`960e9aea82bf96b78595f7d8eaa5ecd8e3f03be3`
SHA256	`f6565a4c752c38092d3ddf07f4beadcfcdbb41089cc1725302f5e40ce6da2b67`
SHA3	`d34db27bef7b1cce494e41e76dec454759ecb7322ec5be6bae6ad650aa46b3cc`
Preview

137

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0xe0`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.74512`
MD5	`bf3e5cfa1c9f3ebd861ed4587c099589`
SHA1	`cdc32dbbe775389edd87fc04be85d91dd17af985`
SHA256	`095f67169871545745c78c2e56b5d1cd52b4f9c749fec32dbf199d3c75734f6b`
SHA3	`3c0be4b28b4a2ac76ab545360bb6ddc06a618b7eee9714c619fd4988f9993487`
Preview

138

Type	`RT_BITMAP`
Language	English - United States
Codepage	UNKNOWN
Size	`0xd6`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.66017`
MD5	`fe50154aa4cea7dbbbadf453ea636526`
SHA1	`7e368d794a3ec7e58d6caf0be700c96ca3b93de1`
SHA256	`c6508f75f122f05ecb1f856624d3e2fa2a621799b1d13f03f6c68a1151def062`
SHA3	`c4c5ddbeb03b962b753d37e1c2f4c644af9d033badf035d77d42f06ac3a958d1`
Preview

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.51573`
MD5	`b44a95de3a1cf42df09756b9b9125880`
SHA1	`5cd968112e79c78bf1a3cd7ce42718fbf36edd7a`
SHA256	`701bc182e826df3e23e30e7416c2def0a31bd3f844d34cb66a996c20e085184c`
SHA3	`43d1be9c6aa17c16ee7ec15d812547396ca26285fca2b1b875acd5fb828d3bea`

135

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.34648`
MD5	`78116da25f693f3623aa20ff12cf8630`
SHA1	`991f6d2d09191bad25dcd94a083e4a3f13505096`
SHA256	`b66759318b08ae33f57439e18b5cd5b27134fc0662607e6e4f9d28f54c4a1d98`
SHA3	`d78f729be0c0b59ff5748f2c8142ca6186b0c64cb48cb0696606f90228838889`

101

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x366`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21601`
MD5	`d22f78abe6b0da28ba15251a9277a714`
SHA1	`2cab7b6508748bb8fa433056124728e61864f015`
SHA256	`a9406df580f7cf32316133a068988333facdd3eea7253713202441bf1a1a632b`
SHA3	`29a24f246d1952206c6b95678e04acb0d4f1d714e226aa84a366ef5741715165`

125

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xb38`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.37818`
MD5	`efbf26bacbd4b8028f1b48aa8803fffe`
SHA1	`45797353f3895d5b73c98ba7542396177ec6ec9a`
SHA256	`6e6f2225333c8153464c863eb82c5efaab39c9a4767d50ab450cefc21d873381`
SHA3	`9ed50b02d0dc3304512c458807a7d55b699ccdfb6159dc13aa86131310f94783`

126

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x64`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.48177`
MD5	`bc7c3124fdbe9bc2136c85b9720aebc9`
SHA1	`574a674cc0e50853831c36ba5b0a158dd779379a`
SHA256	`3c37796df8d67539b36ae2656c8c9832cb773f15241d96f6be7865a6a71b4f28`
SHA3	`29a66f18deffbad1dcfa14d2629296b032f4b14a915e0952b115f8405dfc417e`

127

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xa8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.88121`
MD5	`7deeb83315e3ca828c37a38b2f98499a`
SHA1	`bdae5554d1f8bf8c67aa170eeed3bce39953541b`
SHA256	`62124d52d68f1164aab2ec571293435c7ac191871d7c56a56368ad81763c39cb`
SHA3	`d4747aaec44804c143fb3f86802a2379d40dee1eb9fafec610f4b80c15333330`

104

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x14`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.16096`
Detected Filetype	Cursor file
MD5	`42cf62b780813706e75fb9f2b2e8c258`
SHA1	`a022d5c1cfdd8aace0089f3e72f2eedd41bda464`
SHA256	`a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf`
SHA3	`0aafc8e3d8b6bde595537da4ffe0efc5fe53f01dafe336a2a5828b6a71283d3c`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x33c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.39458`
MD5	`2711b7bd9e4c9ba0b8447890f8d48ec3`
SHA1	`13fe72682486f39a7c30a2e11f1c52c2067bb009`
SHA256	`edc23a5ff90b7d2b1604d9c3314ad4a907ac3c8a31c7091566a3db1ee9e3732c`
SHA3	`64b64da58a3ca93f4c8ebc17d9c9d9a0d861f2d1155341e748bb05b9a988d577`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	3.0.3.0
ProductVersion	3.0.3.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	McAfee, Inc., Foundstone, Inc.
FileDescription	BinText file string extractor
FileVersion (#2)	3, 0, 3, 0
InternalName	bintext
LegalCopyright	Copyright © 2009 McAfee, Inc., Foundstone, Inc.
OriginalFilename	bintext.exe
ProductName	bintext
ProductVersion (#2)	3, 0, 3, 0

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

XOR Key	`0xf96b8393`
Unmarked objects	`0`
105 (2067)	`1`
Linker (8047)	`2`
14 (7299)	`3`
C objects (8047)	`11`
Imports (2067)	`2`
Imports (2179)	`6`
Imports (9210)	`5`
Total imports	`129`
C++ objects (VS2003 (.NET) SP1 build 6030)	`2`
94 (VS2003 (.NET) build 3052)	`1`
Linker (VS2003 (.NET) SP1 build 6030)	`1`

6a3d209ea00cdf67e2d2d1a721db65a6

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.rsrc

Imports

Delayed Imports

111

136

137

138

1

135

101

125

126

127

104

1 (#2)

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors