Manalyze report for 6b62eb828dff3d4869f916ad911c2e99

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2021-Jan-27 11:31:12
Detected languages	English - United States

Plugin Output

Suspicious	The PE is possibly packed.	`Unusual section name found: .data1`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: LoadLibraryExA GetProcAddress LoadLibraryA`
Suspicious	No VirusTotal score.	`This file has never been scanned on VirusTotal.`

Hashes

MD5	`6b62eb828dff3d4869f916ad911c2e99`
SHA1	`53cca3c518dc549cf23f7d47f85126bab3feedc3`
SHA256	`ce07df228bdb0a5a8f238b7e3fce4531e1d5615d8d6509a9503ee9c50a89c61d`
SHA3	`fc280506062d61cae6ad5fa7bde6245f9c6aa289e5855d36b3d518bbb5c5188a`
SSDeep	`6144:aQ8k7At6GMAUs5kbJGi4keNAoKIj2xiObcF21Jo:awAxGVGi4rqoJ2xFgFuO`
Imports Hash	`50d8c3877bff5aefa84ee20e37e71784`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xb0`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`4`
TimeDateStamp	2021-Jan-27 11:31:12
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`10.1`
SizeOfCode	`0x50400`
SizeOfInitializedData	`0x2600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00008637 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x52000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`5.1`
ImageVersion	`5.1`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x56000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`3954d71c9a4ffb4192c30a51223a0ad6`
SHA1	`29b1eaaba6e7ff944b99ad2d639b1182c1897313`
SHA256	`aca7ee7ed34bcdae4408b5eed6db13ea1320ed59407ad92065c575907dc58259`
SHA3	`c9ead048870d1c45c9398897ccf6053f2c8c21a1a6665b1e73877335b9df708b`
VirtualSize	`0x503a0`
VirtualAddress	`0x1000`
SizeOfRawData	`0x50400`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.89371`

.data1

MD5	`d41d8cd98f00b204e9800998ecf8427e`
SHA1	`da39a3ee5e6b4b0d3255bfef95601890afd80709`
SHA256	`e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`
SHA3	`a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a`
VirtualSize	`0x100`
VirtualAddress	`0x52000`
SizeOfRawData	`0`
PointerToRawData	`0x50800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_MEM_WRITE`

.data

MD5	`fec1dc90bd0b98483cc84a7145081800`
SHA1	`5561582542202310f6a248d4f90a31b0bd3af022`
SHA256	`a392434fcbe90abba1b451b75c6e3d218c3e9a8a57acb594a941cee08da13794`
SHA3	`73b798a7a86e5c1f075d48b513a41e631099b5073943d3c22f59d1257269e3e0`
VirtualSize	`0xd72`
VirtualAddress	`0x53000`
SizeOfRawData	`0xe00`
PointerToRawData	`0x50800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`2.60208`

.rsrc

MD5	`497540bbbb2a3c1153603eb64693456c`
SHA1	`1af6a2d0d805834aacc7604f22f935c66b158d0a`
SHA256	`e5aa65ff61a88ca686c70be7d0ac525905fc655484afe2e1ebc3fa234eeea282`
SHA3	`28c3acc309cd0edc875cd9297a50ae486d19ba7c4a0f23fad56b84b5f19a452e`
VirtualSize	`0x16d5`
VirtualAddress	`0x54000`
SizeOfRawData	`0x1800`
PointerToRawData	`0x51600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.69946`

Imports

shell32.dll	`SHQueryRecycleBinA` `ShellAboutA` `SHDefExtractIconW` `DragAcceptFiles` `DragQueryPoint` `SHGetFileInfoA` `ShellMessageBoxW` `DragFinish` `ExtractIconW` `DragQueryFileW` `FindExecutableW`
esent.dll	`JetCloseFile` `JetCommitTransaction`
shlwapi.dll	`UrlIsNoHistoryA` `UrlHashW` `PathCombineW` `UrlCanonicalizeA` `UrlUnescapeW` `UrlCompareW` `UrlGetLocationA` `PathCompactPathA` `UrlCreateFromPathA` `PathIsRootA` `UrlEscapeW` `UrlCombineA`
odbctrac.dll	`TraceSQLBindCol` `TraceSQLFetch`
kernel32.dll	`GetConsoleAliasW` `ReleaseMutex` `GetBinaryTypeA` `CreateNamedPipeW` `GetEnvironmentVariableW` `CreateSemaphoreA` `RemoveDirectoryW` `WaitForSingleObjectEx` `GetVolumePathNameW` `HeapFree` `LoadLibraryExA` `IsBadStringPtrA` `GetCurrentDirectoryA` `lstrlenA` `FindFirstFileW` `GetProfileIntW` `GetProcAddress` `LoadLibraryA`

Delayed Imports

1

Type	`DF`
Language	English - United States
Codepage	UNKNOWN
Size	`0x400`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5`
MD5	`57c440958f6b88c3861107f3e9677db0`
SHA1	`5541201a0cff716e0be174f850cb482ba65ba22d`
SHA256	`359942ca6f906233ab339e6c7810d7e0d99d4bc8ba75306aae248ba45b3a7410`
SHA3	`24c958e7f3bea91b6142b6fa35b69eb5ac5d396b274dede71c1fbc8da090d707`

2

Type	`DF`
Language	English - United States
Codepage	UNKNOWN
Size	`0x400`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5`
MD5	`57c440958f6b88c3861107f3e9677db0`
SHA1	`5541201a0cff716e0be174f850cb482ba65ba22d`
SHA256	`359942ca6f906233ab339e6c7810d7e0d99d4bc8ba75306aae248ba45b3a7410`
SHA3	`24c958e7f3bea91b6142b6fa35b69eb5ac5d396b274dede71c1fbc8da090d707`

3

Type	`DF`
Language	English - United States
Codepage	UNKNOWN
Size	`0x400`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5`
MD5	`57c440958f6b88c3861107f3e9677db0`
SHA1	`5541201a0cff716e0be174f850cb482ba65ba22d`
SHA256	`359942ca6f906233ab339e6c7810d7e0d99d4bc8ba75306aae248ba45b3a7410`
SHA3	`24c958e7f3bea91b6142b6fa35b69eb5ac5d396b274dede71c1fbc8da090d707`

4

Type	`DF`
Language	English - United States
Codepage	UNKNOWN
Size	`0x400`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5`
MD5	`57c440958f6b88c3861107f3e9677db0`
SHA1	`5541201a0cff716e0be174f850cb482ba65ba22d`
SHA256	`359942ca6f906233ab339e6c7810d7e0d99d4bc8ba75306aae248ba45b3a7410`
SHA3	`24c958e7f3bea91b6142b6fa35b69eb5ac5d396b274dede71c1fbc8da090d707`

1 (#2)

Type	`RT_RCDATA`
Language	English - United States
Codepage	UNKNOWN
Size	`0x400`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.5`
MD5	`57c440958f6b88c3861107f3e9677db0`
SHA1	`5541201a0cff716e0be174f850cb482ba65ba22d`
SHA256	`359942ca6f906233ab339e6c7810d7e0d99d4bc8ba75306aae248ba45b3a7410`
SHA3	`24c958e7f3bea91b6142b6fa35b69eb5ac5d396b274dede71c1fbc8da090d707`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x155`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.9864`
MD5	`cbf73a28cc0fb92d6921c0e6fe9ee9a2`
SHA1	`d363cbf938d4014722a6658dde091fc4629fe832`
SHA256	`645f58d86195025e44d0d8b7fdaa5c2f4a0329e1df0f680db6d6226c0232ed80`
SHA3	`ab5cef36a11c741e64d4364ca07b81fa3493c9d63b9b7cedeb5426e0e447dd5f`

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Could not read the name of the DLL to be delay-loaded!
[!] Error: Could not read PDB file information of invalid magic number.
[*] Warning: Section .data1 has a size of 0!